@astrox/identity 0.0.24 → 0.0.27

package/lib/cjs/identity/ed25519.d.ts

@@ -0,0 +1,45 @@
+import { DerEncodedPublicKey, KeyPair, PublicKey, Signature, SignIdentity } from '@astrox/agent';
+export declare class Ed25519PublicKey implements PublicKey {
+    static from(key: PublicKey): Ed25519PublicKey;
+    static fromRaw(rawKey: ArrayBuffer): Ed25519PublicKey;
+    static fromDer(derKey: DerEncodedPublicKey): Ed25519PublicKey;
+    private static RAW_KEY_LENGTH;
+    private static derEncode;
+    private static derDecode;
+    private readonly rawKey;
+    private readonly derKey;
+    private constructor();
+    toDer(): DerEncodedPublicKey;
+    toRaw(): ArrayBuffer;
+}
+export declare class Ed25519KeyIdentity extends SignIdentity {
+    protected _privateKey: ArrayBuffer;
+    static generate(seed?: Uint8Array): Ed25519KeyIdentity;
+    static fromParsedJson(obj: JsonnableEd25519KeyIdentity): Ed25519KeyIdentity;
+    static fromJSON(json: string): Ed25519KeyIdentity;
+    static fromKeyPair(publicKey: ArrayBuffer, privateKey: ArrayBuffer): Ed25519KeyIdentity;
+    static fromSecretKey(secretKey: ArrayBuffer): Ed25519KeyIdentity;
+    protected _publicKey: Ed25519PublicKey;
+    protected constructor(publicKey: PublicKey, _privateKey: ArrayBuffer);
+    /**
+     * Serialize this key to JSON.
+     */
+    toJSON(): JsonnableEd25519KeyIdentity;
+    /**
+     * Return a copy of the key pair.
+     */
+    getKeyPair(): KeyPair;
+    /**
+     * Return the public key.
+     */
+    getPublicKey(): PublicKey;
+    /**
+     * Signs a blob of data, with this identity's private key.
+     * @param challenge - challenge to sign with this identity's secretKey, producing a signature
+     */
+    sign(challenge: ArrayBuffer): Promise<Signature>;
+}
+declare type PublicKeyHex = string;
+declare type SecretKeyHex = string;
+export declare type JsonnableEd25519KeyIdentity = [PublicKeyHex, SecretKeyHex];
+export {};

package/lib/cjs/identity/ed25519.js

@@ -0,0 +1,134 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Ed25519KeyIdentity = exports.Ed25519PublicKey = void 0;
+const agent_1 = require("@astrox/agent");
+const tweetnacl = __importStar(require("tweetnacl"));
+const buffer_1 = require("../buffer");
+const der_1 = require("./der");
+class Ed25519PublicKey {
+    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
+    constructor(key) {
+        this.rawKey = key;
+        this.derKey = Ed25519PublicKey.derEncode(key);
+    }
+    static from(key) {
+        return this.fromDer(key.toDer());
+    }
+    static fromRaw(rawKey) {
+        return new Ed25519PublicKey(rawKey);
+    }
+    static fromDer(derKey) {
+        return new Ed25519PublicKey(this.derDecode(derKey));
+    }
+    static derEncode(publicKey) {
+        return der_1.wrapDER(publicKey, der_1.ED25519_OID).buffer;
+    }
+    static derDecode(key) {
+        const unwrapped = der_1.unwrapDER(key, der_1.ED25519_OID);
+        if (unwrapped.length !== this.RAW_KEY_LENGTH) {
+            throw new Error('An Ed25519 public key must be exactly 32bytes long');
+        }
+        return unwrapped;
+    }
+    toDer() {
+        return this.derKey;
+    }
+    toRaw() {
+        return this.rawKey;
+    }
+}
+exports.Ed25519PublicKey = Ed25519PublicKey;
+// The length of Ed25519 public keys is always 32 bytes.
+Ed25519PublicKey.RAW_KEY_LENGTH = 32;
+class Ed25519KeyIdentity extends agent_1.SignIdentity {
+    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
+    constructor(publicKey, _privateKey) {
+        super();
+        this._privateKey = _privateKey;
+        this._publicKey = Ed25519PublicKey.from(publicKey);
+    }
+    static generate(seed) {
+        if (seed && seed.length !== 32) {
+            throw new Error('Ed25519 Seed needs to be 32 bytes long.');
+        }
+        const { publicKey, secretKey } = seed === undefined ? tweetnacl.sign.keyPair() : tweetnacl.sign.keyPair.fromSeed(seed);
+        return new this(Ed25519PublicKey.fromRaw(publicKey), secretKey);
+    }
+    static fromParsedJson(obj) {
+        const [publicKeyDer, privateKeyRaw] = obj;
+        return new Ed25519KeyIdentity(Ed25519PublicKey.fromDer(buffer_1.fromHexString(publicKeyDer)), buffer_1.fromHexString(privateKeyRaw));
+    }
+    static fromJSON(json) {
+        const parsed = JSON.parse(json);
+        if (Array.isArray(parsed)) {
+            if (typeof parsed[0] === 'string' && typeof parsed[1] === 'string') {
+                return this.fromParsedJson([parsed[0], parsed[1]]);
+            }
+            else {
+                throw new Error('Deserialization error: JSON must have at least 2 items.');
+            }
+        }
+        else if (typeof parsed === 'object' && parsed !== null) {
+            throw new Error('Deprecated JSON format for Ed25519 keys.');
+        }
+        throw new Error(`Deserialization error: Invalid JSON type for string: ${JSON.stringify(json)}`);
+    }
+    static fromKeyPair(publicKey, privateKey) {
+        return new Ed25519KeyIdentity(Ed25519PublicKey.fromRaw(publicKey), privateKey);
+    }
+    static fromSecretKey(secretKey) {
+        const keyPair = tweetnacl.sign.keyPair.fromSecretKey(new Uint8Array(secretKey));
+        return Ed25519KeyIdentity.fromKeyPair(keyPair.publicKey, keyPair.secretKey);
+    }
+    /**
+     * Serialize this key to JSON.
+     */
+    toJSON() {
+        return [buffer_1.toHexString(this._publicKey.toDer()), buffer_1.toHexString(this._privateKey)];
+    }
+    /**
+     * Return a copy of the key pair.
+     */
+    getKeyPair() {
+        return {
+            secretKey: this._privateKey,
+            publicKey: this._publicKey,
+        };
+    }
+    /**
+     * Return the public key.
+     */
+    getPublicKey() {
+        return this._publicKey;
+    }
+    /**
+     * Signs a blob of data, with this identity's private key.
+     * @param challenge - challenge to sign with this identity's secretKey, producing a signature
+     */
+    async sign(challenge) {
+        const blob = new Uint8Array(challenge);
+        const signature = tweetnacl.sign.detached(blob, new Uint8Array(this._privateKey)).buffer;
+        return signature;
+    }
+}
+exports.Ed25519KeyIdentity = Ed25519KeyIdentity;
+//# sourceMappingURL=ed25519.js.map

package/lib/cjs/identity/ed25519.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ed25519.js","sourceRoot":"","sources":["../../../src/identity/ed25519.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,yCAAiG;AACjG,qDAAuC;AACvC,sCAAuD;AACvD,+BAAwD;AAExD,MAAa,gBAAgB;IA+B3B,kFAAkF;IAClF,YAAoB,GAAgB;QAClC,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC;QAClB,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAChD,CAAC;IAlCM,MAAM,CAAC,IAAI,CAAC,GAAc;QAC/B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;IACnC,CAAC;IAEM,MAAM,CAAC,OAAO,CAAC,MAAmB;QACvC,OAAO,IAAI,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;IAEM,MAAM,CAAC,OAAO,CAAC,MAA2B;QAC/C,OAAO,IAAI,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACtD,CAAC;IAKO,MAAM,CAAC,SAAS,CAAC,SAAsB;QAC7C,OAAO,aAAO,CAAC,SAAS,EAAE,iBAAW,CAAC,CAAC,MAA6B,CAAC;IACvE,CAAC;IAEO,MAAM,CAAC,SAAS,CAAC,GAAwB;QAC/C,MAAM,SAAS,GAAG,eAAS,CAAC,GAAG,EAAE,iBAAW,CAAC,CAAC;QAC9C,IAAI,SAAS,CAAC,MAAM,KAAK,IAAI,CAAC,cAAc,EAAE;YAC5C,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;SACvE;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAWM,KAAK;QACV,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAEM,KAAK;QACV,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;;AA3CH,4CA4CC;AA/BC,wDAAwD;AACzC,+BAAc,GAAG,EAAE,CAAC;AAgCrC,MAAa,kBAAmB,SAAQ,oBAAY;IA4ClD,kFAAkF;IAClF,YAAsB,SAAoB,EAAY,WAAwB;QAC5E,KAAK,EAAE,CAAC;QAD4C,gBAAW,GAAX,WAAW,CAAa;QAE5E,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACrD,CAAC;IA/CM,MAAM,CAAC,QAAQ,CAAC,IAAiB;QACtC,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,EAAE,EAAE;YAC9B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;SAC5D;QAED,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAC5B,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACxF,OAAO,IAAI,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,CAAC;IAClE,CAAC;IAEM,MAAM,CAAC,cAAc,CAAC,GAAgC;QAC3D,MAAM,CAAC,YAAY,EAAE,aAAa,CAAC,GAAG,GAAG,CAAC;QAC1C,OAAO,IAAI,kBAAkB,CAC3B,gBAAgB,CAAC,OAAO,CAAC,sBAAa,CAAC,YAAY,CAAwB,CAAC,EAC5E,sBAAa,CAAC,aAAa,CAAC,CAC7B,CAAC;IACJ,CAAC;IAEM,MAAM,CAAC,QAAQ,CAAC,IAAY;QACjC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;YACzB,IAAI,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;gBAClE,OAAO,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aACpD;iBAAM;gBACL,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;aAC5E;SACF;aAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE;YACxD,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;SAC7D;QACD,MAAM,IAAI,KAAK,CAAC,wDAAwD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAClG,CAAC;IAEM,MAAM,CAAC,WAAW,CAAC,SAAsB,EAAE,UAAuB;QACvE,OAAO,IAAI,kBAAkB,CAAC,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAC;IACjF,CAAC;IAEM,MAAM,CAAC,aAAa,CAAC,SAAsB;QAChD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;QAChF,OAAO,kBAAkB,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAC9E,CAAC;IAUD;;OAEG;IACI,MAAM;QACX,OAAO,CAAC,oBAAW,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC,EAAE,oBAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IAC/E,CAAC;IAED;;OAEG;IACI,UAAU;QACf,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,WAAW;YAC3B,SAAS,EAAE,IAAI,CAAC,UAAU;SAC3B,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,YAAY;QACjB,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,IAAI,CAAC,SAAsB;QACtC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;QACvC,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC;QACzF,OAAO,SAAsB,CAAC;IAChC,CAAC;CACF;AAnFD,gDAmFC"}

package/lib/cjs/identity/secp256k1.d.ts

@@ -0,0 +1,73 @@
+import { DerEncodedPublicKey, KeyPair, Signature } from '@astrox/agent';
+import { PublicKey, SignIdentity } from '@astrox/agent';
+declare type PublicKeyHex = string;
+declare type SecretKeyHex = string;
+export declare type JsonableSecp256k1Identity = [PublicKeyHex, SecretKeyHex];
+export declare class Secp256k1PublicKey implements PublicKey {
+    /**
+     * Construct Secp256k1PublicKey from an existing PublicKey
+     * @param {PublicKey} key
+     * @returns {Secp256k1PublicKey} Instance of Secp256k1PublicKey
+     */
+    static from(key: PublicKey): Secp256k1PublicKey;
+    static fromRaw(rawKey: ArrayBuffer): Secp256k1PublicKey;
+    static fromDer(derKey: DerEncodedPublicKey): Secp256k1PublicKey;
+    private static derEncode;
+    private static derDecode;
+    private readonly rawKey;
+    private readonly derKey;
+    private constructor();
+    toDer(): DerEncodedPublicKey;
+    toRaw(): ArrayBuffer;
+}
+export declare class Secp256k1KeyIdentity extends SignIdentity {
+    protected _privateKey: ArrayBuffer;
+    /**
+     * Generates an identity. If a seed is provided, the keys are generated from the
+     * seed according to BIP 0032. Otherwise, the key pair is randomly generated.
+     * This method throws an error in case the seed is not 32 bytes long or invalid
+     * for use as a private key.
+     * @param {Uint8Array} seed the optional seed
+     * @returns {Secp256k1KeyIdentity}
+     */
+    static generate(seed?: Uint8Array): Secp256k1KeyIdentity;
+    static fromParsedJson(obj: JsonableSecp256k1Identity): Secp256k1KeyIdentity;
+    static fromJSON(json: string): Secp256k1KeyIdentity;
+    /**
+     * generates an identity from a public and private key. Please ensure that you are generating these keys securely and protect the user's private key
+     * @param {ArrayBuffer} publicKey
+     * @param {ArrayBuffer} privateKey
+     * @returns {Secp256k1KeyIdentity}
+     */
+    static fromKeyPair(publicKey: ArrayBuffer, privateKey: ArrayBuffer): Secp256k1KeyIdentity;
+    /**
+     * generates an identity from an existing secret key, and is the correct method to generate an identity from a seed phrase. Please ensure you protect the user's private key.
+     * @param {ArrayBuffer} secretKey
+     * @returns {Secp256k1KeyIdentity}
+     */
+    static fromSecretKey(secretKey: ArrayBuffer): Secp256k1KeyIdentity;
+    protected _publicKey: Secp256k1PublicKey;
+    protected constructor(publicKey: Secp256k1PublicKey, _privateKey: ArrayBuffer);
+    /**
+     * Serialize this key to JSON-serializable object.
+     * @returns {JsonableSecp256k1Identity}
+     */
+    toJSON(): JsonableSecp256k1Identity;
+    /**
+     * Return a copy of the key pair.
+     * @returns {KeyPair}
+     */
+    getKeyPair(): KeyPair;
+    /**
+     * Return the public key.
+     * @returns {Secp256k1PublicKey}
+     */
+    getPublicKey(): Secp256k1PublicKey;
+    /**
+     * Signs a blob of data, with this identity's private key.
+     * @param {ArrayBuffer} challenge - challenge to sign with this identity's secretKey, producing a signature
+     * @returns {Promise<Signature>} signature
+     */
+    sign(challenge: ArrayBuffer): Promise<Signature>;
+}
+export default Secp256k1KeyIdentity;

package/lib/cjs/identity/secp256k1.js

@@ -0,0 +1,156 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Secp256k1KeyIdentity = exports.Secp256k1PublicKey = void 0;
+const agent_1 = require("@astrox/agent");
+const js_sha256_1 = require("js-sha256");
+const secp256k1_1 = __importDefault(require("secp256k1"));
+const tweetnacl_1 = require("tweetnacl");
+const buffer_1 = require("../buffer");
+const der_1 = require("./der");
+class Secp256k1PublicKey {
+    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
+    constructor(key) {
+        key.byteLength;
+        this.rawKey = key;
+        this.derKey = Secp256k1PublicKey.derEncode(key);
+    }
+    /**
+     * Construct Secp256k1PublicKey from an existing PublicKey
+     * @param {PublicKey} key
+     * @returns {Secp256k1PublicKey} Instance of Secp256k1PublicKey
+     */
+    static from(key) {
+        return this.fromDer(key.toDer());
+    }
+    static fromRaw(rawKey) {
+        return new Secp256k1PublicKey(rawKey);
+    }
+    static fromDer(derKey) {
+        return new Secp256k1PublicKey(this.derDecode(derKey));
+    }
+    static derEncode(publicKey) {
+        return der_1.wrapDER(publicKey, der_1.SECP256K1_OID).buffer;
+    }
+    static derDecode(key) {
+        return der_1.unwrapDER(key, der_1.SECP256K1_OID);
+    }
+    toDer() {
+        return this.derKey;
+    }
+    toRaw() {
+        return this.rawKey;
+    }
+}
+exports.Secp256k1PublicKey = Secp256k1PublicKey;
+class Secp256k1KeyIdentity extends agent_1.SignIdentity {
+    constructor(publicKey, _privateKey) {
+        super();
+        this._privateKey = _privateKey;
+        this._publicKey = publicKey;
+    }
+    /**
+     * Generates an identity. If a seed is provided, the keys are generated from the
+     * seed according to BIP 0032. Otherwise, the key pair is randomly generated.
+     * This method throws an error in case the seed is not 32 bytes long or invalid
+     * for use as a private key.
+     * @param {Uint8Array} seed the optional seed
+     * @returns {Secp256k1KeyIdentity}
+     */
+    static generate(seed) {
+        if (seed && seed.byteLength !== 32) {
+            throw new Error('Secp256k1 Seed needs to be 32 bytes long.');
+        }
+        let privateKey;
+        if (seed) {
+            // private key from seed according to https://en.bitcoin.it/wiki/BIP_0032
+            // master key generation:
+            privateKey = seed;
+            if (!secp256k1_1.default.privateKeyVerify(privateKey)) {
+                throw new Error('The seed is invalid.');
+            }
+        }
+        else {
+            privateKey = new Uint8Array(tweetnacl_1.randomBytes(32));
+            while (!secp256k1_1.default.privateKeyVerify(privateKey)) {
+                privateKey = new Uint8Array(tweetnacl_1.randomBytes(32));
+            }
+        }
+        const publicKeyRaw = secp256k1_1.default.publicKeyCreate(privateKey, false);
+        const publicKey = Secp256k1PublicKey.fromRaw(publicKeyRaw);
+        return new this(publicKey, privateKey);
+    }
+    static fromParsedJson(obj) {
+        const [publicKeyRaw, privateKeyRaw] = obj;
+        return new Secp256k1KeyIdentity(Secp256k1PublicKey.fromRaw(buffer_1.fromHexString(publicKeyRaw)), buffer_1.fromHexString(privateKeyRaw));
+    }
+    static fromJSON(json) {
+        const parsed = JSON.parse(json);
+        if (Array.isArray(parsed)) {
+            if (typeof parsed[0] === 'string' && typeof parsed[1] === 'string') {
+                return this.fromParsedJson([parsed[0], parsed[1]]);
+            }
+            throw new Error('Deserialization error: JSON must have at least 2 items.');
+        }
+        throw new Error(`Deserialization error: Invalid JSON type for string: ${JSON.stringify(json)}`);
+    }
+    /**
+     * generates an identity from a public and private key. Please ensure that you are generating these keys securely and protect the user's private key
+     * @param {ArrayBuffer} publicKey
+     * @param {ArrayBuffer} privateKey
+     * @returns {Secp256k1KeyIdentity}
+     */
+    static fromKeyPair(publicKey, privateKey) {
+        return new Secp256k1KeyIdentity(Secp256k1PublicKey.fromRaw(publicKey), privateKey);
+    }
+    /**
+     * generates an identity from an existing secret key, and is the correct method to generate an identity from a seed phrase. Please ensure you protect the user's private key.
+     * @param {ArrayBuffer} secretKey
+     * @returns {Secp256k1KeyIdentity}
+     */
+    static fromSecretKey(secretKey) {
+        const publicKey = secp256k1_1.default.publicKeyCreate(new Uint8Array(secretKey), false);
+        const identity = Secp256k1KeyIdentity.fromKeyPair(publicKey, new Uint8Array(secretKey));
+        return identity;
+    }
+    /**
+     * Serialize this key to JSON-serializable object.
+     * @returns {JsonableSecp256k1Identity}
+     */
+    toJSON() {
+        return [buffer_1.toHexString(this._publicKey.toRaw()), buffer_1.toHexString(this._privateKey)];
+    }
+    /**
+     * Return a copy of the key pair.
+     * @returns {KeyPair}
+     */
+    getKeyPair() {
+        return {
+            secretKey: this._privateKey,
+            publicKey: this._publicKey,
+        };
+    }
+    /**
+     * Return the public key.
+     * @returns {Secp256k1PublicKey}
+     */
+    getPublicKey() {
+        return this._publicKey;
+    }
+    /**
+     * Signs a blob of data, with this identity's private key.
+     * @param {ArrayBuffer} challenge - challenge to sign with this identity's secretKey, producing a signature
+     * @returns {Promise<Signature>} signature
+     */
+    async sign(challenge) {
+        const hash = js_sha256_1.sha256.create();
+        hash.update(challenge);
+        const signature = secp256k1_1.default.ecdsaSign(new Uint8Array(hash.digest()), new Uint8Array(this._privateKey)).signature.buffer;
+        return signature;
+    }
+}
+exports.Secp256k1KeyIdentity = Secp256k1KeyIdentity;
+exports.default = Secp256k1KeyIdentity;
+//# sourceMappingURL=secp256k1.js.map

package/lib/cjs/identity/secp256k1.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secp256k1.js","sourceRoot":"","sources":["../../../src/identity/secp256k1.ts"],"names":[],"mappings":";;;;;;AAEA,yCAAwD;AACxD,yCAAmC;AACnC,0DAAkC;AAClC,yCAAwC;AACxC,sCAAuD;AACvD,+BAA0D;AAM1D,MAAa,kBAAkB;IA8B7B,kFAAkF;IAClF,YAAoB,GAAgB;QAClC,GAAG,CAAC,UAAU,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC;QAClB,IAAI,CAAC,MAAM,GAAG,kBAAkB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAClD,CAAC;IAlCD;;;;OAIG;IACI,MAAM,CAAC,IAAI,CAAC,GAAc;QAC/B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;IACnC,CAAC;IAEM,MAAM,CAAC,OAAO,CAAC,MAAmB;QACvC,OAAO,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IAEM,MAAM,CAAC,OAAO,CAAC,MAA2B;QAC/C,OAAO,IAAI,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,CAAC;IAEO,MAAM,CAAC,SAAS,CAAC,SAAsB;QAC7C,OAAO,aAAO,CAAC,SAAS,EAAE,mBAAa,CAAC,CAAC,MAA6B,CAAC;IACzE,CAAC;IAEO,MAAM,CAAC,SAAS,CAAC,GAAwB;QAC/C,OAAO,eAAS,CAAC,GAAG,EAAE,mBAAa,CAAC,CAAC;IACvC,CAAC;IAaM,KAAK;QACV,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAEM,KAAK;QACV,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;CACF;AA5CD,gDA4CC;AAED,MAAa,oBAAqB,SAAQ,oBAAY;IA6EpD,YAAsB,SAA6B,EAAY,WAAwB;QACrF,KAAK,EAAE,CAAC;QADqD,gBAAW,GAAX,WAAW,CAAa;QAErF,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;IAC9B,CAAC;IA/ED;;;;;;;OAOG;IACI,MAAM,CAAC,QAAQ,CAAC,IAAiB;QACtC,IAAI,IAAI,IAAI,IAAI,CAAC,UAAU,KAAK,EAAE,EAAE;YAClC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;SAC9D;QACD,IAAI,UAAsB,CAAC;QAE3B,IAAI,IAAI,EAAE;YACR,yEAAyE;YACzE,yBAAyB;YACzB,UAAU,GAAG,IAAI,CAAC;YAClB,IAAI,CAAC,mBAAS,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE;gBAC3C,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;aACzC;SACF;aAAM;YACL,UAAU,GAAG,IAAI,UAAU,CAAC,uBAAW,CAAC,EAAE,CAAC,CAAC,CAAC;YAC7C,OAAO,CAAC,mBAAS,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE;gBAC9C,UAAU,GAAG,IAAI,UAAU,CAAC,uBAAW,CAAC,EAAE,CAAC,CAAC,CAAC;aAC9C;SACF;QAED,MAAM,YAAY,GAAG,mBAAS,CAAC,eAAe,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAElE,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC3D,OAAO,IAAI,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACzC,CAAC;IAEM,MAAM,CAAC,cAAc,CAAC,GAA8B;QACzD,MAAM,CAAC,YAAY,EAAE,aAAa,CAAC,GAAG,GAAG,CAAC;QAC1C,OAAO,IAAI,oBAAoB,CAC7B,kBAAkB,CAAC,OAAO,CAAC,sBAAa,CAAC,YAAY,CAAC,CAAC,EACvD,sBAAa,CAAC,aAAa,CAAC,CAC7B,CAAC;IACJ,CAAC;IAEM,MAAM,CAAC,QAAQ,CAAC,IAAY;QACjC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;YACzB,IAAI,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;gBAClE,OAAO,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aACpD;YACD,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;SAC5E;QACD,MAAM,IAAI,KAAK,CAAC,wDAAwD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAClG,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,WAAW,CAAC,SAAsB,EAAE,UAAuB;QACvE,OAAO,IAAI,oBAAoB,CAAC,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAC;IACrF,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,aAAa,CAAC,SAAsB;QAChD,MAAM,SAAS,GAAG,mBAAS,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;QAC9E,MAAM,QAAQ,GAAG,oBAAoB,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;QACxF,OAAO,QAAQ,CAAC;IAClB,CAAC;IASD;;;OAGG;IACI,MAAM;QACX,OAAO,CAAC,oBAAW,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC,EAAE,oBAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IAC/E,CAAC;IAED;;;OAGG;IACI,UAAU;QACf,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,WAAW;YAC3B,SAAS,EAAE,IAAI,CAAC,UAAU;SAC3B,CAAC;IACJ,CAAC;IAED;;;OAGG;IACI,YAAY;QACjB,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,IAAI,CAAC,SAAsB;QACtC,MAAM,IAAI,GAAG,kBAAM,CAAC,MAAM,EAAE,CAAC;QAC7B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvB,MAAM,SAAS,GAAG,mBAAS,CAAC,SAAS,CACnC,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,EAC7B,IAAI,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CACjC,CAAC,SAAS,CAAC,MAAM,CAAC;QACnB,OAAO,SAAsB,CAAC;IAChC,CAAC;CACF;AA3HD,oDA2HC;AAED,kBAAe,oBAAoB,CAAC"}

package/lib/cjs/identity/webauthn.d.ts

@@ -0,0 +1,40 @@
+import { DerEncodedPublicKey, PublicKey, Signature, SignIdentity } from '@astrox/agent';
+export declare class CosePublicKey implements PublicKey {
+    protected _cose: ArrayBuffer;
+    protected _encodedKey: DerEncodedPublicKey;
+    constructor(_cose: ArrayBuffer);
+    toDer(): DerEncodedPublicKey;
+    getCose(): ArrayBuffer;
+}
+/**
+ * A SignIdentity that uses `navigator.credentials`. See https://webauthn.guide/ for
+ * more information about WebAuthentication.
+ */
+export declare class WebAuthnIdentity extends SignIdentity {
+    readonly rawId: ArrayBuffer;
+    /**
+     * Create an identity from a JSON serialization.
+     * @param json - json to parse
+     */
+    static fromJSON(json: string): WebAuthnIdentity;
+    /**
+     * Create an identity.
+     * @param credentialCreationOptions an optional CredentialCreationOptions Challenge
+     */
+    static create(credentialCreationOptions?: CredentialCreationOptions): Promise<WebAuthnIdentity>;
+    protected _publicKey: CosePublicKey;
+    protected constructor(rawId: ArrayBuffer, cose: ArrayBuffer);
+    getPublicKey(): PublicKey;
+    sign(blob: ArrayBuffer): Promise<Signature>;
+    /**
+     * Allow for JSON serialization of all information needed to reuse this identity.
+     */
+    toJSON(): JsonnableWebAuthnIdentitiy;
+}
+/**
+ * ReturnType<WebAuthnIdentity.toJSON>
+ */
+export interface JsonnableWebAuthnIdentitiy {
+    publicKey: string;
+    rawId: string;
+}

package/lib/cjs/identity/webauthn.js

@@ -0,0 +1,205 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebAuthnIdentity = exports.CosePublicKey = void 0;
+const agent_1 = require("@astrox/agent");
+const borc_1 = __importDefault(require("borc"));
+const tweetnacl = __importStar(require("tweetnacl"));
+const buffer_1 = require("../buffer");
+const der_1 = require("./der");
+function _coseToDerEncodedBlob(cose) {
+    return der_1.wrapDER(cose, der_1.DER_COSE_OID).buffer;
+}
+/**
+ * From the documentation;
+ * The authData is a byte array described in the spec. Parsing it will involve slicing bytes from
+ * the array and converting them into usable objects.
+ *
+ * See https://webauthn.guide/#registration (subsection "Example: Parsing the authenticator data").
+ *
+ * @param authData The authData field of the attestation response.
+ * @returns The COSE key of the authData.
+ */
+function _authDataToCose(authData) {
+    const dataView = new DataView(new ArrayBuffer(2));
+    const idLenBytes = authData.slice(53, 55);
+    [...new Uint8Array(idLenBytes)].forEach((v, i) => dataView.setUint8(i, v));
+    const credentialIdLength = dataView.getUint16(0);
+    // Get the public key object.
+    return authData.slice(55 + credentialIdLength);
+}
+class CosePublicKey {
+    constructor(_cose) {
+        this._cose = _cose;
+        this._encodedKey = _coseToDerEncodedBlob(_cose);
+    }
+    toDer() {
+        return this._encodedKey;
+    }
+    getCose() {
+        return this._cose;
+    }
+}
+exports.CosePublicKey = CosePublicKey;
+/**
+ * Create a challenge from a string or array. The default challenge is always the same
+ * because we don't need to verify the authenticity of the key on the server (we don't
+ * register our keys with the IC). Any challenge would do, even one per key, randomly
+ * generated.
+ *
+ * @param challenge The challenge to transform into a byte array. By default a hard
+ *        coded string.
+ */
+function _createChallengeBuffer(challenge = '<ic0.app>') {
+    if (typeof challenge === 'string') {
+        return Uint8Array.from(challenge, c => c.charCodeAt(0));
+    }
+    else {
+        return challenge;
+    }
+}
+/**
+ * Create a credentials to authenticate with a server. This is necessary in order in
+ * WebAuthn to get credentials IDs (which give us the public key and allow us to
+ * sign), but in the case of the Internet Computer, we don't actually need to register
+ * it, so we don't.
+ * @param credentialCreationOptions an optional CredentialCreationOptions object
+ */
+async function _createCredential(credentialCreationOptions) {
+    const creds = (await navigator.credentials.create(credentialCreationOptions !== null && credentialCreationOptions !== void 0 ? credentialCreationOptions : {
+        publicKey: {
+            authenticatorSelection: {
+                userVerification: 'preferred',
+            },
+            attestation: 'direct',
+            challenge: _createChallengeBuffer(),
+            pubKeyCredParams: [{ type: 'public-key', alg: PubKeyCoseAlgo.ECDSA_WITH_SHA256 }],
+            rp: {
+                name: 'Internet Identity Service',
+            },
+            user: {
+                id: tweetnacl.randomBytes(16),
+                name: 'Internet Identity',
+                displayName: 'Internet Identity',
+            },
+        },
+    }));
+    // Validate that it's the correct type at runtime, since WebAuthn does not HAVE to
+    // reply with a PublicKeyCredential.
+    if (creds.response === undefined || !(creds.rawId instanceof ArrayBuffer)) {
+        return null;
+    }
+    else {
+        return creds;
+    }
+}
+// See https://www.iana.org/assignments/cose/cose.xhtml#algorithms for a complete
+// list of these algorithms. We only list the ones we support here.
+var PubKeyCoseAlgo;
+(function (PubKeyCoseAlgo) {
+    PubKeyCoseAlgo[PubKeyCoseAlgo["ECDSA_WITH_SHA256"] = -7] = "ECDSA_WITH_SHA256";
+})(PubKeyCoseAlgo || (PubKeyCoseAlgo = {}));
+/**
+ * A SignIdentity that uses `navigator.credentials`. See https://webauthn.guide/ for
+ * more information about WebAuthentication.
+ */
+class WebAuthnIdentity extends agent_1.SignIdentity {
+    constructor(rawId, cose) {
+        super();
+        this.rawId = rawId;
+        this._publicKey = new CosePublicKey(cose);
+    }
+    /**
+     * Create an identity from a JSON serialization.
+     * @param json - json to parse
+     */
+    static fromJSON(json) {
+        const { publicKey, rawId } = JSON.parse(json);
+        if (typeof publicKey !== 'string' || typeof rawId !== 'string') {
+            throw new Error('Invalid JSON string.');
+        }
+        return new this(buffer_1.fromHexString(rawId), buffer_1.fromHexString(publicKey));
+    }
+    /**
+     * Create an identity.
+     * @param credentialCreationOptions an optional CredentialCreationOptions Challenge
+     */
+    static async create(credentialCreationOptions) {
+        const creds = await _createCredential(credentialCreationOptions);
+        if (!creds || creds.type !== 'public-key') {
+            throw new Error('Could not create credentials.');
+        }
+        const response = creds.response;
+        if (!(response.attestationObject instanceof ArrayBuffer)) {
+            throw new Error('Was expecting an attestation response.');
+        }
+        // Parse the attestationObject as CBOR.
+        const attObject = borc_1.default.decodeFirst(new Uint8Array(response.attestationObject));
+        return new this(creds.rawId, _authDataToCose(attObject.authData));
+    }
+    getPublicKey() {
+        return this._publicKey;
+    }
+    async sign(blob) {
+        const result = (await navigator.credentials.get({
+            publicKey: {
+                allowCredentials: [
+                    {
+                        type: 'public-key',
+                        id: this.rawId,
+                    },
+                ],
+                challenge: blob,
+                userVerification: 'preferred',
+            },
+        }));
+        const response = result.response;
+        if (response.signature instanceof ArrayBuffer &&
+            response.authenticatorData instanceof ArrayBuffer) {
+            const cbor = borc_1.default.encode(new borc_1.default.Tagged(55799, {
+                authenticator_data: new Uint8Array(response.authenticatorData),
+                client_data_json: new TextDecoder().decode(response.clientDataJSON),
+                signature: new Uint8Array(response.signature),
+            }));
+            if (!cbor) {
+                throw new Error('failed to encode cbor');
+            }
+            return cbor.buffer;
+        }
+        else {
+            throw new Error('Invalid response from WebAuthn.');
+        }
+    }
+    /**
+     * Allow for JSON serialization of all information needed to reuse this identity.
+     */
+    toJSON() {
+        return {
+            publicKey: buffer_1.toHexString(this._publicKey.getCose()),
+            rawId: buffer_1.toHexString(this.rawId),
+        };
+    }
+}
+exports.WebAuthnIdentity = WebAuthnIdentity;
+//# sourceMappingURL=webauthn.js.map