Question: why does transform need the signingKeys.privateKey

[ShravanSunder]

//Transform the encrypted data (without decrypting it!) so that it can be decrypted with the second key pair
const transformedEncryptedValue = Api256.transform(encryptedValue, userToDeviceTransformKey, signingKeys.privateKey);

I was wondering why this step needs the sigingKeys.privateKey. Doesn't that add the risk that comes with transferring the signignKey privateKey to the device?

[BobWall23]

From a Discord response to this question: The signing private key for the device should be generated on the device when the user authorizes it, and it shouldn't leave the device. The signing key serves as the auth credentials for the device.

Follow on question: Ah ok, i was a bit confused. if Alice is going to encrypt the symettric key on her device, she'd have to use const encryptedValue = Api256.encrypt(plaintext, userKeys.publicKey, signingKeys.privateKey); as per the eample right? if Alice is on another device. and she wants to send the encryptedValue to Device Tom, and the signingKey is on Tom who is the proxy. How would she get the key?

Response: Every device of Alice's has its own signing key. So if she encrypts a symmetric key to user Tom's public key, then Tom can use one of his devices to request a transform from his user's public key to his device's public key - the device signs the request to do the transform with its private signing key.

The signing key in the encryption step does not have to be the same as the signing key in the transformKey or transformEncryptedValue steps.