Add ECIES encryption support to subxt-signer

hitchhooker · hitchhooker · commit 3374cadf8e2c · 2026-03-13T22:19:55.000+07:00
Adds encrypt/decrypt methods to sr25519::Keypair using schnorrkel's new ECIES module. Gated behind the `ecies` feature flag. Depends on: paritytech/schnorrkel#116
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -173,7 +173,7 @@ bip39 = { version = "2.1.0", default-features = false }
 bip32 = { version = "0.5.2", default-features = false }
 hmac = { version = "0.12.1", default-features = false }
 pbkdf2 = { version = "0.12.2", default-features = false }
-schnorrkel = { version = "0.11.4", default-features = false }
+schnorrkel = { version = "0.11.5", default-features = false, git = "https://github.com/hitchhooker/schnorrkel", branch = "ecies" }
 secp256k1 = { version = "0.30.0", default-features = false }
 keccak-hash = { version = "0.11.0", default-features = false }
 secrecy = "0.10.3"
diff --git a/signer/Cargo.toml b/signer/Cargo.toml
@@ -36,6 +36,7 @@ std = [
 # ecdsa compiling to WASM on my mac; following this comment helped:
 # https://github.com/rust-bitcoin/rust-bitcoin/issues/930#issuecomment-1215538699
 sr25519 = ["schnorrkel"]
+ecies = ["sr25519", "schnorrkel/ecies"]
 ecdsa = ["secp256k1"]
 unstable-eth = ["keccak-hash", "ecdsa", "secp256k1", "bip32"]
 
diff --git a/signer/examples/ecies.rs b/signer/examples/ecies.rs
@@ -0,0 +1,38 @@
+// Copyright 2019-2026 Parity Technologies (UK) Ltd.
+// This file is dual-licensed as Apache-2.0 or GPL-3.0.
+// see LICENSE for license details.
+
+//! ECIES encryption/decryption example using sr25519 dev accounts.
+
+use subxt_signer::sr25519;
+
+fn main() {
+    let alice = sr25519::dev::alice();
+    let bob = sr25519::dev::bob();
+
+    let plaintext = b"The quick brown fox jumps over the lazy dog";
+    let ctx = b"example-ecies-v1";
+
+    // Alice encrypts a message for Bob
+    let encrypted = alice
+        .encrypt(plaintext, &bob.public_key(), ctx)
+        .expect("encryption failed");
+
+    println!("Plaintext:  {} bytes", plaintext.len());
+    println!("Ciphertext: {} bytes (overhead: {} bytes)", encrypted.len(), encrypted.len() - plaintext.len());
+
+    // Bob decrypts
+    let decrypted = bob.decrypt(&encrypted, ctx).expect("decryption failed");
+    assert_eq!(&decrypted[..], plaintext);
+    println!("Bob decrypted successfully: {:?}", core::str::from_utf8(&decrypted).unwrap());
+
+    // Alice cannot decrypt (wrong key)
+    let result = alice.decrypt(&encrypted, ctx);
+    assert!(result.is_err());
+    println!("Alice cannot decrypt Bob's message: {:?}", result.unwrap_err());
+
+    // Wrong context fails
+    let result = bob.decrypt(&encrypted, b"wrong-context");
+    assert!(result.is_err());
+    println!("Wrong context fails: {:?}", result.unwrap_err());
+}
diff --git a/signer/src/sr25519.rs b/signer/src/sr25519.rs
@@ -182,6 +182,49 @@ impl Keypair {
         let signature = self.0.sign(context.bytes(message));
         Signature(signature.to_bytes())
     }
+
+    /// Encrypt `plaintext` for `recipient` using ECIES over sr25519.
+    ///
+    /// The `ctx` parameter provides domain separation — use a unique
+    /// application-specific byte string (e.g. `b"my-app-v1"`).
+    ///
+    /// # Example
+    ///
+    /// ```rust,standalone_crate
+    /// use subxt_signer::sr25519;
+    ///
+    /// let alice = sr25519::dev::alice();
+    /// let bob = sr25519::dev::bob();
+    ///
+    /// let encrypted = alice.encrypt(b"secret message", &bob.public_key(), b"example")
+    ///     .expect("encryption works");
+    /// let decrypted = bob.decrypt(&encrypted, b"example")
+    ///     .expect("decryption works");
+    /// assert_eq!(decrypted, b"secret message");
+    /// ```
+    #[cfg(feature = "ecies")]
+    pub fn encrypt(
+        &self,
+        plaintext: &[u8],
+        recipient: &PublicKey,
+        ctx: &[u8],
+    ) -> Result<alloc::vec::Vec<u8>, schnorrkel::ecies::EciesError> {
+        let recipient_pk = schnorrkel::PublicKey::from_bytes(&recipient.0)
+            .map_err(|_| schnorrkel::ecies::EciesError::InvalidEphemeralKey)?;
+        schnorrkel::ecies::encrypt(plaintext, &recipient_pk, ctx)
+    }
+
+    /// Decrypt an ECIES ciphertext using this keypair's secret key.
+    ///
+    /// The `ctx` must match the context used during encryption.
+    #[cfg(feature = "ecies")]
+    pub fn decrypt(
+        &self,
+        ciphertext: &[u8],
+        ctx: &[u8],
+    ) -> Result<alloc::vec::Vec<u8>, schnorrkel::ecies::EciesError> {
+        schnorrkel::ecies::decrypt(ciphertext, &self.0.secret, ctx)
+    }
 }
 
 /// Verify that some signature for a message was created by the owner of the [`PublicKey`].
