@lifeready/core 1.0.0 → 1.0.1

package/src/lib/api/key-exchange2.service.ts

@@ -0,0 +1,875 @@
+import { Injectable, NgZone } from '@angular/core';
+import { JWK } from 'node-jose';
+import {
+  EncryptionService,
+  JoseSerialization,
+} from '../cryptography/encryption.service';
+import { KeyFactoryService } from '../cryptography/key-factory.service';
+import { KeyGraphService } from '../cryptography/key-graph.service';
+import { KeyService } from '../cryptography/key.service';
+import { LrCodeMismatchException } from '../_common/exceptions';
+import { RunOutsideAngular } from '../_common/run-outside-angular';
+import { UserService } from './../users/user.service';
+import { OwnerPlainDataJson } from './contact-card2.service';
+import {
+  CancelKeyExchangeMutation,
+  CompleteKeyExchangeOtkMutation,
+  CurrentUserSharedKeyQuery2,
+  DeclineKeyExchangeMutation,
+  InitiateKeyExchangeOtkMutation,
+  KeyExchangeFragment,
+  KeyExchangeQuery2,
+  KeyExchangesQuery2,
+  KeyExchangeState2,
+  KeyExchangeTokenQuery2,
+  RespondKeyExchangeOtkMutation,
+} from './key-exchange2.gql';
+import { LrGraphQLService, LrMutation } from './lr-graphql';
+import { ContactCardSharedCipherData, OtKeyCipherClearJson2 } from './types';
+
+/**
+ * The decrypted content of the one-time key cipher;
+ * When user supplies this information the lib doesn't need to do another API call
+ * to fetch the key exchange node. And since the typical use case is to display
+ * some information to the user, the key exchange node would already have been
+ * fetched and decrypted.
+ */
+export interface DecryptedOtk2 {
+  otKeyCipherClearJson: OtKeyCipherClearJson2;
+  otKey: JWK.Key; // The one-time key
+}
+
+export interface ContactCardReceiverCipherData {
+  // The receiver of the contact card keeps a copy
+  // of the owner's contact card information, encrypted using the receiver's keys. So that when
+  // the owner decides to update their shared contact card at a later date, the receiver can
+  // compare against the original contact card sent during key exchange. This way, the owner
+  // can't unilaterally update their shared contact card without the receiver knowing about it.
+  receiverCipherDataClearJson: any;
+}
+
+export interface ContactCardOwnerPlainData {
+  // Accessible by the server and the owner. Server side notification emails need to know some
+  // information about the owner.
+  // The owner could either be the initiator or the responder.
+  ownerPlainDataJson: OwnerPlainDataJson;
+}
+
+export interface ContactCardOwnerCipherData {
+  // Owner only access to this data
+  ownerCipherDataClearJson: any;
+}
+
+/**
+ * Sending contact card information from the owner to the receiver.
+ */
+export type SendContactCardInput = ContactCardOwnerPlainData &
+  ContactCardOwnerCipherData &
+  ContactCardSharedCipherData;
+
+export interface InitiateOtkInput2 {
+  // Note that if neither email nor responderUsername are given, the one-time key
+  // can still be sent to the responder via OOB
+  email?: string;
+  message?: any;
+  contactCard?: SendContactCardInput;
+  // If True, to upgrade an email invite to an existing user invite if the email
+  // is already associated with an existing user.
+  upgrade?: boolean;
+}
+
+export interface RespondOtkInput2 {
+  keyExchangeId: string;
+  token: string;
+  decryptedOtk: DecryptedOtk2;
+  message?: any;
+  // The initiator is the owner fo the initiatorContactCard, the responder
+  // is the receiver.
+  initiatorContactCard?: ContactCardReceiverCipherData;
+  responderContactCard?: SendContactCardInput;
+}
+
+export interface CompleteOtkInput2 {
+  keyExchangeId: string;
+  // This is a part of the key exchange data. It's encrypted using the root key
+  initiatorRootKeyCipher: string;
+  // This is a part of the key exchange data. It's encrypted using the one-time key.
+  initiatorOneTimePbkCipher: string;
+  // The responder is the owner fo the responderContactCard, the initiator
+  // is the receiver.
+  responderContactCard?: ContactCardReceiverCipherData;
+  // The initiator can update the cipher data that are only visible to them. It makes
+  // less sense to update the shared data because the responder would have already seen
+  // the shared data and accepted that it's legit.
+  // But in any case, the initiator can update the shared contact card info at any time.
+  initiatorContactCard?: ContactCardOwnerCipherData;
+}
+
+export interface InitiatorRootKeyCipherClearJson2 {
+  nonce: string;
+  oneTimePrk: object; // one-time public encryption key responder use to send data back to initiator
+  otKey: object; // one-time symmetric key that needs to be shared OOB
+  initiatorContactCard?: ContactCardOwnerCipherData &
+    ContactCardSharedCipherData;
+  initiator: {
+    message?: any;
+    contactCard?: ContactCardSharedCipherData;
+  };
+}
+
+export interface InitiatorOneTimePbkCipherClearJson {
+  nonce: string;
+  sharedKey: object;
+  mkSharedKey: object;
+  responder: {
+    pbk: object;
+    sigPbk: object;
+    message?: any;
+    contactCard?: ContactCardSharedCipherData & {
+      // Note that this is _not_ the same key as the sharedKey. The sharedKey wraps
+      // this key in the key graph. But because this key has not been entered into
+      // the key graph when the responder calls the API, we pass the JWK directly here.
+      sharedCipherKey: object;
+    };
+  };
+}
+
+export interface GetKeyExchangeOptions2 {
+  // The otKey as a raw string. i.e. key.toJSON(true).k
+  otKeyK?: string;
+  // User need the token if they have not responded to the key exchange yet.
+  // Once they've responded (hence proven they have the OOB Key) they become
+  // the "responder" of this exchange, and can access it when signed in.
+  token?: string;
+}
+
+@RunOutsideAngular({
+  ngZoneName: 'ngZone',
+})
+@Injectable({
+  providedIn: 'root',
+})
+export class KeyExchange2Service {
+  private readonly CLIENT_NONCE_LENGTH = 32;
+
+  constructor(
+    private ngZone: NgZone,
+    private keyFactory: KeyFactoryService,
+    private keyService: KeyService,
+    private encryptionService: EncryptionService,
+    private userService: UserService,
+    private keyGraph: KeyGraphService,
+    private lrGraphQL: LrGraphQLService
+  ) {}
+
+  private async getOtKey(
+    keyExchange: KeyExchangeFragment,
+    otKeyK?: string
+  ): Promise<JWK.Key> {
+    if (otKeyK) {
+      return await KeyFactoryService.asKey({
+        ...JSON.parse(keyExchange.otk.otKeyParams),
+        k: otKeyK,
+      });
+    } else if (
+      keyExchange.otk.state === 'OTK_INITIATED' &&
+      !keyExchange.isInitiator &&
+      keyExchange.otk.responderPbkCipher
+    ) {
+      // Assuming existing user getting invited where OTK is wrapped in responder's public key.
+      const prk = await this.keyService.getCurrentPxk();
+      const decryptedCipher: any = await this.encryptionService.decrypt(
+        prk.jwk,
+        JSON.parse(keyExchange.otk.responderPbkCipher),
+        {
+          serializations: [JoseSerialization.COMPACT],
+        }
+      );
+      if (decryptedCipher.otKey) {
+        return await KeyFactoryService.asKey(decryptedCipher.otKey);
+      }
+    }
+    return null;
+  }
+
+  private async decryptOtk(
+    keyExchange: KeyExchangeFragment,
+    otKeyK?: string
+  ): Promise<KeyExchangeFragment> {
+    const otKey = await this.getOtKey(keyExchange, otKeyK);
+
+    let otk = keyExchange.otk;
+
+    if (otKey && otk.otKeyCipher) {
+      otk = {
+        ...otk,
+        otKey,
+        otKeyCipherClearJson: await this.encryptionService.decrypt(
+          otKey,
+          keyExchange.otk.otKeyCipher
+        ),
+      };
+    }
+
+    return {
+      ...keyExchange,
+      otk,
+    };
+  }
+
+  private async decryptResponseCipher(
+    otKey: JWK.Key,
+    otPrk: JWK.Key,
+    content: any
+  ): Promise<InitiatorOneTimePbkCipherClearJson> {
+    // The response could be wrapped by the OtK in addition to the OtPbk
+    try {
+      content = await this.encryptionService.decrypt(otKey, content);
+    } catch (error) {
+      if (error.message !== 'no key found') {
+        throw error;
+      }
+      // Do nothing to support older versions where message is not wrapped with otk.
+    }
+
+    // The Prk is single-use and only used to send information from the responder back to the initiator.
+    return await this.encryptionService.decrypt(otPrk, content);
+  }
+
+  private async decryptKeyExchangeAsInitiator(
+    keyExchange: KeyExchangeFragment
+  ): Promise<KeyExchangeFragment> {
+    const rootKey = await this.keyService.getCurrentRootKey();
+
+    // Decrypt using the root key to get the Prk
+    const initiatorRootKeyCipherClearJson = (await this.encryptionService.decrypt(
+      rootKey.jwk,
+      keyExchange.initiatorRootKeyCipher
+    )) as InitiatorRootKeyCipherClearJson2;
+
+    const otKey = await KeyFactoryService.asKey(
+      initiatorRootKeyCipherClearJson.otKey
+    );
+
+    keyExchange = {
+      ...keyExchange,
+      initiatorRootKeyCipherClearJson,
+    };
+
+    let otk = keyExchange.otk;
+
+    if (otk.initiatorOneTimePbkCipher) {
+      otk = {
+        ...otk,
+        initiatorOneTimePbkCipherClearJson: await this.decryptResponseCipher(
+          otKey,
+          await KeyFactoryService.asKey(
+            initiatorRootKeyCipherClearJson.oneTimePrk
+          ),
+          otk.initiatorOneTimePbkCipher
+        ),
+      };
+    }
+
+    if (otk.otKeyCipher) {
+      otk.otKeyCipherClearJson = await this.encryptionService.decrypt(
+        otKey,
+        otk.otKeyCipher
+      );
+    }
+
+    return {
+      ...keyExchange,
+      otk,
+    };
+  }
+
+  private async decryptKeyExchangeAsResponder(
+    keyExchange: KeyExchangeFragment,
+    otKeyK?: string
+  ) {
+    return this.decryptOtk(keyExchange, otKeyK);
+  }
+
+  async decryptKeyExchange(keyExchange: KeyExchangeFragment, otKeyK?: string) {
+    if (keyExchange.isInitiator) {
+      return this.decryptKeyExchangeAsInitiator(keyExchange);
+    } else {
+      return this.decryptKeyExchangeAsResponder(keyExchange, otKeyK);
+    }
+  }
+
+  async getKeyExchanges({ state }: { state?: KeyExchangeState2 } = {}) {
+    const { keyExchanges } = await this.lrGraphQL.query({
+      query: KeyExchangesQuery2,
+      variables: {
+        state,
+      },
+    });
+
+    return Promise.all(
+      keyExchanges.edges.map((edge) => this.decryptKeyExchange(edge.node))
+    );
+  }
+
+  /**
+   * @param id If the current user can responder the key exchange if they are either the initiator or the receiver.
+   * @param token If not signed in, or not the initiator or responder, 'token' must be given.
+   * @param otKeyK Is the raw one-time key (string). If the responder is explicitly specified at time of initiation, then
+   *   it's possible to have the otKey wrapped by the public key of the responder. In which case, the otKeyK is not needed.
+   */
+  async getKeyExchange(
+    id: string,
+    { otKeyK, token }: GetKeyExchangeOptions2 = {}
+  ) {
+    const res = await this.lrGraphQL.query({
+      query: token ? KeyExchangeTokenQuery2 : KeyExchangeQuery2,
+      variables: {
+        id,
+        token,
+      },
+      includeKeyGraph: !token, // if !token then we are post auth, so can fetch keyGraph
+    });
+    return this.decryptKeyExchange(res.keyExchange, otKeyK);
+  }
+
+  public async getCurrentUserSharedKey(input: {
+    username?: string;
+    userId?: string;
+  }) {
+    return this.lrGraphQL.query({
+      query: CurrentUserSharedKeyQuery2,
+      variables: {
+        username: input.username,
+        userId: input.userId,
+      },
+    });
+  }
+
+  // TODO: deprecate this
+  async cancelKeyExchange(id: string) {
+    return this.cancelKeyExchangeMutation(id);
+  }
+
+  cancelKeyExchangeMutation(id: string) {
+    return new LrMutation({
+      mutation: CancelKeyExchangeMutation,
+      variables: {
+        input: {
+          id,
+        },
+      },
+    });
+  }
+
+  // TODO: deprecate this
+  async declineKeyExchange(id: string, token: string) {
+    return this.declineKeyExchangeMutation(id, token);
+  }
+
+  declineKeyExchangeMutation(id: string, token: string) {
+    return new LrMutation({
+      mutation: DeclineKeyExchangeMutation,
+      variables: {
+        input: {
+          id,
+          token,
+        },
+      },
+    });
+  }
+
+  async initiateOtk({
+    message,
+    email,
+    contactCard,
+    upgrade,
+  }: InitiateOtkInput2 = {}) {
+    const otKey = await this.keyFactory.createKey();
+    const nonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
+
+    // New PKC key for encryption. This key is used only once when the responder sends
+    // back their signing public key.
+    const initiatorOneTimePrk = await this.keyFactory.createPkcKey();
+
+    // Option 1: New PKC key for signing
+    // const initiatorSigPrk = await this.keyService.createPkcSignKey();
+
+    // Option 2: Use the user's global signing key.
+    // This key is used to prove the initiator's identity.
+    const initiatorPrk = await this.keyService.getCurrentPxk();
+    const initiatorSigPrk = await this.keyService.getCurrentSigPxk();
+
+    let initiatorPlainDataSig: string = null;
+
+    if (contactCard && contactCard.ownerPlainDataJson) {
+      initiatorPlainDataSig = await this.encryptionService.signToString(
+        initiatorSigPrk.jwk,
+        contactCard.ownerPlainDataJson
+      );
+    }
+
+    const initiator = {
+      message,
+      contactCard: contactCard && {
+        sharedCipherDataClearJson: contactCard.sharedCipherDataClearJson,
+      },
+    };
+
+    // Content to be encrypted using the OTK.
+    const plainOtKeyCipher: OtKeyCipherClearJson2 = {
+      // TODO Make sure we also put the OOB code in here as well since the OOB code is the
+      // _only_ information the KC server does not have access to. The server may have
+      // access to OTK and hence the nonce here. It's good to have both the nonce and OOB code
+      // since the user may not be using the OOB code. And it's simple to always include
+      // the nonce, so why not.
+      nonce,
+      initiator: {
+        ...initiator,
+        oneTimePbk: initiatorOneTimePrk.toJSON(), // one-time public encryption key responder use to send data back to initiator
+        pbk: initiatorPrk.jwk.toJSON(), // public encryption key
+        sigPbk: initiatorSigPrk.jwk.toJSON(), // public signing key
+      },
+    };
+
+    const otKeyCipher = await this.keyGraph.encryptToString(
+      otKey,
+      plainOtKeyCipher
+    );
+
+    // Content to be encrypted using the initiator's root key.
+    const initiatorRootKeyCipherClearJson: InitiatorRootKeyCipherClearJson2 = {
+      nonce,
+      oneTimePrk: initiatorOneTimePrk.toJSON(true),
+      // Should not need to keep this encrypted since we are using the global signing key.
+      // sigPrk: initiatorSigPrk.toJSON(true),
+
+      // Save it in case the initiator want to decode the otKeyCipher.
+      // Since the otKey is only used once, and that otKeyCipher contains only
+      // the public key of the initiator, it's safe just leave the otKey stored here.
+      otKey: otKey.toJSON(true),
+      // These should be storing information such as how the fields of the shared contact card is
+      // derived from the master contact card.
+      initiatorContactCard: contactCard,
+      initiator,
+    };
+
+    const rootKey = await this.keyService.getCurrentRootKey();
+    const initiatorRootKeyCipher = await this.keyGraph.encryptToString(
+      rootKey.jwk,
+      initiatorRootKeyCipherClearJson
+    );
+
+    // The raw OTK
+    const otKeyK: string = (otKey.toJSON(true) as any).k;
+
+    // API call
+    const lrMutation = new LrMutation({
+      mutation: InitiateKeyExchangeOtkMutation,
+      variables: {
+        input: {
+          // These will be stored on the server
+          initiatorRootKeyCipher,
+          initiatorPxkId: initiatorPrk.id,
+          initiatorSigPxkId: initiatorSigPrk.id,
+          // These will be sent to the responder
+          otKeyParams: JSON.stringify(otKey.toJSON()),
+          otKeyCipher,
+          sendEmail: email && {
+            email,
+            rawOtKey: otKeyK,
+          },
+          createTp: true,
+          initiatorPlainDataSig,
+          upgrade,
+        },
+      },
+    });
+
+    return { lrMutation, otKeyK };
+  }
+
+  async respondOtk({
+    keyExchangeId,
+    token,
+    decryptedOtk,
+    message,
+    initiatorContactCard,
+    responderContactCard,
+  }: RespondOtkInput2) {
+    const rootKey = await this.keyService.getCurrentRootKey();
+
+    const masterKeyId = this.keyService.getCurrentMasterKey().id;
+    const masterKey = await this.keyService.getCurrentMasterKey();
+
+    const sharedKey = await this.keyFactory.createKey();
+    const mkSharedKey = await this.keyFactory.createKey();
+
+    const rkWrappedSharedKey = await this.encryptionService.encrypt(
+      rootKey.jwk,
+      sharedKey.toJSON(true)
+    );
+    const mkWrappedMkSharedKey = await this.encryptionService.encrypt(
+      masterKey.jwk,
+      mkSharedKey.toJSON(true)
+    );
+
+    const initiatorOneTimePbk = await KeyFactoryService.asKey(
+      decryptedOtk.otKeyCipherClearJson.initiator.oneTimePbk
+    );
+
+    const initiatorPbk = await KeyFactoryService.asKey(
+      decryptedOtk.otKeyCipherClearJson.initiator.pbk
+    );
+    const initiatorSigPbk = await KeyFactoryService.asKey(
+      decryptedOtk.otKeyCipherClearJson.initiator.sigPbk
+    );
+
+    // Option 1: Using new Prk for each TP pair
+    // Create a new public signing key for the responder.
+    // const responderSigPrk = await this.keyService.createPkcSignKey()
+    // const rkWrappedResponderSigPrk = await this.encrypt(rootKey, responderSigPrk.toJSON(true));
+
+    // Option 2: Responder already has a signing Prk
+    const responderPrk = await this.keyService.getCurrentPxk();
+    const responderSigPrk = await this.keyService.getCurrentSigPxk();
+
+    const signedInitiatorPbk = await this.encryptionService.sign(
+      responderSigPrk.jwk,
+      initiatorPbk.toJSON()
+    );
+    const signedInitiatorSigPbk = await this.encryptionService.sign(
+      responderSigPrk.jwk,
+      initiatorSigPbk.toJSON()
+    );
+
+    const initiatorOneTimePbkCipherClearJson: InitiatorOneTimePbkCipherClearJson = {
+      nonce: decryptedOtk.otKeyCipherClearJson.nonce,
+      sharedKey: sharedKey.toJSON(true),
+      mkSharedKey: mkSharedKey.toJSON(true),
+      responder: {
+        pbk: responderPrk.jwk.toJSON(), // public key
+        sigPbk: responderSigPrk.jwk.toJSON(), // public key
+        message,
+      },
+    };
+
+    let receivedCardInput;
+    if (decryptedOtk.otKeyCipherClearJson.initiator.contactCard) {
+      // Set the info about the initiator to be the ones sent by the initiator. We need th responder to do the encryption here
+      // because the initiator does not have the shared key yet, and we want the responder to have a functional contact card after
+      // this exchange. The initiator can double check the contact details are correct and sign it when it completes the exchange.
+      const sharedCipherDataClearJson =
+        decryptedOtk.otKeyCipherClearJson.initiator.contactCard
+          .sharedCipherDataClearJson;
+
+      // Create keys
+      const receiverKey = await this.keyFactory.createKey();
+      const ccSharedKey = await this.keyFactory.createKey();
+      const sigPxk = await this.keyService.getCurrentSigPxk();
+
+      receivedCardInput = {
+        receiverWrappedKey: JSON.stringify(
+          await this.encryptionService.encrypt(
+            rootKey.jwk,
+            receiverKey.toJSON(true)
+          )
+        ),
+        receiverWrappingKeyId: rootKey.id,
+        receiverCipherData: initiatorContactCard
+          ? JSON.stringify(
+              await this.encryptionService.encrypt(
+                receiverKey,
+                initiatorContactCard.receiverCipherDataClearJson
+              )
+            )
+          : '',
+        sharedWrappedKey: JSON.stringify(
+          await this.encryptionService.encrypt(
+            sharedKey,
+            ccSharedKey.toJSON(true)
+          )
+        ),
+      };
+
+      const sharedCipherData = await this.encryptionService.encrypt(
+        ccSharedKey,
+        sharedCipherDataClearJson
+      );
+      receivedCardInput.sharedCipherDataSig = JSON.stringify(
+        await this.encryptionService.sign(sigPxk.jwk, sharedCipherData)
+      );
+      receivedCardInput.sigPxkId = sigPxk.id;
+
+      initiatorOneTimePbkCipherClearJson.responder.contactCard = {
+        ...initiatorOneTimePbkCipherClearJson.responder.contactCard,
+        sharedCipherKey: ccSharedKey.toJSON(true),
+      };
+    }
+
+    let responderCardInput;
+    if (responderContactCard) {
+      // Create keys
+      const ownerKey = await this.keyFactory.createKey();
+      const ccSharedKey = await this.keyFactory.createKey();
+      const sigPxk = await this.keyService.getCurrentSigPxk();
+
+      responderCardInput = {
+        ownerWrappedKey: JSON.stringify(
+          await this.encryptionService.encrypt(
+            rootKey.jwk,
+            ownerKey.toJSON(true)
+          )
+        ),
+        ownerWrappingKeyId: rootKey.id,
+        ownerCipherData: responderContactCard.ownerCipherDataClearJson
+          ? JSON.stringify(
+              await this.encryptionService.encrypt(
+                ownerKey,
+                responderContactCard.ownerCipherDataClearJson
+              )
+            )
+          : '',
+
+        sharedWrappedKey: JSON.stringify(
+          await this.encryptionService.encrypt(
+            sharedKey,
+            ccSharedKey.toJSON(true)
+          )
+        ),
+      };
+
+      const sharedCipherData = await this.encryptionService.encrypt(
+        ccSharedKey,
+        responderContactCard.sharedCipherDataClearJson
+      );
+      responderCardInput.sharedCipherDataSig = JSON.stringify(
+        await this.encryptionService.sign(sigPxk.jwk, sharedCipherData)
+      );
+      responderCardInput.sigPxkId = sigPxk.id;
+
+      if (responderContactCard.ownerPlainDataJson) {
+        responderCardInput.ownerPlainDataSig = JSON.stringify(
+          await this.encryptionService.sign(
+            responderSigPrk.jwk,
+            responderContactCard.ownerPlainDataJson
+          )
+        );
+      }
+
+      // Contact card info readable by the initiator
+      initiatorOneTimePbkCipherClearJson.responder.contactCard = {
+        ...initiatorOneTimePbkCipherClearJson.responder.contactCard,
+        sharedCipherDataClearJson:
+          responderContactCard.sharedCipherDataClearJson,
+      };
+    }
+
+    // Encrypt with one-time public key
+    let initiatorOneTimePbkCipher = await this.encryptionService.encrypt(
+      initiatorOneTimePbk,
+      initiatorOneTimePbkCipherClearJson
+    );
+
+    // Encrypt with the otk again to keep use of asymmetric keys to a minimum.
+    initiatorOneTimePbkCipher = await this.encryptionService.encrypt(
+      decryptedOtk.otKey,
+      initiatorOneTimePbkCipher
+    );
+
+    return new LrMutation({
+      mutation: RespondKeyExchangeOtkMutation,
+      variables: {
+        input: {
+          keyExchangeId,
+          keyExchangeToken: token,
+          rootKeyId: rootKey.id,
+          masterKeyId,
+          // These will be stored on the server
+          responderPxkId: responderPrk.id,
+          responderSigPxkId: responderSigPrk.id,
+          signedInitiatorPbk: JSON.stringify(signedInitiatorPbk),
+          signedInitiatorSigPbk: JSON.stringify(signedInitiatorSigPbk),
+          // rkWrappedInitiatorSigPbk: JSON.stringify(rkWrappedInitiatorSigPbk),
+
+          // Option 1: Using new Prk for each TP pair
+          // rkWrappedResponderSigPrk: JSON.stringify(rkWrappedResponderSigPrk),
+          rkWrappedSharedKey: JSON.stringify(rkWrappedSharedKey),
+          mkWrappedMkSharedKey: JSON.stringify(mkWrappedMkSharedKey),
+          // These will be sent to the initiator
+          initiatorOneTimePbkCipher: JSON.stringify(initiatorOneTimePbkCipher),
+          initiatorContactCard: receivedCardInput,
+          responderContactCard: responderCardInput,
+        },
+      },
+    });
+  }
+
+  async completeOtk({
+    keyExchangeId,
+    initiatorRootKeyCipher,
+    initiatorOneTimePbkCipher,
+    responderContactCard,
+    initiatorContactCard,
+  }: CompleteOtkInput2) {
+    const rootKey = await this.keyService.getCurrentRootKey();
+    const masterKey = await this.keyService.getCurrentMasterKey();
+
+    // Decrypt using the root key to get the Prk
+    const initiatorRootKeyCipherClearJson = (await this.encryptionService.decrypt(
+      rootKey.jwk,
+      initiatorRootKeyCipher
+    )) as InitiatorRootKeyCipherClearJson2;
+
+    // The Prk is single-use and only used to send information from the responder back to the initiator.
+    const plainInitiatorOneTimePbkCipher = await this.decryptResponseCipher(
+      await KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.otKey),
+      await KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.oneTimePrk),
+      initiatorOneTimePbkCipher
+    );
+
+    // Check the nonce match to ensure the responder was the one holding the OTK
+    if (
+      initiatorRootKeyCipherClearJson.nonce !==
+      plainInitiatorOneTimePbkCipher.nonce
+    ) {
+      throw new LrCodeMismatchException(
+        'The nonce returned by responder does not match with the one created by the initiator.'
+      );
+    }
+
+    // Option 1: Assuming the signing key is unique between users.
+    // const initiatorSigPrk = await KFS.asKey(ke.plainInitiatorRootKeyCipher.sigPrk);
+    // const rkWrappedInitiatorSigPrk = await this.encrypt(rootKey, initiatorSigPrk.toJSON(true));
+
+    // Option 2: Use the user's global signing key.
+    // In this case the initiatorSigPrk is already a part of the key graph.
+    // So there's nothing to do here.
+
+    // Protected the signing public key of the responder.
+    const initiatorSigPrk = await this.keyService.getCurrentSigPxk();
+    const responderSigPbk = await KeyFactoryService.asKey(
+      plainInitiatorOneTimePbkCipher.responder.sigPbk
+    );
+    const responderPbk = await KeyFactoryService.asKey(
+      plainInitiatorOneTimePbkCipher.responder.pbk
+    );
+
+    const signedResponderPbk = await this.encryptionService.sign(
+      initiatorSigPrk.jwk,
+      responderPbk.toJSON()
+    );
+    const signedResponderSigPbk = await this.encryptionService.sign(
+      initiatorSigPrk.jwk,
+      responderSigPbk.toJSON()
+    );
+
+    const sharedKey = await KeyFactoryService.asKey(
+      plainInitiatorOneTimePbkCipher.sharedKey
+    );
+    const rkWrappedSharedKey = await this.encryptionService.encrypt(
+      rootKey.jwk,
+      sharedKey.toJSON(true)
+    );
+
+    const mkSharedKey = await KeyFactoryService.asKey(
+      plainInitiatorOneTimePbkCipher.mkSharedKey
+    );
+    const mkWrappedMkSharedKey = await this.encryptionService.encrypt(
+      masterKey.jwk,
+      mkSharedKey.toJSON(true)
+    );
+
+    let responderContactCardCipherInput;
+    if (responderContactCard) {
+      // Create key
+      const receiverKey = await this.keyFactory.createKey();
+
+      responderContactCardCipherInput = {
+        receiverWrappedKey: JSON.stringify(
+          await this.encryptionService.encrypt(
+            rootKey.jwk,
+            receiverKey.toJSON(true)
+          )
+        ),
+        receiverWrappingKeyId: rootKey.id,
+        receiverCipherData: JSON.stringify(
+          await this.encryptionService.encrypt(
+            receiverKey,
+            responderContactCard.receiverCipherDataClearJson
+          )
+        ),
+      };
+    }
+
+    // Get the data needed from the initiator's cipher data.
+    let initiatorContactCardCipherInput;
+    let initiatorContactCardSharedCipherInput;
+    if (initiatorRootKeyCipherClearJson.initiatorContactCard) {
+      // The initiatorContactCard created during the creation of the invite and encrypted using the initiator's
+      // root key
+      const initiatorContactCardFromInit =
+        initiatorRootKeyCipherClearJson.initiatorContactCard;
+      const ownerKey = await this.keyFactory.createKey();
+      const sharedCipherKey = await KeyFactoryService.asKey(
+        plainInitiatorOneTimePbkCipher.responder.contactCard.sharedCipherKey
+      );
+
+      const ownerWrappedKey = JSON.stringify(
+        await this.encryptionService.encrypt(rootKey.jwk, ownerKey.toJSON(true))
+      );
+
+      // Allow the initiatorContactCard parameter to override
+      const ownerCipherDataClearJson =
+        initiatorContactCard?.ownerCipherDataClearJson ||
+        initiatorContactCardFromInit.ownerCipherDataClearJson;
+
+      const ownerCipherData = ownerCipherDataClearJson
+        ? await this.keyGraph.encryptToString(
+            ownerKey,
+            ownerCipherDataClearJson
+          )
+        : '';
+
+      initiatorContactCardCipherInput = {
+        ownerWrappedKey,
+        ownerWrappingKeyId: rootKey.id,
+        ownerCipherData,
+      };
+
+      initiatorContactCardSharedCipherInput = {
+        sigPxkId: initiatorSigPrk.id,
+      };
+
+      const sharedCipherData = await this.encryptionService.encrypt(
+        sharedCipherKey,
+        initiatorContactCardFromInit.sharedCipherDataClearJson
+      );
+      initiatorContactCardSharedCipherInput.sharedCipherDataSig = JSON.stringify(
+        await this.encryptionService.sign(initiatorSigPrk.jwk, sharedCipherData)
+      );
+    }
+
+    // TODO ideally we update the shared data in the contact card sent to the responder as well since that
+    // CC was created by the responder.
+
+    return new LrMutation({
+      mutation: CompleteKeyExchangeOtkMutation,
+      variables: {
+        input: {
+          keyExchangeId,
+          rootKeyId: rootKey.id,
+          masterKeyId: masterKey.id,
+          initiatorSigPxkId: initiatorSigPrk.id,
+          signedResponderPbk: JSON.stringify(signedResponderPbk),
+          signedResponderSigPbk: JSON.stringify(signedResponderSigPbk),
+          rkWrappedSharedKey: JSON.stringify(rkWrappedSharedKey),
+          mkWrappedMkSharedKey: JSON.stringify(mkWrappedMkSharedKey),
+          responderContactCardCipher: responderContactCardCipherInput,
+          initiatorContactCardCipher: initiatorContactCardCipherInput,
+          initiatorContactCardSharedCipher: initiatorContactCardSharedCipherInput,
+        },
+      },
+    });
+  }
+}