@pezkuwi/keyring 14.0.6 → 14.0.10

package/src/pair/index.spec.ts

@@ -0,0 +1,189 @@
+// Copyright 2017-2025 @pezkuwi/keyring authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+/// <reference types="@pezkuwi/dev-test/globals.d.ts" />
+
+import { hexToU8a, u8aToHex } from '@pezkuwi/util';
+import { cryptoWaitReady, encodeAddress as toSS58, setSS58Format } from '@pezkuwi/util-crypto';
+
+import { PAIRSSR25519 } from '../testing.js';
+import { createTestPairs } from '../testingPairs.js';
+import { createPair } from './index.js';
+
+const keyring = createTestPairs({ type: 'ed25519' }, false);
+
+const TEST_ADDRESS = '0x4119b2e6c3Cb618F4f0B93ac77f9BeeC7FF02887';
+
+await cryptoWaitReady();
+
+describe('pair', (): void => {
+  const SIGNATURE = new Uint8Array([80, 191, 198, 147, 225, 207, 75, 88, 126, 39, 129, 109, 191, 38, 72, 181, 75, 254, 81, 143, 244, 79, 237, 38, 236, 141, 28, 252, 134, 26, 169, 234, 79, 33, 153, 158, 151, 34, 175, 188, 235, 20, 35, 135, 83, 120, 139, 211, 233, 130, 1, 208, 201, 215, 73, 80, 56, 98, 185, 196, 11, 8, 193, 14]);
+
+  it('has a publicKey', (): void => {
+    expect(
+      keyring.alice.publicKey
+    ).toEqual(
+      new Uint8Array([209, 114, 167, 76, 218, 76, 134, 89, 18, 195, 43, 160, 168, 10, 87, 174, 105, 171, 174, 65, 14, 92, 203, 89, 222, 232, 78, 47, 68, 50, 219, 79])
+    );
+    expect(
+      keyring.alice.addressRaw
+    ).toEqual(
+      new Uint8Array([209, 114, 167, 76, 218, 76, 134, 89, 18, 195, 43, 160, 168, 10, 87, 174, 105, 171, 174, 65, 14, 92, 203, 89, 222, 232, 78, 47, 68, 50, 219, 79])
+    );
+  });
+
+  it('allows signing', (): void => {
+    expect(
+      keyring.alice.sign(
+        new Uint8Array([0x61, 0x62, 0x63, 0x64])
+      )
+    ).toEqual(SIGNATURE);
+  });
+
+  it('validates a correctly signed message', (): void => {
+    expect(
+      keyring.alice.verify(
+        new Uint8Array([0x61, 0x62, 0x63, 0x64]),
+        SIGNATURE,
+        keyring.alice.publicKey
+      )
+    ).toEqual(true);
+  });
+
+  it('fails a correctly signed message (signer changed)', (): void => {
+    expect(
+      keyring.alice.verify(
+        new Uint8Array([0x61, 0x62, 0x63, 0x64]),
+        SIGNATURE,
+        keyring.bob.publicKey
+      )
+    ).toEqual(false);
+  });
+
+  it('fails a correctly signed message (message changed)', (): void => {
+    expect(
+      keyring.alice.verify(
+        new Uint8Array([0x61, 0x62, 0x63, 0x64, 0x65]),
+        SIGNATURE,
+        keyring.alice.publicKey
+      )
+    ).toEqual(false);
+  });
+
+  it('allows vrf sign and verify', (): void => {
+    const message = new Uint8Array([0x61, 0x62, 0x63, 0x64, 0x65]);
+
+    expect(
+      keyring.alice.vrfVerify(
+        message,
+        keyring.alice.vrfSign(message),
+        keyring.alice.publicKey
+      )
+    ).toBe(true);
+  });
+
+  it('fails vrf sign and verify (publicKey changed)', (): void => {
+    const message = new Uint8Array([0x61, 0x62, 0x63, 0x64, 0x65]);
+
+    expect(
+      keyring.alice.vrfVerify(
+        message,
+        keyring.alice.vrfSign(message),
+        keyring.bob.publicKey
+      )
+    ).toBe(false);
+  });
+
+  it('allows setting/getting of meta', (): void => {
+    keyring.bob.setMeta({ foo: 'bar', something: 'else' });
+
+    expect(keyring.bob.meta).toMatchObject({ foo: 'bar', something: 'else' });
+
+    keyring.bob.setMeta({ something: 'thing' });
+
+    expect(keyring.bob.meta).toMatchObject({ foo: 'bar', something: 'thing' });
+  });
+
+  it('allows encoding of address with different prefixes', (): void => {
+    expect(keyring.alice.address).toEqual('5GoKvZWG5ZPYL1WUovuHW3zJBWBP5eT8CbqjdRY4Q6iMaQua');
+
+    // eslint-disable-next-line deprecation/deprecation
+    setSS58Format(255);
+
+    expect(keyring.alice.address).toEqual('yGHU8YKprxHbHdEv7oUK4rzMZXtsdhcXVG2CAMyC9WhzhjH2k');
+
+    // eslint-disable-next-line deprecation/deprecation
+    setSS58Format(42);
+  });
+
+  it('allows getting public key after decoding', (): void => {
+    const PASS = 'testing';
+    const encoded = keyring.alice.encodePkcs8(PASS);
+
+    const pair = createPair({ toSS58, type: 'sr25519' }, { publicKey: keyring.alice.publicKey });
+
+    pair.decodePkcs8(PASS, encoded);
+
+    expect(pair.isLocked).toEqual(false);
+  });
+
+  it('allows derivation on the pair', (): void => {
+    const alice = createPair({ toSS58, type: 'sr25519' }, { publicKey: hexToU8a(PAIRSSR25519[0].p), secretKey: hexToU8a(PAIRSSR25519[0].s) }, {});
+    const stash = alice.derive('//stash');
+    const soft = alice.derive('//funding/0');
+
+    expect(stash.publicKey).toEqual(hexToU8a(PAIRSSR25519[1].p));
+    expect(soft.address).toEqual('5ECQNn7UueWHPFda5qUi4fTmTtyCnPvGnuoyVVSj5CboJh9J');
+  });
+
+  it('fails to sign when locked', (): void => {
+    const pair = createPair({ toSS58, type: 'sr25519' }, { publicKey: keyring.alice.publicKey });
+
+    expect(pair.isLocked).toEqual(true);
+    expect((): Uint8Array =>
+      pair.sign(new Uint8Array([0]))
+    ).toThrow('Cannot sign with a locked key pair');
+  });
+
+  describe('ethereum', (): void => {
+    const PUBLICDERIVED = new Uint8Array([
+      3, 129, 53, 27, 27, 70, 210, 96,
+      43, 9, 146, 187, 93, 85, 49, 249,
+      193, 105, 107, 8, 18, 254, 178, 83,
+      75, 104, 132, 173, 196, 126, 46, 29,
+      139
+    ]);
+    const SECRETDERIVED = new Uint8Array([
+      7, 13, 195, 17, 115, 0, 1, 25,
+      24, 226, 107, 2, 23, 105, 69, 204,
+      21, 195, 213, 72, 207, 73, 253, 132,
+      24, 217, 127, 147, 175, 105, 158, 70
+    ]);
+
+    it('has a valid address from a known public', (): void => {
+      const pair = createPair({ toSS58, type: 'ethereum' }, { publicKey: hexToU8a('0x03b9dc646dd71118e5f7fda681ad9eca36eb3ee96f344f582fbe7b5bcdebb13077') });
+
+      expect(pair.address).toEqual(TEST_ADDRESS);
+      expect(pair.addressRaw).toEqual(hexToU8a(TEST_ADDRESS));
+    });
+
+    it('has a valid address from a known ethereum address (20 length)', (): void => {
+      const pair = createPair({ toSS58, type: 'ethereum' }, { publicKey: new Uint8Array([75, 32, 205, 127, 248, 119, 52, 31, 46, 171, 170, 23, 158, 23, 46, 108, 95, 180, 186, 168]), secretKey: new Uint8Array([]) });
+
+      expect(pair.address.toLowerCase()).toEqual('0x4b20cd7ff877341f2eabaa179e172e6c5fb4baa8');
+      expect(pair.addressRaw).toEqual(hexToU8a('0x4b20cd7ff877341f2eabaa179e172e6c5fb4baa8'));
+    });
+
+    it('converts to json', (): void => {
+      const pair = createPair({ toSS58, type: 'ethereum' }, { publicKey: PUBLICDERIVED, secretKey: SECRETDERIVED });
+      const json = pair.toJson('password');
+
+      expect(json.encoding).toEqual({
+        content: ['pkcs8', 'ethereum'],
+        type: ['scrypt', 'xsalsa20-poly1305'],
+        version: '3'
+      });
+      expect(json.address).toEqual(u8aToHex(PUBLICDERIVED));
+    });
+  });
+});

package/src/pair/index.ts

@@ -0,0 +1,220 @@
+// Copyright 2017-2025 @pezkuwi/keyring authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+import type { EncryptedJsonEncoding, Keypair, KeypairType } from '@pezkuwi/util-crypto/types';
+import type { KeyringPair, KeyringPair$Json, KeyringPair$Meta, SignOptions } from '../types.js';
+import type { PairInfo } from './types.js';
+
+import { objectSpread, u8aConcat, u8aEmpty, u8aEq, u8aToHex, u8aToU8a } from '@pezkuwi/util';
+import { blake2AsU8a, ed25519PairFromSeed as ed25519FromSeed, ed25519Sign, ethereumEncode, keccakAsU8a, keyExtractPath, keyFromPath, secp256k1Compress, secp256k1Expand, secp256k1PairFromSeed as secp256k1FromSeed, secp256k1Sign, signatureVerify, sr25519PairFromSeed as sr25519FromSeed, sr25519Sign, sr25519VrfSign, sr25519VrfVerify } from '@pezkuwi/util-crypto';
+
+import { decodePair } from './decode.js';
+import { encodePair } from './encode.js';
+import { pairToJson } from './toJson.js';
+
+interface Setup {
+  toSS58: (publicKey: Uint8Array) => string;
+  type: KeypairType;
+}
+
+const SIG_TYPE_NONE = new Uint8Array();
+
+const TYPE_FROM_SEED = {
+  ecdsa: secp256k1FromSeed,
+  ed25519: ed25519FromSeed,
+  ethereum: secp256k1FromSeed,
+  sr25519: sr25519FromSeed
+};
+
+const TYPE_PREFIX = {
+  ecdsa: new Uint8Array([2]),
+  ed25519: new Uint8Array([0]),
+  ethereum: new Uint8Array([2]),
+  sr25519: new Uint8Array([1])
+};
+
+const TYPE_SIGNATURE = {
+  ecdsa: (m: Uint8Array, p: Partial<Keypair>) => secp256k1Sign(m, p, 'blake2'),
+  ed25519: ed25519Sign,
+  ethereum: (m: Uint8Array, p: Partial<Keypair>) => secp256k1Sign(m, p, 'keccak'),
+  sr25519: sr25519Sign
+};
+
+const TYPE_ADDRESS = {
+  ecdsa: (p: Uint8Array) => p.length > 32 ? blake2AsU8a(p) : p,
+  ed25519: (p: Uint8Array) => p,
+  ethereum: (p: Uint8Array) => p.length === 20 ? p : keccakAsU8a(secp256k1Expand(p)),
+  sr25519: (p: Uint8Array) => p
+};
+
+function isLocked (secretKey?: Uint8Array): secretKey is undefined {
+  return !secretKey || u8aEmpty(secretKey);
+}
+
+function vrfHash (proof: Uint8Array, context?: string | Uint8Array, extra?: string | Uint8Array): Uint8Array {
+  return blake2AsU8a(u8aConcat(context || '', extra || '', proof));
+}
+
+/**
+ * @name createPair
+ * @summary Creates a keyring pair object
+ * @description Creates a keyring pair object with provided account public key, metadata, and encoded arguments.
+ * The keyring pair stores the account state including the encoded address and associated metadata.
+ *
+ * It has properties whose values are functions that may be called to perform account actions:
+ *
+ * - `address` function retrieves the address associated with the account.
+ * - `decodedPkcs8` function is called with the account passphrase and account encoded public key.
+ * It decodes the encoded public key using the passphrase provided to obtain the decoded account public key
+ * and associated secret key that are then available in memory, and changes the account address stored in the
+ * state of the pair to correspond to the address of the decoded public key.
+ * - `encodePkcs8` function when provided with the correct passphrase associated with the account pair
+ * and when the secret key is in memory (when the account pair is not locked) it returns an encoded
+ * public key of the account.
+ * - `meta` is the metadata that is stored in the state of the pair, either when it was originally
+ * created or set via `setMeta`.
+ * - `publicKey` returns the public key stored in memory for the pair.
+ * - `sign` may be used to return a signature by signing a provided message with the secret
+ * key (if it is in memory) using Nacl.
+ * - `toJson` calls another `toJson` function and provides the state of the pair,
+ * it generates arguments to be passed to the other `toJson` function including an encoded public key of the account
+ * that it generates using the secret key from memory (if it has been made available in memory)
+ * and the optionally provided passphrase argument. It passes a third boolean argument to `toJson`
+ * indicating whether the public key has been encoded or not (if a passphrase argument was provided then it is encoded).
+ * The `toJson` function that it calls returns a JSON object with properties including the `address`
+ * and `meta` that are assigned with the values stored in the corresponding state variables of the account pair,
+ * an `encoded` property that is assigned with the encoded public key in hex format, and an `encoding`
+ * property that indicates whether the public key value of the `encoded` property is encoded or not.
+ */
+export function createPair ({ toSS58, type }: Setup, { publicKey, secretKey }: PairInfo, meta: KeyringPair$Meta = {}, encoded: Uint8Array | null = null, encTypes?: EncryptedJsonEncoding[]): KeyringPair {
+  const decodePkcs8 = (passphrase?: string, userEncoded?: Uint8Array | null): void => {
+    const decoded = decodePair(passphrase, userEncoded || encoded, encTypes);
+
+    if (decoded.secretKey.length === 64) {
+      publicKey = decoded.publicKey;
+      secretKey = decoded.secretKey;
+    } else {
+      const pair = TYPE_FROM_SEED[type](decoded.secretKey);
+
+      publicKey = pair.publicKey;
+      secretKey = pair.secretKey;
+    }
+  };
+
+  const recode = (passphrase?: string): Uint8Array => {
+    isLocked(secretKey) && encoded && decodePkcs8(passphrase, encoded);
+
+    encoded = encodePair({ publicKey, secretKey }, passphrase); // re-encode, latest version
+    encTypes = undefined; // swap to defaults, latest version follows
+
+    return encoded;
+  };
+
+  const encodeAddress = (): string => {
+    const raw = TYPE_ADDRESS[type](publicKey);
+
+    return type === 'ethereum'
+      ? ethereumEncode(raw)
+      : toSS58(raw);
+  };
+
+  return {
+    get address (): string {
+      return encodeAddress();
+    },
+    get addressRaw (): Uint8Array {
+      const raw = TYPE_ADDRESS[type](publicKey);
+
+      return type === 'ethereum'
+        ? raw.slice(-20)
+        : raw;
+    },
+    get isLocked (): boolean {
+      return isLocked(secretKey);
+    },
+    get meta (): KeyringPair$Meta {
+      return meta;
+    },
+    get publicKey (): Uint8Array {
+      return publicKey;
+    },
+    get type (): KeypairType {
+      return type;
+    },
+    // eslint-disable-next-line sort-keys
+    decodePkcs8,
+    derive: (suri: string, meta?: KeyringPair$Meta): KeyringPair => {
+      if (type === 'ethereum') {
+        throw new Error('Unable to derive on this keypair');
+      } else if (isLocked(secretKey)) {
+        throw new Error('Cannot derive on a locked keypair');
+      }
+
+      const { path } = keyExtractPath(suri);
+      const derived = keyFromPath({ publicKey, secretKey }, path, type);
+
+      return createPair({ toSS58, type }, derived, meta, null);
+    },
+    encodePkcs8: (passphrase?: string): Uint8Array => {
+      return recode(passphrase);
+    },
+    lock: (): void => {
+      secretKey = new Uint8Array();
+    },
+    setMeta: (additional: KeyringPair$Meta): void => {
+      meta = objectSpread({}, meta, additional);
+    },
+    sign: (message: string | Uint8Array, options: SignOptions = {}): Uint8Array => {
+      if (isLocked(secretKey)) {
+        throw new Error('Cannot sign with a locked key pair');
+      }
+
+      return u8aConcat(
+        options.withType
+          ? TYPE_PREFIX[type]
+          : SIG_TYPE_NONE,
+        TYPE_SIGNATURE[type](u8aToU8a(message), { publicKey, secretKey })
+      );
+    },
+    toJson: (passphrase?: string): KeyringPair$Json => {
+      // NOTE: For ecdsa and ethereum, the publicKey cannot be extracted from the address. For these
+      // pass the hex-encoded publicKey through to the address portion of the JSON (before decoding)
+      // unless the publicKey is already an address
+      const address = ['ecdsa', 'ethereum'].includes(type)
+        ? publicKey.length === 20
+          ? u8aToHex(publicKey)
+          : u8aToHex(secp256k1Compress(publicKey))
+        : encodeAddress();
+
+      return pairToJson(type, { address, meta }, recode(passphrase), !!passphrase);
+    },
+    unlock: (passphrase?: string): void => {
+      return decodePkcs8(passphrase);
+    },
+    verify: (message: string | Uint8Array, signature: string | Uint8Array, signerPublic: string | Uint8Array): boolean => {
+      return signatureVerify(message, signature, TYPE_ADDRESS[type](u8aToU8a(signerPublic))).isValid;
+    },
+    vrfSign: (message: string | Uint8Array, context?: string | Uint8Array, extra?: string | Uint8Array): Uint8Array => {
+      if (isLocked(secretKey)) {
+        throw new Error('Cannot sign with a locked key pair');
+      }
+
+      if (type === 'sr25519') {
+        return sr25519VrfSign(message, { secretKey }, context, extra);
+      }
+
+      const proof = TYPE_SIGNATURE[type](u8aToU8a(message), { publicKey, secretKey });
+
+      return u8aConcat(vrfHash(proof, context, extra), proof);
+    },
+    vrfVerify: (message: string | Uint8Array, vrfResult: Uint8Array, signerPublic: Uint8Array | string, context?: string | Uint8Array, extra?: string | Uint8Array): boolean => {
+      if (type === 'sr25519') {
+        return sr25519VrfVerify(message, vrfResult, publicKey, context, extra);
+      }
+
+      const result = signatureVerify(message, u8aConcat(TYPE_PREFIX[type], vrfResult.subarray(32)), TYPE_ADDRESS[type](u8aToU8a(signerPublic)));
+
+      return result.isValid && u8aEq(vrfResult.subarray(0, 32), vrfHash(vrfResult.subarray(32), context, extra));
+    }
+  };
+}

package/src/pair/nobody.ts

@@ -0,0 +1,62 @@
+// Copyright 2017-2025 @pezkuwi/keyring authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+import type { KeyringPair, KeyringPair$Json, KeyringPair$Meta } from '../types.js';
+
+// empty publicKey
+const publicKey = new Uint8Array(32);
+
+// pre-computed via encodeAddress(publicKey)
+const address = '5C4hrfjw9DjXZTzV3MwzrrAr9P1MJhSrvWGWqi1eSuyUpnhM';
+
+const meta = {
+  isTesting: true,
+  name: 'nobody'
+};
+
+const json: KeyringPair$Json = {
+  address,
+  encoded: '',
+  encoding: {
+    content: ['pkcs8', 'ed25519'],
+    type: 'none',
+    version: '0'
+  },
+  meta
+};
+
+const pair: KeyringPair = {
+  address,
+  addressRaw: publicKey,
+  decodePkcs8: (_passphrase?: string, _encoded?: Uint8Array): void =>
+    undefined,
+  derive: (_suri: string, _meta?: KeyringPair$Meta): KeyringPair =>
+    pair,
+  encodePkcs8: (_passphrase?: string): Uint8Array =>
+    new Uint8Array(0),
+  isLocked: true,
+  lock: (): void => {
+    // no locking, it is always locked
+  },
+  meta,
+  publicKey,
+  setMeta: (_meta: KeyringPair$Meta): void =>
+    undefined,
+  sign: (_message: Uint8Array): Uint8Array =>
+    new Uint8Array(64),
+  toJson: (_passphrase?: string): KeyringPair$Json =>
+    json,
+  type: 'ed25519',
+  unlock: (_passphrase?: string): void =>
+    undefined,
+  verify: (_message: Uint8Array, _signature: Uint8Array): boolean =>
+    false,
+  vrfSign: (_message: Uint8Array, _context?: string | Uint8Array, _extra?: string | Uint8Array): Uint8Array =>
+    new Uint8Array(96),
+  vrfVerify: (_message: Uint8Array, _vrfResult: Uint8Array, _context?: string | Uint8Array, _extra?: string | Uint8Array): boolean =>
+    false
+};
+
+export function nobody (): KeyringPair {
+  return pair;
+}

package/src/pair/toJson.spec.ts

@@ -0,0 +1,42 @@
+// Copyright 2017-2025 @pezkuwi/keyring authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+/// <reference types="@pezkuwi/dev-test/globals.d.ts" />
+
+import { createTestPairs } from '../testingPairs.js';
+
+const keyring = createTestPairs({ type: 'ed25519' }, false);
+
+describe('toJson', (): void => {
+  it('creates an unencoded output with no passphrase', (): void => {
+    expect(
+      keyring.alice.toJson()
+    ).toMatchObject({
+      address: '5GoKvZWG5ZPYL1WUovuHW3zJBWBP5eT8CbqjdRY4Q6iMaQua',
+      encoded: 'MFMCAQEwBQYDK2VwBCIEIEFsaWNlICAgICAgICAgICAgICAgICAgICAgICAgICAg0XKnTNpMhlkSwyugqApXrmmrrkEOXMtZ3uhOL0Qy20+hIwMhANFyp0zaTIZZEsMroKgKV65pq65BDlzLWd7oTi9EMttP',
+      encoding: {
+        content: ['pkcs8', 'ed25519'],
+        type: ['none'],
+        version: '3'
+      },
+      meta: {
+        isTesting: true,
+        name: 'alice'
+      }
+    });
+  });
+
+  it('creates an encoded output with passphrase', (): void => {
+    const json = keyring.alice.toJson('testing');
+
+    expect(json.encoded).toHaveLength(268);
+    expect(json).toMatchObject({
+      address: '5GoKvZWG5ZPYL1WUovuHW3zJBWBP5eT8CbqjdRY4Q6iMaQua',
+      encoding: {
+        content: ['pkcs8', 'ed25519'],
+        type: ['scrypt', 'xsalsa20-poly1305'],
+        version: '3'
+      }
+    });
+  });
+});

package/src/pair/toJson.ts

@@ -0,0 +1,20 @@
+// Copyright 2017-2025 @pezkuwi/keyring authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+import type { KeypairType } from '@pezkuwi/util-crypto/types';
+import type { KeyringPair$Json, KeyringPair$Meta } from '../types.js';
+
+import { objectSpread } from '@pezkuwi/util';
+import { jsonEncryptFormat } from '@pezkuwi/util-crypto';
+
+interface PairStateJson {
+  address: string;
+  meta: KeyringPair$Meta;
+}
+
+export function pairToJson (type: KeypairType, { address, meta }: PairStateJson, encoded: Uint8Array, isEncrypted: boolean): KeyringPair$Json {
+  return objectSpread(jsonEncryptFormat(encoded, ['pkcs8', type], isEncrypted), {
+    address,
+    meta
+  });
+}

package/src/pair/types.ts

@@ -0,0 +1,8 @@
+// Copyright 2017-2025 @pezkuwi/keyring authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+export interface PairInfo {
+  publicKey: Uint8Array;
+  secretKey?: Uint8Array | undefined;
+  seed?: Uint8Array | null;
+}

package/src/pair/vrf.spec.ts

@@ -0,0 +1,47 @@
+// Copyright 2017-2025 @pezkuwi/keyring authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+/// <reference types="@pezkuwi/dev-test/globals.d.ts" />
+
+import { u8aToHex } from '@pezkuwi/util';
+import { cryptoWaitReady, ed25519PairFromSeed, encodeAddress as toSS58, randomAsU8a, secp256k1PairFromSeed, sr25519PairFromSeed } from '@pezkuwi/util-crypto';
+
+import { createPair } from './index.js';
+
+const MESSAGE = 'this is a test message';
+const CONTEXT = 'some context';
+
+await cryptoWaitReady();
+
+const ecdsa = createPair({ toSS58, type: 'ecdsa' }, secp256k1PairFromSeed(randomAsU8a()));
+const ed25519 = createPair({ toSS58, type: 'ed25519' }, ed25519PairFromSeed(randomAsU8a()));
+const sr25519 = createPair({ toSS58, type: 'sr25519' }, sr25519PairFromSeed(randomAsU8a()));
+
+describe('vrf', (): void => {
+  it('has deterministic signature values for ecdsa', (): void => {
+    const sig1 = ecdsa.vrfSign(MESSAGE, CONTEXT);
+    const sig2 = ecdsa.vrfSign(MESSAGE, CONTEXT);
+
+    expect(u8aToHex(sig1)).toEqual(u8aToHex(sig2));
+    expect(ecdsa.vrfVerify(MESSAGE, sig1, ecdsa.publicKey, CONTEXT)).toEqual(true);
+    expect(ecdsa.vrfVerify(MESSAGE, sig2, ecdsa.publicKey, CONTEXT)).toEqual(true);
+  });
+
+  it('has deterministic signature values for ed25519', (): void => {
+    const sig1 = ed25519.vrfSign(MESSAGE, CONTEXT);
+    const sig2 = ed25519.vrfSign(MESSAGE, CONTEXT);
+
+    expect(u8aToHex(sig1)).toEqual(u8aToHex(sig2));
+    expect(ed25519.vrfVerify(MESSAGE, sig1, ed25519.publicKey, CONTEXT)).toEqual(true);
+    expect(ed25519.vrfVerify(MESSAGE, sig2, ed25519.publicKey, CONTEXT)).toEqual(true);
+  });
+
+  it('has deterministic signature values for sr25519', (): void => {
+    const sig1 = sr25519.vrfSign(MESSAGE, CONTEXT);
+    const sig2 = sr25519.vrfSign(MESSAGE, CONTEXT);
+
+    expect(u8aToHex(sig1.slice(0, 32))).toEqual(u8aToHex(sig2.slice(0, 32)));
+    expect(sr25519.vrfVerify(MESSAGE, sig1, sr25519.publicKey, CONTEXT)).toEqual(true);
+    expect(sr25519.vrfVerify(MESSAGE, sig2, sr25519.publicKey, CONTEXT)).toEqual(true);
+  });
+});

package/src/pairs.ts

@@ -0,0 +1,41 @@
+// Copyright 2017-2025 @pezkuwi/keyring authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+import type { KeyringPair, KeyringPairs } from './types.js';
+
+import { isHex, isU8a, u8aToHex, u8aToU8a } from '@pezkuwi/util';
+import { decodeAddress } from '@pezkuwi/util-crypto';
+
+type KeyringPairMap = Record<string, KeyringPair>;
+
+export class Pairs implements KeyringPairs {
+  readonly #map: KeyringPairMap = {};
+
+  public add (pair: KeyringPair): KeyringPair {
+    this.#map[decodeAddress(pair.address).toString()] = pair;
+
+    return pair;
+  }
+
+  public all (): KeyringPair[] {
+    return Object.values(this.#map);
+  }
+
+  public get (address: string | Uint8Array): KeyringPair {
+    const pair = this.#map[decodeAddress(address).toString()];
+
+    if (!pair) {
+      throw new Error(`Unable to retrieve keypair '${
+        isU8a(address) || isHex(address)
+          ? u8aToHex(u8aToU8a(address))
+          : address
+      }'`);
+    }
+
+    return pair;
+  }
+
+  public remove (address: string | Uint8Array): void {
+    delete this.#map[decodeAddress(address).toString()];
+  }
+}