Wallet examples

Author: jchavannes

docs/examples/README.md

@@ -42,5 +42,12 @@ Here, you will find a number of common usage examples for the go-sdk.
 ## Cryptography
 - [AES](./aes/) - Advanced Encryption Standard (AES) examples.
 
+## Wallet
+- [Create Wallet](./create_wallet/) - Create a new wallet instance.
+- [Encrypt Data](./encrypt_data/) - Encrypt data using the wallet.
+- [Create Signature](./create_signature/) - Create a digital signature.
+- [Create HMAC](./create_hmac/) - Create an HMAC.
+- [Get Public Key](./get_public_key/) - Retrieve a public key from the wallet.
+
 ## Additional Example Documents
 - [Converting Transactions from go-bt](./GO_BT.md)

docs/examples/create_hmac/README.md

@@ -0,0 +1,116 @@
+# Create and Verify HMAC Example
+
+This example demonstrates how to use the `wallet` package to create an HMAC (Hash-based Message Authentication Code) for a piece of data and then verify it. This is typically done by a single party to ensure data integrity and authenticity based on a shared secret derived contextually.
+
+## Overview
+
+HMACs provide a way to verify both the data integrity and the authenticity of a message using a shared secret (derived from the wallet's key, `ProtocolID`, `KeyID`, and `Counterparty` context). The process involves:
+
+1.  **Creation**: A key is derived based on the wallet's private key and the provided `EncryptionArgs` (including `ProtocolID`, `KeyID`, and `Counterparty`). This key is then used with a hash function (like SHA256, commonly used with HMAC) to produce an authentication code for the data.
+2.  **Verification**: The same process is followed. If the newly computed HMAC matches the original HMAC, the data is considered authentic and its integrity is verified.
+
+The `wallet.Wallet` provides `CreateHmac` and `VerifyHmac` methods.
+
+## Example Overview
+
+This example demonstrates:
+
+1.  Creating a wallet instance (`myWallet`).
+2.  Defining data for which to create an HMAC.
+3.  Creating an HMAC for that data using `myWallet`, configured for a "self" operation (i.e., the HMAC is for the wallet's own use or context).
+4.  Verifying the HMAC using `myWallet` itself.
+5.  Demonstrating verification failure with tampered data.
+6.  Demonstrating verification failure with a tampered HMAC.
+
+## Code Walkthrough
+
+### 1. Setup Wallet
+
+```go
+privateKey, _ := ec.NewPrivateKey()
+myWallet, _ := wallet.NewWallet(privateKey)
+
+// Define ProtocolID and KeyID for HMAC operations
+hmacProtocolID := wallet.Protocol{Protocol: "HMAC SelfSign", SecurityLevel: wallet.SecurityLevelSilent}
+hmacKeyID := "my hmac key v1"
+```
+We create a wallet and define a `ProtocolID` and `KeyID`. These, along with the `Counterparty` setting, will determine the derived key used for the HMAC operation.
+
+### 2. Define Data and Create HMAC (for Self)
+
+```go
+message := []byte("This is the data to be authenticated with HMAC.")
+
+createHmacArgs := wallet.CreateHmacArgs{
+    EncryptionArgs: wallet.EncryptionArgs{
+        ProtocolID: hmacProtocolID,
+        KeyID:      hmacKeyID,
+        Counterparty: wallet.Counterparty{ // Explicitly set for self-operation
+            Type: wallet.CounterpartyTypeSelf,
+        },
+    },
+    Data: wallet.JsonByteNoBase64(message),
+}
+createHmacResult, _ := myWallet.CreateHmac(context.Background(), createHmacArgs, "creator_originator")
+hmacBytes := createHmacResult.Hmac
+```
+To create an HMAC for a "self" context, `EncryptionArgs.Counterparty` is explicitly set to `wallet.Counterparty{Type: wallet.CounterpartyTypeSelf}`.
+
+### 3. Verify HMAC (by Self)
+
+```go
+verifyHmacArgs := wallet.VerifyHmacArgs{
+    EncryptionArgs: wallet.EncryptionArgs{
+        ProtocolID: hmacProtocolID, // Must match creation
+        KeyID:      hmacKeyID,      // Must match creation
+        Counterparty: wallet.Counterparty{ // Explicitly set for self-operation
+            Type: wallet.CounterpartyTypeSelf,
+        },
+    },
+    Data: wallet.JsonByteNoBase64(message), // Original data
+    Hmac: hmacBytes,                        // HMAC created in the previous step
+}
+verifyHmacResult, _ := myWallet.VerifyHmac(context.Background(), verifyHmacArgs, "verifier_originator")
+// verifyHmacResult.Valid will be true
+```
+To verify an HMAC made by the same wallet for a "self" context, `EncryptionArgs.Counterparty` is again set to `wallet.Counterparty{Type: wallet.CounterpartyTypeSelf}`. The `ProtocolID` and `KeyID` must also match those used during creation.
+
+### 4. Verification Failure Scenarios
+
+-   **Tampered Data**: If the `Data` is changed, `VerifyHmac` will result in `Valid: false`.
+    ```go
+    tamperedDataArgs := verifyHmacArgs
+    tamperedDataArgs.Data = wallet.JsonByteNoBase64([]byte("Tampered data!"))
+    // Result will have Valid: false
+    ```
+-   **Tampered HMAC**: If the `Hmac` itself is changed, `VerifyHmac` will result in `Valid: false`.
+    ```go
+    tamperedHmacArgs := verifyHmacArgs
+    tamperedHmac := append([]byte{0x00}, hmacBytes...) // Alter the HMAC slightly
+    tamperedHmacArgs.Hmac = wallet.JsonByteNoBase64(tamperedHmac)
+    // Result will have Valid: false
+    ```
+
+## Running the Example
+
+To run this example:
+
+```bash
+cd go-sdk/docs/examples/create_hmac
+go mod tidy
+go run create_hmac.go
+```
+
+## Key Concepts
+
+-   **HMAC (Hash-based Message Authentication Code)**: Provides data integrity and authenticity using a shared secret key.
+-   **`wallet.CreateHmacArgs` / `wallet.VerifyHmacArgs`**: Structs for HMAC creation/verification parameters.
+-   **`EncryptionArgs`**: Embedded in the above, contains `ProtocolID`, `KeyID`, and `Counterparty` which collectively define the context for deriving the HMAC key.
+-   **`KeyID`**: Mandatory identifier for keying material. Length must be >= 1 character.
+-   **`ProtocolID.Protocol`**: String identifying the protocol. Length must be >= 5 chars, containing only letters, numbers, and spaces.
+-   **`CounterpartyTypeSelf`**: Used in `EncryptionArgs.Counterparty.Type` when a wallet creates or verifies an HMAC for its own context.
+
+## Additional Resources
+
+-   [go-sdk `wallet` package documentation](https://pkg.go.dev/github.com/bsv-blockchain/go-sdk/wallet)
+-   SDK tests, particularly `wallet/wallet_test.go` (`TestHmacCreateVerify`), provide further examples.

docs/examples/create_hmac/create_hmac.go

@@ -0,0 +1,117 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	ec "github.com/bsv-blockchain/go-sdk/primitives/ec"
+	"github.com/bsv-blockchain/go-sdk/wallet"
+)
+
+func main() {
+	ctx := context.Background()
+
+	// --- 1. Setup Wallet ---
+	fmt.Println("--- 1. Setting up Wallet ---")
+	privateKey, err := ec.NewPrivateKey()
+	if err != nil {
+		log.Fatalf("Failed to create private key: %v", err)
+	}
+	myWallet, err := wallet.NewWallet(privateKey)
+	if err != nil {
+		log.Fatalf("Failed to create wallet: %v", err)
+	}
+	fmt.Println("Wallet created.")
+
+	// Define ProtocolID and KeyID for HMAC operations
+	// Protocol names must contain only letters, numbers, and spaces, and be >= 5 chars.
+	// Key IDs can have spaces, must be >= 1 char.
+	hmacProtocolID := wallet.Protocol{Protocol: "HMAC SelfSign", SecurityLevel: wallet.SecurityLevelSilent}
+	hmacKeyID := "my hmac key v1"
+
+	message := []byte("This is the data to be authenticated with HMAC.")
+	fmt.Printf("Original Message: %s\n", string(message))
+
+	// --- 2. Create HMAC (for Self) ---
+	fmt.Println("\n--- 2. Creating HMAC for the message (for self) ---")
+	createHmacArgs := wallet.CreateHmacArgs{
+		EncryptionArgs: wallet.EncryptionArgs{
+			ProtocolID: hmacProtocolID,
+			KeyID:      hmacKeyID,
+			Counterparty: wallet.Counterparty{ // Explicitly set for self-operation
+				Type: wallet.CounterpartyTypeSelf,
+			},
+		},
+		Data: wallet.JsonByteNoBase64(message),
+	}
+	createHmacResult, err := myWallet.CreateHmac(ctx, createHmacArgs, "creator_originator")
+	if err != nil {
+		log.Fatalf("Failed to create HMAC: %v", err)
+	}
+	hmacBytes := createHmacResult.Hmac
+	fmt.Printf("HMAC created: %x\n", hmacBytes)
+
+	// --- 3. Verify HMAC (by Self) ---
+	fmt.Println("\n--- 3. Verifying the HMAC (by self) ---")
+	verifyHmacArgs := wallet.VerifyHmacArgs{
+		EncryptionArgs: wallet.EncryptionArgs{
+			ProtocolID: hmacProtocolID, // Must match creation
+			KeyID:      hmacKeyID,      // Must match creation
+			Counterparty: wallet.Counterparty{ // Explicitly set for self-operation
+				Type: wallet.CounterpartyTypeSelf,
+			},
+		},
+		Data: wallet.JsonByteNoBase64(message), // Original data
+		Hmac: hmacBytes,                        // HMAC from step 2
+	}
+	verifyHmacResult, err := myWallet.VerifyHmac(ctx, verifyHmacArgs, "verifier_originator")
+	if err != nil {
+		// This path should ideally not be hit if args are correct and HMAC was just created
+		log.Fatalf("Error during HMAC verification call: %v", err)
+	}
+	if verifyHmacResult.Valid {
+		fmt.Println("HMAC VERIFIED successfully!")
+	} else {
+		// This would be an unexpected failure for a valid HMAC
+		log.Fatalf("HMAC verification FAILED (but should have succeeded).")
+	}
+
+	// --- 4. Verification Failure with Tampered Data ---
+	fmt.Println("\n--- 4. Verifying with tampered data (expected failure) ---")
+	tamperedDataArgs := verifyHmacArgs // Copy previous args
+	tamperedDataArgs.Data = wallet.JsonByteNoBase64([]byte("This is tampered data!"))
+	tamperedDataVerifyResult, err := myWallet.VerifyHmac(ctx, tamperedDataArgs, "verifier_tampered_data")
+	if err != nil {
+		log.Fatalf("Error during tampered data HMAC verification call: %v", err)
+	}
+	if tamperedDataVerifyResult.Valid {
+		fmt.Println("Tampered data HMAC verification unexpectedly SUCCEEDED (Error!).")
+	} else {
+		fmt.Println("Tampered data HMAC verification FAILED as expected.")
+	}
+
+	// --- 5. Verification Failure with Tampered HMAC ---
+	fmt.Println("\n--- 5. Verifying with tampered HMAC (expected failure) ---")
+	tamperedHmacArgs := verifyHmacArgs // Copy previous args
+	// Create a slightly altered HMAC. Ensure it's different but same length if possible.
+	corruptedHmac := make([]byte, len(hmacBytes))
+	copy(corruptedHmac, hmacBytes)
+	if len(corruptedHmac) > 0 {
+		corruptedHmac[0] ^= 0xFF // Flip all bits of the first byte
+	} else {
+		corruptedHmac = append(corruptedHmac, 0x00) // Or handle if HMAC was empty (should not be)
+	}
+	tamperedHmacArgs.Hmac = wallet.JsonByteNoBase64(corruptedHmac)
+	tamperedHmacVerifyResult, err := myWallet.VerifyHmac(ctx, tamperedHmacArgs, "verifier_tampered_hmac")
+	if err != nil {
+		log.Fatalf("Error during tampered HMAC verification call: %v", err)
+	}
+	if tamperedHmacVerifyResult.Valid {
+		fmt.Println("Tampered HMAC verification unexpectedly SUCCEEDED (Error!).")
+	} else {
+		fmt.Println("Tampered HMAC verification FAILED as expected.")
+	}
+
+	fmt.Println("\nCreate and verify HMAC example complete.")
+}

docs/examples/create_signature/README.md

@@ -0,0 +1,145 @@
+# Create and Verify Signature Example
+
+This example demonstrates how to use the `wallet` package to create a digital signature for a piece of data (or its hash) and then verify that signature, focusing on operations performed by a single wallet (self-signing and self-verification).
+
+## Overview
+
+Digital signatures provide a way to verify the authenticity and integrity of data. The process involves:
+1. **Signing**: The sender uses their private key to create a signature for the data.
+2. **Verification**: The recipient (or the sender themselves) uses the corresponding public key to verify the signature.
+
+The `wallet.Wallet` provides functionality for both creating and verifying ECDSA signatures.
+
+## Example Overview
+
+This example demonstrates:
+
+1. Creating a wallet instance (`signerWallet`).
+2. Defining data to be signed.
+3. Creating a signature for that data using `signerWallet`, configured for a "self" operation.
+4. Verifying the signature using `signerWallet` itself.
+5. Demonstrating verification failure with tampered data.
+6. Demonstrating signing a pre-computed hash of data (for a "self" operation) and verifying it with `signerWallet`.
+
+## Code Walkthrough
+
+### 1. Setup Wallet
+
+```go
+privateKey, _ := ec.NewPrivateKey()
+signerWallet, _ := wallet.NewWallet(privateKey)
+
+selfProtocolID := wallet.Protocol{Protocol: "ECDSA SelfSign", SecurityLevel: wallet.SecurityLevelSilent}
+selfKeyID := "my signing key v1"
+```
+We create a wallet and define a `ProtocolID` and `KeyID` for our self-signing operations. `KeyID` is mandatory for these wallet operations.
+
+### 2. Define Data and Create Signature (for Self)
+
+```go
+message := []byte("This is the message to be signed by myself, for myself.")
+
+createSigArgs := wallet.CreateSignatureArgs{
+    EncryptionArgs: wallet.EncryptionArgs{
+        ProtocolID: selfProtocolID,
+        KeyID:      selfKeyID,
+        Counterparty: wallet.Counterparty{ // Explicitly set for self-signing
+            Type: wallet.CounterpartyTypeSelf,
+        },
+    },
+    Data: wallet.JsonByteNoBase64(message),
+}
+sigResult, _ := signerWallet.CreateSignature(context.Background(), createSigArgs, "signer_originator")
+```
+To sign for "self", `EncryptionArgs.Counterparty` is explicitly set to `wallet.Counterparty{Type: wallet.CounterpartyTypeSelf}`.
+
+### 3. Verify Signature (by Self)
+
+```go
+verifyArgs := wallet.VerifySignatureArgs{
+    EncryptionArgs: wallet.EncryptionArgs{
+        ProtocolID: selfProtocolID, // Must match signing
+        KeyID:      selfKeyID,      // Must match signing
+        Counterparty: wallet.Counterparty{ // Explicitly set for self-verification
+            Type: wallet.CounterpartyTypeSelf,
+        },
+    },
+    Data:      wallet.JsonByteNoBase64(message),
+    Signature: sigResult.Signature,
+    // ForSelf field is NOT used here; Counterparty in EncryptionArgs dictates self-verification
+}
+verifyResult, _ := signerWallet.VerifySignature(context.Background(), verifyArgs, "verifier_originator")
+// verifyResult.Valid will be true
+```
+To verify a signature made by the same wallet (self-verification), `EncryptionArgs.Counterparty` is again set to `wallet.Counterparty{Type: wallet.CounterpartyTypeSelf}`. The top-level `ForSelf` field in `VerifySignatureArgs` is not used in this scenario.
+
+### 4. Verification with Tampered Data (Failure Case)
+
+```go
+tamperedMessage := []byte("This is NOT the message that was signed.")
+verifyArgsTampered := verifyArgs
+verifyArgsTampered.Data = wallet.JsonByteNoBase64(tamperedMessage)
+
+// This call is expected to return an error, or result.Valid == false
+tamperedVerifyResult, err := signerWallet.VerifySignature(context.Background(), verifyArgsTampered, "verifier_tampered_originator")
+// if err != nil, verification failed as expected.
+// if err == nil and !tamperedVerifyResult.Valid, verification failed as expected.
+```
+If the data is altered, `VerifySignature` will indicate failure, either by returning an error (e.g., "signature is not valid") or by returning a result with `Valid` as `false`.
+
+### 5. Signing and Verifying a Pre-computed Hash (for Self)
+
+Similar to signing raw data, when signing a pre-computed hash for a "self" operation:
+
+```go
+messageHash := sha256.Sum256(message) // Pre-compute SHA256 hash
+
+createSigForHashArgs := wallet.CreateSignatureArgs{
+    EncryptionArgs: wallet.EncryptionArgs{
+        ProtocolID: /* define appropriate ProtocolID */,
+        KeyID:      /* define appropriate KeyID */,
+        Counterparty: wallet.Counterparty{
+            Type: wallet.CounterpartyTypeSelf,
+        },
+    },
+    HashToDirectlySign: wallet.JsonByteNoBase64(messageHash[:]),
+}
+sigFromHashResult, _ := signerWallet.CreateSignature(context.Background(), createSigForHashArgs, "signer_originator_hash")
+
+// Verification of signature made from hash (by self)
+verifyHashArgs := wallet.VerifySignatureArgs{
+    EncryptionArgs: createSigForHashArgs.EncryptionArgs, // Match args from hash signing
+    HashToDirectlyVerify: wallet.JsonByteNoBase64(messageHash[:]),
+    Signature:            sigFromHashResult.Signature,
+}
+verifyHashResult, _ := signerWallet.VerifySignature(context.Background(), verifyHashArgs, "verifier_originator_hash")
+// verifyHashResult.Valid will be true
+```
+Again, `CounterpartyTypeSelf` is used in `EncryptionArgs` for both creation and verification.
+
+## Running the Example
+
+To run this example:
+
+```bash
+cd go-sdk/docs/examples/create_signature
+go mod tidy
+go run create_signature.go
+```
+
+## Key Concepts
+
+- **Digital Signature**: Ensures data authenticity and integrity.
+- **ECDSA**: Elliptic Curve Digital Signature Algorithm.
+- **`wallet.CreateSignatureArgs` / `wallet.VerifySignatureArgs`**: Structs for signing/verification parameters.
+- **`EncryptionArgs`**: Embedded in the above, contains `ProtocolID`, `KeyID`, and `Counterparty`.
+- **`KeyID`**: Mandatory identifier for keying material. Length must be >= 1 character.
+- **`ProtocolID.Protocol`**: String identifying the protocol. Length must be >= 5 chars, containing only letters, numbers, and spaces.
+- **`CounterpartyTypeSelf`**: Used in `EncryptionArgs.Counterparty.Type` when a wallet signs data for itself or verifies its own signatures.
+- When using `wallet.VerifySignature` for self-verification with `CounterpartyTypeSelf` in `EncryptionArgs`, the top-level `VerifySignatureArgs.ForSelf` field is not set.
+
+## Additional Resources
+
+- [go-sdk `wallet` package documentation](https://pkg.go.dev/github.com/bsv-blockchain/go-sdk/wallet)
+- [go-sdk `primitives/ec` package documentation](https://pkg.go.dev/github.com/bsv-blockchain/go-sdk/primitives/ec)
+- SDK tests, particularly `wallet/wallet_test.go` (`TestDefaultSignatureOperations`), can provide further examples.