refactor: use alloy built-in keystore methods, drop eth-keystore and hex deps

smypmsa · claude · smypmsa · commit 811d02f4fb1c · 2026-02-25T10:02:08.000Z
Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -15,7 +15,7 @@ path = "src/main.rs"
 
 [dependencies]
 polymarket-client-sdk = { version = "0.4", features = ["gamma", "data", "bridge", "clob", "ctf"] }
-alloy = { version = "1.6.3", default-features = false, features = ["providers", "sol-types", "contract", "reqwest", "reqwest-rustls-tls", "signer-local", "signers"] }
+alloy = { version = "1.6.3", default-features = false, features = ["providers", "sol-types", "contract", "reqwest", "reqwest-rustls-tls", "signer-local", "signers", "signer-keystore"] }
 clap = { version = "4", features = ["derive"] }
 tokio = { version = "1", features = ["rt-multi-thread", "macros"] }
 serde_json = "1"
@@ -26,9 +26,7 @@ anyhow = "1"
 chrono = "0.4"
 dirs = "6"
 rustyline = "15"
-eth-keystore = "0.5"
 rpassword = "7"
-hex = "0.4"
 rand = "0.8"
 
 [dev-dependencies]
diff --git a/src/config.rs b/src/config.rs
@@ -101,6 +101,8 @@ pub fn needs_migration() -> bool {
 
 /// Encrypt a private key and save as keystore.json.
 pub fn save_key_encrypted(key_hex: &str, password: &str) -> Result<()> {
+    use std::str::FromStr;
+
     let dir = config_dir()?;
     fs::create_dir_all(&dir).context("Failed to create config directory")?;
 
@@ -110,16 +112,15 @@ pub fn save_key_encrypted(key_hex: &str, password: &str) -> Result<()> {
         fs::set_permissions(&dir, fs::Permissions::from_mode(0o700))?;
     }
 
-    // Strip 0x prefix for raw bytes
-    let hex_str = key_hex.strip_prefix("0x")
-        .or_else(|| key_hex.strip_prefix("0X"))
-        .unwrap_or(key_hex);
-    let key_bytes = hex::decode(hex_str)
-        .context("Invalid hex in private key")?;
+    let signer = alloy::signers::local::LocalSigner::from_str(key_hex)
+        .map_err(|e| anyhow::anyhow!("Invalid private key: {e}"))?;
+    let key_bytes = signer.credential().to_bytes();
 
     let mut rng = rand::thread_rng();
-    let _uuid = eth_keystore::encrypt_key(&dir, &mut rng, &key_bytes, password, Some("keystore"))
-        .map_err(|e| anyhow::anyhow!("Failed to encrypt keystore: {e}"))?;
+    alloy::signers::local::LocalSigner::encrypt_keystore(
+        &dir, &mut rng, key_bytes, password, Some("keystore"),
+    )
+    .map_err(|e| anyhow::anyhow!("Failed to encrypt keystore: {e}"))?;
 
     // eth-keystore writes to dir/keystore — rename to keystore.json
     let written = dir.join("keystore");
@@ -141,16 +142,26 @@ pub fn save_key_encrypted(key_hex: &str, password: &str) -> Result<()> {
 
 /// Decrypt keystore.json and return the private key as 0x-prefixed hex.
 pub fn load_key_encrypted(password: &str) -> Result<String> {
+    use std::fmt::Write as _;
+
     let path = keystore_path()?;
-    let key_bytes = eth_keystore::decrypt_key(&path, password)
-        .map_err(|e| match e {
-            eth_keystore::KeystoreError::MacMismatch => {
+    let signer = alloy::signers::local::LocalSigner::decrypt_keystore(&path, password)
+        .map_err(|e| {
+            let msg = e.to_string();
+            if msg.contains("Mac Mismatch") {
                 anyhow::anyhow!("Wrong password")
+            } else {
+                anyhow::anyhow!("Failed to decrypt keystore: {e}")
             }
-            _ => anyhow::anyhow!("Failed to decrypt keystore: {e}"),
         })?;
-    let hex_str: String = key_bytes.iter().map(|b| format!("{b:02x}")).collect();
-    Ok(format!("0x{hex_str}"))
+
+    let bytes = signer.credential().to_bytes();
+    let mut hex = String::with_capacity(2 + bytes.len() * 2);
+    hex.push_str("0x");
+    for b in &bytes {
+        write!(hex, "{b:02x}").unwrap();
+    }
+    Ok(hex)
 }
 
 /// Migrate old plaintext config to encrypted keystore.
@@ -291,38 +302,51 @@ mod tests {
 
     #[test]
     fn keystore_encrypt_decrypt_round_trip() {
+        use std::str::FromStr;
+
         let temp = std::env::temp_dir().join("polymarket_test_keystore");
         let _ = fs::remove_dir_all(&temp);
         fs::create_dir_all(&temp).unwrap();
 
         let key_hex = "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80";
         let password = "test_password_123";
 
-        let hex_str = key_hex.strip_prefix("0x").unwrap();
-        let key_bytes = hex::decode(hex_str).unwrap();
+        let original = alloy::signers::local::LocalSigner::from_str(key_hex).unwrap();
 
         let mut rng = rand::thread_rng();
-        eth_keystore::encrypt_key(&temp, &mut rng, &key_bytes, password, Some("test_ks"))
-            .unwrap();
+        alloy::signers::local::LocalSigner::encrypt_keystore(
+            &temp, &mut rng, original.credential().to_bytes(), password, Some("test_ks"),
+        )
+        .unwrap();
 
-        let decrypted = eth_keystore::decrypt_key(temp.join("test_ks"), password).unwrap();
-        assert_eq!(decrypted, key_bytes);
+        let recovered =
+            alloy::signers::local::LocalSigner::decrypt_keystore(temp.join("test_ks"), password)
+                .unwrap();
+        assert_eq!(original.address(), recovered.address());
 
         let _ = fs::remove_dir_all(&temp);
     }
 
     #[test]
     fn keystore_wrong_password_fails() {
+        use std::str::FromStr;
+
         let temp = std::env::temp_dir().join("polymarket_test_keystore_fail");
         let _ = fs::remove_dir_all(&temp);
         fs::create_dir_all(&temp).unwrap();
 
-        let key_bytes = [0u8; 32];
+        let signer = alloy::signers::local::LocalSigner::from_str(
+            "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80",
+        )
+        .unwrap();
         let mut rng = rand::thread_rng();
-        eth_keystore::encrypt_key(&temp, &mut rng, &key_bytes, "correct", Some("test_ks2"))
-            .unwrap();
+        alloy::signers::local::LocalSigner::encrypt_keystore(
+            &temp, &mut rng, signer.credential().to_bytes(), "correct", Some("test_ks2"),
+        )
+        .unwrap();
 
-        let result = eth_keystore::decrypt_key(temp.join("test_ks2"), "wrong");
+        let result =
+            alloy::signers::local::LocalSigner::decrypt_keystore(temp.join("test_ks2"), "wrong");
         assert!(result.is_err());
 
         let _ = fs::remove_dir_all(&temp);
