fix: Use pubkey instead of pubKey in encrypted key JSON (#721)

dknopik · web-flow · commit a66e5bfa58df · 2025-11-05T19:49:21.000Z
- #712 - use `#[serde(alias = "pubKey")]` to allow deserializing old keys while serialising with the new name `pubkey` - Add a test to handle both cases Co-Authored-By: Daniel Knopik <daniel@dknopik.de>
diff --git a/anchor/common/operator_key/src/encrypted.rs b/anchor/common/operator_key/src/encrypted.rs
@@ -2,7 +2,10 @@
 //!
 //! A JSON "`crypto`" object as defined in
 //! [EIP-2335](https://eips.ethereum.org/EIPS/eip-2335#json-schema), with an additional optional
-//! "`pubKey`" property containing the public key as encoded by [`public::to_base64`].
+//! "`pubkey`" property containing the public key as encoded by [`public::to_base64`].
+//!
+//! For backward compatibility, the property name "`pubKey`" (capital K) is also accepted when
+//! deserializing, but new keys will be generated with "`pubkey`" (lowercase).
 //!
 //! Example structure:
 //!
@@ -30,7 +33,7 @@
 //!       "salt": "..."
 //!     }
 //!   },
-//!   "pubKey": "..."
+//!   "pubkey": "..."
 //! }
 //! ```
 use eth2_keystore::{
@@ -52,7 +55,7 @@ use crate::{ConversionError, public};
 pub struct EncryptedKey {
     #[serde(default)]
     #[serde(skip_serializing_if = "Option::is_none")]
-    #[serde(rename = "pubKey")]
+    #[serde(alias = "pubKey")]
     pubkey: Option<String>,
     kdf: KdfModule,
     checksum: ChecksumModule,
@@ -92,8 +95,9 @@ impl EncryptedKey {
 
     /// Decrypt the private key from the keystore.
     ///
-    /// If the pubkey was provided along the encrypted key in a "pubKey" attribute, it is verified
-    /// whether the encrypted key matches the public key.
+    /// If the pubkey was provided along the encrypted key in a "pubkey" attribute, it is verified
+    /// whether the encrypted key matches the public key. "pubKey" is also accepted for backwards
+    /// compatibility with legacy keys.
     pub fn decrypt(&self, password: &str) -> Result<Rsa<Private>, DecryptionError> {
         let pem = eth2_keystore::decrypt(password.as_ref(), &self.as_crypto())
             .map_err(DecryptionError::Keystore)?;
@@ -190,4 +194,24 @@ mod tests {
                 .unwrap();
         encrypted.decrypt(password).unwrap();
     }
+
+    #[test]
+    fn test_decrypt_legacy() {
+        let password = "what";
+        let encrypted = EncryptedKey::try_from(include_str!(
+            "../test_keys/encrypted_private_key_legacy.json"
+        ))
+        .unwrap();
+        encrypted.decrypt(password).unwrap();
+    }
+
+    #[test]
+    fn test_encrypt_uses_lowercase_pubkey() {
+        let key = Rsa::generate(2048).unwrap();
+        let password = "test";
+        let encrypted = EncryptedKey::encrypt(&key, password).unwrap();
+        let json = serde_json::to_string(&encrypted).unwrap();
+        assert!(json.contains(r#""pubkey":"#));
+        assert!(!json.contains(r#""pubKey":"#));
+    }
 }
diff --git a/anchor/common/operator_key/test_keys/encrypted_private_key.json b/anchor/common/operator_key/test_keys/encrypted_private_key.json
@@ -21,5 +21,5 @@
       "salt": "53e68d757f65be53199a03888f3746ee26fbdb50a69db2972fb1e7443377ac60"
     }
   },
-  "pubKey": "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMTRrYVorbHZlV3E5cDZyQ2FBVmkKUVA2cEJ0N1d6SDFHKzdta0ZiMSt4MnlhM2luZWgvSnlRN2lwb3Q0czdkblcvbmZrZnlYZGNSUWlqZG00blB1MApxV0VaSGZ3M0dZZlg1dm91S05qQkdOTWhsSWlHU2pNSVdjU0s0NVExMHRkdjRWOFFYTlpFYXFVRkRCbUM0QjUyCldxK25IaGJtVDJLY09ESVdGTllHNVFFTks5WEFYSmY2L2RoenJqcnQ5WlVZR3B0N0dwemI3VGx1MThtS1NjNjMKRTdsQnRyNTdZUUkyTXlRa25zZnNhV3ZQNmR6bUQ0NDJnYkF6elZPYkFDY0s5WmxMQUNhNG5xbGRTT2JqcExzSApCbzFpQU03Um9vV09lQ0ZSMXpMdXpGbTZKaXAxaEcreW5RNnI2Mk43L0ZSc2VJb1dtU2VmUmwzTzRsbEZZR3J4Cjh3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K"
-}
+  "pubkey": "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMTRrYVorbHZlV3E5cDZyQ2FBVmkKUVA2cEJ0N1d6SDFHKzdta0ZiMSt4MnlhM2luZWgvSnlRN2lwb3Q0czdkblcvbmZrZnlYZGNSUWlqZG00blB1MApxV0VaSGZ3M0dZZlg1dm91S05qQkdOTWhsSWlHU2pNSVdjU0s0NVExMHRkdjRWOFFYTlpFYXFVRkRCbUM0QjUyCldxK25IaGJtVDJLY09ESVdGTllHNVFFTks5WEFYSmY2L2RoenJqcnQ5WlVZR3B0N0dwemI3VGx1MThtS1NjNjMKRTdsQnRyNTdZUUkyTXlRa25zZnNhV3ZQNmR6bUQ0NDJnYkF6elZPYkFDY0s5WmxMQUNhNG5xbGRTT2JqcExzSApCbzFpQU03Um9vV09lQ0ZSMXpMdXpGbTZKaXAxaEcreW5RNnI2Mk43L0ZSc2VJb1dtU2VmUmwzTzRsbEZZR3J4Cjh3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K"
+}
diff --git a/anchor/common/operator_key/test_keys/encrypted_private_key_legacy.json b/anchor/common/operator_key/test_keys/encrypted_private_key_legacy.json
@@ -0,0 +1,25 @@
+{
+  "checksum": {
+    "function": "sha256",
+    "message": "1b768c60e2f60db30a600c053c103eda455d43738b2b35e788b7652e39c5d821",
+    "params": {}
+  },
+  "cipher": {
+    "function": "aes-128-ctr",
+    "message": "ced24f5df175f923a50b7a45c0a56e8eafd4a83ccf53a8b1a97ce78f2552950d3ab1e02320089e106f91b6291c8b01e7603eb6acb77ccd50c4490152d5e1e09859f623738d214de6ba707d6db807c68945bc9b013d057b79ee09529aae13d1aed35d2ac68be9849db883b815cc72eec60b3f82a91a972061654a36079234c72a03a24d192c9bdc9572bb368162dee94a3168d8b29cb7404855cdc141dacab3500473625aa3c105c74323b54d350fe73d52c0cb8c0410952133c397572c0fbaa3b470b73dc35da30346a069a72ef21954b5ff27943a43dcd3439f1e3a4ef50ce4bc649348f98d2125c0ccd9d93731d8f7fbd31e5dd18abf890e704d10060481e5fbb03bc77f48e237ec72411ee80dc0ce244ca94792ca151b1206291413fa3221de35002ca5c9fe6bd014aeb57e5115f4a1a8879ff979424c827759ab9e964405866a3ebe021900d2c52f267c55c2f6d84913e3de0fa033f9a776b034f9db72e0736fab44082afd01036f9d10b49500a0166280777e07215d5b0e344d91e7b9dec21c5e05386a45e9d049a9c75d5e27d5695cdf6c629478941aae4f65294e06752c3bb340377bb825db8dd7697fdf3d6fe326362b80451ab8b7544aebe7f00bea149ad510ed687eaef501fd3f711e2dc53897b20aac547a037d22acf17c2a0fe4fbc10abe50f8975ed89a076ba830558d112a24f817210d51ec340a69c4c33b7cde15b77787fbaf4461fa84bcec52bf0387c629376798439dc1ab6c103c529e3062485d250e4baa98530df307158ca2a93ceccab927d3791fcb16562224e9fec014d3121e0cfd032c60b4a7963291ace10ffd596c7c20b981e6179336ca9e2597d1c4b5d5a89384d208abbf09d57009dda4fb7f3d94309fa037900bf06b009ded28a469fa614b935b4368182e6c85815a3afe5834d220e6ae133831ae3d92af87167438b5003e7e81f2cbf332f8391c4b2a1bd31535c53b49bbfa2dbf5fd42131734c990f99c0231bab17a6b6004d19324dce11e6254511e0ee95391af5fbf3958cc1b0e96135b0006d1716aaa1bf5f9aa499737d6c32af22cb1eb6a845a69c6515a221b4034b6dabfc9d84b76ac5fd6998d60bad0503b427542f26334535d22da6299440f5bb08cbf62b0aa2a1256963c52c8b955fdf07f8fac32d860d8c0d5693c2f6aeb159a371ffdf596f4b25e0c6a8c50d672ddc612f4b6631d07ae1d20b5d36bc765b2f4d6586e5363d66fe24c82b8bfb7e093c68ef6ed54462ccfe3d41a623d1a9cf080de0e48e91a01698c8ccec6f459af84dbc1cf9c5a3696c9757d597e94c76016a098dccae8872c9a52352e981456929d76946f83f87c08af8f098b234f611b8a9f1af14a50b370053ad95cb0364179f44c4f695c0b3be7254afaf582c9f36fab0c37e51bc27decb0e7007ad1fcfa7e00f4ea50e96ccc14bf495dfccde3c333172dd8b3b0f791e5e47d0141bb29e33b23beebe48c44b89546586195c5e186e3e9a271a1085915f6f698939bf83498bda661275b46c7d15a74ccdd896e4c9b3f0c670523ab506983fe24b20f709ecae5a2edce8652708359372efb034a15d5cb01daf9104604cec0610732eb77e874621f48eaaebef0e73fae85640e6f2a04d1691ce81e30264ff27c821664d892d065a170cbbba12f7ed23fa77822e0cc1485f6389139856d88b85bcca1107c75c3ac569c373b2aeab53057611c749a20cee29a9dbffe923e99606cf86a83aecc14fa75d2df65f8a51ecf81e9e121948fc9e2dd5e7f1247d4f4ae1b00e3540dafc7740a391bb57915bb4d65f518f4fb399869adfe7d7ef9c4fadc14a58c12a02bd635358697b05a04c1002592f3e718d2702cfc69c01c6e0bd298444d7750964e7649860939b2660cb59df5b0f8365324b5a1f1936204bd2f3d2639dc3ff702485cbcb5687a399857040cabe84c8fd81aca4d439ea45222a12188f212ddb73c80167266f1c47d0d42393d06827be6a7f208c77b073e022ce4d0358c6ea48a1bcb0971ac8e71d52938112b8e4daa920814e29e479e6cdb910fe69cdb895306d044aec73b0be59be074b73da59569891760a89b6c0bec14ef05f563998669b27140783cb844eeb828642bf4ae1c27d154b2da335d0aa83c0cf5b640e7307a829fefc669e5bcd86b75e8935b75c14606f8e0364df2e1d4b9738612f31f8b04a4480df09ad047db678a0445964e38be3b74a301f862da3c0100a93edc2c8b2a8db141780dab66c0b005c05a24e42a41b82ea40decaec449cacb51b7d720a88f1469383921b0e42fede04492f1284833d40ea3468cbe3f069d54f471caf876e77366eb8e0e33da34adaa0414b271c7f26d9674c3827b81f0598db8c",
+    "params": {
+      "iv": "127a7adc1297ff1c3915c073f4a69ebe"
+    }
+  },
+  "kdf": {
+    "function": "pbkdf2",
+    "message": "",
+    "params": {
+      "c": 262144,
+      "dklen": 32,
+      "prf": "hmac-sha256",
+      "salt": "53e68d757f65be53199a03888f3746ee26fbdb50a69db2972fb1e7443377ac60"
+    }
+  },
+  "pubKey": "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMTRrYVorbHZlV3E5cDZyQ2FBVmkKUVA2cEJ0N1d6SDFHKzdta0ZiMSt4MnlhM2luZWgvSnlRN2lwb3Q0czdkblcvbmZrZnlYZGNSUWlqZG00blB1MApxV0VaSGZ3M0dZZlg1dm91S05qQkdOTWhsSWlHU2pNSVdjU0s0NVExMHRkdjRWOFFYTlpFYXFVRkRCbUM0QjUyCldxK25IaGJtVDJLY09ESVdGTllHNVFFTks5WEFYSmY2L2RoenJqcnQ5WlVZR3B0N0dwemI3VGx1MThtS1NjNjMKRTdsQnRyNTdZUUkyTXlRa25zZnNhV3ZQNmR6bUQ0NDJnYkF6elZPYkFDY0s5WmxMQUNhNG5xbGRTT2JqcExzSApCbzFpQU03Um9vV09lQ0ZSMXpMdXpGbTZKaXAxaEcreW5RNnI2Mk43L0ZSc2VJb1dtU2VmUmwzTzRsbEZZR3J4Cjh3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K"
+}

Original file line number	Diff line number	Diff line change
`@@ -21,5 +21,5 @@`
`21`	`21`	`"salt": "53e68d757f65be53199a03888f3746ee26fbdb50a69db2972fb1e7443377ac60"`
`22`	`22`	`}`
`23`	`23`	`},`
`24`		- "pubKey": "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMTRrYVorbHZlV3E5cDZyQ2FBVmkKUVA2cEJ0N1d6SDFHKzdta0ZiMSt4MnlhM2luZWgvSnlRN2lwb3Q0czdkblcvbmZrZnlYZGNSUWlqZG00blB1MApxV0VaSGZ3M0dZZlg1dm91S05qQkdOTWhsSWlHU2pNSVdjU0s0NVExMHRkdjRWOFFYTlpFYXFVRkRCbUM0QjUyCldxK25IaGJtVDJLY09ESVdGTllHNVFFTks5WEFYSmY2L2RoenJqcnQ5WlVZR3B0N0dwemI3VGx1MThtS1NjNjMKRTdsQnRyNTdZUUkyTXlRa25zZnNhV3ZQNmR6bUQ0NDJnYkF6elZPYkFDY0s5WmxMQUNhNG5xbGRTT2JqcExzSApCbzFpQU03Um9vV09lQ0ZSMXpMdXpGbTZKaXAxaEcreW5RNnI2Mk43L0ZSc2VJb1dtU2VmUmwzTzRsbEZZR3J4Cjh3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K"
`25`		`-}`
	`24`	+ "pubkey": "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMTRrYVorbHZlV3E5cDZyQ2FBVmkKUVA2cEJ0N1d6SDFHKzdta0ZiMSt4MnlhM2luZWgvSnlRN2lwb3Q0czdkblcvbmZrZnlYZGNSUWlqZG00blB1MApxV0VaSGZ3M0dZZlg1dm91S05qQkdOTWhsSWlHU2pNSVdjU0s0NVExMHRkdjRWOFFYTlpFYXFVRkRCbUM0QjUyCldxK25IaGJtVDJLY09ESVdGTllHNVFFTks5WEFYSmY2L2RoenJqcnQ5WlVZR3B0N0dwemI3VGx1MThtS1NjNjMKRTdsQnRyNTdZUUkyTXlRa25zZnNhV3ZQNmR6bUQ0NDJnYkF6elZPYkFDY0s5WmxMQUNhNG5xbGRTT2JqcExzSApCbzFpQU03Um9vV09lQ0ZSMXpMdXpGbTZKaXAxaEcreW5RNnI2Mk43L0ZSc2VJb1dtU2VmUmwzTzRsbEZZR3J4Cjh3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K"
	`25`	`+}`