@ajna-inc/openbadges 0.1.0

package/build/constants.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VM_TYPE_ED25519_2020 = exports.VM_TYPE_MULTIKEY = exports.PROOF_TYPE_ED25519_2020 = exports.PROOF_TYPE_DATA_INTEGRITY = exports.CRYPTOSUITE_EDDSA_RDFC_2022 = exports.CRYPTOSUITE_ECDSA_SD_2023 = exports.STATUS_LIST_2021 = exports.ONE_EDTECH_REVOCATION_LIST = exports.DI_ECDSA_SD_2023 = exports.DI_EDDSA_RDFC_2022 = exports.CLR_TYPES = exports.ENDORSEMENT_TYPES = exports.REQUIRED_TYPES = exports.DATA_INTEGRITY_V2_CONTEXT = exports.CLR_V2_CONTEXT = exports.OBV3_CONTEXT = exports.VC_V2_CONTEXT = void 0;
+// W3C and OpenBadges context URLs
+exports.VC_V2_CONTEXT = 'https://www.w3.org/ns/credentials/v2';
+exports.OBV3_CONTEXT = 'https://purl.imsglobal.org/spec/ob/v3p0/context-3.0.3.json';
+exports.CLR_V2_CONTEXT = 'https://purl.imsglobal.org/spec/clr/v2p0/context-2.0.1.json';
+exports.DATA_INTEGRITY_V2_CONTEXT = 'https://w3id.org/security/data-integrity/v2';
+// Required credential types
+exports.REQUIRED_TYPES = ['VerifiableCredential', 'OpenBadgeCredential'];
+exports.ENDORSEMENT_TYPES = ['VerifiableCredential', 'EndorsementCredential'];
+exports.CLR_TYPES = ['VerifiableCredential', 'ClrCredential'];
+// Cryptosuite identifiers
+exports.DI_EDDSA_RDFC_2022 = 'eddsa-rdfc-2022';
+exports.DI_ECDSA_SD_2023 = 'ecdsa-sd-2023';
+// Revocation
+exports.ONE_EDTECH_REVOCATION_LIST = '1EdTechRevocationList';
+exports.STATUS_LIST_2021 = 'StatusList2021';
+// Re-export cryptosuite constants for convenience
+var cryptosuites_1 = require("./cryptosuites");
+Object.defineProperty(exports, "CRYPTOSUITE_ECDSA_SD_2023", { enumerable: true, get: function () { return cryptosuites_1.CRYPTOSUITE_ECDSA_SD_2023; } });
+Object.defineProperty(exports, "CRYPTOSUITE_EDDSA_RDFC_2022", { enumerable: true, get: function () { return cryptosuites_1.CRYPTOSUITE_EDDSA_RDFC_2022; } });
+Object.defineProperty(exports, "PROOF_TYPE_DATA_INTEGRITY", { enumerable: true, get: function () { return cryptosuites_1.PROOF_TYPE_DATA_INTEGRITY; } });
+Object.defineProperty(exports, "PROOF_TYPE_ED25519_2020", { enumerable: true, get: function () { return cryptosuites_1.PROOF_TYPE_ED25519_2020; } });
+Object.defineProperty(exports, "VM_TYPE_MULTIKEY", { enumerable: true, get: function () { return cryptosuites_1.VM_TYPE_MULTIKEY; } });
+Object.defineProperty(exports, "VM_TYPE_ED25519_2020", { enumerable: true, get: function () { return cryptosuites_1.VM_TYPE_ED25519_2020; } });
+//# sourceMappingURL=constants.js.map

package/build/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";;;AAAA,kCAAkC;AACrB,QAAA,aAAa,GAAG,sCAAsC,CAAA;AACtD,QAAA,YAAY,GAAG,4DAA4D,CAAA;AAC3E,QAAA,cAAc,GAAG,6DAA6D,CAAA;AAC9E,QAAA,yBAAyB,GAAG,6CAA6C,CAAA;AAEtF,4BAA4B;AACf,QAAA,cAAc,GAAG,CAAC,sBAAsB,EAAE,qBAAqB,CAAC,CAAA;AAChE,QAAA,iBAAiB,GAAG,CAAC,sBAAsB,EAAE,uBAAuB,CAAC,CAAA;AACrE,QAAA,SAAS,GAAG,CAAC,sBAAsB,EAAE,eAAe,CAAC,CAAA;AAElE,0BAA0B;AACb,QAAA,kBAAkB,GAAG,iBAAiB,CAAA;AACtC,QAAA,gBAAgB,GAAG,eAAe,CAAA;AAE/C,aAAa;AACA,QAAA,0BAA0B,GAAG,uBAAuB,CAAA;AACpD,QAAA,gBAAgB,GAAG,gBAAgB,CAAA;AAEhD,kDAAkD;AAClD,+CAOuB;AANrB,yHAAA,yBAAyB,OAAA;AACzB,2HAAA,2BAA2B,OAAA;AAC3B,yHAAA,yBAAyB,OAAA;AACzB,uHAAA,uBAAuB,OAAA;AACvB,gHAAA,gBAAgB,OAAA;AAChB,oHAAA,oBAAoB,OAAA"}

package/build/cryptosuites/EcdsaSd2023.d.ts

@@ -0,0 +1,143 @@
+/**
+ * ECDSA SD 2023 Cryptosuite
+ *
+ * Implements the ecdsa-sd-2023 cryptosuite for Data Integrity proofs with
+ * selective disclosure support.
+ *
+ * Spec: https://www.w3.org/TR/vc-di-ecdsa/#ecdsa-sd-2023
+ *
+ * Key features:
+ * - Uses ECDSA P-256 (secp256r1) signature algorithm
+ * - Supports selective disclosure of claims
+ * - Uses mandatory and selective pointers for claim selection
+ * - Produces DataIntegrityProof with cryptosuite: 'ecdsa-sd-2023'
+ *
+ * Note: This implementation provides the structure and interface.
+ * Full selective disclosure requires BBS+ style commitments which would need
+ * additional crypto libraries. For now, this provides basic ECDSA signing
+ * with the correct proof structure.
+ */
+import { CRYPTOSUITE_ECDSA_SD_2023, PROOF_TYPE_DATA_INTEGRITY } from './constants';
+export interface EcdsaSd2023KeyPair {
+    id: string;
+    controller: string;
+    publicKeyMultibase: string;
+    privateKeyMultibase?: string;
+}
+export interface EcdsaSd2023Proof {
+    type: typeof PROOF_TYPE_DATA_INTEGRITY;
+    cryptosuite: typeof CRYPTOSUITE_ECDSA_SD_2023;
+    created: string;
+    verificationMethod: string;
+    proofPurpose: string;
+    proofValue: string;
+}
+export interface SignOptions {
+    document: Record<string, unknown>;
+    keyPair: EcdsaSd2023KeyPair;
+    purpose?: string;
+    date?: Date | string;
+    mandatoryPointers?: string[];
+}
+export interface DeriveOptions {
+    signedDocument: Record<string, unknown>;
+    selectivePointers: string[];
+}
+export interface VerifyOptions {
+    document: Record<string, unknown>;
+    proof: EcdsaSd2023Proof;
+    publicKeyMultibase: string;
+}
+/**
+ * ECDSA SD 2023 Cryptosuite implementation
+ *
+ * Note: Full selective disclosure support requires BBS+ style cryptography.
+ * This implementation provides the structure and basic ECDSA signing.
+ * For production use with actual selective disclosure, integrate with
+ * @mattrglobal/bbs-signatures or similar.
+ */
+export declare class EcdsaSd2023Cryptosuite {
+    static readonly proofType = "DataIntegrityProof";
+    static readonly cryptosuite = "ecdsa-sd-2023";
+    static readonly contextUrl = "https://w3id.org/security/data-integrity/v2";
+    static readonly verificationMethodTypes: string[];
+    /**
+     * Sign a document using ecdsa-sd-2023 cryptosuite
+     *
+     * @param options - Sign options including document, keyPair, and mandatoryPointers
+     * @returns Signed document with base proof
+     */
+    sign(options: SignOptions): Promise<Record<string, unknown>>;
+    /**
+     * Derive a selective disclosure proof from a base proof
+     *
+     * @param options - Derive options including signed document and selective pointers
+     * @returns Derived document with only selected claims
+     */
+    derive(options: DeriveOptions): Promise<Record<string, unknown>>;
+    /**
+     * Verify a document with ecdsa-sd-2023 proof
+     */
+    verify(options: VerifyOptions): Promise<{
+        verified: boolean;
+        error?: string;
+    }>;
+    /**
+     * Check if this suite matches a given proof
+     */
+    matchProof(proof: Record<string, unknown>): boolean;
+    /**
+     * Create hash data for signing/verification
+     */
+    private createHashData;
+    /**
+     * Deep sort object keys for consistent serialization
+     */
+    private sortObject;
+    /**
+     * Get Web Crypto SubtleCrypto API if available
+     */
+    private getSubtleCrypto;
+    /**
+     * Sign data with P-256 key using Web Crypto API with JWK import
+     */
+    private signWithP256;
+    /**
+     * Verify signature with P-256 public key using Web Crypto API with JWK import
+     */
+    private verifyWithP256;
+    /**
+     * SHA-256 hash using Node crypto
+     */
+    private sha256;
+    /**
+     * Decode private key from multibase and return raw 32-byte scalar
+     */
+    private decodePrivateKeyRaw;
+    /**
+     * Decode public key from multibase and return raw bytes
+     * Returns uncompressed format (65 bytes: 0x04 || x || y)
+     */
+    private decodePublicKeyRaw;
+    /**
+     * Convert raw P-256 private key to JWK format for Web Crypto
+     */
+    private privateKeyToJwk;
+    /**
+     * Convert raw P-256 public key to JWK format for Web Crypto
+     */
+    private publicKeyToJwk;
+    /**
+     * Encode proof value (base64url encoded JSON)
+     */
+    private encodeProofValue;
+    /**
+     * Decode proof value
+     */
+    private decodeProofValue;
+    /**
+     * Generate a new P-256 key pair with multibase encoding
+     * Uses Web Crypto API for key generation
+     */
+    static generateKeyPair(controller: string, keyId?: string): Promise<EcdsaSd2023KeyPair>;
+}

package/build/cryptosuites/EcdsaSd2023.js

@@ -0,0 +1,518 @@
+"use strict";
+/**
+ * ECDSA SD 2023 Cryptosuite
+ *
+ * Implements the ecdsa-sd-2023 cryptosuite for Data Integrity proofs with
+ * selective disclosure support.
+ *
+ * Spec: https://www.w3.org/TR/vc-di-ecdsa/#ecdsa-sd-2023
+ *
+ * Key features:
+ * - Uses ECDSA P-256 (secp256r1) signature algorithm
+ * - Supports selective disclosure of claims
+ * - Uses mandatory and selective pointers for claim selection
+ * - Produces DataIntegrityProof with cryptosuite: 'ecdsa-sd-2023'
+ *
+ * Note: This implementation provides the structure and interface.
+ * Full selective disclosure requires BBS+ style commitments which would need
+ * additional crypto libraries. For now, this provides basic ECDSA signing
+ * with the correct proof structure.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EcdsaSd2023Cryptosuite = void 0;
+const constants_1 = require("./constants");
+const bs58_1 = __importDefault(require("bs58"));
+const crypto_1 = require("crypto");
+// P-256 multicodec prefixes
+const P256_PUB_MULTICODEC = new Uint8Array([0x80, 0x24]);
+const P256_PRIV_MULTICODEC = new Uint8Array([0x86, 0x26]);
+/**
+ * JSON Pointer helper to get value at path
+ */
+function getValueAtPointer(obj, pointer) {
+    if (!pointer.startsWith('/')) {
+        throw new Error('JSON pointer must start with /');
+    }
+    const parts = pointer.slice(1).split('/');
+    let current = obj;
+    for (const part of parts) {
+        if (current === null || current === undefined) {
+            return undefined;
+        }
+        const decodedPart = part.replace(/~1/g, '/').replace(/~0/g, '~');
+        if (Array.isArray(current)) {
+            const index = parseInt(decodedPart, 10);
+            current = current[index];
+        }
+        else if (typeof current === 'object') {
+            current = current[decodedPart];
+        }
+        else {
+            return undefined;
+        }
+    }
+    return current;
+}
+/**
+ * JSON Pointer helper to set value at path
+ */
+function setValueAtPointer(obj, pointer, value) {
+    if (!pointer.startsWith('/')) {
+        throw new Error('JSON pointer must start with /');
+    }
+    const parts = pointer.slice(1).split('/');
+    let current = obj;
+    for (let i = 0; i < parts.length - 1; i++) {
+        const part = parts[i].replace(/~1/g, '/').replace(/~0/g, '~');
+        if (Array.isArray(current)) {
+            const index = parseInt(part, 10);
+            if (current[index] === undefined) {
+                current[index] = {};
+            }
+            current = current[index];
+        }
+        else if (typeof current === 'object' && current !== null) {
+            const record = current;
+            if (record[part] === undefined) {
+                record[part] = {};
+            }
+            current = record[part];
+        }
+    }
+    const lastPart = parts[parts.length - 1].replace(/~1/g, '/').replace(/~0/g, '~');
+    if (Array.isArray(current)) {
+        const index = parseInt(lastPart, 10);
+        current[index] = value;
+    }
+    else if (typeof current === 'object' && current !== null) {
+        ;
+        current[lastPart] = value;
+    }
+}
+/**
+ * ECDSA SD 2023 Cryptosuite implementation
+ *
+ * Note: Full selective disclosure support requires BBS+ style cryptography.
+ * This implementation provides the structure and basic ECDSA signing.
+ * For production use with actual selective disclosure, integrate with
+ * @mattrglobal/bbs-signatures or similar.
+ */
+class EcdsaSd2023Cryptosuite {
+    /**
+     * Sign a document using ecdsa-sd-2023 cryptosuite
+     *
+     * @param options - Sign options including document, keyPair, and mandatoryPointers
+     * @returns Signed document with base proof
+     */
+    async sign(options) {
+        const { document, keyPair, purpose = 'assertionMethod', date, mandatoryPointers = [] } = options;
+        // Create proof options
+        const proofOptions = {
+            type: constants_1.PROOF_TYPE_DATA_INTEGRITY,
+            cryptosuite: constants_1.CRYPTOSUITE_ECDSA_SD_2023,
+            created: date ? new Date(date).toISOString() : new Date().toISOString(),
+            verificationMethod: keyPair.id,
+            proofPurpose: purpose,
+        };
+        // Store mandatory pointers in proof (for derive to use later)
+        const proofWithPointers = {
+            ...proofOptions,
+            // Store mandatory claim references
+            _mandatoryPointers: mandatoryPointers,
+        };
+        // Create hash data
+        const documentCopy = { ...document };
+        delete documentCopy.proof;
+        const hashData = this.createHashData(documentCopy, proofWithPointers);
+        // Sign using Web Crypto API (P-256/ECDSA)
+        const signature = await this.signWithP256(hashData, keyPair);
+        // Create proof value
+        // In ecdsa-sd-2023, the proofValue contains:
+        // 1. The base signature
+        // 2. Commitments to selective claims
+        // 3. Mandatory claim hashes
+        // For this simplified version, we just include the signature
+        const proofValue = this.encodeProofValue({
+            signature,
+            mandatoryPointers,
+        });
+        // Create final proof
+        const proof = {
+            type: constants_1.PROOF_TYPE_DATA_INTEGRITY,
+            cryptosuite: constants_1.CRYPTOSUITE_ECDSA_SD_2023,
+            created: proofOptions.created,
+            verificationMethod: proofOptions.verificationMethod,
+            proofPurpose: proofOptions.proofPurpose,
+            proofValue,
+        };
+        return {
+            ...document,
+            proof,
+        };
+    }
+    /**
+     * Derive a selective disclosure proof from a base proof
+     *
+     * @param options - Derive options including signed document and selective pointers
+     * @returns Derived document with only selected claims
+     */
+    async derive(options) {
+        const { signedDocument, selectivePointers } = options;
+        const proof = signedDocument.proof;
+        if (!proof || proof.cryptosuite !== constants_1.CRYPTOSUITE_ECDSA_SD_2023) {
+            throw new Error('Document must have an ecdsa-sd-2023 proof for derivation');
+        }
+        // Parse the original proof value
+        const { signature, mandatoryPointers } = this.decodeProofValue(proof.proofValue);
+        // Create derived document with only selected + mandatory claims
+        const allPointers = [...new Set([...mandatoryPointers, ...selectivePointers])];
+        // Build derived document
+        const derivedDoc = {
+            '@context': signedDocument['@context'],
+            type: signedDocument.type,
+        };
+        // Copy mandatory fields
+        if (signedDocument.id)
+            derivedDoc.id = signedDocument.id;
+        if (signedDocument.issuer)
+            derivedDoc.issuer = signedDocument.issuer;
+        if (signedDocument.validFrom)
+            derivedDoc.validFrom = signedDocument.validFrom;
+        // Copy selected claims
+        for (const pointer of allPointers) {
+            const value = getValueAtPointer(signedDocument, pointer);
+            if (value !== undefined) {
+                setValueAtPointer(derivedDoc, pointer, value);
+            }
+        }
+        // Create derived proof
+        const derivedProof = {
+            type: constants_1.PROOF_TYPE_DATA_INTEGRITY,
+            cryptosuite: constants_1.CRYPTOSUITE_ECDSA_SD_2023,
+            created: proof.created,
+            verificationMethod: proof.verificationMethod,
+            proofPurpose: proof.proofPurpose,
+            proofValue: this.encodeProofValue({
+                signature,
+                mandatoryPointers,
+                derivedFrom: proof.proofValue,
+                selectedPointers: selectivePointers,
+            }),
+        };
+        return {
+            ...derivedDoc,
+            proof: derivedProof,
+        };
+    }
+    /**
+     * Verify a document with ecdsa-sd-2023 proof
+     */
+    async verify(options) {
+        const { document, proof, publicKeyMultibase } = options;
+        try {
+            // Validate proof structure
+            if (proof.type !== constants_1.PROOF_TYPE_DATA_INTEGRITY) {
+                return { verified: false, error: `Invalid proof type: ${proof.type}` };
+            }
+            if (proof.cryptosuite !== constants_1.CRYPTOSUITE_ECDSA_SD_2023) {
+                return { verified: false, error: `Invalid cryptosuite: ${proof.cryptosuite}` };
+            }
+            // Parse proof value
+            const { signature } = this.decodeProofValue(proof.proofValue);
+            // Recreate hash data
+            const documentCopy = { ...document };
+            delete documentCopy.proof;
+            const proofOptions = {
+                type: proof.type,
+                cryptosuite: proof.cryptosuite,
+                created: proof.created,
+                verificationMethod: proof.verificationMethod,
+                proofPurpose: proof.proofPurpose,
+            };
+            const hashData = this.createHashData(documentCopy, proofOptions);
+            // Verify signature
+            const verified = await this.verifyWithP256(hashData, signature, publicKeyMultibase);
+            return { verified };
+        }
+        catch (error) {
+            const err = error;
+            return { verified: false, error: err.message };
+        }
+    }
+    /**
+     * Check if this suite matches a given proof
+     */
+    matchProof(proof) {
+        return (proof.type === constants_1.PROOF_TYPE_DATA_INTEGRITY && proof.cryptosuite === constants_1.CRYPTOSUITE_ECDSA_SD_2023);
+    }
+    /**
+     * Create hash data for signing/verification
+     */
+    createHashData(document, proofOptions) {
+        const combined = {
+            document: this.sortObject(document),
+            proofOptions: this.sortObject(proofOptions),
+        };
+        const encoder = new TextEncoder();
+        return encoder.encode(JSON.stringify(combined));
+    }
+    /**
+     * Deep sort object keys for consistent serialization
+     */
+    sortObject(obj) {
+        if (Array.isArray(obj)) {
+            return obj.map((item) => typeof item === 'object' && item !== null
+                ? this.sortObject(item)
+                : item);
+        }
+        if (typeof obj !== 'object' || obj === null) {
+            return obj;
+        }
+        const sorted = {};
+        const keys = Object.keys(obj).sort();
+        for (const key of keys) {
+            // Skip internal fields
+            if (key.startsWith('_'))
+                continue;
+            const value = obj[key];
+            sorted[key] =
+                typeof value === 'object' && value !== null
+                    ? this.sortObject(value)
+                    : value;
+        }
+        return sorted;
+    }
+    /**
+     * Get Web Crypto SubtleCrypto API if available
+     */
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    getSubtleCrypto() {
+        // Try to get crypto.subtle from globalThis (works in Node.js 15+ and browsers)
+        try {
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const globalCrypto = globalThis.crypto;
+            if (globalCrypto?.subtle) {
+                return globalCrypto.subtle;
+            }
+        }
+        catch {
+            // Crypto not available
+        }
+        return undefined;
+    }
+    /**
+     * Sign data with P-256 key using Web Crypto API with JWK import
+     */
+    async signWithP256(data, keyPair) {
+        if (!keyPair.privateKeyMultibase) {
+            throw new Error('Private key is required for signing');
+        }
+        const subtle = this.getSubtleCrypto();
+        if (!subtle) {
+            throw new Error('Web Crypto API (subtle) not available');
+        }
+        try {
+            // Decode private and public keys from multibase
+            const privateKeyRaw = this.decodePrivateKeyRaw(keyPair.privateKeyMultibase);
+            const publicKeyRaw = this.decodePublicKeyRaw(keyPair.publicKeyMultibase);
+            // Convert to JWK format
+            const jwk = this.privateKeyToJwk(privateKeyRaw, publicKeyRaw);
+            // Import the key using JWK format
+            const cryptoKey = await subtle.importKey('jwk', jwk, { name: 'ECDSA', namedCurve: 'P-256' }, false, ['sign']);
+            // Sign the data
+            const signatureBuffer = await subtle.sign({ name: 'ECDSA', hash: 'SHA-256' }, cryptoKey, data);
+            return new Uint8Array(signatureBuffer);
+        }
+        catch (error) {
+            throw new Error(`P-256 signing failed: ${error.message}`);
+        }
+    }
+    /**
+     * Verify signature with P-256 public key using Web Crypto API with JWK import
+     */
+    async verifyWithP256(data, signature, publicKeyMultibase) {
+        const subtle = this.getSubtleCrypto();
+        if (!subtle) {
+            throw new Error('Web Crypto API (subtle) not available');
+        }
+        try {
+            // Decode public key from multibase
+            const publicKeyRaw = this.decodePublicKeyRaw(publicKeyMultibase);
+            // Convert to JWK format
+            const jwk = this.publicKeyToJwk(publicKeyRaw);
+            // Import the public key using JWK format
+            const cryptoKey = await subtle.importKey('jwk', jwk, { name: 'ECDSA', namedCurve: 'P-256' }, false, ['verify']);
+            // Verify the signature
+            return await subtle.verify({ name: 'ECDSA', hash: 'SHA-256' }, cryptoKey, signature, data);
+        }
+        catch (error) {
+            throw new Error(`P-256 verification failed: ${error.message}`);
+        }
+    }
+    /**
+     * SHA-256 hash using Node crypto
+     */
+    sha256(data) {
+        return (0, crypto_1.createHash)('sha256').update(data).digest();
+    }
+    /**
+     * Decode private key from multibase and return raw 32-byte scalar
+     */
+    decodePrivateKeyRaw(privateKeyMultibase) {
+        if (!privateKeyMultibase.startsWith('z')) {
+            throw new Error('Invalid multibase prefix: expected base58btc (z)');
+        }
+        const decoded = bs58_1.default.decode(privateKeyMultibase.slice(1));
+        // Check for P-256 private key multicodec prefix (0x8626)
+        if (decoded.length > 2 && decoded[0] === P256_PRIV_MULTICODEC[0] && decoded[1] === P256_PRIV_MULTICODEC[1]) {
+            return decoded.slice(2);
+        }
+        // If no multicodec prefix, assume raw key material
+        return decoded;
+    }
+    /**
+     * Decode public key from multibase and return raw bytes
+     * Returns uncompressed format (65 bytes: 0x04 || x || y)
+     */
+    decodePublicKeyRaw(publicKeyMultibase) {
+        if (!publicKeyMultibase.startsWith('z')) {
+            throw new Error('Invalid multibase prefix: expected base58btc (z)');
+        }
+        const decoded = bs58_1.default.decode(publicKeyMultibase.slice(1));
+        // Check for P-256 public key multicodec prefix (0x8024)
+        if (decoded.length > 2 && decoded[0] === P256_PUB_MULTICODEC[0] && decoded[1] === P256_PUB_MULTICODEC[1]) {
+            return decoded.slice(2);
+        }
+        // If no multicodec prefix, assume raw key material
+        return decoded;
+    }
+    /**
+     * Convert raw P-256 private key to JWK format for Web Crypto
+     */
+    privateKeyToJwk(privateKeyRaw, publicKeyRaw) {
+        // Private key is 32 bytes (scalar d)
+        // Public key is 65 bytes uncompressed (0x04 || x || y) or 64 bytes (x || y)
+        let x;
+        let y;
+        if (publicKeyRaw.length === 65 && publicKeyRaw[0] === 0x04) {
+            // Uncompressed format with 0x04 prefix
+            x = publicKeyRaw.slice(1, 33);
+            y = publicKeyRaw.slice(33, 65);
+        }
+        else if (publicKeyRaw.length === 64) {
+            // Raw x || y without prefix
+            x = publicKeyRaw.slice(0, 32);
+            y = publicKeyRaw.slice(32, 64);
+        }
+        else {
+            throw new Error(`Invalid P-256 public key length: ${publicKeyRaw.length}`);
+        }
+        return {
+            kty: 'EC',
+            crv: 'P-256',
+            x: Buffer.from(x).toString('base64url'),
+            y: Buffer.from(y).toString('base64url'),
+            d: Buffer.from(privateKeyRaw).toString('base64url'),
+        };
+    }
+    /**
+     * Convert raw P-256 public key to JWK format for Web Crypto
+     */
+    publicKeyToJwk(publicKeyRaw) {
+        let x;
+        let y;
+        if (publicKeyRaw.length === 65 && publicKeyRaw[0] === 0x04) {
+            // Uncompressed format with 0x04 prefix
+            x = publicKeyRaw.slice(1, 33);
+            y = publicKeyRaw.slice(33, 65);
+        }
+        else if (publicKeyRaw.length === 64) {
+            // Raw x || y without prefix
+            x = publicKeyRaw.slice(0, 32);
+            y = publicKeyRaw.slice(32, 64);
+        }
+        else {
+            throw new Error(`Invalid P-256 public key length: ${publicKeyRaw.length}`);
+        }
+        return {
+            kty: 'EC',
+            crv: 'P-256',
+            x: Buffer.from(x).toString('base64url'),
+            y: Buffer.from(y).toString('base64url'),
+        };
+    }
+    /**
+     * Encode proof value (base64url encoded JSON)
+     */
+    encodeProofValue(data) {
+        const payload = {
+            s: Buffer.from(data.signature).toString('base64'),
+            m: data.mandatoryPointers,
+            d: data.derivedFrom,
+            p: data.selectedPointers,
+        };
+        // Use 'u' prefix for base64url encoding
+        return 'u' + Buffer.from(JSON.stringify(payload)).toString('base64url');
+    }
+    /**
+     * Decode proof value
+     */
+    decodeProofValue(proofValue) {
+        if (!proofValue.startsWith('u')) {
+            throw new Error('Invalid proof value: expected base64url (u) prefix');
+        }
+        const json = Buffer.from(proofValue.slice(1), 'base64url').toString('utf-8');
+        const payload = JSON.parse(json);
+        return {
+            signature: Buffer.from(payload.s, 'base64'),
+            mandatoryPointers: payload.m || [],
+            derivedFrom: payload.d,
+            selectedPointers: payload.p,
+        };
+    }
+    /**
+     * Generate a new P-256 key pair with multibase encoding
+     * Uses Web Crypto API for key generation
+     */
+    static async generateKeyPair(controller, keyId) {
+        // Use Web Crypto to generate P-256 key pair
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const subtle = globalThis.crypto?.subtle;
+        if (!subtle) {
+            throw new Error('Web Crypto API (subtle) not available for key generation');
+        }
+        // Generate key pair
+        const keyPair = await subtle.generateKey({ name: 'ECDSA', namedCurve: 'P-256' }, true, // extractable
+        ['sign', 'verify']);
+        // Export keys to JWK format
+        const publicJwk = await subtle.exportKey('jwk', keyPair.publicKey);
+        const privateJwk = await subtle.exportKey('jwk', keyPair.privateKey);
+        // Extract raw key bytes from JWK
+        const x = Buffer.from(publicJwk.x, 'base64url');
+        const y = Buffer.from(publicJwk.y, 'base64url');
+        const d = Buffer.from(privateJwk.d, 'base64url');
+        // Create uncompressed public key (0x04 || x || y)
+        const publicKeyRaw = Buffer.concat([Buffer.from([0x04]), x, y]);
+        // Encode with multicodec prefixes
+        const pubWithHeader = Buffer.concat([Buffer.from(P256_PUB_MULTICODEC), publicKeyRaw]);
+        const privWithHeader = Buffer.concat([Buffer.from(P256_PRIV_MULTICODEC), d]);
+        const publicKeyMultibase = 'z' + bs58_1.default.encode(pubWithHeader);
+        const privateKeyMultibase = 'z' + bs58_1.default.encode(privWithHeader);
+        const id = keyId || `${controller}#key-1`;
+        return {
+            id,
+            controller,
+            publicKeyMultibase,
+            privateKeyMultibase,
+        };
+    }
+}
+exports.EcdsaSd2023Cryptosuite = EcdsaSd2023Cryptosuite;
+EcdsaSd2023Cryptosuite.proofType = constants_1.PROOF_TYPE_DATA_INTEGRITY;
+EcdsaSd2023Cryptosuite.cryptosuite = constants_1.CRYPTOSUITE_ECDSA_SD_2023;
+EcdsaSd2023Cryptosuite.contextUrl = constants_1.DATA_INTEGRITY_V2_CONTEXT_URL;
+EcdsaSd2023Cryptosuite.verificationMethodTypes = [constants_1.VM_TYPE_MULTIKEY];
+//# sourceMappingURL=EcdsaSd2023.js.map