@spec decrypt_private_key(
  ciphertext_b64 :: String.t(),
  recovery_secret_b64 :: String.t()
) ::
  {:ok, String.t()} | {:error, String.t()}

Decrypt a private key from a recovery backup.

Returns {:ok, private_key_b64} or {:error, reason}.

Example

{:ok, private_key} = MetamorphicCrypto.Recovery.decrypt_private_key(backup, secret)

@spec encrypt_private_key(
  private_key_b64 :: String.t(),
  recovery_secret_b64 :: String.t()
) ::
  {:ok, String.t()} | {:error, String.t()}

Encrypt a private key (base64) with the recovery secret for backup storage.

Returns {:ok, ciphertext_b64} or {:error, reason}.

Example

{:ok, backup} = MetamorphicCrypto.Recovery.encrypt_private_key(private_key_b64, secret)

@spec generate() :: {:ok, String.t(), String.t()} | {:error, String.t()}

Generate a new recovery key.

Returns {:ok, recovery_key, recovery_secret_b64} where:

• recovery_key is the human-readable string to show the user
• recovery_secret_b64 is the 32-byte secret (base64) used for encryption

Example

{:ok, recovery_key, secret} = MetamorphicCrypto.Recovery.generate()
# recovery_key => "ABCDE-FGHJK-LMNPQ-..."

@spec key_to_secret(recovery_key :: String.t()) ::
  {:ok, String.t()} | {:error, String.t()}

Re-derive the 32-byte secret from a human-readable recovery key.

Case-insensitive. Hyphens are stripped automatically.

Returns {:ok, secret_b64} or {:error, reason}.

Example

{:ok, secret} = MetamorphicCrypto.Recovery.key_to_secret("ABCDE-FGHJK-...")