paritytech · hitchhooker · Mar 13, 2026 · Mar 13, 2026 · Mar 14, 2026 · jsdw
@@ -173,7 +173,7 @@ bip39 = { version = "2.1.0", default-features = false }
 bip32 = { version = "0.5.2", default-features = false }
 hmac = { version = "0.12.1", default-features = false }
 pbkdf2 = { version = "0.12.2", default-features = false }
-schnorrkel = { version = "0.11.4", default-features = false }
+schnorrkel = { version = "0.11.5", default-features = false, git = "https://github.com/hitchhooker/schnorrkel", branch = "ecies" }
 secp256k1 = { version = "0.30.0", default-features = false }
 keccak-hash = { version = "0.11.0", default-features = false }
 secrecy = "0.10.3"

@@ -36,6 +36,7 @@ std = [
 # ecdsa compiling to WASM on my mac; following this comment helped:
 # https://github.com/rust-bitcoin/rust-bitcoin/issues/930#issuecomment-1215538699
 sr25519 = ["schnorrkel"]
+ecies = ["sr25519", "schnorrkel/ecies"]
 ecdsa = ["secp256k1"]
 unstable-eth = ["keccak-hash", "ecdsa", "secp256k1", "bip32"]
 

@@ -0,0 +1,42 @@
+// Copyright 2019-2026 Parity Technologies (UK) Ltd.
+// This file is dual-licensed as Apache-2.0 or GPL-3.0.
+// see LICENSE for license details.
+
+//! ECIES encryption/decryption example using sr25519 dev accounts.
+
+use subxt_signer::sr25519;
+
+fn main() {
+    let alice = sr25519::dev::alice();
+    let bob = sr25519::dev::bob();
+    let alice_vk = alice.viewing_key();
+    let bob_vk = bob.viewing_key();
+
+    let plaintext = b"The quick brown fox jumps over the lazy dog";
+    let ctx = b"example-ecies";
+
+    // Alice encrypts a message for Bob
+    let encrypted = alice
+        .encrypt(plaintext, bob_vk.ivk_public(), ctx, alice_vk.ovk())
+        .expect("encryption failed");
+
+    println!("Plaintext:  {} bytes", plaintext.len());
+    println!("Ciphertext: {} bytes (overhead: {} bytes)", encrypted.len(), encrypted.len() - plaintext.len());
+
+    // Bob decrypts with his viewing key
+    let decrypted = bob_vk.decrypt_incoming(&encrypted, ctx).expect("decryption failed");
+    assert_eq!(&decrypted[..], plaintext);
+    println!("Bob decrypted: {:?}", core::str::from_utf8(&decrypted).unwrap());
+
+    // Alice re-reads her outgoing message
+    let outgoing = alice_vk
+        .decrypt_outgoing(&encrypted, bob_vk.ivk_public(), ctx)
+        .expect("outgoing decryption failed");
+    assert_eq!(&outgoing[..], plaintext);
+    println!("Alice re-read outgoing: {:?}", core::str::from_utf8(&outgoing).unwrap());
+
+    // Wrong context fails
+    let result = bob_vk.decrypt_incoming(&encrypted, b"wrong-context");
+    assert!(result.is_err());
+    println!("Wrong context fails: {:?}", result.unwrap_err());
+}
@@ -182,6 +182,62 @@ impl Keypair {
         let signature = self.0.sign(context.bytes(message));
         Signature(signature.to_bytes())
     }
+
+    /// Derive the full viewing key for this keypair.
+    ///
+    /// The viewing key allows decrypting incoming and outgoing ECIES
+    /// messages without signing authority.
+    #[cfg(feature = "ecies")]
+    pub fn viewing_key(&self) -> schnorrkel::viewing_key::FullViewingKey {
+        schnorrkel::viewing_key::FullViewingKey::from_keypair(&self.0)
+    }
+
+    /// Encrypt `plaintext` for `recipient` using ECIES over sr25519.
+    ///
+    /// `recipient` should be an IVK public key (from the recipient's
+    /// viewing key), and `sender_ovk` is this keypair's outgoing
+    /// viewing key so the sender can later re-read the message.
+    ///
+    /// # Example
+    ///
+    /// ```rust,standalone_crate
+    /// use subxt_signer::sr25519;
+    ///
+    /// let alice = sr25519::dev::alice();
+    /// let bob = sr25519::dev::bob();
+    /// let alice_vk = alice.viewing_key();
+    /// let bob_vk = bob.viewing_key();
+    ///
+    /// let encrypted = alice.encrypt(
+    ///     b"secret message", bob_vk.ivk_public(), b"example", alice_vk.ovk(),
+    /// ).expect("encryption works");
+    ///
+    /// let decrypted = bob_vk.decrypt_incoming(&encrypted, b"example")
+    ///     .expect("decryption works");
+    /// assert_eq!(decrypted, b"secret message");
+    /// ```
+    #[cfg(feature = "ecies")]
+    pub fn encrypt(
+        &self,
+        plaintext: &[u8],
+        recipient: &schnorrkel::PublicKey,
+        ctx: &[u8],
+        sender_ovk: &schnorrkel::viewing_key::OutgoingViewingKey,
+    ) -> Result<alloc::vec::Vec<u8>, schnorrkel::ecies::EciesError> {
+        schnorrkel::ecies::encrypt(plaintext, recipient, ctx, sender_ovk)
+    }
+
+    /// Decrypt an ECIES ciphertext using this keypair's secret key.
+    ///
+    /// The `ctx` must match the context used during encryption.
+    #[cfg(feature = "ecies")]
+    pub fn decrypt(
+        &self,
+        ciphertext: &[u8],
+        ctx: &[u8],
+    ) -> Result<alloc::vec::Vec<u8>, schnorrkel::ecies::EciesError> {
+        schnorrkel::ecies::decrypt(ciphertext, &self.0.secret, ctx)
+    }
 }
 
 /// Verify that some signature for a message was created by the owner of the [`PublicKey`].

@@ -17,6 +17,7 @@ subxt-signer = { path = "../../", default-features = false, features = [
     "web",
     "sr25519",
     "ecdsa",
+    "ecies",
     "unstable-eth",
     "std",
 ] }

@@ -29,6 +29,27 @@ async fn wasm_sr25519_signing_works() {
     ));
 }
 
+#[wasm_bindgen_test]
+async fn wasm_sr25519_ecies_works() {
+    let alice = sr25519::dev::alice();
+    let bob = sr25519::dev::bob();
+
+    let plaintext = b"hello from wasm";
+    let ctx = b"wasm-ecies-test";
+
+    let encrypted = alice.encrypt(plaintext, &bob.public_key(), ctx)
+        .expect("encryption failed");
+    let decrypted = bob.decrypt(&encrypted, ctx)
+        .expect("decryption failed");
+
+    assert_eq!(&decrypted[..], plaintext);
+
+    // Wrong key should fail
+    assert!(alice.decrypt(&encrypted, ctx).is_err());
+    // Wrong context should fail
+    assert!(bob.decrypt(&encrypted, b"wrong-ctx").is_err());
+}
+
 #[wasm_bindgen_test]
 async fn wasm_ecdsa_signing_works() {
     let alice = ecdsa::dev::alice();