1 files changed, 26 insertions, 0 deletions

diff --git a/packages/anastasis-core/src/crypto.ts b/packages/anastasis-core/src/crypto.ts
index 8df893f4b..da8338636 100644
--- a/packages/anastasis-core/src/crypto.ts
+++ b/packages/anastasis-core/src/crypto.ts
@@ -185,6 +185,7 @@ async function anastasisDecrypt(
 export const asOpaque = (x: string): OpaqueData => x;
 const asEncryptedKeyShare = (x: OpaqueData): EncryptedKeyShare => x as string;
 const asEncryptedTruth = (x: OpaqueData): EncryptedTruth => x as string;
+const asKeyShare = (x: OpaqueData): KeyShare => x as string;
 
 export async function encryptKeyshare(
   keyShare: KeyShare,
@@ -198,6 +199,17 @@ export async function encryptKeyshare(
   );
 }
 
+export async function decryptKeyShare(
+  encKeyShare: EncryptedKeyShare,
+  userId: UserIdentifier,
+  answerSalt?: string,
+): Promise<KeyShare> {
+  const s = answerSalt ?? "eks";
+  return asKeyShare(
+    await anastasisDecrypt(asOpaque(userId), asOpaque(encKeyShare), s),
+  );
+}
+
 export async function encryptTruth(
   nonce: EncryptionNonce,
   truthEncKey: TruthKey,
@@ -226,6 +238,20 @@ export interface CoreSecretEncResult {
   encMasterKeys: EncryptedMasterKey[];
 }
 
+export async function coreSecretRecover(args: {
+  encryptedMasterKey: OpaqueData;
+  policyKey: PolicyKey;
+  encryptedCoreSecret: OpaqueData;
+}): Promise<OpaqueData> {
+  const masterKey = await anastasisDecrypt(
+    asOpaque(args.policyKey),
+    args.encryptedMasterKey,
+    "emk",
+  );
+  console.log("recovered master key", masterKey);
+  return await anastasisDecrypt(masterKey, args.encryptedCoreSecret, "cse");
+}
+
 export async function coreSecretEncrypt(
   policyKeys: PolicyKey[],
   coreSecret: OpaqueData,