@aptos-labs/ts-sdk 4.0.0 → 5.0.0

package/src/internal/account.ts

@@ -93,6 +93,7 @@ import {
   EntryFunctionABI,
   InputGenerateTransactionOptions,
   RotationProofChallenge,
+  SimpleTransaction,
   TypeTagU8,
   TypeTagVector,
 } from "../transactions";
@@ -100,6 +101,7 @@ import { U8, MoveVector } from "../bcs";
 import { waitForTransaction, waitForIndexer } from "./transaction";
 import { view } from "./view";
 import { getLedgerInfo } from "./general";
+import { accountPublicKeyToBaseAccountPublicKey, accountPublicKeyToSigningScheme } from "../core/crypto/utils";
 
 /**
  * Retrieves account information for a specified account address.
@@ -933,23 +935,15 @@ const rotateAuthKeyAbi: EntryFunctionABI = {
  * @param args - The arguments for rotating the authentication key.
  * @param args.aptosConfig - The configuration settings for the Aptos network.
  * @param args.fromAccount - The account from which the authentication key will be rotated.
- * @param args.toAccount - (Optional) The target account to rotate to. Required if not using toNewPrivateKey or toAuthKey.
- * @param args.toNewPrivateKey - (Optional) The new private key to rotate to. Required if not using toAccount or toAuthKey.
- * @param args.toAuthKey - (Optional) The new authentication key to rotate to. Can only be used with dangerouslySkipVerification=true.
- * @param args.dangerouslySkipVerification - (Optional) If true, skips verification steps after rotation. Required when using toAuthKey.
+ * @param args.toAccount - (Optional) The target account to rotate to. Required if not using toNewPrivateKey.
+ * @param args.toNewPrivateKey - (Optional) The new private key to rotate to. Required if not using toAccount.
  *
  * @remarks
  * This function supports three modes of rotation:
  * 1. Using a target Account object (toAccount)
  * 2. Using a new private key (toNewPrivateKey)
- * 3. Using a raw authentication key (toAuthKey) - requires dangerouslySkipVerification=true
  *
- * When not using dangerouslySkipVerification, the function performs additional safety checks and account setup.
- *
- * If the new key is a multi key, skipping verification is dangerous because verification will publish the public key onchain and
- * prevent users from being locked out of the account from loss of knowledge of one of the public keys.
- *
- * @returns A promise that resolves to the pending transaction response.
+ * @returns A simple transaction object that can be submitted to the network.
  * @throws Error if the rotation fails or verification fails.
  *
  * @group Implementation
@@ -959,13 +953,9 @@ export async function rotateAuthKey(
     aptosConfig: AptosConfig;
     fromAccount: Account;
     options?: InputGenerateTransactionOptions;
-  } & (
-    | { toAccount: Account; dangerouslySkipVerification?: never }
-    | { toNewPrivateKey: Ed25519PrivateKey; dangerouslySkipVerification?: never }
-    | { toAuthKey: AuthenticationKey; dangerouslySkipVerification: true }
-  ),
-): Promise<PendingTransactionResponse> {
-  const { aptosConfig, fromAccount, dangerouslySkipVerification, options } = args;
+  } & ({ toAccount: Ed25519Account | MultiEd25519Account } | { toNewPrivateKey: Ed25519PrivateKey }),
+): Promise<SimpleTransaction> {
+  const { aptosConfig, fromAccount, options } = args;
   if ("toNewPrivateKey" in args) {
     return rotateAuthKeyWithChallenge({
       aptosConfig,
@@ -973,9 +963,7 @@ export async function rotateAuthKey(
       toNewPrivateKey: args.toNewPrivateKey,
       options,
     });
-  }
-  let authKey: AuthenticationKey;
-  if ("toAccount" in args) {
+  } else if ("toAccount" in args) {
     if (args.toAccount instanceof Ed25519Account) {
       return rotateAuthKeyWithChallenge({
         aptosConfig,
@@ -983,52 +971,12 @@ export async function rotateAuthKey(
         toNewPrivateKey: args.toAccount.privateKey,
         options,
       });
-    }
-    if (args.toAccount instanceof MultiEd25519Account) {
+    } else {
       return rotateAuthKeyWithChallenge({ aptosConfig, fromAccount, toAccount: args.toAccount, options });
     }
-    authKey = args.toAccount.publicKey.authKey();
-  } else if ("toAuthKey" in args) {
-    authKey = args.toAuthKey;
   } else {
     throw new Error("Invalid arguments");
   }
-
-  const pendingTxn = await rotateAuthKeyUnverified({
-    aptosConfig,
-    fromAccount,
-    toAuthKey: authKey,
-    options,
-  });
-
-  if (dangerouslySkipVerification === true) {
-    return pendingTxn;
-  }
-
-  const rotateAuthKeyTxnResponse = await waitForTransaction({
-    aptosConfig,
-    transactionHash: pendingTxn.hash,
-  });
-  if (!rotateAuthKeyTxnResponse.success) {
-    throw new Error(`Failed to rotate authentication key - ${rotateAuthKeyTxnResponse}`);
-  }
-
-  // Verify the rotation by setting the originating address to the new account.
-  // This verifies the rotation even if the transaction payload fails to execute successfully.
-  const verificationTxn = await generateTransaction({
-    aptosConfig,
-    sender: fromAccount.accountAddress,
-    data: {
-      function: "0x1::account::set_originating_address",
-      functionArguments: [],
-    },
-  });
-
-  return signAndSubmitTransaction({
-    aptosConfig,
-    signer: args.toAccount, // Use the new account to sign
-    transaction: verificationTxn,
-  });
 }
 
 async function rotateAuthKeyWithChallenge(
@@ -1037,7 +985,7 @@ async function rotateAuthKeyWithChallenge(
     fromAccount: Account;
     options?: InputGenerateTransactionOptions;
   } & ({ toNewPrivateKey: Ed25519PrivateKey } | { toAccount: MultiEd25519Account }),
-): Promise<PendingTransactionResponse> {
+): Promise<SimpleTransaction> {
   const { aptosConfig, fromAccount, options } = args;
   const accountInfo = await getInfo({
     aptosConfig,
@@ -1064,7 +1012,7 @@ async function rotateAuthKeyWithChallenge(
   const proofSignedByNewKey = newAccount.sign(challengeHex);
 
   // Generate transaction
-  const rawTxn = await generateTransaction({
+  return generateTransaction({
     aptosConfig,
     sender: fromAccount.accountAddress,
     data: {
@@ -1081,41 +1029,46 @@ async function rotateAuthKeyWithChallenge(
     },
     options,
   });
-  return signAndSubmitTransaction({
-    aptosConfig,
-    signer: fromAccount,
-    transaction: rawTxn,
-  });
 }
 
 const rotateAuthKeyUnverifiedAbi: EntryFunctionABI = {
   typeParameters: [],
-  parameters: [TypeTagVector.u8()],
+  parameters: [new TypeTagU8(), TypeTagVector.u8()],
 };
 
-async function rotateAuthKeyUnverified(args: {
+/**
+ * Rotates the authentication key for a given account without verifying the new key.
+ *
+ * @param args - The arguments for rotating the authentication key.
+ * @param args.aptosConfig - The configuration settings for the Aptos network.
+ * @param args.fromAccount - The account from which the authentication key will be rotated.
+ * @param args.toNewPublicKey - The new public key to rotate to.
+ * @returns A simple transaction object that can be submitted to the network.
+ * @throws Error if the rotation fails or verification fails.
+ *
+ * @group Implementation
+ */
+export async function rotateAuthKeyUnverified(args: {
   aptosConfig: AptosConfig;
   fromAccount: Account;
-  toAuthKey: AuthenticationKey;
+  toNewPublicKey: AccountPublicKey;
   options?: InputGenerateTransactionOptions;
-}): Promise<PendingTransactionResponse> {
-  const { aptosConfig, fromAccount, toAuthKey, options } = args;
-  const authKey = toAuthKey;
-  const rawTxn = await generateTransaction({
+}): Promise<SimpleTransaction> {
+  const { aptosConfig, fromAccount, toNewPublicKey, options } = args;
+
+  return generateTransaction({
     aptosConfig,
     sender: fromAccount.accountAddress,
     data: {
-      function: "0x1::account::rotate_authentication_key_call",
-      functionArguments: [MoveVector.U8(authKey.toUint8Array())],
+      function: "0x1::account::rotate_authentication_key_from_public_key",
+      functionArguments: [
+        new U8(accountPublicKeyToSigningScheme(toNewPublicKey)), // to scheme
+        MoveVector.U8(accountPublicKeyToBaseAccountPublicKey(toNewPublicKey).toUint8Array()),
+      ],
       abi: rotateAuthKeyUnverifiedAbi,
     },
     options,
   });
-  return signAndSubmitTransaction({
-    aptosConfig,
-    signer: fromAccount,
-    transaction: rawTxn,
-  });
 }
 
 export type AccountInfo = {

package/src/transactions/authenticator/account.ts

@@ -9,7 +9,7 @@ import { Ed25519PublicKey, Ed25519Signature } from "../../core/crypto/ed25519";
 import { MultiEd25519PublicKey, MultiEd25519Signature } from "../../core/crypto/multiEd25519";
 import { MultiKey, MultiKeySignature } from "../../core/crypto/multiKey";
 import { AccountAuthenticatorVariant, HexInput, MoveFunctionId } from "../../types";
-import { AbstractionAuthDataVariant } from "../../types/abstraction";
+import { AASigningDataVariant, AbstractAuthenticationDataVariant } from "../../types/abstraction";
 import { AccountAddress, Hex } from "../../core";
 import { getFunctionParts, isValidFunctionInfo } from "../../utils/helpers";
 
@@ -269,12 +269,22 @@ export class AccountAuthenticatorNoAccountAuthenticator extends AccountAuthentic
   }
 }
 
+/**
+ * Represents an account authenticator that supports abstract authentication.
+ *
+ * @param functionInfo - The function info of the authentication function.
+ * @param signingMessageDigest - The digest of the signing message.
+ * @param abstractionSignature - The signature of the authentication function.
+ * @param accountIdentity - optional. The account identity for DAA.
+ * @group Implementation
+ * @category Transactions
+ */
 export class AccountAuthenticatorAbstraction extends AccountAuthenticator {
   public readonly functionInfo: string;
 
   public readonly signingMessageDigest: Hex;
 
-  public readonly authenticator: Uint8Array;
+  public readonly abstractionSignature: Uint8Array;
 
   /**
    * DAA, which is extended of the AA module, requires an account identity
@@ -284,7 +294,7 @@ export class AccountAuthenticatorAbstraction extends AccountAuthenticator {
   constructor(
     functionInfo: string,
     signingMessageDigest: HexInput,
-    authenticator: Uint8Array,
+    abstractionSignature: Uint8Array,
     accountIdentity?: Uint8Array,
   ) {
     super();
@@ -292,7 +302,7 @@ export class AccountAuthenticatorAbstraction extends AccountAuthenticator {
       throw new Error(`Invalid function info ${functionInfo} passed into AccountAuthenticatorAbstraction`);
     }
     this.functionInfo = functionInfo;
-    this.authenticator = authenticator;
+    this.abstractionSignature = abstractionSignature;
     this.signingMessageDigest = Hex.fromHexInput(Hex.fromHexInput(signingMessageDigest).toUint8Array());
     this.accountIdentity = accountIdentity;
   }
@@ -304,15 +314,15 @@ export class AccountAuthenticatorAbstraction extends AccountAuthenticator {
     serializer.serializeStr(moduleName);
     serializer.serializeStr(functionName);
     if (this.accountIdentity) {
-      serializer.serializeU32AsUleb128(AbstractionAuthDataVariant.DerivableV1);
+      serializer.serializeU32AsUleb128(AbstractAuthenticationDataVariant.DerivableV1);
     } else {
-      serializer.serializeU32AsUleb128(AbstractionAuthDataVariant.V1);
+      serializer.serializeU32AsUleb128(AbstractAuthenticationDataVariant.V1);
     }
     serializer.serializeBytes(this.signingMessageDigest.toUint8Array());
     if (this.accountIdentity) {
-      serializer.serializeBytes(this.authenticator);
+      serializer.serializeBytes(this.abstractionSignature);
     } else {
-      serializer.serializeFixedBytes(this.authenticator);
+      serializer.serializeFixedBytes(this.abstractionSignature);
     }
 
     if (this.accountIdentity) {
@@ -321,31 +331,75 @@ export class AccountAuthenticatorAbstraction extends AccountAuthenticator {
   }
 
   static load(deserializer: Deserializer): AccountAuthenticatorAbstraction {
+    // deserialize the function info
     const moduleAddress = AccountAddress.deserialize(deserializer);
     const moduleName = deserializer.deserializeStr();
     const functionName = deserializer.deserializeStr();
+    // deserialize the variant
     const variant = deserializer.deserializeUleb128AsU32();
-    if (variant === AbstractionAuthDataVariant.V1) {
-      const signingMessageDigest = deserializer.deserializeBytes();
-      const authenticator = deserializer.deserializeFixedBytes(deserializer.remaining());
+    // deserialize the signing message digest
+    const signingMessageDigest = deserializer.deserializeBytes();
+
+    if (variant === AbstractAuthenticationDataVariant.V1) {
+      const abstractionSignature = deserializer.deserializeFixedBytes(deserializer.remaining());
       return new AccountAuthenticatorAbstraction(
         `${moduleAddress}::${moduleName}::${functionName}`,
         signingMessageDigest,
-        authenticator,
+        abstractionSignature,
       );
     }
-    if (variant === AbstractionAuthDataVariant.DerivableV1) {
-      const signingMessageDigest = deserializer.deserializeBytes();
-      const abstractSignature = deserializer.deserializeBytes();
-
+    if (variant === AbstractAuthenticationDataVariant.DerivableV1) {
+      const abstractionSignature = deserializer.deserializeBytes();
       const abstractPublicKey = deserializer.deserializeBytes();
       return new AccountAuthenticatorAbstraction(
         `${moduleAddress}::${moduleName}::${functionName}`,
         signingMessageDigest,
-        abstractSignature,
+        abstractionSignature,
         abstractPublicKey,
       );
     }
     throw new Error(`Unknown variant index for AccountAuthenticatorAbstraction: ${variant}`);
   }
 }
+
+/**
+ * Represents an account abstraction message that contains the original signing message and the function info.
+ *
+ * @param originalSigningMessage - The original signing message.
+ * @param functionInfo - The function info of the authentication function.
+ * @group Implementation
+ * @category Transactions
+ */
+export class AccountAbstractionMessage extends Serializable {
+  public readonly originalSigningMessage: Hex;
+
+  public readonly functionInfo: string;
+
+  constructor(originalSigningMessage: HexInput, functionInfo: string) {
+    super();
+    this.originalSigningMessage = Hex.fromHexInput(Hex.fromHexInput(originalSigningMessage).toUint8Array());
+    this.functionInfo = functionInfo;
+  }
+
+  serialize(serializer: Serializer): void {
+    serializer.serializeU32AsUleb128(AASigningDataVariant.V1);
+    serializer.serializeBytes(this.originalSigningMessage.toUint8Array());
+    const { moduleAddress, moduleName, functionName } = getFunctionParts(this.functionInfo as MoveFunctionId);
+    AccountAddress.fromString(moduleAddress).serialize(serializer);
+    serializer.serializeStr(moduleName);
+    serializer.serializeStr(functionName);
+  }
+
+  static deserialize(deserializer: Deserializer): AccountAbstractionMessage {
+    const variant = deserializer.deserializeUleb128AsU32();
+    if (variant !== AASigningDataVariant.V1) {
+      throw new Error(`Unknown variant index for AccountAbstractionMessage: ${variant}`);
+    }
+    const originalSigningMessage = deserializer.deserializeBytes();
+    const functionInfoModuleAddress = AccountAddress.deserialize(deserializer);
+    const functionInfoModuleName = deserializer.deserializeStr();
+    const functionInfoFunctionName = deserializer.deserializeStr();
+    const functionInfo = `${functionInfoModuleAddress}::${functionInfoModuleName}::${functionInfoFunctionName}`;
+    return new AccountAbstractionMessage(originalSigningMessage, functionInfo);
+  }
+}

package/src/types/abstraction.ts

@@ -1,7 +1,14 @@
 /**
- * The variant for the AbstractionAuthData enum.
+ * The variant for the AbstractAuthenticationData enum.
  */
-export enum AbstractionAuthDataVariant {
+export enum AbstractAuthenticationDataVariant {
   V1 = 0,
   DerivableV1 = 1,
 }
+
+/**
+ * The variant for the AASigningData enum.
+ */
+export enum AASigningDataVariant {
+  V1 = 0,
+}

package/src/utils/const.ts

@@ -70,6 +70,8 @@ export const RAW_TRANSACTION_SALT = "APTOS::RawTransaction";
  */
 export const RAW_TRANSACTION_WITH_DATA_SALT = "APTOS::RawTransactionWithData";
 
+export const ACCOUNT_ABSTRACTION_SIGNING_DATA_SALT = "APTOS::AASigningData";
+
 /**
  * Supported processor types for the indexer API, sourced from the processor_status table in the indexer database.
  * {@link https://cloud.hasura.io/public/graphiql?endpoint=https://api.mainnet.aptoslabs.com/v1/graphql}

package/src/version.ts

@@ -6,4 +6,4 @@
  *
  * hardcoded for now, we would want to have it injected dynamically
  */
-export const VERSION = "4.0.0";
+export const VERSION = "5.0.0";

package/dist/esm/chunk-4JT5AESZ.mjs

@@ -1,2 +0,0 @@
-import{a as p}from"./chunk-DPW6ELCQ.mjs";import{a as u}from"./chunk-ROT6S6BM.mjs";import{a as h}from"./chunk-WCMW2L3P.mjs";import{a as f}from"./chunk-WSR5EBJM.mjs";import{e as d,j as S}from"./chunk-C3Q23D22.mjs";import{a as g}from"./chunk-EBMEXURY.mjs";import{b as s}from"./chunk-STY74NUA.mjs";import{sha3_256 as H}from"@noble/hashes/sha3";import{secp256k1 as y}from"@noble/curves/secp256k1";import{HDKey as A}from"@scure/bip32";var i=class i extends f{constructor(e){super();let t=s.fromHexInput(e),{length:r}=t.toUint8Array();if(r===i.LENGTH)this.key=t;else if(r===i.COMPRESSED_LENGTH){let o=y.ProjectivePoint.fromHex(t.toUint8Array());this.key=s.fromHexInput(o.toRawBytes(!1))}else throw new Error(`PublicKey length should be ${i.LENGTH} or ${i.COMPRESSED_LENGTH}, received ${r}`)}verifySignature(e){let{message:t,signature:r}=e,o=p(t),c=s.fromHexInput(o).toUint8Array(),P=H(c),x=r.toUint8Array();return y.verify(x,P,this.key.toUint8Array(),{lowS:!0})}async verifySignatureAsync(e){return this.verifySignature(e)}toUint8Array(){return this.key.toUint8Array()}serialize(e){e.serializeBytes(this.key.toUint8Array())}deserialize(e){let t=e.deserializeBytes();return new l(t)}static deserialize(e){let t=e.deserializeBytes();return new i(t)}static isPublicKey(e){return e instanceof i}static isInstance(e){return"key"in e&&e.key?.data?.length===i.LENGTH}};i.LENGTH=65,i.COMPRESSED_LENGTH=33;var m=i,n=class n extends g{constructor(e,t){super();let r=u.parseHexInput(e,"secp256k1",t);if(r.toUint8Array().length!==n.LENGTH)throw new Error(`PrivateKey length should be ${n.LENGTH}`);this.key=r}static generate(){let e=y.utils.randomPrivateKey();return new n(e,!1)}static fromDerivationPath(e,t){if(!d(e))throw new Error(`Invalid derivation path ${e}`);return n.fromDerivationPathInner(e,S(t))}static fromDerivationPathInner(e,t){let{privateKey:r}=A.fromMasterSeed(t).derive(e);if(r===null)throw new Error("Invalid key");return new n(r,!1)}sign(e){let t=p(e),r=s.fromHexInput(t),o=H(r.toUint8Array()),c=y.sign(o,this.key.toUint8Array(),{lowS:!0});return new l(c.toCompactRawBytes())}publicKey(){let e=y.getPublicKey(this.key.toUint8Array(),!1);return new m(e)}toUint8Array(){return this.key.toUint8Array()}toString(){return this.toAIP80String()}toHexString(){return this.key.toString()}toAIP80String(){return u.formatPrivateKey(this.key.toString(),"secp256k1")}serialize(e){e.serializeBytes(this.toUint8Array())}static deserialize(e){let t=e.deserializeBytes();return new n(t,!1)}static isPrivateKey(e){return e instanceof n}};n.LENGTH=32;var v=n,a=class a extends h{constructor(e){super();let t=s.fromHexInput(e);if(t.toUint8Array().length!==a.LENGTH)throw new Error(`Signature length should be ${a.LENGTH}, received ${t.toUint8Array().length}`);this.data=t}toUint8Array(){return this.data.toUint8Array()}serialize(e){e.serializeBytes(this.data.toUint8Array())}static deserialize(e){let t=e.deserializeBytes();return new a(t)}};a.LENGTH=64;var l=a;export{m as a,v as b,l as c};
-//# sourceMappingURL=chunk-4JT5AESZ.mjs.map

package/dist/esm/chunk-4JT5AESZ.mjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/core/crypto/secp256k1.ts"],"sourcesContent":["// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\n\nimport { sha3_256 } from \"@noble/hashes/sha3\";\nimport { secp256k1 } from \"@noble/curves/secp256k1\";\nimport { HDKey } from \"@scure/bip32\";\nimport { Serializable, Deserializer, Serializer } from \"../../bcs\";\nimport { Hex } from \"../hex\";\nimport { HexInput, PrivateKeyVariants } from \"../../types\";\nimport { isValidBIP44Path, mnemonicToSeed } from \"./hdKey\";\nimport { PrivateKey } from \"./privateKey\";\nimport { PublicKey } from \"./publicKey\";\nimport { Signature } from \"./signature\";\nimport { convertSigningMessage } from \"./utils\";\nimport { AptosConfig } from \"../../api\";\n\n/**\n * Represents a Secp256k1 ECDSA public key.\n *\n * @extends PublicKey\n * @property LENGTH - The length of the Secp256k1 public key in bytes.\n * @group Implementation\n * @category Serialization\n */\nexport class Secp256k1PublicKey extends PublicKey {\n  // Secp256k1 ecdsa public keys contain a prefix indicating compression and two 32-byte coordinates.\n  static readonly LENGTH: number = 65;\n\n  // If it's compressed, it is only 33 bytes\n  static readonly COMPRESSED_LENGTH: number = 33;\n\n  // Hex value of the public key\n  private readonly key: Hex;\n\n  /**\n   * Create a new PublicKey instance from a HexInput, which can be a string or Uint8Array.\n   * This constructor validates the length of the provided signature data.\n   *\n   * @param hexInput - A HexInput (string or Uint8Array) representing the signature data.\n   * @throws Error if the length of the signature data is not equal to Secp256k1Signature.LENGTH.\n   * @group Implementation\n   * @category Serialization\n   */\n  constructor(hexInput: HexInput) {\n    super();\n\n    const hex = Hex.fromHexInput(hexInput);\n    const { length } = hex.toUint8Array();\n    if (length === Secp256k1PublicKey.LENGTH) {\n      this.key = hex;\n    } else if (length === Secp256k1PublicKey.COMPRESSED_LENGTH) {\n      const point = secp256k1.ProjectivePoint.fromHex(hex.toUint8Array());\n      this.key = Hex.fromHexInput(point.toRawBytes(false));\n    } else {\n      throw new Error(\n        `PublicKey length should be ${Secp256k1PublicKey.LENGTH} or ${Secp256k1PublicKey.COMPRESSED_LENGTH}, received ${length}`,\n      );\n    }\n  }\n\n  // region PublicKey\n  /**\n   * Verifies a Secp256k1 signature against the public key.\n   *\n   * This function checks the validity of a signature for a given message, ensuring that the signature is canonical as a malleability check.\n   *\n   * @param args - The arguments for verifying the signature.\n   * @param args.message - The message that was signed.\n   * @param args.signature - The signature to verify against the public key.\n   * @group Implementation\n   * @category Serialization\n   */\n  verifySignature(args: { message: HexInput; signature: Secp256k1Signature }): boolean {\n    const { message, signature } = args;\n    const messageToVerify = convertSigningMessage(message);\n    const messageBytes = Hex.fromHexInput(messageToVerify).toUint8Array();\n    const messageSha3Bytes = sha3_256(messageBytes);\n    const signatureBytes = signature.toUint8Array();\n    return secp256k1.verify(signatureBytes, messageSha3Bytes, this.key.toUint8Array(), { lowS: true });\n  }\n\n  /**\n   * Note: Secp256k1Signatures can be verified syncronously.\n   *\n   * Verifies the provided signature against the given message.\n   * This function helps ensure the integrity and authenticity of the message by confirming that the signature is valid.\n   *\n   * @param args - The arguments for signature verification.\n   * @param args.aptosConfig - The configuration object for connecting to the Aptos network\n   * @param args.message - The message that was signed.\n   * @param args.signature - The signature to verify, which must be an instance of Secp256k1Signature.\n   * @returns A boolean indicating whether the signature is valid for the given message.\n   * @group Implementation\n   * @category Serialization\n   */\n  async verifySignatureAsync(args: {\n    aptosConfig: AptosConfig;\n    message: HexInput;\n    signature: Secp256k1Signature;\n  }): Promise<boolean> {\n    return this.verifySignature(args);\n  }\n\n  /**\n   * Get the data as a Uint8Array representation.\n   *\n   * @returns Uint8Array representation of the data.\n   * @group Implementation\n   * @category Serialization\n   */\n  toUint8Array(): Uint8Array {\n    return this.key.toUint8Array();\n  }\n\n  // endregion\n\n  // region Serializable\n\n  /**\n   * Serializes the data into a byte array using the provided serializer.\n   * This function is essential for converting data into a format suitable for transmission or storage.\n   *\n   * @param serializer - The serializer instance used to convert the data.\n   * @group Implementation\n   * @category Serialization\n   */\n  serialize(serializer: Serializer): void {\n    serializer.serializeBytes(this.key.toUint8Array());\n  }\n\n  /**\n   * Deserializes a Secp256k1Signature from the provided deserializer.\n   * This function allows you to reconstruct a Secp256k1Signature object from its serialized byte representation.\n   *\n   * @param deserializer - The deserializer instance used to read the serialized data.\n   * @group Implementation\n   * @category Serialization\n   */\n  // eslint-disable-next-line class-methods-use-this\n  deserialize(deserializer: Deserializer) {\n    const hex = deserializer.deserializeBytes();\n    return new Secp256k1Signature(hex);\n  }\n\n  static deserialize(deserializer: Deserializer): Secp256k1PublicKey {\n    const bytes = deserializer.deserializeBytes();\n    return new Secp256k1PublicKey(bytes);\n  }\n\n  // endregion\n\n  /**\n   * Determine if the provided public key is an instance of Secp256k1PublicKey.\n   *\n   * @deprecated use `instanceof Secp256k1PublicKey` instead\n   * @param publicKey - The public key to check.\n   * @group Implementation\n   * @category Serialization\n   */\n  static isPublicKey(publicKey: PublicKey): publicKey is Secp256k1PublicKey {\n    return publicKey instanceof Secp256k1PublicKey;\n  }\n\n  /**\n   * Determines if the provided public key is a valid instance of a Secp256k1 public key.\n   * This function checks for the presence of a \"key\" property and validates the length of the key data.\n   *\n   * @param publicKey - The public key to validate.\n   * @returns A boolean indicating whether the public key is a valid Secp256k1 public key.\n   * @group Implementation\n   * @category Serialization\n   */\n  static isInstance(publicKey: PublicKey): publicKey is Secp256k1PublicKey {\n    return \"key\" in publicKey && (publicKey.key as any)?.data?.length === Secp256k1PublicKey.LENGTH;\n  }\n}\n\n/**\n * Represents a Secp256k1 ECDSA private key, providing functionality to create, sign messages,\n * derive public keys, and serialize/deserialize the key.\n * @group Implementation\n * @category Serialization\n */\nexport class Secp256k1PrivateKey extends Serializable implements PrivateKey {\n  /**\n   * Length of Secp256k1 ecdsa private key\n   * @group Implementation\n   * @category Serialization\n   */\n  static readonly LENGTH: number = 32;\n\n  /**\n   * The private key bytes\n   * @private\n   * @group Implementation\n   * @category Serialization\n   */\n  private readonly key: Hex;\n\n  // region Constructors\n\n  /**\n   * Create a new PrivateKey instance from a Uint8Array or String.\n   *\n   * [Read about AIP-80](https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-80.md)\n   *\n   * @param hexInput A HexInput (string or Uint8Array)\n   * @param strict If true, private key must AIP-80 compliant.\n   * @group Implementation\n   * @category Serialization\n   */\n  constructor(hexInput: HexInput, strict?: boolean) {\n    super();\n\n    const privateKeyHex = PrivateKey.parseHexInput(hexInput, PrivateKeyVariants.Secp256k1, strict);\n    if (privateKeyHex.toUint8Array().length !== Secp256k1PrivateKey.LENGTH) {\n      throw new Error(`PrivateKey length should be ${Secp256k1PrivateKey.LENGTH}`);\n    }\n\n    this.key = privateKeyHex;\n  }\n\n  /**\n   * Generate a new random private key.\n   *\n   * @returns Secp256k1PrivateKey - A newly generated Secp256k1 private key.\n   * @group Implementation\n   * @category Serialization\n   */\n  static generate(): Secp256k1PrivateKey {\n    const hexInput = secp256k1.utils.randomPrivateKey();\n    return new Secp256k1PrivateKey(hexInput, false);\n  }\n\n  /**\n   * Derives a private key from a mnemonic seed phrase using a specified BIP44 path.\n   *\n   * @param path - The BIP44 path to derive the key from.\n   * @param mnemonics - The mnemonic seed phrase used for key generation.\n   *\n   * @returns The generated private key.\n   *\n   * @throws Error if the provided path is not a valid BIP44 path.\n   * @group Implementation\n   * @category Serialization\n   */\n  static fromDerivationPath(path: string, mnemonics: string): Secp256k1PrivateKey {\n    if (!isValidBIP44Path(path)) {\n      throw new Error(`Invalid derivation path ${path}`);\n    }\n    return Secp256k1PrivateKey.fromDerivationPathInner(path, mnemonicToSeed(mnemonics));\n  }\n\n  /**\n   * Derives a private key from a specified BIP44 path using a given seed.\n   * This function is essential for generating keys that follow the hierarchical deterministic (HD) wallet structure.\n   *\n   * @param path - The BIP44 path used for key derivation.\n   * @param seed - The seed phrase created by the mnemonics, represented as a Uint8Array.\n   * @returns The generated private key as an instance of Secp256k1PrivateKey.\n   * @throws Error if the derived private key is invalid.\n   * @group Implementation\n   * @category Serialization\n   */\n  private static fromDerivationPathInner(path: string, seed: Uint8Array): Secp256k1PrivateKey {\n    const { privateKey } = HDKey.fromMasterSeed(seed).derive(path);\n    // library returns privateKey as Uint8Array | null\n    if (privateKey === null) {\n      throw new Error(\"Invalid key\");\n    }\n\n    return new Secp256k1PrivateKey(privateKey, false);\n  }\n\n  // endregion\n\n  // region PrivateKey\n\n  /**\n   * Sign the given message with the private key.\n   * This function generates a cryptographic signature for the provided message, ensuring the signature is canonical and non-malleable.\n   *\n   * @param message - A message in HexInput format to be signed.\n   * @returns Signature - The generated signature for the provided message.\n   * @group Implementation\n   * @category Serialization\n   */\n  sign(message: HexInput): Secp256k1Signature {\n    const messageToSign = convertSigningMessage(message);\n    const messageBytes = Hex.fromHexInput(messageToSign);\n    const messageHashBytes = sha3_256(messageBytes.toUint8Array());\n    const signature = secp256k1.sign(messageHashBytes, this.key.toUint8Array(), { lowS: true });\n    return new Secp256k1Signature(signature.toCompactRawBytes());\n  }\n\n  /**\n   * Derive the Secp256k1PublicKey from this private key.\n   *\n   * @returns Secp256k1PublicKey The derived public key.\n   * @group Implementation\n   * @category Serialization\n   */\n  publicKey(): Secp256k1PublicKey {\n    const bytes = secp256k1.getPublicKey(this.key.toUint8Array(), false);\n    return new Secp256k1PublicKey(bytes);\n  }\n\n  /**\n   * Get the private key in bytes (Uint8Array).\n   *\n   * @returns\n   * @group Implementation\n   * @category Serialization\n   */\n  toUint8Array(): Uint8Array {\n    return this.key.toUint8Array();\n  }\n\n  /**\n   * Get the private key as a string representation.\n   *\n   * @returns string representation of the private key\n   * @group Implementation\n   * @category Serialization\n   */\n  toString(): string {\n    return this.toAIP80String();\n  }\n\n  /**\n   * Get the private key as a hex string with the 0x prefix.\n   *\n   * @returns string representation of the private key.\n   */\n  toHexString(): string {\n    return this.key.toString();\n  }\n\n  /**\n   * Get the private key as a AIP-80 compliant hex string.\n   *\n   * [Read about AIP-80](https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-80.md)\n   *\n   * @returns AIP-80 compliant string representation of the private key.\n   */\n  toAIP80String(): string {\n    return PrivateKey.formatPrivateKey(this.key.toString(), PrivateKeyVariants.Secp256k1);\n  }\n\n  // endregion\n\n  // region Serializable\n\n  serialize(serializer: Serializer): void {\n    serializer.serializeBytes(this.toUint8Array());\n  }\n\n  static deserialize(deserializer: Deserializer): Secp256k1PrivateKey {\n    const bytes = deserializer.deserializeBytes();\n    return new Secp256k1PrivateKey(bytes, false);\n  }\n\n  // endregion\n\n  /**\n   * Determines if the provided private key is an instance of Secp256k1PrivateKey.\n   *\n   * @param privateKey - The private key to be checked.\n   *\n   * @deprecated use `instanceof Secp256k1PrivateKey` instead\n   * @group Implementation\n   * @category Serialization\n   */\n  static isPrivateKey(privateKey: PrivateKey): privateKey is Secp256k1PrivateKey {\n    return privateKey instanceof Secp256k1PrivateKey;\n  }\n}\n\n/**\n * Represents a signature of a message signed using a Secp256k1 ECDSA private key.\n *\n * @group Implementation\n * @category Serialization\n */\nexport class Secp256k1Signature extends Signature {\n  /**\n   * Secp256k1 ecdsa signatures are 256-bit.\n   * @group Implementation\n   * @category Serialization\n   */\n  static readonly LENGTH = 64;\n\n  /**\n   * The signature bytes\n   * @private\n   * @group Implementation\n   * @category Serialization\n   */\n  private readonly data: Hex;\n\n  // region Constructors\n\n  /**\n   * Create a new Signature instance from a Uint8Array or String.\n   *\n   * @param hexInput A HexInput (string or Uint8Array)\n   * @group Implementation\n   * @category Serialization\n   */\n  constructor(hexInput: HexInput) {\n    super();\n    const data = Hex.fromHexInput(hexInput);\n    if (data.toUint8Array().length !== Secp256k1Signature.LENGTH) {\n      throw new Error(\n        `Signature length should be ${Secp256k1Signature.LENGTH}, received ${data.toUint8Array().length}`,\n      );\n    }\n    this.data = data;\n  }\n\n  // endregion\n\n  // region Signature\n\n  toUint8Array(): Uint8Array {\n    return this.data.toUint8Array();\n  }\n\n  // endregion\n\n  // region Serializable\n\n  serialize(serializer: Serializer): void {\n    serializer.serializeBytes(this.data.toUint8Array());\n  }\n\n  static deserialize(deserializer: Deserializer): Secp256k1Signature {\n    const hex = deserializer.deserializeBytes();\n    return new Secp256k1Signature(hex);\n  }\n\n  // endregion\n}\n"],"mappings":"sSAGA,OAAS,YAAAA,MAAgB,qBACzB,OAAS,aAAAC,MAAiB,0BAC1B,OAAS,SAAAC,MAAa,eAmBf,IAAMC,EAAN,MAAMA,UAA2BC,CAAU,CAmBhD,YAAYC,EAAoB,CAC9B,MAAM,EAEN,IAAMC,EAAMC,EAAI,aAAaF,CAAQ,EAC/B,CAAE,OAAAG,CAAO,EAAIF,EAAI,aAAa,EACpC,GAAIE,IAAWL,EAAmB,OAChC,KAAK,IAAMG,UACFE,IAAWL,EAAmB,kBAAmB,CAC1D,IAAMM,EAAQC,EAAU,gBAAgB,QAAQJ,EAAI,aAAa,CAAC,EAClE,KAAK,IAAMC,EAAI,aAAaE,EAAM,WAAW,EAAK,CAAC,CACrD,KACE,OAAM,IAAI,MACR,8BAA8BN,EAAmB,MAAM,OAAOA,EAAmB,iBAAiB,cAAcK,CAAM,EACxH,CAEJ,CAcA,gBAAgBG,EAAqE,CACnF,GAAM,CAAE,QAAAC,EAAS,UAAAC,CAAU,EAAIF,EACzBG,EAAkBC,EAAsBH,CAAO,EAC/CI,EAAeT,EAAI,aAAaO,CAAe,EAAE,aAAa,EAC9DG,EAAmBC,EAASF,CAAY,EACxCG,EAAiBN,EAAU,aAAa,EAC9C,OAAOH,EAAU,OAAOS,EAAgBF,EAAkB,KAAK,IAAI,aAAa,EAAG,CAAE,KAAM,EAAK,CAAC,CACnG,CAgBA,MAAM,qBAAqBN,EAIN,CACnB,OAAO,KAAK,gBAAgBA,CAAI,CAClC,CASA,cAA2B,CACzB,OAAO,KAAK,IAAI,aAAa,CAC/B,CAcA,UAAUS,EAA8B,CACtCA,EAAW,eAAe,KAAK,IAAI,aAAa,CAAC,CACnD,CAWA,YAAYC,EAA4B,CACtC,IAAMf,EAAMe,EAAa,iBAAiB,EAC1C,OAAO,IAAIC,EAAmBhB,CAAG,CACnC,CAEA,OAAO,YAAYe,EAAgD,CACjE,IAAME,EAAQF,EAAa,iBAAiB,EAC5C,OAAO,IAAIlB,EAAmBoB,CAAK,CACrC,CAYA,OAAO,YAAYC,EAAuD,CACxE,OAAOA,aAAqBrB,CAC9B,CAWA,OAAO,WAAWqB,EAAuD,CACvE,MAAO,QAASA,GAAcA,EAAU,KAAa,MAAM,SAAWrB,EAAmB,MAC3F,CACF,EAvJaA,EAEK,OAAiB,GAFtBA,EAKK,kBAA4B,GALvC,IAAMsB,EAANtB,EA+JMuB,EAAN,MAAMA,UAA4BC,CAAmC,CA4B1E,YAAYtB,EAAoBuB,EAAkB,CAChD,MAAM,EAEN,IAAMC,EAAgBC,EAAW,cAAczB,cAAwCuB,CAAM,EAC7F,GAAIC,EAAc,aAAa,EAAE,SAAWH,EAAoB,OAC9D,MAAM,IAAI,MAAM,+BAA+BA,EAAoB,MAAM,EAAE,EAG7E,KAAK,IAAMG,CACb,CASA,OAAO,UAAgC,CACrC,IAAMxB,EAAWK,EAAU,MAAM,iBAAiB,EAClD,OAAO,IAAIgB,EAAoBrB,EAAU,EAAK,CAChD,CAcA,OAAO,mBAAmB0B,EAAcC,EAAwC,CAC9E,GAAI,CAACC,EAAiBF,CAAI,EACxB,MAAM,IAAI,MAAM,2BAA2BA,CAAI,EAAE,EAEnD,OAAOL,EAAoB,wBAAwBK,EAAMG,EAAeF,CAAS,CAAC,CACpF,CAaA,OAAe,wBAAwBD,EAAcI,EAAuC,CAC1F,GAAM,CAAE,WAAAC,CAAW,EAAIC,EAAM,eAAeF,CAAI,EAAE,OAAOJ,CAAI,EAE7D,GAAIK,IAAe,KACjB,MAAM,IAAI,MAAM,aAAa,EAG/B,OAAO,IAAIV,EAAoBU,EAAY,EAAK,CAClD,CAeA,KAAKxB,EAAuC,CAC1C,IAAM0B,EAAgBvB,EAAsBH,CAAO,EAC7CI,EAAeT,EAAI,aAAa+B,CAAa,EAC7CC,EAAmBrB,EAASF,EAAa,aAAa,CAAC,EACvDH,EAAYH,EAAU,KAAK6B,EAAkB,KAAK,IAAI,aAAa,EAAG,CAAE,KAAM,EAAK,CAAC,EAC1F,OAAO,IAAIjB,EAAmBT,EAAU,kBAAkB,CAAC,CAC7D,CASA,WAAgC,CAC9B,IAAMU,EAAQb,EAAU,aAAa,KAAK,IAAI,aAAa,EAAG,EAAK,EACnE,OAAO,IAAIe,EAAmBF,CAAK,CACrC,CASA,cAA2B,CACzB,OAAO,KAAK,IAAI,aAAa,CAC/B,CASA,UAAmB,CACjB,OAAO,KAAK,cAAc,CAC5B,CAOA,aAAsB,CACpB,OAAO,KAAK,IAAI,SAAS,CAC3B,CASA,eAAwB,CACtB,OAAOO,EAAW,iBAAiB,KAAK,IAAI,SAAS,aAA+B,CACtF,CAMA,UAAUV,EAA8B,CACtCA,EAAW,eAAe,KAAK,aAAa,CAAC,CAC/C,CAEA,OAAO,YAAYC,EAAiD,CAClE,IAAME,EAAQF,EAAa,iBAAiB,EAC5C,OAAO,IAAIK,EAAoBH,EAAO,EAAK,CAC7C,CAaA,OAAO,aAAaa,EAA2D,CAC7E,OAAOA,aAAsBV,CAC/B,CACF,EAjMaA,EAMK,OAAiB,GAN5B,IAAMc,EAANd,EAyMMe,EAAN,MAAMA,UAA2BC,CAAU,CAyBhD,YAAYrC,EAAoB,CAC9B,MAAM,EACN,IAAMsC,EAAOpC,EAAI,aAAaF,CAAQ,EACtC,GAAIsC,EAAK,aAAa,EAAE,SAAWF,EAAmB,OACpD,MAAM,IAAI,MACR,8BAA8BA,EAAmB,MAAM,cAAcE,EAAK,aAAa,EAAE,MAAM,EACjG,EAEF,KAAK,KAAOA,CACd,CAMA,cAA2B,CACzB,OAAO,KAAK,KAAK,aAAa,CAChC,CAMA,UAAUvB,EAA8B,CACtCA,EAAW,eAAe,KAAK,KAAK,aAAa,CAAC,CACpD,CAEA,OAAO,YAAYC,EAAgD,CACjE,IAAMf,EAAMe,EAAa,iBAAiB,EAC1C,OAAO,IAAIoB,EAAmBnC,CAAG,CACnC,CAGF,EA1DamC,EAMK,OAAS,GANpB,IAAMnB,EAANmB","names":["sha3_256","secp256k1","HDKey","_Secp256k1PublicKey","PublicKey","hexInput","hex","Hex","length","point","secp256k1","args","message","signature","messageToVerify","convertSigningMessage","messageBytes","messageSha3Bytes","sha3_256","signatureBytes","serializer","deserializer","Secp256k1Signature","bytes","publicKey","Secp256k1PublicKey","_Secp256k1PrivateKey","Serializable","strict","privateKeyHex","PrivateKey","path","mnemonics","isValidBIP44Path","mnemonicToSeed","seed","privateKey","HDKey","messageToSign","messageHashBytes","Secp256k1PrivateKey","_Secp256k1Signature","Signature","data"]}