identity/com.midnight.kuira.core.identity.backup

Package-level declarations

Types

class AppStateBackup(passkeyManager: PasskeyManager, storage: BackupStorage)

Coordinates PRF-encrypted backup and restore of app-specific state (e.g. Kicks's MatchStore witnesses + commitments, BBoard drafts, future game/agent state).

AppStateBackupEncryptor

object AppStateBackupEncryptor

AES-256-GCM encryption for the AppStateBackup blob.

AuthorizeOutcome

sealed interface AuthorizeOutcome

Result of an authorization attempt.

BackupDecryptionException

class BackupDecryptionException(message: String, cause: Throwable? = null) : Exception

BackupException

class BackupException(message: String, cause: Throwable? = null) : Exception

BackupStorage

interface BackupStorage

Storage-agnostic interface for encrypted backup blobs.

BlockStoreBackupStorage

class BlockStoreBackupStorage(context: Context) : BackupStorage

Google Block Store implementation of BackupStorage.

DriveAuth

data class DriveAuth(val accessToken: String, val accountEmail: String?)

An OAuth access token (+ the account it was granted on) for the Google Drive appDataFolder scope. The token is short-lived and held only in memory by callers — never persisted by us.

DriveAuthManager

interface DriveAuthManager

Obtains authorization for the Drive appDataFolder scope via Play Services AuthorizationClient. This is separate from the passkey/Credential-Manager flow but resolves to the same Google account the user picks at consent.

DriveBackupStorage

class DriveBackupStorage(fileName: String, tokenProvider: suspend (forceRefresh: Boolean) -> String) : BackupStorage

BackupStorage over Google Drive's appDataFolder — a hidden, per-account folder that syncs across the user's devices and is invisible in the Drive UI. Right for the large (~500 KB) encrypted dust-state blob that exceeds Block Store's 4 KB/entry cap.

DustBackupEncryptor

object DustBackupEncryptor

AES-256-GCM encryption for the dust cloud-backup bundle.

DustBackupEntry

data class DustBackupEntry(val address: String, val lastEventId: Long, val stateBytes: ByteArray)

One network's dust checkpoint: the serialized com.midnight.kuira.core.crypto.dust.DustLocalState bytes plus the last-applied event id needed to resume as a delta. Keyed by the network-prefixed wallet address (e.g. mn_addr_preprod…).

DustCloudBundleCodec

object DustCloudBundleCodec

Plaintext (pre-encryption) wire format for the dust cloud backup — a single versioned container holding one entry per network the user has dust on (≤3).

PlayServicesDriveAuthManager

class PlayServicesDriveAuthManager(context: Context) : DriveAuthManager

PrfKeyDeriver

object PrfKeyDeriver

Derives an AES-256-GCM encryption key from PRF output using HKDF-SHA256.

PrfSeedMaterial

class PrfSeedMaterial(val entropy: ByteArray, val bip39Seed: ByteArray)

Both halves of the passkey-PRF derivation: the 32-byte BIP-39 entropy (= raw PRF output) and the 64-byte BIP-39 seed. Returned together by SeedDeriver.derivePrfMaterial so consumers needing both don't pay two biometric prompts.

RestoredAppState

class RestoredAppState(val appMetadata: ByteArray)

Restored app state — just the metadata bytes the host wrote on a previous backup. Caller MUST call wipe after handing the bytes to the host's AppDataBackupProvider.

SeedDerivedKeyDeriver

object SeedDerivedKeyDeriver

Derives the AES-256 key for the dust cloud backup from the wallet's dust seed via HKDF-SHA256.

SeedDeriver

object SeedDeriver

Derives wallet seed material from the user's passkey via the WebAuthn PRF extension.

SigilRequiredException

class SigilRequiredException(message: String = "No sigil found — forge a passkey first") : Exception

Thrown by seed-derivation paths (and sigil-derivation paths) that require the user to have a forged passkey.

Functions

silentTokenOrThrow

suspend fun DriveAuthManager.silentTokenOrThrow(): String

Returns a drive.appdata access token without UI, or throws if consent has not been granted yet. Use from headless paths (e.g. the dust backup coordinator during a routine refresh) — the first-time consent must come from a UI flow (DriveAuthManager.authorize + launching the IntentSender).