compact-engine/com.midnight.kuira.core.compact.state/KeyStorePrivateStateProvider

KeyStorePrivateStateProvider

class KeyStorePrivateStateProvider(context: Context) : PrivateStateProvider

Encrypts dApp private state using Android KeyStore + AES-256-GCM.

Data is stored in SharedPreferences as Base64-encoded ciphertext. The encryption key lives in Android KeyStore (never leaves secure hardware).

Single key design: All dApp state shares one KeyStore alias. This is intentional — Android KeyStore is the trust boundary, not individual aliases. An attacker with KeyStore access can read all aliases equally. Per-contract keys would add complexity without meaningful security benefit.

Storage layout:

  • Pref file: "kuira_private_state"

  • Key format: "{len}:{contractAddress}:{stateId}" (length-prefixed, collision-safe)

  • Value format: Base64(ivLen(1) + IV + ciphertext + GCM tag)

Constructors

Link copied to clipboard
constructor(context: Context)

Types

Link copied to clipboard
object Companion

Functions

Link copied to clipboard
open override fun clearContract(contractAddress: String)

Remove all state entries for a contract.

Link copied to clipboard
open override fun get(contractAddress: String, stateId: String): ByteArray?

Get private state bytes, or null if not stored.

Link copied to clipboard
open override fun has(contractAddress: String, stateId: String): Boolean

Check if a state entry exists.

Link copied to clipboard
open override fun isKeyStoreHealthy(): Boolean

Check if the encryption key is accessible.

Link copied to clipboard
open override fun remove(contractAddress: String, stateId: String)

Remove a single state entry.

Link copied to clipboard
open override fun set(contractAddress: String, stateId: String, data: ByteArray)

Store private state bytes. Max MAX_STATE_SIZE_BYTES per entry.