@enbox/agent 0.0.1

package/src/hd-identity-vault.ts

@@ -0,0 +1,853 @@
+import type { Jwk } from '@enbox/crypto';
+import type { KeyValueStore } from '@enbox/common';
+import { DidDhtCreateOptions } from '@enbox/dids';
+
+import { HDKey } from 'ed25519-keygen/hdkey';
+import { BearerDid, DidDht } from '@enbox/dids';
+import { Convert, MemoryStore } from '@enbox/common';
+import { wordlist } from '@scure/bip39/wordlists/english';
+import { generateMnemonic, mnemonicToSeed, validateMnemonic } from '@scure/bip39';
+
+import type { JweHeaderParams } from './prototyping/crypto/jose/jwe.js';
+import type { IdentityVaultBackup, IdentityVaultBackupData, IdentityVaultStatus, IdentityVaultParams, IdentityVault } from './types/identity-vault.js';
+
+import { AgentCryptoApi } from './crypto-api.js';
+import { LocalKeyManager } from './local-key-manager.js';
+import { isPortableDid } from './prototyping/dids/utils.js';
+import { DeterministicKeyGenerator } from './utils-internal.js';
+import { CompactJwe } from './prototyping/crypto/jose/jwe-compact.js';
+
+/**
+ * Extended initialization parameters for HdIdentityVault, including an optional recovery phrase
+ * that can be used to derive keys to encrypt the vault and generate a DID.
+ */
+export type HdIdentityVaultInitializeParams = {
+  /**
+    * The password used to secure the vault.
+    *
+    * The password selected should be strong and securely managed to prevent unauthorized access.
+    */
+   password: string;
+
+   /**
+    * An optional recovery phrase used to derive the cryptographic keys for the vault.
+    *
+    * Providing a recovery phrase can be used to recover the vault's content or establish a
+    * deterministic key generation scheme. If not provided, a new recovery phrase will be generated
+    * during the initialization process.
+    */
+   recoveryPhrase?: string;
+
+   /**
+    * Optional dwnEndpoints to register didService endpoints during HdIdentityVault initialization
+    *
+    * The dwnEndpoints are used to register a DWN endpoint during DidDht.create(). This allows the
+    * agent to properly recover connectedDids from DWN. Also, this pattern can be used on the server
+    * side in place of the agentDid-->connectedDids pattern.
+    */
+    dwnEndpoints?: string[];
+ };
+
+/**
+ * Type guard function to check if a given object is an empty string or a string containing only
+ * whitespace.
+ *
+ * This is an internal utility function used to validate password inputs, ensuring they are not
+ * empty or filled with only whitespace characters, which are considered invalid for password
+ * purposes.
+ *
+ * @param obj - The object to be checked, typically expected to be a password string.
+ * @returns A boolean value indicating whether the object is an empty string or a string with only
+ *          whitespace.
+ */
+function isEmptyString(obj: unknown): obj is string {
+  return typeof obj !== 'string' || obj.trim().length === 0;
+}
+
+/**
+ * Type guard function to check if a given object conforms to the {@link IdentityVaultBackup}
+ * interface.
+ *
+ * This function is an internal utility meant to ensure the integrity and structure of the data
+ * assumed to be an {@link IdentityVaultBackup}. It verifies the presence and types of the
+ * `dateCreated`, `size`, and `data` properties, aligning with the expected structure of a backup
+ * object in the context of an {@link IdentityVault}.
+ *
+ * @param obj - The object to be verified against the {@link IdentityVaultBackup} interface.
+ * @returns A boolean value indicating whether the object is a valid {@link IdentityVaultBackup}.
+ */
+function isIdentityVaultBackup(obj: unknown): obj is IdentityVaultBackup {
+  return typeof obj === 'object' && obj !== null
+    && 'dateCreated' in obj && typeof obj.dateCreated === 'string'
+    && 'size' in obj && typeof obj.size === 'number'
+    && 'data' in obj && typeof obj.data === 'string';
+}
+
+/**
+ * Internal-only type guard function that checks if a given object conforms to the
+ * {@link IdentityVaultStatus} interface.
+ *
+ * This function is utilized within the {@link HdIdentityVault} implementation to ensure the
+ * integrity of the object representing the vault's status, verifying the presence and types of
+ * required properties. It aasserts the presence and correct types of `initialized`, `lastBackup`,
+ * and `lastRestore` properties, ensuring they align with the expected structure of an identity
+ * vault's status.
+ *
+ * @param obj - The object to be checked against the {{@link IdentityVaultStatus} interface.
+ * @returns A boolean indicating whether the object is an instance of {@link IdentityVaultStatus}.
+ */
+function isIdentityVaultStatus(obj: unknown): obj is IdentityVaultStatus {
+  return typeof obj === 'object' && obj !== null
+    && 'initialized' in obj && typeof obj.initialized === 'boolean'
+    && 'lastBackup' in obj
+    && 'lastRestore' in obj;
+}
+
+/**
+ * The `HdIdentityVault` class provides secure storage and management of identity data.
+ *
+ * The `HdIdentityVault` class implements the `IdentityVault` interface, providing secure storage
+ * and management of identity data with an added layer of security using Hierarchical Deterministic
+ * (HD) key derivation based on the SLIP-0010 standard for Ed25519 keys. It enhances identity
+ * protection by generating and securing the identity using a derived HD key, allowing for the
+ * deterministic regeneration of keys from a recovery phrase.
+ *
+ * The vault is capable of:
+ * - Secure initialization with a password and an optional recovery phrase, employing HD key
+ *   derivation.
+ * - Encrypting the identity data using a derived content encryption key (CEK) which is securely
+ *   encrypted and stored, accessible only by the correct password.
+ * - Securely backing up and restoring the vault’s contents, including the HD-derived keys and
+ *   associated DID.
+ * - Locking and unlocking the vault, which encrypts and decrypts the CEK for secure access to the
+ *   vault's contents.
+ * - Managing the DID associated with the identity, providing a secure identity layer for
+ *   applications.
+ *
+ * Usage involves initializing the vault with a secure password (and optionally a recovery phrase),
+ * which then allows for the secure storage, backup, and retrieval of the identity data.
+ *
+ * Note: Ensure the password is strong and securely managed, as it is crucial for the security of the
+ * vault's encrypted contents.
+ *
+ * @example
+ * ```typescript
+ * const vault = new HdIdentityVault();
+ * await vault.initialize({ password: 'secure-unique-phrase', recoveryPhrase: 'twelve words ...' });
+ * const backup = await vault.backup();
+ * await vault.restore({ backup, password: 'secure-unique-phrase' });
+ * ```
+ */
+export class HdIdentityVault implements IdentityVault<{ InitializeResult: string }> {
+  /** Provides cryptographic functions needed for secure storage and management of the vault. */
+  public crypto = new AgentCryptoApi();
+
+  /** Determines the computational intensity of the key derivation process. */
+  private _keyDerivationWorkFactor: number;
+
+  /** The underlying key-value store for the vault's encrypted content. */
+  private _store: KeyValueStore<string, string>;
+
+  /** The cryptographic key used to encrypt and decrypt the vault's content securely. */
+  private _contentEncryptionKey: Jwk | undefined;
+
+  /**
+   * Constructs an instance of `HdIdentityVault`, initializing the key derivation factor and data
+   * store. It sets the default key derivation work factor and initializes the internal data store,
+   * either with the provided store or a default in-memory store. It also establishes the initial
+   * status of the vault as uninitialized and locked.
+   *
+   * @param params - Optional parameters when constructing a vault instance.
+   * @param params.keyDerivationWorkFactor - Optionally set the computational effort for key derivation.
+   * @param params.store - Optionally specify a custom key-value store for vault data.
+   */
+  constructor({ keyDerivationWorkFactor, store }: IdentityVaultParams = {}) {
+    this._keyDerivationWorkFactor = keyDerivationWorkFactor ?? 210_000;
+    this._store = store ?? new MemoryStore<string, string>();
+  }
+
+  /**
+   * Creates a backup of the vault's current state, including the encrypted DID and content
+   * encryption key, and returns it as an `IdentityVaultBackup` object. The backup includes a
+   * Base64Url-encoded string representing the vault's encrypted data, encapsulating the
+   * {@link PortableDid}, the content encryption key, and the vault's status.
+   *
+   * This method ensures that the vault is initialized and unlocked before proceeding with the
+   * backup operation.
+   *
+   * @throws Error if the vault is not initialized or is locked, preventing the backup.
+   * @returns A promise that resolves to the `IdentityVaultBackup` object containing the vault's
+   *          encrypted backup data.
+   */
+  public async backup(): Promise<IdentityVaultBackup> {
+    // Verify the identity vault has already been initialized and unlocked.
+    if (this.isLocked() || await this.isInitialized() === false) {
+      throw new Error(
+        'HdIdentityVault: Unable to proceed with the backup operation because the identity vault ' +
+        'has not been initialized and unlocked. Please ensure the vault is properly initialized ' +
+        'with a secure password before attempting to backup its contents.'
+      );
+    }
+
+    // Encode the encrypted CEK and DID as a single Base64Url string.
+    const backupData: IdentityVaultBackupData = {
+      did                  : await this.getStoredDid(),
+      contentEncryptionKey : await this.getStoredContentEncryptionKey(),
+      status               : await this.getStatus()
+    };
+    const backupDataString = Convert.object(backupData).toBase64Url();
+
+    // Create a backup object containing the encrypted vault contents.
+    const backup: IdentityVaultBackup = {
+      data        : backupDataString,
+      dateCreated : new Date().toISOString(),
+      size        : backupDataString.length
+    };
+
+    // Update the last backup timestamp in the data store.
+    await this.setStatus({ lastBackup: backup.dateCreated });
+
+    return backup;
+  }
+
+  /**
+   * Changes the password used to secure the vault.
+   *
+   * This method decrypts the existing content encryption key (CEK) with the old password, then
+   * re-encrypts it with the new password, updating the vault's stored encrypted CEK. It ensures
+   * that the vault is initialized and unlocks the vault if the password is successfully changed.
+   *
+   * @param params - Parameters required for changing the vault password.
+   * @param params.oldPassword - The current password used to unlock the vault.
+   * @param params.newPassword - The new password to replace the existing one.
+   * @throws Error if the vault is not initialized or the old password is incorrect.
+   * @returns A promise that resolves when the password change is complete.
+   */
+  public async changePassword({ oldPassword, newPassword }: {
+    oldPassword: string;
+    newPassword: string;
+  }): Promise<void> {
+    // Verify the identity vault has already been initialized.
+    if (await this.isInitialized() === false) {
+      throw new Error(
+        'HdIdentityVault: Unable to proceed with the change password operation because the ' +
+        'identity vault has not been initialized. Please ensure the vault is properly ' +
+        'initialized with a secure password before trying again.'
+      );
+    }
+
+    // Lock the vault.
+    await this.lock();
+
+    // Retrieve the content encryption key (CEK) record as a compact JWE from the data store.
+    const cekJwe = await this.getStoredContentEncryptionKey();
+
+    // Decrypt the compact JWE using the given `oldPassword` to verify it is correct.
+    let protectedHeader: JweHeaderParams;
+    let contentEncryptionKey: Jwk;
+    try {
+      let contentEncryptionKeyBytes: Uint8Array;
+      ({ plaintext: contentEncryptionKeyBytes, protectedHeader } = await CompactJwe.decrypt({
+        jwe        : cekJwe,
+        key        : Convert.string(oldPassword).toUint8Array(),
+        crypto     : this.crypto,
+        keyManager : new LocalKeyManager()
+      }));
+      contentEncryptionKey = Convert.uint8Array(contentEncryptionKeyBytes).toObject() as Jwk;
+
+    } catch (error: any) {
+      throw new Error(`HdIdentityVault: Unable to change the vault password due to an incorrectly entered old password.`);
+    }
+
+    // Re-encrypt the vault content encryption key (CEK) using the new password.
+    const newCekJwe = await CompactJwe.encrypt({
+      key        : Convert.string(newPassword).toUint8Array(),
+      protectedHeader, // Re-use the protected header from the original JWE.
+      plaintext  : Convert.object(contentEncryptionKey).toUint8Array(),
+      crypto     : this.crypto,
+      keyManager : new LocalKeyManager()
+    });
+
+    // Update the vault with the new CEK JWE.
+    await this._store.set('contentEncryptionKey', newCekJwe);
+
+    // Update the vault CEK in memory, effectively unlocking the vault.
+    this._contentEncryptionKey = contentEncryptionKey;
+  }
+
+  /**
+   * Retrieves the DID (Decentralized Identifier) associated with the vault.
+   *
+   * This method ensures the vault is initialized and unlocked before decrypting and returning the
+   * DID. The DID is stored encrypted and  is decrypted using the vault's content encryption key.
+   *
+   * @throws Error if the vault is not initialized, is locked, or the DID cannot be decrypted.
+   * @returns A promise that resolves with a {@link BearerDid}.
+   */
+  public async getDid(): Promise<BearerDid> {
+    // Verify the identity vault is unlocked.
+    if (this.isLocked()) {
+      throw new Error(`HdIdentityVault: Vault has not been initialized and unlocked.`);
+    }
+
+    // Retrieve the encrypted DID record as compact JWE from the vault store.
+    const didJwe = await this.getStoredDid();
+
+    // Decrypt the compact JWE to obtain the PortableDid as a byte array.
+    const { plaintext: portableDidBytes } = await CompactJwe.decrypt({
+      jwe        : didJwe,
+      key        : this._contentEncryptionKey!,
+      crypto     : this.crypto,
+      keyManager : new LocalKeyManager()
+    });
+
+    // Convert the DID from a byte array to PortableDid format.
+    const portableDid = Convert.uint8Array(portableDidBytes).toObject();
+    if (!isPortableDid(portableDid)) {
+      throw new Error('HdIdentityVault: Unable to decode malformed DID in identity vault');
+    }
+
+    // Return the DID in Bearer DID format.
+    return await BearerDid.import({ portableDid });
+  }
+
+  /**
+   * Fetches the current status of the `HdIdentityVault`, providing details on whether it's
+   * initialized and the timestamps of the last backup and restore operations.
+   *
+   * @returns A promise that resolves with the current status of the `HdIdentityVault`, detailing
+   *          its initialization, lock state, and the timestamps of the last backup and restore.
+   */
+  public async getStatus(): Promise<IdentityVaultStatus> {
+    const storedStatus = await this._store.get('vaultStatus');
+
+    // On the first run, the store will not contain an IdentityVaultStatus object yet, so return an
+    // uninitialized status.
+    if (!storedStatus) {
+      return {
+        initialized : false,
+        lastBackup  : null,
+        lastRestore : null
+      };
+    }
+
+    const vaultStatus = Convert.string(storedStatus).toObject();
+    if (!isIdentityVaultStatus(vaultStatus)) {
+      throw new Error('HdIdentityVault: Invalid IdentityVaultStatus object in store');
+    }
+
+    return vaultStatus;
+  }
+
+  /**
+   * Initializes the `HdIdentityVault` with a password and an optional recovery phrase.
+   *
+   * If a recovery phrase is not provided, a new one is generated. This process sets up the vault,
+   * deriving the necessary cryptographic keys and preparing the vault for use. It ensures the vault
+   * is ready to securely store and manage identity data.
+   *
+   * @example
+   * ```ts
+   * const identityVault = new HdIdentityVault();
+   * const recoveryPhrase = await identityVault.initialize({
+   *   password: 'your-secure-phrase'
+   * });
+   * console.log('Vault initialized. Recovery phrase:', recoveryPhrase);
+   * ```
+   *
+   * @param params - The initialization parameters.
+   * @param params.password - The password used to secure the vault.
+   * @param params.recoveryPhrase - An optional 12-word recovery phrase for key derivation. If
+   *                                omitted, a new recovery is generated.
+   * @returns A promise that resolves with the recovery phrase used during the initialization, which
+   *          should be securely stored by the user.
+   */
+  public async initialize({ password, recoveryPhrase, dwnEndpoints }:
+    HdIdentityVaultInitializeParams
+  ): Promise<string> {
+    /**
+     * STEP 0: Validate the input parameters and verify the identity vault is not already
+     * initialized.
+     */
+
+    // Verify that the identity vault was not previously initialized.
+    if (await this.isInitialized()) {
+      throw new Error(`HdIdentityVault: Vault has already been initialized.`);
+    }
+
+    // Verify that the password is not empty.
+    if (isEmptyString(password)) {
+      throw new Error(
+        `HdIdentityVault: The password is required and cannot be blank. Please provide a ' +
+        'valid, non-empty password.`
+      );
+    }
+
+    // If provided, verify that the recovery phrase is not empty.
+    if (recoveryPhrase && isEmptyString(recoveryPhrase)) {
+      throw new Error(
+        `HdIdentityVault: The password is required and cannot be blank. Please provide a ' +
+        'valid, non-empty password.`
+      );
+    }
+
+    /**
+     * STEP 1: Derive a Hierarchical Deterministic (HD) key pair from the given (or generated)
+     * recoveryPhrase.
+     */
+
+    // Generate a 12-word (128-bit) mnemonic, if one was not provided.
+    recoveryPhrase ??= generateMnemonic(wordlist, 128);
+
+    // Validate the mnemonic for being 12-24 words contained in `wordlist`.
+    if (!validateMnemonic(recoveryPhrase, wordlist)) {
+      throw new Error(
+        'HdIdentityVault: The provided recovery phrase is invalid. Please ensure that the ' +
+        'recovery phrase is a correctly formatted series of 12 words.'
+      );
+    }
+
+    // Derive a root seed from the mnemonic.
+    const rootSeed = await mnemonicToSeed(recoveryPhrase);
+
+    // Derive a root key for the DID from the root seed.
+    const rootHdKey = HDKey.fromMasterSeed(rootSeed);
+
+    /**
+     * STEP 2: Derive the vault HD key pair from the root key.
+     */
+
+    // The vault HD key is derived using account 0 and index 0 so that it can be
+    // deterministically re-derived. The vault key pair serves as input keying material for:
+    // - deriving the vault content encryption key (CEK)
+    // - deriving the salt that serves as input to derive the key that encrypts the vault CEK
+    const vaultHdKey = rootHdKey.derive(`m/44'/0'/0'/0'/0'`);
+
+    /**
+     * STEP 3: Derive the vault Content Encryption Key (CEK) from the vault private
+     * key and a non-secret static info value.
+     */
+
+    // A non-secret static info value is combined with the vault private key as input to HKDF
+    // (Hash-based Key Derivation Function) to derive a 32-byte content encryption key (CEK).
+    const contentEncryptionKey = await this.crypto.deriveKey({
+      algorithm           : 'HKDF-512',            // key derivation function
+      baseKeyBytes        : vaultHdKey.privateKey, // input keying material
+      salt                : '',                    // empty salt because private key is sufficiently random
+      info                : 'vault_cek',           // non-secret application specific information
+      derivedKeyAlgorithm : 'A256GCM'              // derived key algorithm
+    });
+
+    /**
+     * STEP 4: Using the given `password` and a `salt` derived from the vault public key, encrypt
+     * the vault CEK and store it in the data store as a compact JWE.
+     */
+
+    // A non-secret static info value is combined with the vault public key as input to HKDF
+    // (Hash-based Key Derivation Function) to derive a new 32-byte salt.
+    const saltInput = await this.crypto.deriveKeyBytes({
+      algorithm    : 'HKDF-512',           // key derivation function
+      baseKeyBytes : vaultHdKey.publicKey, // input keying material
+      salt         : '',                   // empty salt because public key is sufficiently random
+      info         : 'vault_unlock_salt',  // non-secret application specific information
+      length       : 256,                  // derived key length, in bits
+    });
+
+    // Construct the JWE header.
+    const cekJweProtectedHeader: JweHeaderParams = {
+      alg : 'PBES2-HS512+A256KW',
+      enc : 'A256GCM',
+      cty : 'text/plain',
+      p2c : this._keyDerivationWorkFactor,
+      p2s : Convert.uint8Array(saltInput).toBase64Url()
+    };
+
+    // Encrypt the vault content encryption key (CEK) to compact JWE format.
+    const cekJwe = await CompactJwe.encrypt({
+      key             : Convert.string(password).toUint8Array(),
+      protectedHeader : cekJweProtectedHeader,
+      plaintext       : Convert.object(contentEncryptionKey).toUint8Array(),
+      crypto          : this.crypto,
+      keyManager      : new LocalKeyManager()
+    });
+
+    // Store the compact JWE in the data store.
+    await this._store.set('contentEncryptionKey', cekJwe);
+
+    /**
+     * STEP 5: Create a DID using identity, signing, and encryption keys derived from the root key.
+     */
+
+    // Derive the identity key pair using index 0 and convert to JWK format.
+    // Note: The account is set to Unix epoch time so that in the future, the keys for a DID DHT
+    //       document can be deterministically derived based on the versionId returned in a DID
+    //       resolution result.
+    const identityHdKey = rootHdKey.derive(`m/44'/0'/1708523827'/0'/0'`);
+    const identityPrivateKey = await this.crypto.bytesToPrivateKey({
+      algorithm       : 'Ed25519',
+      privateKeyBytes : identityHdKey.privateKey
+    });
+
+    // Derive the signing key using index 1 and convert to JWK format.
+    let signingHdKey = rootHdKey.derive(`m/44'/0'/1708523827'/0'/1'`);
+    const signingPrivateKey = await this.crypto.bytesToPrivateKey({
+      algorithm       : 'Ed25519',
+      privateKeyBytes : signingHdKey.privateKey
+    });
+
+    // TODO: Enable this once DID DHT supports X25519 keys.
+    // Derive the encryption key using index 1 and convert to JWK format.
+    // const encryptionHdKey = rootHdKey.derive(`m/44'/0'/1708523827'/0'/1'`);
+    // const encryptionKeyEd25519 = await this.crypto.bytesToPrivateKey({
+    //   algorithm       : 'Ed25519',
+    //   privateKeyBytes : encryptionHdKey.privateKey
+    // });
+    // const encryptionPrivateKey = await Ed25519.convertPrivateKeyToX25519({ privateKey: encryptionKeyEd25519 });
+
+    // Add the identity and signing keys to the deterministic key generator so that when the DID is
+    // created it will use the derived keys.
+    const deterministicKeyGenerator = new DeterministicKeyGenerator();
+    await deterministicKeyGenerator.addPredefinedKeys({
+      privateKeys: [identityPrivateKey, signingPrivateKey]
+    });
+
+    // Create the DID using the derived identity, signing, and encryption keys.
+    const options = {
+      verificationMethods: [
+        {
+          algorithm : 'Ed25519',
+          id        : 'sig',
+          purposes  : ['assertionMethod', 'authentication']
+        },
+      ]
+    } as DidDhtCreateOptions<DeterministicKeyGenerator>;
+
+    if(dwnEndpoints && !!dwnEndpoints.length) {
+      options.services = [
+        {
+          id              : 'dwn',
+          type            : 'DecentralizedWebNode',
+          serviceEndpoint : dwnEndpoints,
+          enc             : '#enc',
+          sig             : '#sig',
+        }
+      ];
+    }
+
+    const did = await DidDht.create({ keyManager: deterministicKeyGenerator, options });
+
+    /**
+     * STEP 6: Convert the DID to portable format and store it in the data store as a
+     * compact JWE.
+     */
+
+    // Convert the DID to a portable format.
+    const portableDid = await did.export();
+
+    // Construct the JWE header.
+    const didJweProtectedHeader: JweHeaderParams = {
+      alg : 'dir',
+      enc : 'A256GCM',
+      cty : 'json'
+    };
+
+    // Encrypt the DID to compact JWE format.
+    const didJwe = await CompactJwe.encrypt({
+      key             : contentEncryptionKey,
+      plaintext       : Convert.object(portableDid).toUint8Array(),
+      protectedHeader : didJweProtectedHeader,
+      crypto          : this.crypto,
+      keyManager      : new LocalKeyManager()
+    });
+
+    // Store the compact JWE in the data store.
+    await this._store.set('did', didJwe);
+
+    /**
+     * STEP 7: Set the vault CEK (effectively unlocking the vault), set the status to initialized,
+     * and return the mnemonic used to generate the vault key.
+     */
+
+    this._contentEncryptionKey = contentEncryptionKey;
+
+    await this.setStatus({ initialized: true });
+
+    // Return the recovery phrase in case it was generated so that it can be displayed to the user
+    // for safekeeping.
+    return recoveryPhrase;
+  }
+
+  /**
+   * Determines whether the vault has been initialized.
+   *
+   * This method checks the vault's current status to determine if it has been
+   * initialized. Initialization is a prerequisite for most operations on the vault,
+   * ensuring that it is ready for use.
+   *
+   * @example
+   * ```ts
+   * const isInitialized = await identityVault.isInitialized();
+   * console.log('Is the vault initialized?', isInitialized);
+   * ```
+   *
+   * @returns A promise that resolves to `true` if the vault has been initialized, otherwise `false`.
+   */
+  public async isInitialized(): Promise<boolean> {
+    return this.getStatus().then(({ initialized }) => initialized);
+  }
+
+  /**
+   * Checks if the vault is currently locked.
+   *
+   * This method assesses the vault's current state to determine if it is locked.
+   * A locked vault restricts access to its contents, requiring the correct password
+   * to unlock and access the stored identity data. The vault must be unlocked to
+   * perform operations that access or modify its contents.
+   *
+   * @example
+   * ```ts
+   * const isLocked = await identityVault.isLocked();
+   * console.log('Is the vault locked?', isLocked);
+   * ```
+   *
+   * @returns `true` if the vault is locked, otherwise `false`.
+   */
+  public isLocked(): boolean {
+    return !this._contentEncryptionKey;
+  }
+
+  /**
+   * Locks the `HdIdentityVault`, securing its contents by clearing the in-memory encryption key.
+   *
+   * This method ensures that the vault's sensitive data cannot be accessed without unlocking the
+   * vault again with the correct password. It's an essential security feature for safeguarding
+   * the vault's contents against unauthorized access.
+   *
+   * @example
+   * ```ts
+   * const identityVault = new HdIdentityVault();
+   * await identityVault.lock();
+   * console.log('Vault is now locked.');
+   * ```
+   * @throws An error if the identity vault has not been initialized.
+   * @returns A promise that resolves when the vault is successfully locked.
+   */
+  public async lock(): Promise<void> {
+    // Verify the identity vault has already been initialized.
+    if (await this.isInitialized() === false) {
+      throw new Error(`HdIdentityVault: Lock operation failed. Vault has not been initialized.`);
+    }
+
+    // Clear the vault content encryption key (CEK), effectively locking the vault.
+    if (this._contentEncryptionKey) this._contentEncryptionKey.k = '';
+    this._contentEncryptionKey = undefined;
+  }
+
+  /**
+   * Restores the vault's data from a backup object, decrypting and reinitializing the vault's
+   * content with the provided backup data.
+   *
+   * This operation is crucial for data recovery scenarios, allowing users to regain access to their
+   * encrypted data using a previously saved backup and their password.
+   *
+   * @example
+   * ```ts
+   * const identityVault = new HdIdentityVault();
+   * await identityVault.initialize({ password: 'your-secure-phrase' });
+   * // Create a backup of the vault's contents.
+   * const backup = await identityVault.backup();
+   * // Restore the vault with the same password.
+   * await identityVault.restore({ backup: backup, password: 'your-secure-phrase' });
+   * console.log('Vault restored successfully.');
+   * ```
+   *
+   * @param params - The parameters required for the restore operation.
+   * @param params.backup - The backup object containing the encrypted vault data.
+   * @param params.password - The password used to encrypt the backup, necessary for decryption.
+   * @returns A promise that resolves when the vault has been successfully restored.
+   * @throws An error if the backup object is invalid or if the password is incorrect.
+   */
+  public async restore({ backup, password }: {
+    backup: IdentityVaultBackup;
+    password: string;
+  }): Promise<void> {
+    // Validate the backup object.
+    if (!isIdentityVaultBackup(backup)) {
+      throw new Error(`HdIdentityVault: Restore operation failed due to invalid backup object.`);
+    }
+
+    // Temporarily save the status and contents of the data store while attempting to restore the
+    // backup so that they are not lost in case the restore operation fails.
+    let previousStatus: IdentityVaultStatus;
+    let previousContentEncryptionKey: string;
+    let previousDid: string;
+    try {
+      previousDid = await this.getStoredDid();
+      previousContentEncryptionKey = await this.getStoredContentEncryptionKey();
+      previousStatus = await this.getStatus();
+    } catch {
+      throw new Error(
+        'HdIdentityVault: The restore operation cannot proceed because the existing vault ' +
+        'contents are missing or inaccessible. If the problem persists consider re-initializing ' +
+        'the vault and retrying the restore.'
+      );
+    }
+
+    try {
+      // Convert the backup data to a JSON object.
+      const backupData = Convert.base64Url(backup.data).toObject() as IdentityVaultBackupData;
+
+      // Restore the backup to the data store.
+      await this._store.set('did', backupData.did);
+      await this._store.set('contentEncryptionKey', backupData.contentEncryptionKey);
+      await this.setStatus(backupData.status);
+
+      // Attempt to unlock the vault with the given `password`.
+      await this.unlock({ password });
+
+    } catch (error: any) {
+      // If the restore operation fails, revert the data store to the status and contents that were
+      // saved before the restore operation was attempted.
+      await this.setStatus(previousStatus);
+      await this._store.set('contentEncryptionKey', previousContentEncryptionKey);
+      await this._store.set('did', previousDid);
+
+      throw new Error(
+        'HdIdentityVault: Restore operation failed due to invalid backup data or an incorrect ' +
+        'password. Please verify the password is correct for the provided backup and try again.'
+      );
+    }
+
+    // Update the last restore timestamp in the data store.
+    await this.setStatus({ lastRestore: new Date().toISOString() });
+  }
+
+  /**
+   * Unlocks the vault by decrypting the stored content encryption key (CEK) using the provided
+   * password.
+   *
+   * This method is essential for accessing the vault's encrypted contents, enabling the decryption
+   * of stored data and the execution of further operations requiring the vault to be unlocked.
+   *
+   * @example
+   * ```ts
+   * const identityVault = new HdIdentityVault();
+   * await identityVault.initialize({ password: 'your-initial-phrase' });
+   * // Unlock the vault with the correct password before accessing its contents
+   * await identityVault.unlock({ password: 'your-initial-phrase' });
+   * console.log('Vault unlocked successfully.');
+   * ```
+   *
+   *
+   * @param params - The parameters required for the unlock operation.
+   * @param params.password - The password used to encrypt the vault's CEK, necessary for
+   *                            decryption.
+   * @returns A promise that resolves when the vault has been successfully unlocked.
+   * @throws An error if the vault has not been initialized or if the provided password is
+   *         incorrect.
+   */
+  public async unlock({ password }: { password: string }): Promise<void> {
+    // Lock the vault.
+    await this.lock();
+
+    // Retrieve the content encryption key (CEK) record as a compact JWE from the data store.
+    const cekJwe = await this.getStoredContentEncryptionKey();
+
+    // Decrypt the compact JWE.
+    try {
+      const { plaintext: contentEncryptionKeyBytes } = await CompactJwe.decrypt({
+        jwe        : cekJwe,
+        key        : Convert.string(password).toUint8Array(),
+        crypto     : this.crypto,
+        keyManager : new LocalKeyManager()
+      });
+      const contentEncryptionKey = Convert.uint8Array(contentEncryptionKeyBytes).toObject() as Jwk;
+
+      // Save the content encryption key in memory, thereby unlocking the vault.
+      this._contentEncryptionKey = contentEncryptionKey;
+
+    } catch (error: any) {
+      throw new Error(`HdIdentityVault: Unable to unlock the vault due to an incorrect password.`);
+    }
+  }
+
+  /**
+   * Retrieves the Decentralized Identifier (DID) associated with the identity vault from the vault
+   * store.
+   *
+   * This DID is encrypted in compact JWE format and needs to be decrypted after the vault is
+   * unlocked. The method is intended to be used internally within the HdIdentityVault class to access
+   * the encrypted PortableDid.
+   *
+   * @returns A promise that resolves to the encrypted DID stored in the vault as a compact JWE.
+   * @throws Will throw an error if the DID cannot be retrieved from the vault.
+   */
+  private async getStoredDid(): Promise<string> {
+    // Retrieve the DID record as a compact JWE from the data store.
+    const didJwe = await this._store.get('did');
+
+    if (!didJwe) {
+      throw new Error(
+        'HdIdentityVault: Unable to retrieve the DID record from the vault. Please check the ' +
+        'vault status and if the problem persists consider re-initializing the vault and ' +
+        'restoring the contents from a previous backup.'
+      );
+    }
+
+    return didJwe;
+  }
+
+  /**
+   * Retrieves the encrypted Content Encryption Key (CEK) from the vault's storage.
+   *
+   * This CEK is used for encrypting and decrypting the vault's contents. It is stored as a
+   * compact JWE and should be decrypted with the user's password to be used for further
+   * cryptographic operations.
+   *
+   * @returns A promise that resolves to the stored CEK as a string in compact JWE format.
+   * @throws Will throw an error if the CEK cannot be retrieved, indicating potential issues with
+   *         the vault's integrity or state.
+   */
+  private async getStoredContentEncryptionKey(): Promise<string> {
+    // Retrieve the content encryption key (CEK) record as a compact JWE from the data store.
+    const cekJwe = await this._store.get('contentEncryptionKey');
+
+    if (!cekJwe) {
+      throw new Error(
+        'HdIdentityVault: Unable to retrieve the Content Encryption Key record from the vault. ' +
+        'Please check the vault status and if the problem persists consider re-initializing the ' +
+        'vault and restoring the contents from a previous backup.'
+      );
+    }
+
+    return cekJwe;
+  }
+
+  /**
+   * Updates the status of the `HdIdentityVault`, reflecting changes in its initialization, lock
+   * state, and the timestamps of the last backup and restore operations.
+   *
+   * This method directly manipulates the internal state stored in the vault's key-value store.
+   *
+   * @param params - The status properties to be updated.
+   * @param params.initialized - Updates the initialization state of the vault.
+   * @param params.lastBackup - Updates the timestamp of the last successful backup.
+   * @param params.lastRestore - Updates the timestamp of the last successful restore.
+   * @returns A promise that resolves to a boolean indicating successful status update.
+   * @throws Will throw an error if the status cannot be updated in the key-value store.
+   */
+  private async setStatus({ initialized, lastBackup, lastRestore }: Partial<IdentityVaultStatus>): Promise<boolean> {
+    // Get the current status values from the store, if any.
+    let vaultStatus = await this.getStatus();
+
+    // Update the status properties with new values specified, if any.
+    vaultStatus.initialized = initialized ?? vaultStatus.initialized;
+    vaultStatus.lastBackup = lastBackup ?? vaultStatus.lastBackup;
+    vaultStatus.lastRestore = lastRestore ?? vaultStatus.lastRestore;
+
+    // Write the changes to the store.
+    await this._store.set('vaultStatus', JSON.stringify(vaultStatus));
+
+    return true;
+  }
+}