blockchain-kit-sdk/com.cramium.blockchain.kit.storage.backup.vault/PortableEscrowKekVault

PortableEscrowKekVault

class PortableEscrowKekVault : GuardianGatedEscrowVaultOperations

Portable implementation of GuardianGatedEscrowVaultOperations.

For testing only. Simulates a backend vault for assisted recovery without network calls. Persists escrowed KEKs to KeyValueStorageInterface so they survive across sessions (simulating a real guardian service).

HSM Simulation:

  • On escrowKek(): encrypts the KEK with a simulated Master Key (AES-256-GCM)

  • On retrieveKek(): decrypts the KEK with the simulated Master Key

  • The plaintext KEK is NEVER stored — only the encrypted ciphertext

Types

Link copied to clipboard
object Companion

Functions

Link copied to clipboard
open suspend override fun escrowKek(recoveryId: String, kekId: String, kekPlaintext: ByteArray)

Escrow a KEK during backup creation.

Link copied to clipboard
suspend fun exportPlaintextKek(recoveryId: String, kekId: String): ByteArray

Export the plaintext KEK for a given recoveryId + kekId.

Link copied to clipboard
suspend fun importPlaintextKek(recoveryId: String, kekId: String, kekPlaintext: ByteArray)

Import a plaintext KEK into the vault for a given recoveryId + kekId.

Link copied to clipboard
fun reset()

Reset all vault state between tests.

Link copied to clipboard
open suspend override fun retrieveKek(recoveryId: String, kekId: String): ByteArray

Retrieve an escrowed KEK during restore.

Generated by Dokka
(c) 2026 Sovrency