@dxos/echo-db 2.33.2 → 2.33.3-dev.08e106c3

package/src/halo/halo.ts

@@ -46,6 +46,8 @@ export class HALO {
   private readonly _keyring: Keyring;
   private readonly _identityManager: IdentityManager;
 
+  private _isOpen = false;
+
   constructor ({
     keyring,
     networkManager,
@@ -85,7 +87,7 @@ export class HALO {
    * Whether the current identity manager has been initialized.
    */
   get isInitialized (): boolean {
-    return this._identityManager.initialized;
+    return this._isOpen;
   }
 
   /**
@@ -129,6 +131,7 @@ export class HALO {
    *
    * Loads the saved identity from disk. Is called by client.
    */
+  @synchronized
   async open (onProgressCallback?: ((progress: OpenProgress) => void) | undefined) {
     // TODO(burdon): Replace with events.
     onProgressCallback?.({ haloOpened: false });
@@ -137,12 +140,16 @@ export class HALO {
     await this._identityManager.loadFromStorage();
 
     onProgressCallback?.({ haloOpened: true });
+
+    this._isOpen = true;
   }
 
   /**
    * Closes HALO. Automatically called when client is destroyed.
    */
+  @synchronized
   async close () {
+    this._isOpen = false;
     await this._identityManager.close();
   }
 

package/src/halo/identity-manager.ts

@@ -7,6 +7,7 @@ import debug from 'debug';
 
 import { Event, synchronized, waitForCondition } from '@dxos/async';
 import { Filter, KeyRecord, Keyring, KeyType, SecretProvider } from '@dxos/credentials';
+import { failUndefined } from '@dxos/debug';
 
 import { InvitationDescriptor } from '../invitations';
 import { MetadataStore } from '../pipeline';
@@ -34,25 +35,23 @@ export class IdentityManager {
     return this._identity;
   }
 
-  get initialized (): boolean {
-    return this._identity !== undefined &&
-      !!this._identity.halo &&
-      this._identity.halo.isOpen &&
-      !!this._identity.halo!.memberKeys.length &&
-      !!this._identity.halo!.identityGenesis &&
-      !!this._identity.deviceKeyChain;
-  }
-
   private async _initialize (halo: HaloParty) {
     assert(halo.isOpen, 'HALO must be open.');
 
-    this._identity = new Identity(this._keyring, halo);
-
-    // Wait for the minimum set of keys and messages we need for proper function.
-    await waitForCondition(() => this.initialized);
+    // Wait for the minimum set of keys and messages we need for proper function:
+    //
+    // - KeyAdmit message for the current device so we can build the device KeyChain.
+    // - Identity genesis so it can be copied into newly joined parties.
+    //
+    const deviceKey = this._keyring.findKey(Keyring.signingFilter({ type: KeyType.DEVICE })) ?? failUndefined();
+    await waitForCondition(() =>
+      halo.processor.isMemberKey(deviceKey.publicKey) &&
+      halo.identityGenesis
+    );
 
-    log('HALO initialized.');
+    this._identity = new Identity(this._keyring, halo);
     this.ready.emit();
+    log('HALO initialized.');
   }
 
   async close () {

package/src/halo/identity.ts

@@ -2,13 +2,14 @@
 // Copyright 2021 DXOS.org
 //
 
+import assert from 'assert';
 import debug from 'debug';
 
-import { Filter, KeyChain, KeyRecord, Keyring, KeyType, Signer } from '@dxos/credentials';
-import { raise } from '@dxos/debug';
+import { Filter, KeyChain, KeyRecord, Keyring, KeyType, SignedMessage, Signer } from '@dxos/credentials';
+import { failUndefined } from '@dxos/debug';
 
-import { IdentityNotInitializedError } from '../errors';
 import { CredentialsSigner } from '../protocol/credentials-signer';
+import { IdentityCredentials } from '../protocol/identity-credentials';
 import { ContactManager } from './contact-manager';
 import { HaloParty } from './halo-party';
 import { Preferences } from './preferences';
@@ -20,10 +21,10 @@ const log = debug('dxos:echo-db:identity');
  *
  * Acts as a read-only view into IdentityManager.
  */
-export class Identity {
-  private _identityKey?: KeyRecord;
-  private _deviceKey?: KeyRecord;
-  private _deviceKeyChain?: KeyChain;
+export class Identity implements IdentityCredentials {
+  private readonly _identityKey: KeyRecord;
+  private readonly _deviceKey: KeyRecord;
+  private readonly _deviceKeyChain: KeyChain;
 
   /**
    * @param _halo HALO party. Must be open.
@@ -31,54 +32,55 @@ export class Identity {
   constructor (
     private readonly _keyring: Keyring,
     private readonly _halo: HaloParty
-  ) {}
+  ) {
+    this._identityKey = this._keyring.findKey(Filter.matches({ type: KeyType.IDENTITY, own: true, trusted: true })) ?? failUndefined();
+    this._deviceKey = this._keyring.findKey(Keyring.signingFilter({ type: KeyType.DEVICE })) ?? failUndefined();
+    this._deviceKeyChain = getDeviceKeyChainFromHalo(this._halo, this.deviceKey);
+    assert(this._halo.identityGenesis);
+  }
 
   get signer (): Signer {
     return this._keyring;
   }
 
-  get identityKey (): KeyRecord | undefined {
-    if (!this._identityKey) {
-      this._identityKey = this._keyring.findKey(Filter.matches({ type: KeyType.IDENTITY, own: true, trusted: true }));
-    }
+  get keyring (): Keyring {
+    return this._keyring;
+  }
 
+  get identityKey (): KeyRecord {
     return this._identityKey;
   }
 
-  get deviceKey (): KeyRecord | undefined {
-    if (!this._deviceKey) {
-      this._deviceKey = this._keyring.findKey(Keyring.signingFilter({ type: KeyType.DEVICE }));
-    }
-
+  get deviceKey (): KeyRecord {
     return this._deviceKey;
   }
 
-  get deviceKeyChain (): KeyChain | undefined {
-    if (!this._deviceKeyChain) {
-      this._deviceKeyChain = this.deviceKey && this._halo ? getDeviceKeyChainFromHalo(this._halo, this.deviceKey) : undefined;
-    }
-
+  get deviceKeyChain (): KeyChain {
     return this._deviceKeyChain;
   }
 
-  get preferences (): Preferences | undefined {
-    return this._halo?.preferences;
+  get displayName (): string | undefined {
+    return this.identityInfo?.signed.payload.displayName;
   }
 
-  get contacts (): ContactManager | undefined {
-    return this._halo?.contacts;
+  /**
+   * Contains profile username.
+   * Can be missing if the username wasn't provided when profile was created.
+   */
+  get identityInfo (): SignedMessage | undefined {
+    return this._halo.identityInfo;
   }
 
-  get displayName (): string | undefined {
-    return this.identityInfo?.signed.payload.displayName;
+  get identityGenesis (): SignedMessage {
+    return this._halo.identityGenesis ?? failUndefined();
   }
 
-  get identityInfo () {
-    return this._halo?.identityInfo;
+  get preferences (): Preferences {
+    return this._halo.preferences;
   }
 
-  get identityGenesis () {
-    return this._halo?.identityGenesis;
+  get contacts (): ContactManager {
+    return this._halo.contacts;
   }
 
   /**
@@ -88,16 +90,12 @@ export class Identity {
     return this._halo;
   }
 
-  get keyring () {
-    return this._keyring;
-  }
-
   createCredentialsSigner (): CredentialsSigner {
     return new CredentialsSigner(
       this._keyring,
-      () => this.identityKey ?? raise(new IdentityNotInitializedError()),
-      () => this.deviceKey ?? raise(new IdentityNotInitializedError()),
-      () => this.deviceKeyChain ?? this.deviceKey ?? raise(new IdentityNotInitializedError())
+      this.identityKey,
+      this.deviceKey,
+      this.deviceKeyChain
     );
   }
 }
@@ -112,7 +110,7 @@ function getDeviceKeyChainFromHalo (halo: HaloParty, deviceKey: KeyRecord) {
       halo.feedKeys
     );
   } catch (err: any) {
-    log('Unable to locate device KeyChain:', err); // TODO(burdon): ???
-    return undefined;
+    log('Unable to locate device KeyChain:', err);
+    throw err;
   }
 }

package/src/invitations/offline-invitation-claimer.ts

@@ -21,11 +21,10 @@ import {
   codec
 } from '@dxos/credentials';
 import { keyToBuffer, keyToString, PublicKey, randomBytes } from '@dxos/crypto';
-import { raise } from '@dxos/debug';
 import { FullyConnectedTopology, NetworkManager } from '@dxos/network-manager';
 
-import { IdentityNotInitializedError, InvalidInvitationError } from '../errors';
-import { Identity } from '../halo';
+import { InvalidInvitationError } from '../errors';
+import { CredentialsSigner } from '../protocol';
 import { greetingProtocolProvider } from './greeting-protocol-provider';
 import { GreetingState } from './greeting-responder';
 import { InvitationDescriptor, InvitationDescriptorType } from './invitation-descriptor';
@@ -170,17 +169,17 @@ export class OfflineInvitationClaimer {
   }
 
   // The secretProvider should provide an `Auth` message signed directly by the Identity key.
-  static createSecretProvider (identity: Identity): SecretProvider {
+  static createSecretProvider (credentials: CredentialsSigner): SecretProvider {
     return async (info?: SecretInfo) => {
       return Buffer.from(codec.encode(
         /* The signed portion of the Auth message includes the ID and authNonce provided
          * by the `info` object. These values will be validated on the other end.
          */
         createAuthMessage(
-          identity.signer,
+          credentials.signer,
           info!.id.value,
-          identity.identityKey ?? raise(new IdentityNotInitializedError()),
-          identity.deviceKeyChain ?? raise(new IdentityNotInitializedError()),
+          credentials.getIdentityKey(),
+          credentials.getDeviceSigningKeys(),
           undefined,
           info!.authNonce.value)
       ));

package/src/parties/data-party.test.ts

@@ -0,0 +1,212 @@
+//
+// Copyright 2022 DXOS.org
+//
+
+import expect from 'expect';
+import { it as test } from 'mocha';
+
+import { createKeyAdmitMessage, createPartyGenesisMessage, defaultSecretProvider, KeyHint, Keyring, KeyType, codec as haloCodec } from '@dxos/credentials';
+import { PublicKey } from '@dxos/crypto';
+import { codec } from '@dxos/echo-protocol';
+import { FeedStore } from '@dxos/feed-store';
+import { ModelFactory } from '@dxos/model-factory';
+import { NetworkManager } from '@dxos/network-manager';
+import { ObjectModel } from '@dxos/object-model';
+import { createStorage, StorageType } from '@dxos/random-access-multi-storage';
+
+import { createDataPartyAdmissionMessages, defaultInvitationAuthenticator, GreetingInitiator } from '../invitations';
+import { MetadataStore, PartyFeedProvider } from '../pipeline';
+import { createAuthenticator, createCredentialsProvider } from '../protocol';
+import { createTestIdentityCredentials, deriveTestDeviceCredentials, IdentityCredentials } from '../protocol/identity-credentials';
+import { SnapshotStore } from '../snapshots';
+import { createRamStorage } from '../util';
+import { DataParty } from './data-party';
+
+describe('DataParty', () => {
+  const createParty = async (identity: IdentityCredentials, partyKey: PublicKey, hints: KeyHint[]) => {
+    const metadataStore = new MetadataStore(createRamStorage());
+    const feedStore = new FeedStore(createStorage('', StorageType.RAM), { valueEncoding: codec });
+    const snapshotStore = new SnapshotStore(createStorage('', StorageType.RAM));
+    const modelFactory = new ModelFactory().registerModel(ObjectModel);
+    const networkManager = new NetworkManager();
+    const partyFeedProvider = new PartyFeedProvider(metadataStore, identity.keyring, feedStore, partyKey);
+
+    return new DataParty(
+      partyKey,
+      modelFactory,
+      snapshotStore,
+      partyFeedProvider,
+      identity.createCredentialsSigner(),
+      identity.preferences,
+      networkManager,
+      hints
+    );
+  };
+
+  test('open & close', async () => {
+    const keyring = new Keyring();
+    const identity = await createTestIdentityCredentials(keyring);
+    const partyKey = await keyring.createKeyRecord({ type: KeyType.PARTY });
+    const party = await createParty(identity, partyKey.publicKey, []);
+
+    await party.open();
+    await party.close();
+  });
+
+  test('edit data', async () => {
+    const keyring = new Keyring();
+    const identity = await createTestIdentityCredentials(keyring);
+    const partyKey = await keyring.createKeyRecord({ type: KeyType.PARTY });
+    const party = await createParty(identity, partyKey.publicKey, []);
+    await party.open();
+
+    const feed = await party.feedProvider.createOrOpenWritableFeed();
+    await party.processor.writeHaloMessage(createPartyGenesisMessage(
+      keyring,
+      partyKey,
+      feed.key,
+      partyKey
+    ));
+
+    await party.database.createItem({ type: 'test:item' });
+
+    await party.close();
+  });
+
+  test('authenticates its own credentials', async () => {
+    const keyring = new Keyring();
+    const identity = await createTestIdentityCredentials(keyring);
+    const partyKey = await keyring.createKeyRecord({ type: KeyType.PARTY });
+
+    const party = await createParty(identity, partyKey.publicKey, []);
+    await party.open();
+    const feed = await party.feedProvider.createOrOpenWritableFeed();
+    await party.processor.writeHaloMessage(createPartyGenesisMessage(
+      keyring,
+      partyKey,
+      feed.key,
+      partyKey
+    ));
+
+    const authenticator = createAuthenticator(party.processor, identity.createCredentialsSigner());
+    const credentialsProvider = createCredentialsProvider(identity.createCredentialsSigner(), party.key, feed.key);
+
+    const wrappedCredentials = haloCodec.decode(credentialsProvider.get());
+    expect(await authenticator.authenticate(wrappedCredentials.payload)).toEqual(true);
+
+    await party.close();
+  });
+
+  test('authenticates another device', async () => {
+    const keyring = new Keyring();
+    const identityA = await createTestIdentityCredentials(keyring);
+    const partyKey = await keyring.createKeyRecord({ type: KeyType.PARTY });
+
+    const party = await createParty(identityA, partyKey.publicKey, []);
+    await party.open();
+    const feed = await party.feedProvider.createOrOpenWritableFeed();
+    await party.processor.writeHaloMessage(createPartyGenesisMessage(
+      keyring,
+      partyKey,
+      feed.key,
+      partyKey
+    ));
+    const authenticator = createAuthenticator(party.processor, identityA.createCredentialsSigner());
+
+    const identityB = await deriveTestDeviceCredentials(identityA);
+    const credentialsProvider = createCredentialsProvider(identityB.createCredentialsSigner(), party.key, feed.key);
+
+    const wrappedCredentials = haloCodec.decode(credentialsProvider.get());
+    expect(await authenticator.authenticate(wrappedCredentials.payload)).toEqual(true);
+
+    await party.close();
+  });
+
+  test('two instances replicating', async () => {
+    const keyring = new Keyring();
+    const identityA = await createTestIdentityCredentials(keyring);
+    const partyKey = await keyring.createKeyRecord({ type: KeyType.PARTY });
+
+    const partyA = await createParty(identityA, partyKey.publicKey, []);
+    await partyA.open();
+    const feedA = await partyA.feedProvider.createOrOpenWritableFeed();
+    await partyA.processor.writeHaloMessage(createPartyGenesisMessage(
+      keyring,
+      partyKey,
+      feedA.key,
+      partyKey
+    ));
+    await partyA.processor.writeHaloMessage(createKeyAdmitMessage(
+      keyring,
+      partyKey.publicKey,
+      identityA.identityKey,
+      [partyKey]
+    ));
+
+    const identityB = await deriveTestDeviceCredentials(identityA);
+    const partyB = await createParty(identityB, partyKey.publicKey, [
+      { type: KeyType.FEED, publicKey: feedA.key }
+    ]);
+    await partyB.open();
+
+    await partyA.database.createItem({ type: 'test:item-a' });
+    await partyB.database.waitForItem({ type: 'test:item-a' });
+
+    await partyB.database.createItem({ type: 'test:item-b' });
+    await partyA.database.waitForItem({ type: 'test:item-b' });
+
+    await partyA.close();
+    await partyB.close();
+  });
+
+  test('invitations', async () => {
+    const identityA = await createTestIdentityCredentials(new Keyring());
+    const partyKeyA = await identityA.keyring.createKeyRecord({ type: KeyType.PARTY });
+
+    const partyA = await createParty(identityA, partyKeyA.publicKey, []);
+    await partyA.open();
+    const feedA = await partyA.feedProvider.createOrOpenWritableFeed();
+    await partyA.processor.writeHaloMessage(createPartyGenesisMessage(
+      identityA.keyring,
+      partyKeyA,
+      feedA.key,
+      partyKeyA
+    ));
+    await partyA.processor.writeHaloMessage(createKeyAdmitMessage(
+      identityA.keyring,
+      partyKeyA.publicKey,
+      identityA.identityKey,
+      [partyKeyA]
+    ));
+
+    const invitation = await partyA.invitationManager.createInvitation(defaultInvitationAuthenticator);
+
+    const identityB = await createTestIdentityCredentials(new Keyring());
+    const initiator = new GreetingInitiator(
+      new NetworkManager(),
+      invitation,
+      async (partyKey, nonce) => [createDataPartyAdmissionMessages(
+        identityB.createCredentialsSigner(),
+        partyKey,
+        identityB.identityGenesis,
+        nonce
+      )]
+    );
+
+    await initiator.connect();
+    const { partyKey: partyKeyB, hints: hintsB } = await initiator.redeemInvitation(defaultSecretProvider);
+    expect(partyKeyB.equals(partyKeyA.publicKey));
+    const partyB = await createParty(identityB, partyKeyB, hintsB);
+    await partyB.open();
+    await initiator.destroy();
+
+    await partyA.database.createItem({ type: 'test:item-a' });
+    await partyB.database.waitForItem({ type: 'test:item-a' });
+
+    await partyB.database.createItem({ type: 'test:item-b' });
+    await partyA.database.waitForItem({ type: 'test:item-b' });
+
+    await partyA.close();
+    await partyB.close();
+  });
+});

package/src/parties/data-party.ts

@@ -175,8 +175,7 @@ export class DataParty {
       this._networkManager,
       this._feedProvider,
       deviceKey.publicKey,
-      createCredentialsProvider(this._credentialsSigner, this._partyCore.key, writeFeed.key),
-      this._partyCore.processor.getActiveFeedSet()
+      createCredentialsProvider(this._credentialsSigner, this._partyCore.key, writeFeed.key)
     );
 
     await this._protocol.start([

package/src/parties/party-factory.ts

@@ -22,12 +22,12 @@ import { NetworkManager } from '@dxos/network-manager';
 import { ObjectModel } from '@dxos/object-model';
 
 import { IdentityNotInitializedError } from '../errors';
-import { IdentityProvider } from '../halo';
 import {
   createDataPartyAdmissionMessages,
   GreetingInitiator, InvitationDescriptor, InvitationDescriptorType, OfflineInvitationClaimer
 } from '../invitations';
 import { PartyFeedProvider, PartyOptions } from '../pipeline';
+import { IdentityCredentialsProvider } from '../protocol/identity-credentials';
 import { SnapshotStore } from '../snapshots';
 import { DataParty, PARTY_ITEM_TYPE } from './data-party';
 
@@ -38,7 +38,7 @@ const log = debug('dxos:echo-db:party-factory');
  */
 export class PartyFactory {
   constructor (
-    private readonly _identityProvider: IdentityProvider,
+    private readonly _identityProvider: IdentityCredentialsProvider,
     private readonly _networkManager: NetworkManager,
     private readonly _modelFactory: ModelFactory,
     private readonly _snapshotStore: SnapshotStore,
@@ -52,8 +52,6 @@ export class PartyFactory {
   @timed(5_000)
   async createParty (): Promise<DataParty> {
     const identity = this._identityProvider() ?? raise(new IdentityNotInitializedError());
-    assert(identity.identityGenesis, 'HALO not initialized.');
-    assert(identity.deviceKeyChain, 'Device KeyChain not initialized.');
     assert(!this._options.readOnly, 'PartyFactory is read-only.');
 
     const partyKey = await identity.keyring.createKeyRecord({ type: KeyType.PARTY });
@@ -66,7 +64,7 @@ export class PartyFactory {
 
     // PartyGenesis (self-signed by Party).
     await party.processor.writeHaloMessage(createPartyGenesisMessage(
-      identity.signer,
+      identity.keyring,
       partyKey,
       writableFeed.key,
       partyKey)
@@ -74,15 +72,16 @@ export class PartyFactory {
 
     // KeyAdmit (IdentityGenesis in an Envelope signed by Party).
     await party.processor.writeHaloMessage(createEnvelopeMessage(
-      identity.signer,
+      identity.keyring,
       partyKey.publicKey,
       wrapMessage(identity.identityGenesis),
       [partyKey])
     );
 
     // FeedAdmit (signed by the Device KeyChain).
+    // TODO(dmaretskyi): Is this really needed since a feed is already admitted by party genesis message.
     await party.processor.writeHaloMessage(createFeedAdmitMessage(
-      identity.signer,
+      identity.keyring,
       partyKey.publicKey,
       writableFeed.key,
       [identity.deviceKeyChain]
@@ -91,7 +90,7 @@ export class PartyFactory {
     // IdentityInfo in an Envelope signed by the Device KeyChain.
     if (identity.identityInfo) {
       await party.processor.writeHaloMessage(createEnvelopeMessage(
-        identity.signer,
+        identity.keyring,
         partyKey.publicKey,
         wrapMessage(identity.identityInfo),
         [identity.deviceKeyChain]
@@ -138,13 +137,12 @@ export class PartyFactory {
     );
 
     await party.open();
-    assert(identity.identityKey, 'No identity key.');
     const isHalo = identity.identityKey.publicKey.equals(partyKey);
     const signingKey = isHalo ? identity.deviceKey : identity.deviceKeyChain;
     assert(signingKey, 'No device key or keychain.');
     // Write the Feed genesis message.
     await party.processor.writeHaloMessage(createFeedAdmitMessage(
-      identity.signer,
+      identity.keyring,
       partyKey,
       feedKeyPair.publicKey,
       [signingKey]
@@ -213,7 +211,7 @@ export class PartyFactory {
       async (partyKey, nonce) => [createDataPartyAdmissionMessages(
         identity.createCredentialsSigner(),
         partyKey,
-        identity.identityGenesis ?? raise(new IdentityNotInitializedError()),
+        identity.identityGenesis,
         nonce
       )]
     );
@@ -223,13 +221,11 @@ export class PartyFactory {
     const party = await this.addParty(partyKey, hints);
     await initiator.destroy();
     if (!haloInvitation) {
-      assert(identity.deviceKeyChain);
-
       // Copy our signed IdentityInfo into the new Party.
       const infoMessage = identity.identityInfo;
       if (infoMessage) {
         await party.processor.writeHaloMessage(createEnvelopeMessage(
-          identity.signer,
+          identity.keyring,
           partyKey,
           wrapMessage(infoMessage),
           [identity.deviceKeyChain]
@@ -244,8 +240,6 @@ export class PartyFactory {
     const identity = this._identityProvider() ?? raise(new IdentityNotInitializedError());
 
     assert(!this._options.readOnly, 'PartyFactory is read-only');
-    assert(identity.identityGenesis, 'IdentityGenesis must exist');
-    assert(identity.deviceKeyChain, 'Device KeyChain must exist');
 
     const partyKey = await identity.keyring.createKeyRecord({ type: KeyType.PARTY });
     const party = await this.constructParty(partyKey.publicKey);
@@ -257,7 +251,7 @@ export class PartyFactory {
 
     // PartyGenesis (self-signed by Party).
     await party.processor.writeHaloMessage(createPartyGenesisMessage(
-      identity.signer,
+      identity.keyring,
       partyKey,
       writableFeed.key,
       partyKey)
@@ -265,7 +259,7 @@ export class PartyFactory {
 
     // KeyAdmit (IdentityGenesis in an Envelope signed by Party).
     await party.processor.writeHaloMessage(createEnvelopeMessage(
-      identity.signer,
+      identity.keyring,
       partyKey.publicKey,
       wrapMessage(identity.identityGenesis),
       [partyKey]
@@ -273,7 +267,7 @@ export class PartyFactory {
 
     // FeedAdmit (signed by the Device KeyChain).
     await party.processor.writeHaloMessage(createFeedAdmitMessage(
-      identity.signer,
+      identity.keyring,
       partyKey.publicKey,
       writableFeed.key,
       [identity.deviceKeyChain]
@@ -282,7 +276,7 @@ export class PartyFactory {
     // IdentityInfo in an Envelope signed by the Device KeyChain.
     if (identity.identityInfo) {
       await party.processor.writeHaloMessage(createEnvelopeMessage(
-        identity.signer,
+        identity.keyring,
         partyKey.publicKey,
         wrapMessage(identity.identityInfo),
         [identity.deviceKeyChain]