From d68650200c9aca1c98578db24bc0658b93e2534b Mon Sep 17 00:00:00 2001
From: alextse-bg <alextse@bitgo.com>
Date: Thu, 15 Jan 2026 13:17:47 -0500
Subject: [PATCH] fix(sdk-core): change password should work with ofc
 multi-user key

TICKET: WP-7461
---
 modules/bitgo/test/v2/unit/keychains.ts       | 31 +++++++++++++++++++
 .../sdk-core/src/bitgo/keychain/keychains.ts  |  6 +++-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/modules/bitgo/test/v2/unit/keychains.ts b/modules/bitgo/test/v2/unit/keychains.ts
index 82890e0975..e840fd50ac 100644
--- a/modules/bitgo/test/v2/unit/keychains.ts
+++ b/modules/bitgo/test/v2/unit/keychains.ts
@@ -341,6 +341,37 @@ describe('V2 Keychains', function () {
         const keys = await keychains.updatePassword({ oldPassword: oldPassword, newPassword: newPassword });
         validateKeys(keys, newPassword, 1);
       });
+
+      it('should update multi-user-ofc keys', async function () {
+        nock(bgUrl)
+          .get('/api/v2/tltc/key')
+          .query(true)
+          .reply(200, {
+            keys: [
+              {
+                id: 'randomid1',
+                encryptedPrv: bitgo.encrypt({ input: 'xprv1', password: oldPassword }),
+                coinSpecific: {
+                  ofc: {
+                    features: ['multi-user-key'],
+                  },
+                },
+              },
+              {
+                id: 'randomid2',
+                encryptedPrv: bitgo.encrypt({ input: 'xprv2', password: otherPassword }),
+                coinSpecific: {
+                  ofc: {
+                    features: ['multi-user-key'],
+                  },
+                },
+              },
+            ],
+          });
+
+        const keys = await keychains.updatePassword({ oldPassword: oldPassword, newPassword: newPassword });
+        validateKeys(keys, newPassword, 1);
+      });
     });
 
     describe('Create TSS Keychains', function () {
diff --git a/modules/sdk-core/src/bitgo/keychain/keychains.ts b/modules/sdk-core/src/bitgo/keychain/keychains.ts
index bb4bf059dc..10c1a4912f 100644
--- a/modules/sdk-core/src/bitgo/keychain/keychains.ts
+++ b/modules/sdk-core/src/bitgo/keychain/keychains.ts
@@ -119,7 +119,11 @@ export class Keychains implements IKeychains {
             newPassword: params.newPassword,
           });
           if (updatedKeychain.encryptedPrv) {
-            const changedKeyIdentifier = updatedKeychain.type === 'tss' ? updatedKeychain.id : updatedKeychain.pub;
+            // Both TSS and multi-user-ofc keys have multiple public keys in their key document and thus need to use objectID
+            const changedKeyIdentifier =
+              updatedKeychain.type === 'tss' || Keychains.isMultiUserKey(updatedKeychain)
+                ? updatedKeychain.id
+                : updatedKeychain.pub;
             if (changedKeyIdentifier) {
               changedKeys[changedKeyIdentifier] = updatedKeychain.encryptedPrv;
             }