@spec derive_private_key(
  t(),
  BSV.Wallet.Types.Protocol.t(),
  String.t(),
  BSV.Wallet.Types.Counterparty.t()
) :: {:ok, BSV.PrivateKey.t()} | {:error, String.t()}

Derive a private key for the given protocol, key ID, and counterparty.

@spec derive_public_key(
  t(),
  BSV.Wallet.Types.Protocol.t(),
  String.t(),
  BSV.Wallet.Types.Counterparty.t(),
  boolean()
) :: {:ok, BSV.PublicKey.t()} | {:error, String.t()}

Derive a public key for the given protocol, key ID, counterparty, and direction.

If for_self is true, derives the key corresponding to our own private key (what the counterparty would compute for us). Otherwise derives the counterparty's key.

@spec derive_symmetric_key(
  t(),
  BSV.Wallet.Types.Protocol.t(),
  String.t(),
  BSV.Wallet.Types.Counterparty.t(),
  keyword()
) :: {:ok, BSV.SymmetricKey.t()} | {:error, String.t()}

Derive a symmetric key for the given protocol, key ID, and counterparty.

Derives both a public and private key, then computes their ECDH shared secret. The x-coordinate is passed through SHA-256 before use as the symmetric key.

Migration

Pass legacy: true to derive using the legacy method (raw x-coordinate). This is used internally for backward-compatible decryption fallback.

@spec identity_key(t()) :: BSV.PublicKey.t()

The identity public key (root key's public key).

@spec identity_key_hex(t()) :: String.t()

Hex-encoded compressed identity public key.

@spec new(BSV.PrivateKey.t() | nil) :: t()

Create a new KeyDeriver. If no private key is given, uses the "anyone" key (scalar=1).

@spec reveal_counterparty_secret(t(), BSV.Wallet.Types.Counterparty.t()) ::
  {:ok, BSV.PublicKey.t()} | {:error, String.t()}

Reveal the counterparty shared secret. Cannot be used for 'self'.

@spec reveal_specific_secret(
  t(),
  BSV.Wallet.Types.Counterparty.t(),
  BSV.Wallet.Types.Protocol.t(),
  String.t()
) :: {:ok, binary()} | {:error, String.t()}

Reveal the specific key association (HMAC of shared secret + invoice number).