auth/com.midnight.kuira.core.auth/SeedVault/storeSeed

storeSeed

suspend fun storeSeed(activity: FragmentActivity, seedProducer: () -> PlaintextSeed)

Encrypts and stores the wallet seed material.

Shows a biometric prompt to unlock the Keystore master key, encrypts the concatenated entropy+seed with AES-256-GCM, and writes the result atomically to app-private storage.

The seedProducer lambda is invoked ONLY AFTER biometric auth succeeds, which minimizes the time the plaintext seed is resident in memory. If the user cancels the prompt, seedProducer is never called.

The returned PlaintextSeed is wiped automatically after encryption — callers should NOT hold their own reference to it.

Exception propagation: android.security.keystore.KeyPermanentlyInvalidatedException may be thrown synchronously from the Keystore if the key was invalidated.

Parameters

activity

The FragmentActivity hosting the biometric prompt

seedProducer

Lambda that produces the plaintext seed. Called once, immediately after successful biometric authentication.

Throws

IllegalStateException

if a seed already exists (call deleteSeed first)

AuthenticationCancelledException

if the user cancelled the biometric prompt

AuthenticationFailedException

if biometric authentication failed