Skip to main content
If you are here to see how auth context is consumed here, jump to Decrypt.

Prerequisites

  • authContext is required. This is the result from the authentication flow.

Installation

npm install @lit-protocol/access-control-conditions@beta

Example Walkthrough

πŸ” Encrypt & Decrypt Flow Alice can encrypt without authentication, Bob must authenticate to decrypt.
  • Alice: Encrypts β†’ No AuthContext needed
  • Bob: Decrypts β†’ Requires AuthContext

πŸ‘©πŸΌ Alice

Alice encrypts data without needing authentication

Create Alice’s Account

Generate Alice’s account using a random private key. Alice only needs an account for encryption - no authentication required.
import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";

// Alice's account (sender)
const AliceAccount = privateKeyToAccount(generatePrivateKey());
console.log("πŸ™‹β€β™€οΈ AliceAccount:", AliceAccount.address);

πŸ§”πŸ»β€β™‚οΈ Bob

Bob needs authentication to decrypt data

Create Bob’s Account

Generate Bob’s account using a random private key. Bob will need this account for authentication to decrypt data.
import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";

// Bob's account (recipient)
const BobsAccount = privateKeyToAccount(generatePrivateKey());
console.log("πŸ§”πŸ»β€β™‚οΈ BobsAccount:", BobsAccount.address);

πŸ‘©πŸΌ Alice Defines Access Rules

Alice decides who can decrypt her encrypted data
See SDK Reference for more details on the Access Control Conditions Builder. Access Control Conditions Builder Reference

Build Access Control Conditions

Alice defines who can decrypt the encrypted data using official access control conditions builder. These conditions reference Bob’s wallet address and will be checked during decryption.
import { createAccBuilder } from "@lit-protocol/access-control-conditions";

// Build access control conditions
const builder = createAccBuilder();

const accs = builder
  .requireWalletOwnership(BobsAccount.address)
  .on("ethereum")
  .and()
  .requireEthBalance("0", "=")
  .on("yellowstone")
  .build();

πŸ§”πŸ»β€β™‚οΈ Bob

Prepares for Decryption

Bob creates authentication context to prove he meets access conditions
// Bob needs AuthContext for decryption
const authContext = await authManager.createEoaAuthContext({
  config: {
    account: BobsAccount,
  },
  authConfig: {
    domain: "localhost",
    statement: "Decrypt test data",
    expiration: new Date(Date.now() + 1000 * 60 * 60 * 24).toISOString(),
    resources: [
      ["access-control-condition-decryption", "*"],
      ["lit-action-execution", "*"],
    ],
  },
  litClient,
});

πŸ‘©πŸΌ Alice

Prepares Data

Alice configures and encrypts the data with access control conditions
// Alice encrypts data (no AuthContext needed)
const encryptedData = await litClient.encrypt({
  dataToEncrypt: "Hello, my love! ❀️",
  unifiedAccessControlConditions: accs,
  chain: "ethereum",
  // metadata: { dataType: 'string' }, // auto-inferred
});

πŸ§”πŸ»β€β™‚οΈ Bob

Decrypts Data

Bob uses his authentication context to decrypt Alice’s data
// Bob decrypts data (requires AuthContext)
const decryptedResponse = await litClient.decrypt({
  data: encryptedData,
  unifiedAccessControlConditions: accs,
  authContext: bobAuthContext,
  chain: "ethereum",
});
⌘I