[PRODCRE-1746] Move keys from core to corekeys.

[pavel-raykov]

Moved the keys folder with the following caveats:

1. Inlined core/services/signatures/secp256k1 (together with cryptotest.go) into vrfkey. Ideally, this signature would be an internal implementation detail of vrfkey, but unfortunately, it is exposed in multiple places in core. We are not going to refactor this, but just keep this implementation here.
2. Changed signature of core/services/keystore/internal/exportutils.go[ToEncryptedJSON] to take scryptN, scryptP int instead of scryptParams commonkeystore.ScryptParams to avoid circular dependency. This is not ideal, but in line with the underlying geth's design https://pkg.go.dev/github.com/ethereum/go-ethereum/accounts/keystore#EncryptDataV3, so is OK.
3. Copied Keccak MustHash from chainlink-evm into vrfkey's secp256k1 MustKeccakHash. Also inlined uint256ToBytes32
4. Moved chainlink-evm's EIP55Address type to ethkey.

Supports
smartcontractkit/chainlink#21180
smartcontractkit/chainlink-evm#362

[github-actions]

✅ API Diff Results - No breaking changes

---

📄 View full apidiff report

[Copilot]

Pull request overview

This PR moves key-related code from core to corekeys within the chainlink-common repository, reorganizing the keystore structure to support better modularity and reusability. The changes involve moving various key implementations (VRF, workflow, Tron, TON, Sui, Starknet, Solana, P2P, OCR, OCR2, Ethereum, DKG recipient, CSA, Cosmos, and Aptos) into the keystore/corekeys package structure with consistent export/import functionality.

Changes:

• Moved key implementations from core to keystore/corekeys with separate subdirectories per key type
• Introduced a generic internal/exportutils.go for standardized key encryption/decryption
• Inlined secp256k1 signature implementation into vrfkey to avoid circular dependencies
• Removed legacy OCR key bundle and CSA key generation code in favor of individual key type implementations

Reviewed changes

Copilot reviewed 125 out of 126 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
keystore/internal/exportutils.go	New generic utilities for key export/import with encryption
keystore/corekeys/workflowkey/*	Workflow key implementation with NaCl box encryption
keystore/corekeys/vrfkey/*	VRF key implementation with inlined secp256k1 signatures
keystore/corekeys/tronkey/*	Tron blockchain key implementation
keystore/corekeys/tonkey/*	TON blockchain key implementation with Highload V3 wallet
keystore/corekeys/suikey/*	Sui blockchain key implementation
keystore/corekeys/starkkey/*	StarkNet key implementation
keystore/corekeys/solkey/*	Solana key implementation
keystore/corekeys/p2pkey/*	P2P libp2p key implementation
keystore/corekeys/ocrkey/*	OCR (Offchain Reporting) key implementation
keystore/corekeys/ocr2key/*	OCR2 key bundle implementation for multiple chains
keystore/corekeys/ethkey/*	Ethereum key implementation with EIP55 address support
keystore/corekeys/dkgrecipientkey/*	DKG recipient key implementation
keystore/corekeys/csakey/*	CSA (Client-Side Authentication) key implementation
keystore/corekeys/cosmoskey/*	Cosmos blockchain key implementation
keystore/corekeys/aptoskey/*	Aptos blockchain key implementation
keystore/corekeys/models/*	Legacy key storage models
keystore/corekeys/sha256.go	SHA256 hash type for key IDs
keystore/corekeys/exporttestutils.go	Test utilities for key export/import testing
keystore/corekeys/ocrkeybundle.go	Deleted - legacy OCR bundle generation
keystore/corekeys/csa.go	Deleted - legacy CSA key generation
go.md	Updated dependency graph

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.