@aptos-labs/ts-sdk 7.0.0 → 7.1.0

package/dist/core/crypto/ed25519.d.ts

@@ -53,9 +53,49 @@ export declare class Ed25519PublicKey extends AccountPublicKey {
      * @category Serialization
      */
     constructor(hexInput: HexInput);
+    /**
+     * Verifies a signature against the exact bytes of `message`. This is the
+     * unambiguous form — the input is interpreted as raw bytes regardless of
+     * what they encode. Pair with {@link Ed25519PrivateKey.signBytes}.
+     *
+     * Performs an Ed25519 malleability check (rejects non-canonical S values)
+     * before delegating to the underlying curve verifier.
+     *
+     * @param args - The arguments for verification.
+     * @param args.message - The exact bytes that were signed.
+     * @param args.signature - The signature to verify.
+     * @group Implementation
+     * @category Serialization
+     */
+    verifyBytes(args: {
+        message: Uint8Array;
+        signature: Signature;
+    }): boolean;
+    /**
+     * Verifies a signature against the UTF-8 encoding of `message`. The input
+     * is always treated as text — there is no hex/text heuristic. Pair with
+     * {@link Ed25519PrivateKey.signText}.
+     *
+     * @param args - The arguments for verification.
+     * @param args.message - The text that was signed.
+     * @param args.signature - The signature to verify.
+     * @group Implementation
+     * @category Serialization
+     */
+    verifyText(args: {
+        message: string;
+        signature: Signature;
+    }): boolean;
     /**
      * Verifies a signed message using a public key.
      *
+     * @deprecated The polymorphic `message: HexInput` input is ambiguous — a
+     * bare even-length string of hex characters (e.g., `"cafe"`) is
+     * interpreted as the 2 bytes `[0xCA, 0xFE]`, not as 4 UTF-8 text bytes.
+     * Use {@link verifyBytes} for `Uint8Array` input or {@link verifyText}
+     * for `string` input; both are unambiguous. See
+     * {@link convertSigningMessage} for the full legacy rule.
+     *
      * @param args - The arguments for verification.
      * @param args.message - A signed message as a Hex string or Uint8Array.
      * @param args.signature - The signature of the message.
@@ -217,11 +257,40 @@ export declare class Ed25519PrivateKey extends Serializable implements PrivateKe
      */
     private ensureNotCleared;
     /**
-     * Clears the private key from memory by overwriting it with random bytes.
-     * After calling this method, the private key can no longer be used for signing or deriving public keys.
+     * Overwrites the underlying private-key byte buffer with random bytes and
+     * then zeros. After calling this method the key can no longer sign or
+     * derive a public key.
+     *
+     * SECURITY: This is a best-effort window-narrowing tool, NOT a true
+     * zeroization guarantee. In JavaScript, four classes of copies cannot be
+     * reached from user code and so survive `clear()`:
+     *
+     *   1. **JS string copies.** Any value previously produced by `toString()`,
+     *      `toHexString()`, or `bcsToHex().toString()` is an immutable string
+     *      in the heap. The language provides no API to overwrite string
+     *      memory; it is reclaimed only when GC collects it.
+     *   2. **noble-curves internals.** The sign path inside `@noble/curves`
+     *      expands the private key into scalar `BigInt` field elements, which
+     *      are also immutable in V8/JSC/Hermes. Even if noble explicitly zeroed
+     *      its own byte copies after use, the `BigInt` intermediates persist.
+     *   3. **JIT register / stack residue.** The engine may have held key
+     *      bytes in CPU registers or on the engine stack during a sign call.
+     *      There is no JS-visible way to scrub those.
+     *   4. **GC-relocated copies.** Generational GCs (V8, JSC) copy live
+     *      objects between heap regions during minor/major collections. The
+     *      `Uint8Array` we zeroed may have stale copies sitting in survivor
+     *      space until the next cycle reclaims them.
+     *
+     * This method zeros the SDK's own `Uint8Array` (the most reachable
+     * copy), but downstream consumers should treat it as a hardening signal,
+     * not a guarantee. If you need real key-material hygiene, prefer
+     * non-extractable `crypto.subtle` keys (where the underlying algorithm
+     * is supported by the host runtime), a WASM-backed crypto library, or
+     * hardware-backed keys (passkeys / secure enclave / HSM).
      *
-     * Note: Due to JavaScript's memory management, this cannot guarantee complete removal of
-     * sensitive data from memory, but it significantly reduces the window of exposure.
+     * To minimize the size of the unreachable-copy set, avoid calling
+     * `toString()` / `toHexString()` on private keys at all in long-lived
+     * processes — the byte form is what gets cleared.
      *
      * @group Implementation
      * @category Serialization
@@ -244,10 +313,41 @@ export declare class Ed25519PrivateKey extends Serializable implements PrivateKe
      * @category Serialization
      */
     publicKey(): Ed25519PublicKey;
+    /**
+     * Sign exactly the bytes of `message`. The input is interpreted as raw
+     * bytes regardless of what they encode. Pair with
+     * {@link Ed25519PublicKey.verifyBytes}.
+     *
+     * @param message - The exact bytes to sign.
+     * @returns A digital signature for the provided bytes.
+     * @throws Error if the private key has been cleared from memory.
+     * @group Implementation
+     * @category Serialization
+     */
+    signBytes(message: Uint8Array): Ed25519Signature;
+    /**
+     * Sign the UTF-8 encoding of `message`. The input is always treated as
+     * text — there is no hex/text heuristic. Pair with
+     * {@link Ed25519PublicKey.verifyText}.
+     *
+     * @param message - The text to sign.
+     * @returns A digital signature for the UTF-8 bytes of the provided text.
+     * @throws Error if the private key has been cleared from memory.
+     * @group Implementation
+     * @category Serialization
+     */
+    signText(message: string): Ed25519Signature;
     /**
      * Sign the given message with the private key.
      * This function generates a digital signature for the specified message, ensuring its authenticity and integrity.
      *
+     * @deprecated The polymorphic `message: HexInput` input is ambiguous — a
+     * bare even-length string of hex characters (e.g., `"cafe"`) is signed
+     * as the 2 bytes `[0xCA, 0xFE]`, not as 4 UTF-8 text bytes. Use
+     * {@link signBytes} for `Uint8Array` input or {@link signText} for
+     * `string` input; both are unambiguous. See
+     * {@link convertSigningMessage} for the full legacy rule.
+     *
      * @param message - A message as a string or Uint8Array in HexInput format.
      * @returns A digital signature for the provided message.
      * @throws Error if the private key has been cleared from memory.
@@ -267,6 +367,13 @@ export declare class Ed25519PrivateKey extends Serializable implements PrivateKe
     /**
      * Get the private key as a hex string with the 0x prefix.
      *
+     * SECURITY: This produces an immutable JS string containing the key
+     * material in hex. Strings cannot be zeroed by `clear()` (see the
+     * `clear()` JSDoc for the four classes of unreachable copies). Avoid
+     * calling this method on long-lived `Ed25519PrivateKey` instances in
+     * processes where memory hygiene matters; prefer `toUint8Array()`,
+     * which returns a clearable `Uint8Array`.
+     *
      * @returns string representation of the private key.
      * @throws Error if the private key has been cleared from memory.
      * @group Implementation
@@ -276,6 +383,9 @@ export declare class Ed25519PrivateKey extends Serializable implements PrivateKe
     /**
      * Get the private key as a hex string with the 0x prefix.
      *
+     * SECURITY: Same caveat as `toString()` — the returned string is an
+     * immutable JS heap allocation that `clear()` cannot zero.
+     *
      * @returns string representation of the private key.
      * @throws Error if the private key has been cleared from memory.
      */
@@ -285,6 +395,9 @@ export declare class Ed25519PrivateKey extends Serializable implements PrivateKe
      *
      * [Read about AIP-80](https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-80.md)
      *
+     * SECURITY: Same caveat as `toString()` — produces an immutable JS string
+     * containing the key material; cannot be zeroed by `clear()`.
+     *
      * @returns AIP-80 compliant string representation of the private key.
      * @throws Error if the private key has been cleared from memory.
      */

package/dist/core/crypto/ed25519.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ed25519.d.ts","sourceRoot":"","sources":["../../../src/core/crypto/ed25519.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,OAAO,EAAE,QAAQ,EAAgE,MAAM,sBAAsB,CAAC;AAE9G,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,SAAS,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC5G,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAa3C;;;;;;;;;;;GAWG;AACH,wBAAgB,2BAA2B,CAAC,SAAS,EAAE,SAAS,GAAG,OAAO,CAYzE;AAED;;;;;;;;;;GAUG;AACH,qBAAa,gBAAiB,SAAQ,gBAAgB;IACpD;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAM;IAEpC;;;;;OAKG;IACH,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAM;IAE1B;;;;;;;;OAQG;gBACS,QAAQ,EAAE,QAAQ;IAY9B;;;;;;;;OAQG;IACH,eAAe,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO;IAcnD;;;;;;;;;;;;;OAaG;IACG,oBAAoB,CAAC,IAAI,EAAE,wBAAwB,GAAG,OAAO,CAAC,OAAO,CAAC;IAI5E;;;;;;;OAOG;IACH,OAAO,IAAI,iBAAiB;IAO5B;;;;;;OAMG;IACH,YAAY,IAAI,UAAU;IAQ1B;;;;;;;OAOG;IACH,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAIvC;;;;;;;OAOG;IACH,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,gBAAgB;IAOhE;;;;;;;;OAQG;IACH,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,gBAAgB,GAAG,SAAS,IAAI,gBAAgB;IAI9E;;;;;;;;;OASG;IACH,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,SAAS,GAAG,SAAS,IAAI,gBAAgB;CAYvE;AAED;;;;GAIG;AACH,qBAAa,iBAAkB,SAAQ,YAAa,YAAW,UAAU;IACvE;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAM;IAEpC;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,cAAc,kBAAkB;IAEhD;;;;;OAKG;IACH,OAAO,CAAC,UAAU,CAAM;IAExB;;;OAGG;IACH,OAAO,CAAC,OAAO,CAAkB;IAIjC;;;;;;;;;OASG;gBACS,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,OAAO;IAYhD;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,IAAI,iBAAiB;IAKpC;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,iBAAiB;IAO7E;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,MAAM,CAAC,uBAAuB;IAiBtC;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAMxB;;;;;;;;;OASG;IACH,KAAK,IAAI,IAAI;IAgBb;;;;;;OAMG;IACH,SAAS,IAAI,OAAO;IAIpB;;;;;;;OAOG;IACH,SAAS,IAAI,gBAAgB;IAM7B;;;;;;;;;OASG;IACH,IAAI,CAAC,OAAO,EAAE,QAAQ,GAAG,gBAAgB;IAQzC;;;;;;;OAOG;IACH,YAAY,IAAI,UAAU;IAK1B;;;;;;;OAOG;IACH,QAAQ,IAAI,MAAM;IAKlB;;;;;OAKG;IACH,WAAW,IAAI,MAAM;IAKrB;;;;;;;OAOG;IACH,aAAa,IAAI,MAAM;IASvB,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAIvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,iBAAiB;IAOjE;;;;;;;;;OASG;IACH,MAAM,CAAC,YAAY,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,IAAI,iBAAiB;CAG7E;AAED;;;;GAIG;AACH,qBAAa,gBAAiB,SAAQ,SAAS;IAC7C;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,MAAM,MAAM;IAE5B;;;;;OAKG;IACH,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAM;gBAIf,QAAQ,EAAE,QAAQ;IAa9B,YAAY,IAAI,UAAU;IAQ1B,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAIvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,gBAAgB;CAMjE"}
+{"version":3,"file":"ed25519.d.ts","sourceRoot":"","sources":["../../../src/core/crypto/ed25519.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,OAAO,EAAE,QAAQ,EAAgE,MAAM,sBAAsB,CAAC;AAE9G,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,SAAS,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC5G,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAc3C;;;;;;;;;;;GAWG;AACH,wBAAgB,2BAA2B,CAAC,SAAS,EAAE,SAAS,GAAG,OAAO,CAYzE;AAED;;;;;;;;;;GAUG;AACH,qBAAa,gBAAiB,SAAQ,gBAAgB;IACpD;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAM;IAEpC;;;;;OAKG;IACH,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAM;IAE1B;;;;;;;;OAQG;gBACS,QAAQ,EAAE,QAAQ;IAY9B;;;;;;;;;;;;;OAaG;IACH,WAAW,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,UAAU,CAAC;QAAC,SAAS,EAAE,SAAS,CAAA;KAAE,GAAG,OAAO;IAQzE;;;;;;;;;;OAUG;IACH,UAAU,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,SAAS,CAAA;KAAE,GAAG,OAAO;IAIpE;;;;;;;;;;;;;;;OAeG;IACH,eAAe,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO;IAOnD;;;;;;;;;;;;;OAaG;IACG,oBAAoB,CAAC,IAAI,EAAE,wBAAwB,GAAG,OAAO,CAAC,OAAO,CAAC;IAI5E;;;;;;;OAOG;IACH,OAAO,IAAI,iBAAiB;IAO5B;;;;;;OAMG;IACH,YAAY,IAAI,UAAU;IAQ1B;;;;;;;OAOG;IACH,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAIvC;;;;;;;OAOG;IACH,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,gBAAgB;IAOhE;;;;;;;;OAQG;IACH,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,gBAAgB,GAAG,SAAS,IAAI,gBAAgB;IAI9E;;;;;;;;;OASG;IACH,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,SAAS,GAAG,SAAS,IAAI,gBAAgB;CAYvE;AAED;;;;GAIG;AACH,qBAAa,iBAAkB,SAAQ,YAAa,YAAW,UAAU;IACvE;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAM;IAEpC;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,cAAc,kBAAkB;IAEhD;;;;;OAKG;IACH,OAAO,CAAC,UAAU,CAAM;IAExB;;;OAGG;IACH,OAAO,CAAC,OAAO,CAAkB;IAIjC;;;;;;;;;OASG;gBACS,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,OAAO;IAYhD;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,IAAI,iBAAiB;IAKpC;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,iBAAiB;IAO7E;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,MAAM,CAAC,uBAAuB;IAiBtC;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAMxB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;IACH,KAAK,IAAI,IAAI;IAgBb;;;;;;OAMG;IACH,SAAS,IAAI,OAAO;IAIpB;;;;;;;OAOG;IACH,SAAS,IAAI,gBAAgB;IAM7B;;;;;;;;;;OAUG;IACH,SAAS,CAAC,OAAO,EAAE,UAAU,GAAG,gBAAgB;IAMhD;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB;IAI3C;;;;;;;;;;;;;;;;OAgBG;IACH,IAAI,CAAC,OAAO,EAAE,QAAQ,GAAG,gBAAgB;IAMzC;;;;;;;OAOG;IACH,YAAY,IAAI,UAAU;IAK1B;;;;;;;;;;;;;;OAcG;IACH,QAAQ,IAAI,MAAM;IAKlB;;;;;;;;OAQG;IACH,WAAW,IAAI,MAAM;IAKrB;;;;;;;;;;OAUG;IACH,aAAa,IAAI,MAAM;IASvB,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAIvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,iBAAiB;IAOjE;;;;;;;;;OASG;IACH,MAAM,CAAC,YAAY,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,IAAI,iBAAiB;CAG7E;AAED;;;;GAIG;AACH,qBAAa,gBAAiB,SAAQ,SAAS;IAC7C;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,MAAM,MAAM;IAE5B;;;;;OAKG;IACH,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAM;gBAIf,QAAQ,EAAE,QAAQ;IAa9B,YAAY,IAAI,UAAU;IAQ1B,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAIvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,gBAAgB;CAMjE"}

package/dist/core/crypto/ed25519.js

@@ -9,6 +9,7 @@ import { CKDPriv, deriveKey, HARDENED_OFFSET, isValidHardenedPath, mnemonicToSee
 import { PrivateKey } from "./privateKey.js";
 import { AccountPublicKey } from "./publicKey.js";
 import { Signature } from "./signature.js";
+import { TEXT_ENCODER } from "../../utils/const.js";
 import { convertSigningMessage } from "./utils.js";
 /**
  * L is the value that greater than or equal to will produce a non-canonical signature, and must be rejected
@@ -87,9 +88,51 @@ export class Ed25519PublicKey extends AccountPublicKey {
         this.key = hex;
     }
     // region AccountPublicKey
+    /**
+     * Verifies a signature against the exact bytes of `message`. This is the
+     * unambiguous form — the input is interpreted as raw bytes regardless of
+     * what they encode. Pair with {@link Ed25519PrivateKey.signBytes}.
+     *
+     * Performs an Ed25519 malleability check (rejects non-canonical S values)
+     * before delegating to the underlying curve verifier.
+     *
+     * @param args - The arguments for verification.
+     * @param args.message - The exact bytes that were signed.
+     * @param args.signature - The signature to verify.
+     * @group Implementation
+     * @category Serialization
+     */
+    verifyBytes(args) {
+        const { message, signature } = args;
+        if (!isCanonicalEd25519Signature(signature)) {
+            return false;
+        }
+        return ed25519.verify(signature.toUint8Array(), message, this.key.toUint8Array());
+    }
+    /**
+     * Verifies a signature against the UTF-8 encoding of `message`. The input
+     * is always treated as text — there is no hex/text heuristic. Pair with
+     * {@link Ed25519PrivateKey.signText}.
+     *
+     * @param args - The arguments for verification.
+     * @param args.message - The text that was signed.
+     * @param args.signature - The signature to verify.
+     * @group Implementation
+     * @category Serialization
+     */
+    verifyText(args) {
+        return this.verifyBytes({ message: TEXT_ENCODER.encode(args.message), signature: args.signature });
+    }
     /**
      * Verifies a signed message using a public key.
      *
+     * @deprecated The polymorphic `message: HexInput` input is ambiguous — a
+     * bare even-length string of hex characters (e.g., `"cafe"`) is
+     * interpreted as the 2 bytes `[0xCA, 0xFE]`, not as 4 UTF-8 text bytes.
+     * Use {@link verifyBytes} for `Uint8Array` input or {@link verifyText}
+     * for `string` input; both are unambiguous. See
+     * {@link convertSigningMessage} for the full legacy rule.
+     *
      * @param args - The arguments for verification.
      * @param args.message - A signed message as a Hex string or Uint8Array.
      * @param args.signature - The signature of the message.
@@ -98,15 +141,9 @@ export class Ed25519PublicKey extends AccountPublicKey {
      */
     verifySignature(args) {
         const { message, signature } = args;
-        // Verify malleability
-        if (!isCanonicalEd25519Signature(signature)) {
-            return false;
-        }
         const messageToVerify = convertSigningMessage(message);
         const messageBytes = Hex.fromHexInput(messageToVerify).toUint8Array();
-        const signatureBytes = signature.toUint8Array();
-        const publicKeyBytes = this.key.toUint8Array();
-        return ed25519.verify(signatureBytes, messageBytes, publicKeyBytes);
+        return this.verifyBytes({ message: messageBytes, signature });
     }
     /**
      * Note: Ed25519Signatures can be verified syncronously.
@@ -322,11 +359,40 @@ export class Ed25519PrivateKey extends Serializable {
         }
     }
     /**
-     * Clears the private key from memory by overwriting it with random bytes.
-     * After calling this method, the private key can no longer be used for signing or deriving public keys.
+     * Overwrites the underlying private-key byte buffer with random bytes and
+     * then zeros. After calling this method the key can no longer sign or
+     * derive a public key.
+     *
+     * SECURITY: This is a best-effort window-narrowing tool, NOT a true
+     * zeroization guarantee. In JavaScript, four classes of copies cannot be
+     * reached from user code and so survive `clear()`:
      *
-     * Note: Due to JavaScript's memory management, this cannot guarantee complete removal of
-     * sensitive data from memory, but it significantly reduces the window of exposure.
+     *   1. **JS string copies.** Any value previously produced by `toString()`,
+     *      `toHexString()`, or `bcsToHex().toString()` is an immutable string
+     *      in the heap. The language provides no API to overwrite string
+     *      memory; it is reclaimed only when GC collects it.
+     *   2. **noble-curves internals.** The sign path inside `@noble/curves`
+     *      expands the private key into scalar `BigInt` field elements, which
+     *      are also immutable in V8/JSC/Hermes. Even if noble explicitly zeroed
+     *      its own byte copies after use, the `BigInt` intermediates persist.
+     *   3. **JIT register / stack residue.** The engine may have held key
+     *      bytes in CPU registers or on the engine stack during a sign call.
+     *      There is no JS-visible way to scrub those.
+     *   4. **GC-relocated copies.** Generational GCs (V8, JSC) copy live
+     *      objects between heap regions during minor/major collections. The
+     *      `Uint8Array` we zeroed may have stale copies sitting in survivor
+     *      space until the next cycle reclaims them.
+     *
+     * This method zeros the SDK's own `Uint8Array` (the most reachable
+     * copy), but downstream consumers should treat it as a hardening signal,
+     * not a guarantee. If you need real key-material hygiene, prefer
+     * non-extractable `crypto.subtle` keys (where the underlying algorithm
+     * is supported by the host runtime), a WASM-backed crypto library, or
+     * hardware-backed keys (passkeys / secure enclave / HSM).
+     *
+     * To minimize the size of the unreachable-copy set, avoid calling
+     * `toString()` / `toHexString()` on private keys at all in long-lived
+     * processes — the byte form is what gets cleared.
      *
      * @group Implementation
      * @category Serialization
@@ -369,10 +435,47 @@ export class Ed25519PrivateKey extends Serializable {
         const bytes = ed25519.getPublicKey(this.signingKey.toUint8Array());
         return new Ed25519PublicKey(bytes);
     }
+    /**
+     * Sign exactly the bytes of `message`. The input is interpreted as raw
+     * bytes regardless of what they encode. Pair with
+     * {@link Ed25519PublicKey.verifyBytes}.
+     *
+     * @param message - The exact bytes to sign.
+     * @returns A digital signature for the provided bytes.
+     * @throws Error if the private key has been cleared from memory.
+     * @group Implementation
+     * @category Serialization
+     */
+    signBytes(message) {
+        this.ensureNotCleared();
+        const signatureBytes = ed25519.sign(message, this.signingKey.toUint8Array());
+        return new Ed25519Signature(signatureBytes);
+    }
+    /**
+     * Sign the UTF-8 encoding of `message`. The input is always treated as
+     * text — there is no hex/text heuristic. Pair with
+     * {@link Ed25519PublicKey.verifyText}.
+     *
+     * @param message - The text to sign.
+     * @returns A digital signature for the UTF-8 bytes of the provided text.
+     * @throws Error if the private key has been cleared from memory.
+     * @group Implementation
+     * @category Serialization
+     */
+    signText(message) {
+        return this.signBytes(TEXT_ENCODER.encode(message));
+    }
     /**
      * Sign the given message with the private key.
      * This function generates a digital signature for the specified message, ensuring its authenticity and integrity.
      *
+     * @deprecated The polymorphic `message: HexInput` input is ambiguous — a
+     * bare even-length string of hex characters (e.g., `"cafe"`) is signed
+     * as the 2 bytes `[0xCA, 0xFE]`, not as 4 UTF-8 text bytes. Use
+     * {@link signBytes} for `Uint8Array` input or {@link signText} for
+     * `string` input; both are unambiguous. See
+     * {@link convertSigningMessage} for the full legacy rule.
+     *
      * @param message - A message as a string or Uint8Array in HexInput format.
      * @returns A digital signature for the provided message.
      * @throws Error if the private key has been cleared from memory.
@@ -380,11 +483,9 @@ export class Ed25519PrivateKey extends Serializable {
      * @category Serialization
      */
     sign(message) {
-        this.ensureNotCleared();
         const messageToSign = convertSigningMessage(message);
         const messageBytes = Hex.fromHexInput(messageToSign).toUint8Array();
-        const signatureBytes = ed25519.sign(messageBytes, this.signingKey.toUint8Array());
-        return new Ed25519Signature(signatureBytes);
+        return this.signBytes(messageBytes);
     }
     /**
      * Get the private key in bytes (Uint8Array).
@@ -401,6 +502,13 @@ export class Ed25519PrivateKey extends Serializable {
     /**
      * Get the private key as a hex string with the 0x prefix.
      *
+     * SECURITY: This produces an immutable JS string containing the key
+     * material in hex. Strings cannot be zeroed by `clear()` (see the
+     * `clear()` JSDoc for the four classes of unreachable copies). Avoid
+     * calling this method on long-lived `Ed25519PrivateKey` instances in
+     * processes where memory hygiene matters; prefer `toUint8Array()`,
+     * which returns a clearable `Uint8Array`.
+     *
      * @returns string representation of the private key.
      * @throws Error if the private key has been cleared from memory.
      * @group Implementation
@@ -413,6 +521,9 @@ export class Ed25519PrivateKey extends Serializable {
     /**
      * Get the private key as a hex string with the 0x prefix.
      *
+     * SECURITY: Same caveat as `toString()` — the returned string is an
+     * immutable JS heap allocation that `clear()` cannot zero.
+     *
      * @returns string representation of the private key.
      * @throws Error if the private key has been cleared from memory.
      */
@@ -425,6 +536,9 @@ export class Ed25519PrivateKey extends Serializable {
      *
      * [Read about AIP-80](https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-80.md)
      *
+     * SECURITY: Same caveat as `toString()` — produces an immutable JS string
+     * containing the key material; cannot be zeroed by `clear()`.
+     *
      * @returns AIP-80 compliant string representation of the private key.
      * @throws Error if the private key has been cleared from memory.
      */

package/dist/core/crypto/ed25519.js.map

@@ -1 +1 @@
-{"version":3,"file":"ed25519.js","sourceRoot":"","sources":["../../../src/core/crypto/ed25519.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,sCAAsC;AAEtC,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAEnD,OAAO,EAAE,YAAY,EAAc,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAChC,OAAO,EAAY,aAAa,IAAI,uBAAuB,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,mBAAmB,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACjH,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAA4D,MAAM,gBAAgB,CAAC;AAC5G,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAEnD;;;;GAIG;AACH,MAAM,CAAC,GAAa;IAClB,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAChH,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;CAC7E,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,2BAA2B,CAAC,SAAoB;IAC9D,MAAM,CAAC,GAAG,SAAS,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,wDAAwD;IACxD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,OAAO,gBAAiB,SAAQ,gBAAgB;IACpD;;;;OAIG;IACH,MAAM,CAAU,MAAM,GAAW,EAAE,CAAC;IAEpC;;;;;OAKG;IACc,GAAG,CAAM;IAE1B;;;;;;;;OAQG;IACH,YAAY,QAAkB;QAC5B,KAAK,EAAE,CAAC;QAER,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC,MAAM,KAAK,gBAAgB,CAAC,MAAM,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,8BAA8B,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3E,CAAC;QACD,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED,0BAA0B;IAE1B;;;;;;;;OAQG;IACH,eAAe,CAAC,IAAyB;QACvC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;QACpC,sBAAsB;QACtB,IAAI,CAAC,2BAA2B,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC,YAAY,EAAE,CAAC;QACtE,MAAM,cAAc,GAAG,SAAS,CAAC,YAAY,EAAE,CAAC;QAChD,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;QAC/C,OAAO,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,YAAY,EAAE,cAAc,CAAC,CAAC;IACtE,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,oBAAoB,CAAC,IAA8B;QACvD,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAED;;;;;;;OAOG;IACH,OAAO;QACL,OAAO,iBAAiB,CAAC,kBAAkB,CAAC;YAC1C,MAAM,EAAE,uBAAuB,CAAC,OAAO;YACvC,KAAK,EAAE,IAAI,CAAC,YAAY,EAAE;SAC3B,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;IACjC,CAAC;IAED,YAAY;IAEZ,sBAAsB;IAEtB;;;;;;;OAOG;IACH,SAAS,CAAC,UAAsB;QAC9B,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;IACrD,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,WAAW,CAAC,YAA0B;QAC3C,MAAM,KAAK,GAAG,YAAY,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,IAAI,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,YAAY;IAEZ;;;;;;;;OAQG;IACH,MAAM,CAAC,WAAW,CAAC,SAA2B;QAC5C,OAAO,SAAS,YAAY,gBAAgB,CAAC;IAC/C,CAAC;IAED;;;;;;;;;OASG;IACH,MAAM,CAAC,UAAU,CAAC,SAAoB;QACpC,OAAO,CACL,KAAK,IAAI,SAAS;YAClB,OAAO,SAAS,CAAC,GAAG,KAAK,QAAQ;YACjC,SAAS,CAAC,GAAG,KAAK,IAAI;YACtB,MAAM,IAAI,SAAS,CAAC,GAAG;YACvB,OAAO,SAAS,CAAC,GAAG,CAAC,IAAI,KAAK,QAAQ;YACtC,SAAS,CAAC,GAAG,CAAC,IAAI,KAAK,IAAI;YAC3B,QAAQ,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI;YAC9B,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,KAAK,gBAAgB,CAAC,MAAM,CACxD,CAAC;IACJ,CAAC;;AAGH;;;;GAIG;AACH,MAAM,OAAO,iBAAkB,SAAQ,YAAY;IACjD;;;;OAIG;IACH,MAAM,CAAU,MAAM,GAAW,EAAE,CAAC;IAEpC;;;;;OAKG;IACH,MAAM,CAAU,cAAc,GAAG,cAAc,CAAC;IAEhD;;;;;OAKG;IACK,UAAU,CAAM;IAExB;;;OAGG;IACK,OAAO,GAAY,KAAK,CAAC;IAEjC,sBAAsB;IAEtB;;;;;;;;;OASG;IACH,YAAY,QAAkB,EAAE,MAAgB;QAC9C,KAAK,EAAE,CAAC;QAER,MAAM,aAAa,GAAG,UAAU,CAAC,aAAa,CAAC,QAAQ,EAAE,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7F,IAAI,aAAa,CAAC,YAAY,EAAE,CAAC,MAAM,KAAK,iBAAiB,CAAC,MAAM,EAAE,CAAC;YACrE,MAAM,IAAI,KAAK,CAAC,+BAA+B,iBAAiB,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,uDAAuD;QACvD,IAAI,CAAC,UAAU,GAAG,aAAa,CAAC;IAClC,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ;QACb,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;QAChD,OAAO,IAAI,iBAAiB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,kBAAkB,CAAC,IAAY,EAAE,SAAiB;QACvD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,iBAAiB,CAAC,uBAAuB,CAAC,IAAI,EAAE,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC;IACpF,CAAC;IAED;;;;;;;;;;;OAWG;IACK,MAAM,CAAC,uBAAuB,CAAC,IAAY,EAAE,IAAgB,EAAE,MAAM,GAAG,eAAe;QAC7F,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,SAAS,CAAC,iBAAiB,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QAE7E,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAE/D,yCAAyC;QACzC,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,GAAG,MAAM,CAAC,EAAE;YAC1G,GAAG;YACH,SAAS;SACV,CAAC,CAAC;QACH,OAAO,IAAI,iBAAiB,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC;IAED,YAAY;IAEZ,oBAAoB;IAEpB;;;OAGG;IACK,gBAAgB;QACtB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;QACxF,CAAC;IACH,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK;QACH,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;YAChD,gDAAgD;YAChD,sBAAsB;YACtB,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACjC,8BAA8B;YAC9B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpB,4BAA4B;YAC5B,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACjC,sCAAsC;YACtC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACjB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACtB,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;;;;;;OAOG;IACH,SAAS;QACP,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC,CAAC;QACnE,OAAO,IAAI,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED;;;;;;;;;OASG;IACH,IAAI,CAAC,OAAiB;QACpB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,MAAM,aAAa,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACrD,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,YAAY,EAAE,CAAC;QACpE,MAAM,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC,CAAC;QAClF,OAAO,IAAI,gBAAgB,CAAC,cAAc,CAAC,CAAC;IAC9C,CAAC;IAED;;;;;;;OAOG;IACH,YAAY;QACV,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;IACxC,CAAC;IAED;;;;;;;OAOG;IACH,QAAQ;QACN,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC;IAC9B,CAAC;IAED;;;;;OAKG;IACH,WAAW;QACT,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;IACpC,CAAC;IAED;;;;;;;OAOG;IACH,aAAa;QACX,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC7F,CAAC;IAED,YAAY;IAEZ,sBAAsB;IAEtB,SAAS,CAAC,UAAsB;QAC9B,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,WAAW,CAAC,YAA0B;QAC3C,MAAM,KAAK,GAAG,YAAY,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,IAAI,iBAAiB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC7C,CAAC;IAED,YAAY;IAEZ;;;;;;;;;OASG;IACH,MAAM,CAAC,YAAY,CAAC,UAAsB;QACxC,OAAO,UAAU,YAAY,iBAAiB,CAAC;IACjD,CAAC;;AAGH;;;;GAIG;AACH,MAAM,OAAO,gBAAiB,SAAQ,SAAS;IAC7C;;;;OAIG;IACH,MAAM,CAAU,MAAM,GAAG,EAAE,CAAC;IAE5B;;;;;OAKG;IACc,IAAI,CAAM;IAE3B,sBAAsB;IAEtB,YAAY,QAAkB;QAC5B,KAAK,EAAE,CAAC;QACR,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC,MAAM,KAAK,gBAAgB,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,IAAI,KAAK,CAAC,8BAA8B,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3E,CAAC;QACD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,YAAY;IAEZ,mBAAmB;IAEnB,YAAY;QACV,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;IAClC,CAAC;IAED,YAAY;IAEZ,sBAAsB;IAEtB,SAAS,CAAC,UAAsB;QAC9B,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,CAAC,WAAW,CAAC,YAA0B;QAC3C,MAAM,KAAK,GAAG,YAAY,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,IAAI,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC"}
+{"version":3,"file":"ed25519.js","sourceRoot":"","sources":["../../../src/core/crypto/ed25519.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,sCAAsC;AAEtC,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAEnD,OAAO,EAAE,YAAY,EAAc,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAChC,OAAO,EAAY,aAAa,IAAI,uBAAuB,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,mBAAmB,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACjH,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAA4D,MAAM,gBAAgB,CAAC;AAC5G,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAEnD;;;;GAIG;AACH,MAAM,CAAC,GAAa;IAClB,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAChH,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;CAC7E,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,2BAA2B,CAAC,SAAoB;IAC9D,MAAM,CAAC,GAAG,SAAS,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,wDAAwD;IACxD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,OAAO,gBAAiB,SAAQ,gBAAgB;IACpD;;;;OAIG;IACH,MAAM,CAAU,MAAM,GAAW,EAAE,CAAC;IAEpC;;;;;OAKG;IACc,GAAG,CAAM;IAE1B;;;;;;;;OAQG;IACH,YAAY,QAAkB;QAC5B,KAAK,EAAE,CAAC;QAER,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC,MAAM,KAAK,gBAAgB,CAAC,MAAM,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,8BAA8B,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3E,CAAC;QACD,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED,0BAA0B;IAE1B;;;;;;;;;;;;;OAaG;IACH,WAAW,CAAC,IAAmD;QAC7D,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;QACpC,IAAI,CAAC,2BAA2B,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5C,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;IACpF,CAAC;IAED;;;;;;;;;;OAUG;IACH,UAAU,CAAC,IAA+C;QACxD,OAAO,IAAI,CAAC,WAAW,CAAC,EAAE,OAAO,EAAE,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IACrG,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,eAAe,CAAC,IAAyB;QACvC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;QACpC,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC,YAAY,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC,WAAW,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC,CAAC;IAChE,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,oBAAoB,CAAC,IAA8B;QACvD,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAED;;;;;;;OAOG;IACH,OAAO;QACL,OAAO,iBAAiB,CAAC,kBAAkB,CAAC;YAC1C,MAAM,EAAE,uBAAuB,CAAC,OAAO;YACvC,KAAK,EAAE,IAAI,CAAC,YAAY,EAAE;SAC3B,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;IACjC,CAAC;IAED,YAAY;IAEZ,sBAAsB;IAEtB;;;;;;;OAOG;IACH,SAAS,CAAC,UAAsB;QAC9B,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;IACrD,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,WAAW,CAAC,YAA0B;QAC3C,MAAM,KAAK,GAAG,YAAY,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,IAAI,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,YAAY;IAEZ;;;;;;;;OAQG;IACH,MAAM,CAAC,WAAW,CAAC,SAA2B;QAC5C,OAAO,SAAS,YAAY,gBAAgB,CAAC;IAC/C,CAAC;IAED;;;;;;;;;OASG;IACH,MAAM,CAAC,UAAU,CAAC,SAAoB;QACpC,OAAO,CACL,KAAK,IAAI,SAAS;YAClB,OAAO,SAAS,CAAC,GAAG,KAAK,QAAQ;YACjC,SAAS,CAAC,GAAG,KAAK,IAAI;YACtB,MAAM,IAAI,SAAS,CAAC,GAAG;YACvB,OAAO,SAAS,CAAC,GAAG,CAAC,IAAI,KAAK,QAAQ;YACtC,SAAS,CAAC,GAAG,CAAC,IAAI,KAAK,IAAI;YAC3B,QAAQ,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI;YAC9B,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,KAAK,gBAAgB,CAAC,MAAM,CACxD,CAAC;IACJ,CAAC;;AAGH;;;;GAIG;AACH,MAAM,OAAO,iBAAkB,SAAQ,YAAY;IACjD;;;;OAIG;IACH,MAAM,CAAU,MAAM,GAAW,EAAE,CAAC;IAEpC;;;;;OAKG;IACH,MAAM,CAAU,cAAc,GAAG,cAAc,CAAC;IAEhD;;;;;OAKG;IACK,UAAU,CAAM;IAExB;;;OAGG;IACK,OAAO,GAAY,KAAK,CAAC;IAEjC,sBAAsB;IAEtB;;;;;;;;;OASG;IACH,YAAY,QAAkB,EAAE,MAAgB;QAC9C,KAAK,EAAE,CAAC;QAER,MAAM,aAAa,GAAG,UAAU,CAAC,aAAa,CAAC,QAAQ,EAAE,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7F,IAAI,aAAa,CAAC,YAAY,EAAE,CAAC,MAAM,KAAK,iBAAiB,CAAC,MAAM,EAAE,CAAC;YACrE,MAAM,IAAI,KAAK,CAAC,+BAA+B,iBAAiB,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,uDAAuD;QACvD,IAAI,CAAC,UAAU,GAAG,aAAa,CAAC;IAClC,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ;QACb,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;QAChD,OAAO,IAAI,iBAAiB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,kBAAkB,CAAC,IAAY,EAAE,SAAiB;QACvD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,iBAAiB,CAAC,uBAAuB,CAAC,IAAI,EAAE,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC;IACpF,CAAC;IAED;;;;;;;;;;;OAWG;IACK,MAAM,CAAC,uBAAuB,CAAC,IAAY,EAAE,IAAgB,EAAE,MAAM,GAAG,eAAe;QAC7F,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,SAAS,CAAC,iBAAiB,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QAE7E,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAE/D,yCAAyC;QACzC,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,GAAG,MAAM,CAAC,EAAE;YAC1G,GAAG;YACH,SAAS;SACV,CAAC,CAAC;QACH,OAAO,IAAI,iBAAiB,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC;IAED,YAAY;IAEZ,oBAAoB;IAEpB;;;OAGG;IACK,gBAAgB;QACtB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;QACxF,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;IACH,KAAK;QACH,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;YAChD,gDAAgD;YAChD,sBAAsB;YACtB,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACjC,8BAA8B;YAC9B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpB,4BAA4B;YAC5B,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACjC,sCAAsC;YACtC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACjB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACtB,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;;;;;;OAOG;IACH,SAAS;QACP,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC,CAAC;QACnE,OAAO,IAAI,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED;;;;;;;;;;OAUG;IACH,SAAS,CAAC,OAAmB;QAC3B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,MAAM,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC,CAAC;QAC7E,OAAO,IAAI,gBAAgB,CAAC,cAAc,CAAC,CAAC;IAC9C,CAAC;IAED;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,OAAe;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IACtD,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACH,IAAI,CAAC,OAAiB;QACpB,MAAM,aAAa,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACrD,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,YAAY,EAAE,CAAC;QACpE,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IACtC,CAAC;IAED;;;;;;;OAOG;IACH,YAAY;QACV,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;IACxC,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACH,QAAQ;QACN,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC;IAC9B,CAAC;IAED;;;;;;;;OAQG;IACH,WAAW;QACT,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;IACpC,CAAC;IAED;;;;;;;;;;OAUG;IACH,aAAa;QACX,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC7F,CAAC;IAED,YAAY;IAEZ,sBAAsB;IAEtB,SAAS,CAAC,UAAsB;QAC9B,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,WAAW,CAAC,YAA0B;QAC3C,MAAM,KAAK,GAAG,YAAY,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,IAAI,iBAAiB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC7C,CAAC;IAED,YAAY;IAEZ;;;;;;;;;OASG;IACH,MAAM,CAAC,YAAY,CAAC,UAAsB;QACxC,OAAO,UAAU,YAAY,iBAAiB,CAAC;IACjD,CAAC;;AAGH;;;;GAIG;AACH,MAAM,OAAO,gBAAiB,SAAQ,SAAS;IAC7C;;;;OAIG;IACH,MAAM,CAAU,MAAM,GAAG,EAAE,CAAC;IAE5B;;;;;OAKG;IACc,IAAI,CAAM;IAE3B,sBAAsB;IAEtB,YAAY,QAAkB;QAC5B,KAAK,EAAE,CAAC;QACR,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC,MAAM,KAAK,gBAAgB,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,IAAI,KAAK,CAAC,8BAA8B,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3E,CAAC;QACD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,YAAY;IAEZ,mBAAmB;IAEnB,YAAY;QACV,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;IAClC,CAAC;IAED,YAAY;IAEZ,sBAAsB;IAEtB,SAAS,CAAC,UAAsB;QAC9B,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,CAAC,WAAW,CAAC,YAA0B;QAC3C,MAAM,KAAK,GAAG,YAAY,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,IAAI,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC"}

package/dist/core/crypto/keyless.d.ts

@@ -207,6 +207,14 @@ export declare class KeylessPublicKey extends AccountPublicKey {
      * Creates a KeylessPublicKey instance from a JWT and a pepper value.
      * This function is useful for generating a public key that can be used for authentication based on the provided JWT claims and pepper.
      *
+     * SECURITY: `jwtDecode` is a decode-only library — it does NOT verify the
+     * JWT signature. The cryptographic binding between the JWT and the user's
+     * identity is enforced on-chain by the keyless verifier (which validates
+     * the JWT signature against the JWK set published on-chain). Callers MUST
+     * therefore obtain `jwt` directly from a trusted IdP redirect/OAuth flow;
+     * do not accept arbitrary user-supplied JWT strings here, since a tampered
+     * JWT will derive a different account address than the chain expects.
+     *
      * @param args - The arguments for creating the KeylessPublicKey.
      * @param args.jwt - The JSON Web Token to decode.
      * @param args.pepper - The pepper value used in the key creation process.
@@ -728,6 +736,12 @@ export declare function getKeylessConfig(args: {
 /**
  * Parses a JWT and returns the 'iss', 'aud', and 'uid' values.
  *
+ * SECURITY: This function decodes claims without verifying the JWT signature.
+ * The keyless on-chain verifier is the authority that binds a JWT to its IdP;
+ * the SDK only uses these claims to derive the keyless account address and
+ * package the JWT for the prover service. Callers must source `jwt` from a
+ * trusted IdP redirect flow.
+ *
  * @param args - The arguments for parsing the JWT.
  * @param args.jwt - The JWT to parse.
  * @param args.uidKey - The key to use for the 'uid' value; defaults to 'sub'.

package/dist/core/crypto/keyless.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"keyless.d.ts","sourceRoot":"","sources":["../../../src/core/crypto/keyless.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAE5E,OAAO,EACL,QAAQ,EACR,2BAA2B,EAG3B,UAAU,EACV,gBAAgB,EAEjB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAExE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAEnC,OAAO,EACL,8BAA8B,EAC9B,4BAA4B,EAC5B,aAAa,EAEd,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAkB,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAK3E,OAAO,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAElE,OAAO,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AACzE,OAAO,EAAE,GAAG,EAAE,MAAM,iCAAiC,CAAC;AAEtD;;;GAGG;AACH,eAAO,MAAM,gBAAgB,WAAW,CAAC;AACzC;;;GAGG;AACH,eAAO,MAAM,iBAAiB,MAAM,CAAC;AACrC;;;GAGG;AACH,eAAO,MAAM,iBAAiB,KAAK,CAAC;AACpC;;;GAGG;AACH,eAAO,MAAM,iBAAiB,MAAM,CAAC;AACrC;;;GAGG;AACH,eAAO,MAAM,iBAAiB,MAAM,CAAC;AACrC;;;GAGG;AACH,eAAO,MAAM,qBAAqB,MAAM,CAAC;AACzC;;;GAGG;AACH,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAC5C;;;GAGG;AACH,eAAO,MAAM,sBAAsB,KAAK,CAAC;AAEzC;;;;;;;;;GASG;AACH,qBAAa,gBAAiB,SAAQ,gBAAgB;IACpD;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAM;IAElD;;;;OAIG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IAErB;;;;;;OAMG;IACH,QAAQ,CAAC,YAAY,EAAE,UAAU,CAAC;IAElC;;;;;;;;;;;OAWG;gBAES,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,QAAQ;IAU/C;;;;;;OAMG;IACH,OAAO,IAAI,iBAAiB;IAU5B;;;;;;;;;;;OAWG;IACH,eAAe,CAAC,IAAI,EAAE;QACpB,OAAO,EAAE,QAAQ,CAAC;QAClB,SAAS,EAAE,SAAS,CAAC;QACrB,GAAG,EAAE,OAAO,CAAC;QACb,aAAa,EAAE,oBAAoB,CAAC;KACrC,GAAG,OAAO;IAYX;;;;;;;;;OASG;IACG,oBAAoB,CAAC,IAAI,EAAE;QAC/B,WAAW,EAAE,WAAW,CAAC;QACzB,OAAO,EAAE,QAAQ,CAAC;QAClB,SAAS,EAAE,SAAS,CAAC;QACrB,OAAO,CAAC,EAAE;YAAE,oBAAoB,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC;KAC9C,GAAG,OAAO,CAAC,OAAO,CAAC;IAOpB;;;;;;;;;;;;OAYG;IACH,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAKvC;;;;;;;;OAQG;IACH,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,gBAAgB;IAMhE;;;;;;;;;;OAUG;IACH,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,YAAY,GAAG,gBAAgB;IAMzD;;;;;;;OAOG;IACH,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,GAAG,SAAS,IAAI,gBAAgB;IAIvE;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE;QAClB,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,QAAQ,CAAC;KAClB,GAAG,gBAAgB;IAKpB;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,QAAQ,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,gBAAgB;IAanG;;;;;;;OAOG;IACH,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,SAAS;CAQvC;AAED,wBAAsB,sBAAsB,CAAC,IAAI,EAAE;IACjD,SAAS,EAAE,gBAAgB,GAAG,yBAAyB,CAAC;IACxD,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,EAAE,QAAQ,CAAC;IAClB,SAAS,EAAE,SAAS,CAAC;IACrB,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,OAAO,CAAC,EAAE;QAAE,oBAAoB,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;CAC9C,GAAG,OAAO,CAAC,OAAO,CAAC,CA+BnB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,sCAAsC,CAAC,IAAI,EAAE;IAC3D,SAAS,EAAE,gBAAgB,GAAG,yBAAyB,CAAC;IACxD,OAAO,EAAE,QAAQ,CAAC;IAClB,SAAS,EAAE,SAAS,CAAC;IACrB,aAAa,EAAE,oBAAoB,CAAC;IACpC,GAAG,EAAE,OAAO,CAAC;CACd,GAAG,IAAI,CA+DP;AAkDD;;;;;;;GAOG;AACH,wBAAsB,QAAQ,CAAC,IAAI,EAAE;IACnC,WAAW,EAAE,WAAW,CAAC;IACzB,SAAS,EAAE,gBAAgB,GAAG,yBAAyB,CAAC;IACxD,GAAG,EAAE,MAAM,CAAC;CACb,GAAG,OAAO,CAAC,OAAO,CAAC,CAsCnB;AAeD;;;;GAIG;AACH,qBAAa,gBAAiB,SAAQ,SAAS;IAC7C;;;;OAIG;IACH,QAAQ,CAAC,oBAAoB,EAAE,oBAAoB,CAAC;IAEpD;;;;OAIG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAE3B;;;;OAIG;IACH,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAEhC;;;;OAIG;IACH,QAAQ,CAAC,kBAAkB,EAAE,kBAAkB,CAAC;IAEhD;;;;OAIG;IACH,QAAQ,CAAC,kBAAkB,EAAE,kBAAkB,CAAC;gBAEpC,IAAI,EAAE;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,oBAAoB,EAAE,oBAAoB,CAAC;QAC3C,cAAc,EAAE,MAAM,CAAC;QACvB,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,kBAAkB,EAAE,kBAAkB,CAAC;KACxC;IAUD;;;;OAIG;IACH,SAAS,IAAI,MAAM;IAInB,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAQvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,gBAAgB;IAehE,MAAM,CAAC,sBAAsB,IAAI,gBAAgB;IAmBjD,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,GAAG,SAAS,IAAI,gBAAgB;CAGxE;AAED;;;;;;;GAOG;AACH,qBAAa,oBAAqB,SAAQ,SAAS;IACjD,SAAgB,SAAS,EAAE,SAAS,CAAC;IAErC;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,2BAA2B,CAAC;gBAElC,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,2BAA2B;IAMtE;;;;;;OAMG;IACH,YAAY,IAAI,UAAU;IAI1B,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAKvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,oBAAoB;CASrE;AAED;;;;;;;GAOG;AACH,cAAM,OAAQ,SAAQ,YAAY;IAChC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAA8B;IAEvD,IAAI,EAAE,UAAU,CAAC;gBAEL,IAAI,EAAE,QAAQ;IAQ1B,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAIvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,OAAO;IAMvD,OAAO,IAAI,MAAM,EAAE;IAKnB;;;OAGG;IACH,iBAAiB,IAAI,gBAAgB,CAAC,MAAM,CAAC;CAgB9C;AAYD;;;;;;;GAOG;AACH,cAAM,OAAQ,SAAQ,YAAY;IAChC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAGtB;IAEH,IAAI,EAAE,UAAU,CAAC;gBAEL,IAAI,EAAE,QAAQ;IAQ1B,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAIvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,OAAO;IAMvD,OAAO,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE;IAkB7B,iBAAiB,IAAI,gBAAgB,CAAC,GAAG,CAAC;CAkB3C;AAED;;;;;;;GAOG;AACH,qBAAa,UAAW,SAAQ,KAAK;IACnC;;;;OAIG;IACH,CAAC,EAAE,OAAO,CAAC;IAEX;;;;OAIG;IACH,CAAC,EAAE,OAAO,CAAC;IAEX;;;;OAIG;IACH,CAAC,EAAE,OAAO,CAAC;gBAEC,IAAI,EAAE;QAAE,CAAC,EAAE,QAAQ,CAAC;QAAC,CAAC,EAAE,QAAQ,CAAC;QAAC,CAAC,EAAE,QAAQ,CAAA;KAAE;IAQ3D,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAMvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,UAAU;IAO1D,aAAa;;;;;;;CASd;AAED;;;;;;;GAOG;AACH,qBAAa,wBAAyB,SAAQ,YAAY;IACxD;;;;OAIG;IACH,KAAK,EAAE,UAAU,CAAC;IAElB;;;;OAIG;IACH,gBAAgB,EAAE,UAAU,CAAC;IAE7B;;;;OAIG;IACH,QAAQ,CAAC,eAAe,qCAAqC;gBAEjD,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAE,QAAQ,GAAG,MAAM;IAYlE,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAKvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,wBAAwB;IAIxE,IAAI,IAAI,UAAU;CAGnB;AAED;;;;;;GAMG;AACH,qBAAa,OAAQ,SAAQ,YAAY;IACvC,SAAgB,KAAK,EAAE,KAAK,CAAC;IAE7B;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;gBAEjB,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU;IAM7C,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAKvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,OAAO;CASxD;AAED;;;;;;GAMG;AACH,qBAAa,gBAAiB,SAAQ,SAAS;IAC7C;;;;OAIG;IACH,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IAExB;;;;OAIG;IACH,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAEhC;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAE7B;;;;OAIG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IAEjC;;;;OAIG;IACH,QAAQ,CAAC,uBAAuB,CAAC,EAAE,kBAAkB,CAAC;gBAE1C,IAAI,EAAE;QAChB,KAAK,EAAE,OAAO,CAAC;QACf,cAAc,EAAE,MAAM,CAAC;QACvB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,uBAAuB,CAAC,EAAE,kBAAkB,CAAC;KAC9C;IAUD;;;;;;;OAOG;IACH,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,gBAAgB;IAIrD,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAQvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,gBAAgB;CAQjE;AAED;;;;;;;;GAQG;AACH,qBAAa,oBAAoB;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,eAAe,EAAE,sBAAsB,CAAC;IAEjD;;;;OAIG;IACH,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAEnC;;;;OAIG;IACH,QAAQ,CAAC,oBAAoB,CAAC,EAAE,kBAAkB,CAAC;IAEnD;;;;OAIG;IACH,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IAEpC;;;;OAIG;IACH,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IAEtC;;;;OAIG;IACH,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAEhC;;;;OAIG;IACH,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;gBAEzB,IAAI,EAAE;QAChB,eAAe,EAAE,sBAAsB,CAAC;QACxC,oBAAoB,CAAC,EAAE,QAAQ,CAAC;QAChC,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;QAC9B,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;KAC9B;IAsBD;;;;;OAKG;IACH,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,8BAA8B,EAAE,MAAM,EAAE,4BAA4B,GAAG,oBAAoB;CAiB/G;AAED;;;;GAIG;AACH,qBAAa,sBAAsB;IAGjC;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAE1B;;;;OAIG;IACH,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IAEzB;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAE1B;;;;OAIG;IACH,QAAQ,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAExC;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;gBAEd,IAAI,EAAE;QAChB,OAAO,EAAE,QAAQ,CAAC;QAClB,MAAM,EAAE,QAAQ,CAAC;QACjB,OAAO,EAAE,QAAQ,CAAC;QAClB,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACjC,OAAO,EAAE,QAAQ,CAAC;KACnB;IASD;;;;;OAKG;IACI,IAAI,IAAI,UAAU;IAMzB,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IASvC;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,kCAAkC,CAAC,GAAG,EAAE,8BAA8B,GAAG,sBAAsB;IAUtG;;;;;;OAMG;IACH,WAAW,CAAC,IAAI,EAAE;QAAE,gBAAgB,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,UAAU,CAAA;KAAE,GAAG,OAAO;IA8ClF;;;;;;OAMG;IACH,aAAa;;;;;;;;;;CAYd;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,gBAAgB,CAAC,IAAI,EAAE;IAC3C,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,CAAC,EAAE,gBAAgB,CAAC;CAC5B,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAuBhC;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG;IAC1E,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB,CA4BA;AAoED;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE;IACzC,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,CAAC,EAAE,mBAAmB,CAAC;IAC9B,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,CAkBlC;AAgDD,qBAAa,OAAQ,SAAQ,YAAY;IAChC,GAAG,EAAE,MAAM,CAAC;IAEZ,GAAG,EAAE,MAAM,CAAC;IAEZ,GAAG,EAAE,MAAM,CAAC;IAEZ,CAAC,EAAE,MAAM,CAAC;IAEV,CAAC,EAAE,MAAM,CAAC;gBAEL,IAAI,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,EAAE,MAAM,CAAA;KAAE;IAUjF,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAQvC,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO;IAMrD,QAAQ,IAAI,MAAM;IAelB,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,OAAO;CAQxD;AAkBD,UAAU,SAAS;IACjB,GAAG,EAAE,MAAM,CAAC;CACb;AACD;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,SAAS,CAqB3D"}
+{"version":3,"file":"keyless.d.ts","sourceRoot":"","sources":["../../../src/core/crypto/keyless.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAE5E,OAAO,EACL,QAAQ,EACR,2BAA2B,EAG3B,UAAU,EACV,gBAAgB,EAEjB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAExE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAEnC,OAAO,EACL,8BAA8B,EAC9B,4BAA4B,EAC5B,aAAa,EAEd,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAIvD,OAAO,EAAkB,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAK3E,OAAO,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAElE,OAAO,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AACzE,OAAO,EAAE,GAAG,EAAE,MAAM,iCAAiC,CAAC;AAEtD;;;GAGG;AACH,eAAO,MAAM,gBAAgB,WAAW,CAAC;AACzC;;;GAGG;AACH,eAAO,MAAM,iBAAiB,MAAM,CAAC;AACrC;;;GAGG;AACH,eAAO,MAAM,iBAAiB,KAAK,CAAC;AACpC;;;GAGG;AACH,eAAO,MAAM,iBAAiB,MAAM,CAAC;AACrC;;;GAGG;AACH,eAAO,MAAM,iBAAiB,MAAM,CAAC;AACrC;;;GAGG;AACH,eAAO,MAAM,qBAAqB,MAAM,CAAC;AACzC;;;GAGG;AACH,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAC5C;;;GAGG;AACH,eAAO,MAAM,sBAAsB,KAAK,CAAC;AAEzC;;;;;;;;;GASG;AACH,qBAAa,gBAAiB,SAAQ,gBAAgB;IACpD;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAM;IAElD;;;;OAIG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IAErB;;;;;;OAMG;IACH,QAAQ,CAAC,YAAY,EAAE,UAAU,CAAC;IAElC;;;;;;;;;;;OAWG;gBAES,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,QAAQ;IAU/C;;;;;;OAMG;IACH,OAAO,IAAI,iBAAiB;IAU5B;;;;;;;;;;;OAWG;IACH,eAAe,CAAC,IAAI,EAAE;QACpB,OAAO,EAAE,QAAQ,CAAC;QAClB,SAAS,EAAE,SAAS,CAAC;QACrB,GAAG,EAAE,OAAO,CAAC;QACb,aAAa,EAAE,oBAAoB,CAAC;KACrC,GAAG,OAAO;IAYX;;;;;;;;;OASG;IACG,oBAAoB,CAAC,IAAI,EAAE;QAC/B,WAAW,EAAE,WAAW,CAAC;QACzB,OAAO,EAAE,QAAQ,CAAC;QAClB,SAAS,EAAE,SAAS,CAAC;QACrB,OAAO,CAAC,EAAE;YAAE,oBAAoB,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC;KAC9C,GAAG,OAAO,CAAC,OAAO,CAAC;IAOpB;;;;;;;;;;;;OAYG;IACH,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAKvC;;;;;;;;OAQG;IACH,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,gBAAgB;IAMhE;;;;;;;;;;OAUG;IACH,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,YAAY,GAAG,gBAAgB;IAMzD;;;;;;;OAOG;IACH,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,GAAG,SAAS,IAAI,gBAAgB;IAIvE;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE;QAClB,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,QAAQ,CAAC;KAClB,GAAG,gBAAgB;IAKpB;;;;;;;;;;;;;;;;;;;OAmBG;IACH,MAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,QAAQ,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,gBAAgB;IAcnG;;;;;;;OAOG;IACH,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,SAAS;CAQvC;AAED,wBAAsB,sBAAsB,CAAC,IAAI,EAAE;IACjD,SAAS,EAAE,gBAAgB,GAAG,yBAAyB,CAAC;IACxD,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,EAAE,QAAQ,CAAC;IAClB,SAAS,EAAE,SAAS,CAAC;IACrB,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,OAAO,CAAC,EAAE;QAAE,oBAAoB,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;CAC9C,GAAG,OAAO,CAAC,OAAO,CAAC,CA+BnB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,sCAAsC,CAAC,IAAI,EAAE;IAC3D,SAAS,EAAE,gBAAgB,GAAG,yBAAyB,CAAC;IACxD,OAAO,EAAE,QAAQ,CAAC;IAClB,SAAS,EAAE,SAAS,CAAC;IACrB,aAAa,EAAE,oBAAoB,CAAC;IACpC,GAAG,EAAE,OAAO,CAAC;CACd,GAAG,IAAI,CA+DP;AAkDD;;;;;;;GAOG;AACH,wBAAsB,QAAQ,CAAC,IAAI,EAAE;IACnC,WAAW,EAAE,WAAW,CAAC;IACzB,SAAS,EAAE,gBAAgB,GAAG,yBAAyB,CAAC;IACxD,GAAG,EAAE,MAAM,CAAC;CACb,GAAG,OAAO,CAAC,OAAO,CAAC,CAsCnB;AAeD;;;;GAIG;AACH,qBAAa,gBAAiB,SAAQ,SAAS;IAC7C;;;;OAIG;IACH,QAAQ,CAAC,oBAAoB,EAAE,oBAAoB,CAAC;IAEpD;;;;OAIG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAE3B;;;;OAIG;IACH,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAEhC;;;;OAIG;IACH,QAAQ,CAAC,kBAAkB,EAAE,kBAAkB,CAAC;IAEhD;;;;OAIG;IACH,QAAQ,CAAC,kBAAkB,EAAE,kBAAkB,CAAC;gBAEpC,IAAI,EAAE;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,oBAAoB,EAAE,oBAAoB,CAAC;QAC3C,cAAc,EAAE,MAAM,CAAC;QACvB,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,kBAAkB,EAAE,kBAAkB,CAAC;KACxC;IAUD;;;;OAIG;IACH,SAAS,IAAI,MAAM;IAInB,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAQvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,gBAAgB;IAehE,MAAM,CAAC,sBAAsB,IAAI,gBAAgB;IAmBjD,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,GAAG,SAAS,IAAI,gBAAgB;CAGxE;AAED;;;;;;;GAOG;AACH,qBAAa,oBAAqB,SAAQ,SAAS;IACjD,SAAgB,SAAS,EAAE,SAAS,CAAC;IAErC;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,2BAA2B,CAAC;gBAElC,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,2BAA2B;IAMtE;;;;;;OAMG;IACH,YAAY,IAAI,UAAU;IAI1B,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAKvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,oBAAoB;CASrE;AAED;;;;;;;GAOG;AACH,cAAM,OAAQ,SAAQ,YAAY;IAChC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAA8B;IAEvD,IAAI,EAAE,UAAU,CAAC;gBAEL,IAAI,EAAE,QAAQ;IAQ1B,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAIvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,OAAO;IAMvD,OAAO,IAAI,MAAM,EAAE;IAKnB;;;OAGG;IACH,iBAAiB,IAAI,gBAAgB,CAAC,MAAM,CAAC;CAgB9C;AAYD;;;;;;;GAOG;AACH,cAAM,OAAQ,SAAQ,YAAY;IAChC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAGtB;IAEH,IAAI,EAAE,UAAU,CAAC;gBAEL,IAAI,EAAE,QAAQ;IAQ1B,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAIvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,OAAO;IAMvD,OAAO,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE;IAkB7B,iBAAiB,IAAI,gBAAgB,CAAC,GAAG,CAAC;CAkB3C;AAED;;;;;;;GAOG;AACH,qBAAa,UAAW,SAAQ,KAAK;IACnC;;;;OAIG;IACH,CAAC,EAAE,OAAO,CAAC;IAEX;;;;OAIG;IACH,CAAC,EAAE,OAAO,CAAC;IAEX;;;;OAIG;IACH,CAAC,EAAE,OAAO,CAAC;gBAEC,IAAI,EAAE;QAAE,CAAC,EAAE,QAAQ,CAAC;QAAC,CAAC,EAAE,QAAQ,CAAC;QAAC,CAAC,EAAE,QAAQ,CAAA;KAAE;IAQ3D,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAMvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,UAAU;IAO1D,aAAa;;;;;;;CASd;AAED;;;;;;;GAOG;AACH,qBAAa,wBAAyB,SAAQ,YAAY;IACxD;;;;OAIG;IACH,KAAK,EAAE,UAAU,CAAC;IAElB;;;;OAIG;IACH,gBAAgB,EAAE,UAAU,CAAC;IAE7B;;;;OAIG;IACH,QAAQ,CAAC,eAAe,qCAAqC;gBAEjD,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAE,QAAQ,GAAG,MAAM;IAYlE,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAKvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,wBAAwB;IAIxE,IAAI,IAAI,UAAU;CAGnB;AAED;;;;;;GAMG;AACH,qBAAa,OAAQ,SAAQ,YAAY;IACvC,SAAgB,KAAK,EAAE,KAAK,CAAC;IAE7B;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;gBAEjB,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU;IAM7C,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAKvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,OAAO;CASxD;AAED;;;;;;GAMG;AACH,qBAAa,gBAAiB,SAAQ,SAAS;IAC7C;;;;OAIG;IACH,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IAExB;;;;OAIG;IACH,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAEhC;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAE7B;;;;OAIG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IAEjC;;;;OAIG;IACH,QAAQ,CAAC,uBAAuB,CAAC,EAAE,kBAAkB,CAAC;gBAE1C,IAAI,EAAE;QAChB,KAAK,EAAE,OAAO,CAAC;QACf,cAAc,EAAE,MAAM,CAAC;QACvB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,uBAAuB,CAAC,EAAE,kBAAkB,CAAC;KAC9C;IAUD;;;;;;;OAOG;IACH,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,gBAAgB;IAIrD,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAQvC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,gBAAgB;CAQjE;AAED;;;;;;;;GAQG;AACH,qBAAa,oBAAoB;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,eAAe,EAAE,sBAAsB,CAAC;IAEjD;;;;OAIG;IACH,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAEnC;;;;OAIG;IACH,QAAQ,CAAC,oBAAoB,CAAC,EAAE,kBAAkB,CAAC;IAEnD;;;;OAIG;IACH,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IAEpC;;;;OAIG;IACH,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IAEtC;;;;OAIG;IACH,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAEhC;;;;OAIG;IACH,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;gBAEzB,IAAI,EAAE;QAChB,eAAe,EAAE,sBAAsB,CAAC;QACxC,oBAAoB,CAAC,EAAE,QAAQ,CAAC;QAChC,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;QAC9B,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;KAC9B;IAsBD;;;;;OAKG;IACH,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,8BAA8B,EAAE,MAAM,EAAE,4BAA4B,GAAG,oBAAoB;CAmB/G;AAED;;;;GAIG;AACH,qBAAa,sBAAsB;IAGjC;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAE1B;;;;OAIG;IACH,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IAEzB;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAE1B;;;;OAIG;IACH,QAAQ,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAExC;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;gBAEd,IAAI,EAAE;QAChB,OAAO,EAAE,QAAQ,CAAC;QAClB,MAAM,EAAE,QAAQ,CAAC;QACjB,OAAO,EAAE,QAAQ,CAAC;QAClB,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACjC,OAAO,EAAE,QAAQ,CAAC;KACnB;IASD;;;;;OAKG;IACI,IAAI,IAAI,UAAU;IAMzB,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IASvC;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,kCAAkC,CAAC,GAAG,EAAE,8BAA8B,GAAG,sBAAsB;IAUtG;;;;;;OAMG;IACH,WAAW,CAAC,IAAI,EAAE;QAAE,gBAAgB,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,UAAU,CAAA;KAAE,GAAG,OAAO;IA8ClF;;;;;;OAMG;IACH,aAAa;;;;;;;;;;CAYd;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,gBAAgB,CAAC,IAAI,EAAE;IAC3C,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,CAAC,EAAE,gBAAgB,CAAC;CAC5B,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAuBhC;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG;IAC1E,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB,CA6BA;AAoED;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE;IACzC,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,CAAC,EAAE,mBAAmB,CAAC;IAC9B,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,CAkBlC;AAgDD,qBAAa,OAAQ,SAAQ,YAAY;IAChC,GAAG,EAAE,MAAM,CAAC;IAEZ,GAAG,EAAE,MAAM,CAAC;IAEZ,GAAG,EAAE,MAAM,CAAC;IAEZ,CAAC,EAAE,MAAM,CAAC;IAEV,CAAC,EAAE,MAAM,CAAC;gBAEL,IAAI,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,EAAE,MAAM,CAAA;KAAE;IAUjF,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAQvC,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO;IAMrD,QAAQ,IAAI,MAAM;IAelB,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,GAAG,OAAO;CAQxD;AAkBD,UAAU,SAAS;IACjB,GAAG,EAAE,MAAM,CAAC;CACb;AACD;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,SAAS,CAqB3D"}

package/dist/core/crypto/keyless.js

@@ -12,6 +12,7 @@ import { bigIntToBytesLE, bytesToBigIntLE, hashStrToField, padAndPackBytesWithLe
 import { AuthenticationKey } from "../authenticationKey.js";
 import { Proof } from "./proof.js";
 import { Ed25519PublicKey, Ed25519Signature } from "./ed25519.js";
+import { u64ToNumberSafe } from "../../utils/helpers.js";
 import { getAptosFullNode } from "../../client/index.js";
 import { memoizeAsync } from "../../utils/memoize.js";
 import { AccountAddress } from "../accountAddress.js";
@@ -248,6 +249,14 @@ export class KeylessPublicKey extends AccountPublicKey {
      * Creates a KeylessPublicKey instance from a JWT and a pepper value.
      * This function is useful for generating a public key that can be used for authentication based on the provided JWT claims and pepper.
      *
+     * SECURITY: `jwtDecode` is a decode-only library — it does NOT verify the
+     * JWT signature. The cryptographic binding between the JWT and the user's
+     * identity is enforced on-chain by the keyless verifier (which validates
+     * the JWT signature against the JWK set published on-chain). Callers MUST
+     * therefore obtain `jwt` directly from a trusted IdP redirect/OAuth flow;
+     * do not accept arbitrary user-supplied JWT strings here, since a tampered
+     * JWT will derive a different account address than the chain expects.
+     *
      * @param args - The arguments for creating the KeylessPublicKey.
      * @param args.jwt - The JSON Web Token to decode.
      * @param args.pepper - The pepper value used in the key creation process.
@@ -258,6 +267,7 @@ export class KeylessPublicKey extends AccountPublicKey {
      */
     static fromJwtAndPepper(args) {
         const { jwt, pepper, uidKey = "sub" } = args;
+        // SECURITY: signature is not verified here — see method-level JSDoc.
         const jwtPayload = jwtDecode(jwt);
         if (typeof jwtPayload.iss !== "string") {
             throw new Error("iss was not found");
@@ -543,7 +553,7 @@ export class KeylessSignature extends Signature {
         const ephemeralSignature = EphemeralSignature.deserialize(deserializer);
         return new KeylessSignature({
             jwtHeader,
-            expiryDateSecs: Number(expiryDateSecs),
+            expiryDateSecs: u64ToNumberSafe(expiryDateSecs, "KeylessSignature.expiryDateSecs"),
             ephemeralCertificate,
             ephemeralPublicKey,
             ephemeralSignature,
@@ -944,7 +954,7 @@ export class ZeroKnowledgeSig extends Signature {
     }
     static deserialize(deserializer) {
         const proof = ZkProof.deserialize(deserializer);
-        const expHorizonSecs = Number(deserializer.deserializeU64());
+        const expHorizonSecs = u64ToNumberSafe(deserializer.deserializeU64(), "ZeroKnowledgeSig.expHorizonSecs");
         const extraField = deserializer.deserializeOption("string");
         const overrideAudVal = deserializer.deserializeOption("string");
         const trainingWheelsSignature = deserializer.deserializeOption(EphemeralSignature);
@@ -1030,7 +1040,9 @@ export class KeylessConfiguration {
                 gammaAbcG1: res.gamma_abc_g1,
                 gammaG2: res.gamma_g2,
             }),
-            maxExpHorizonSecs: Number(config.max_exp_horizon_secs),
+            // Chain config returns u64 as a decimal string; widen → safe-narrow so
+            // a malformed/exotic value throws rather than silently truncates.
+            maxExpHorizonSecs: u64ToNumberSafe(BigInt(config.max_exp_horizon_secs), "KeylessConfiguration.maxExpHorizonSecs"),
             trainingWheelsPubkey: config.training_wheels_pubkey.vec[0],
             maxExtraFieldBytes: config.max_extra_field_bytes,
             maxJwtHeaderB64Bytes: config.max_jwt_header_b64_bytes,
@@ -1229,6 +1241,12 @@ export async function getKeylessConfig(args) {
 /**
  * Parses a JWT and returns the 'iss', 'aud', and 'uid' values.
  *
+ * SECURITY: This function decodes claims without verifying the JWT signature.
+ * The keyless on-chain verifier is the authority that binds a JWT to its IdP;
+ * the SDK only uses these claims to derive the keyless account address and
+ * package the JWT for the prover service. Callers must source `jwt` from a
+ * trusted IdP redirect flow.
+ *
  * @param args - The arguments for parsing the JWT.
  * @param args.jwt - The JWT to parse.
  * @param args.uidKey - The key to use for the 'uid' value; defaults to 'sub'.
@@ -1238,6 +1256,7 @@ export function getIssAudAndUidVal(args) {
     const { jwt, uidKey = "sub" } = args;
     let jwtPayload;
     try {
+        // SECURITY: signature is not verified here — see function-level JSDoc.
         jwtPayload = jwtDecode(jwt);
     }
     catch {