feat: migrate remaining sync decrypt/encrypt calls

[bdesoky]

Ticket: WCN-284

This pull request introduces a comprehensive migration from synchronous encryption and decryption methods to their asynchronous counterparts throughout the codebase, with a focus on improving support for v2 encryption. The changes affect key management, wallet operations, transaction verification, and API routes, ensuring better scalability and compatibility with modern cryptographic practices. Additionally, new async verification utilities are introduced, and related tests and error messages are updated accordingly.

Migration to Async Encryption/Decryption:

• Replaced all usages of encrypt and decrypt with encryptAsync and decryptAsync in wallet logic (lightning.ts, selfCustodialLightning.ts), UTXO coin and transaction verification, and Express API handlers to support v2 encryption and improve non-blocking behavior. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]

Async Key Verification Utilities:

• Added verifyUserPublicKeyAsync to verifyKey.ts and updated transaction and coin verification logic to use the new async method, while preserving the synchronous version for backward compatibility. [1] [2] [3] [4] [5] [6] [7]

Refactoring and API Consistency:

• Refactored helper functions and type signatures to be async, including decryption helpers and key derivation logic in Express Lightning routes, to ensure consistency across all API endpoints. [1] [2] [3]

Test and Error Message Updates:

• Updated tests to use async stubs and improved error messages for decryption failures to reflect the new async flow and provide clearer diagnostics. [1] [2] [3] [4]

Backward Compatibility and Deprecation:

• Marked synchronous methods as deprecated where appropriate, and provided clear migration paths to async methods, especially in UTXO coin classes and key verification utilities. [1] [2]

These changes collectively modernize the cryptographic operations in the codebase, preparing it for future enhancements and improved security practices.

[linear-code]

WCN-284

[vinhkhangtieu]

migrate decrypt/encrypt call to async

[margueriteblair]

migration

[bdesoky]

@claude

[github-actions]

Claude finished @bdesoky's task —— View job

---

PR Analysis: Migrate Sync Decrypt/Encrypt Calls ✅

I've completed a comprehensive analysis of this PR that migrates synchronous encryption/decryption calls to asynchronous versions across the codebase.

Todo List:

• Set up repository and examine PR changes
• Review the migration approach and implementation
• Check for completeness of the sync-to-async migration
• Analyze key files for correctness and potential issues
• Verify backward compatibility measures
• Run linting/testing if possible
• Provide comprehensive review feedback

Review Summary

Overall Assessment: This is a well-executed migration that systematically converts synchronous encrypt/decrypt calls to their asynchronous counterparts (encryptAsync/decryptAsync) across the entire codebase. The changes are comprehensive, consistent, and maintain backward compatibility.

Key Strengths ✅

1. Comprehensive Coverage: The migration touches 40 files across multiple modules (abstract-lightning, abstract-utxo, express, key-card, sdk-api, sdk-core), ensuring consistent async adoption.

2. Proper Async Pattern Implementation:

   • Functions are correctly converted to async and use await with async calls
   • Return types are properly updated to Promise<T>
   • Function signatures consistently maintained while adding async support

3. Backward Compatibility Strategy:

   // Example from verifyKey.ts:710-716
   /**
    * TODO: Deprecate in favor of verifyUserPublicKeyAsync once v2 encryption is default.
    * Decrypt the wallet's user private key and verify that the claimed public key matches (sync, v1 only).
    */
   export async function verifyUserPublicKeyAsync(bitgo: BitGoBase, params: VerifyUserPublicKeyOptions): Promise<boolean>

   • Synchronous versions preserved with deprecation notices
   • Clear migration path provided for consumers

4. Consistent Migration Pattern: All changes follow the same pattern:

   // Before
   this.bitgo.decrypt({ password: params.passphrase, input: userAuthKeyEncryptedPrv })
   
   // After
   await this.bitgo.decryptAsync({ password: params.passphrase, input: userAuthKeyEncryptedPrv })

5. Test Updates: Test files properly updated with async stubs and await statements, ensuring test coverage remains intact.

6. CI Status: All checks are passing ✅

Areas of Excellence

1. Lightning Module: Clean conversion in lightning.ts and selfCustodialLightning.ts with proper async/await handling.

2. Express API Routes: Comprehensive updates in clientRoutes.ts and lightningSignerRoutes.ts ensure API consistency.

3. Key Management: Critical security-related operations in verifyKey.ts and keychain management properly migrated while maintaining security guarantees.

4. Error Handling: Improved error messages in several places to reflect async context.

Minor Observations

1. Remaining Sync Calls: I identified some remaining bitgo.encrypt() and bitgo.decrypt() calls, but these are appropriately scoped:

   • Test files: Mock/stub implementations that should remain sync
   • Example code: Documentation/example files that may serve as legacy references
   • V1 modules: Legacy v1 travel rule functions that maintain backward compatibility alongside new async versions

2. Documentation: The PR description is excellent and accurately reflects all changes made.

Code Quality

• Type Safety: All TypeScript types properly updated
• Function Signatures: Consistent async patterns throughout
• Error Messages: Enhanced to provide better async context
• Import Statements: Properly updated to include new async variants

Recommendation

APPROVE ✅ This is a high-quality migration that:

• Systematically converts sync crypto operations to async
• Maintains backward compatibility
• Follows consistent patterns
• Updates all necessary test files
• Provides clear deprecation paths
• Passes all CI checks

The migration prepares the codebase for v2 encryption while maintaining stability for existing consumers. The approach is thorough, well-tested, and production-ready.

---

Job Run: View run details
Branch: WCN-284-remainder