npm - @bsv/sdk - Versions diffs - 1.3.11 → 1.3.12 - Mend

@bsv/sdk 1.3.11 → 1.3.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/docs/auth.md CHANGED Viewed

@@ -218,15 +218,15 @@ export default class Certificate {
     toBinary(includeSignature: boolean = true): number[]
     static fromBinary(bin: number[]): Certificate
     async verify(): Promise<boolean>
-    async sign(certifierWallet: WalletInterface): Promise<void>
-    static getCertificateFieldEncryptionDetails(serialNumber: string, fieldName: string): {
+    async sign(certifierWallet: ProtoWallet): Promise<void>
+    static getCertificateFieldEncryptionDetails(fieldName: string, serialNumber?: string): {
         protocolID: WalletProtocol;
         keyID: string;
     }
 }
 ```
-See also: [Base64String](#type-base64string), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [HexString](#type-hexstring), [OutpointString](#type-outpointstring), [PubKeyHex](#type-pubkeyhex), [WalletInterface](#interface-walletinterface), [WalletProtocol](#type-walletprotocol), [sign](#variable-sign), [verify](#variable-verify)
+See also: [Base64String](#type-base64string), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [HexString](#type-hexstring), [OutpointString](#type-outpointstring), [ProtoWallet](#class-protowallet), [PubKeyHex](#type-pubkeyhex), [WalletProtocol](#type-walletprotocol), [sign](#variable-sign), [verify](#variable-verify)
 <details>
@@ -344,7 +344,7 @@ Argument Details
 Helper function which retrieves the protocol ID and key ID for certificate field encryption.
 ```ts
-static getCertificateFieldEncryptionDetails(serialNumber: string, fieldName: string): {
+static getCertificateFieldEncryptionDetails(fieldName: string, serialNumber?: string): {
     protocolID: WalletProtocol;
     keyID: string;
 }
@@ -369,9 +369,9 @@ Argument Details
 Signs the certificate using the provided certifier wallet.
 ```ts
-async sign(certifierWallet: WalletInterface): Promise<void>
+async sign(certifierWallet: ProtoWallet): Promise<void>
 ```
-See also: [WalletInterface](#interface-walletinterface)
+See also: [ProtoWallet](#class-protowallet)
 Argument Details
@@ -466,14 +466,18 @@ export class MasterCertificate extends Certificate {
     declare signature?: HexString;
     masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>;
     constructor(type: Base64String, serialNumber: Base64String, subject: PubKeyHex, certifier: PubKeyHex, revocationOutpoint: OutpointString, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, signature?: HexString)
-    static async createCertificateFields(creatorWallet: WalletInterface, certifierOrSubject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>): Promise<CreateCertificateFieldsResult>
-    static async createKeyringForVerifier(subjectWallet: WalletInterface, certifier: WalletCounterparty, verifier: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, fieldsToReveal: string[], masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, serialNumber: Base64String, originator?: string): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
-    static async issueCertificateForSubject(certifierWallet: WalletInterface, subject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, certificateType: string, getRevocationOutpoint = async (serialNumber: string): Promise<string> => { return "Certificate revocation not tracked."; }, serialNumber?: string): Promise<MasterCertificate>
-    static async decryptFields(subjectOrCertifierWallet: WalletInterface, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, counterparty: WalletCounterparty): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
+    static async createCertificateFields(creatorWallet: ProtoWallet, certifierOrSubject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<CreateCertificateFieldsResult>
+    static async createKeyringForVerifier(subjectWallet: ProtoWallet, certifier: WalletCounterparty, verifier: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, fieldsToReveal: string[], masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, serialNumber: Base64String, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
+    static async issueCertificateForSubject(certifierWallet: ProtoWallet, subject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, certificateType: string, getRevocationOutpoint = async (serialNumber: string): Promise<string> => { return "Certificate revocation not tracked."; }, serialNumber?: string): Promise<MasterCertificate>
+    static async decryptFields(subjectOrCertifierWallet: ProtoWallet, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, counterparty: WalletCounterparty): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
+    static async decryptField(subjectOrCertifierWallet: ProtoWallet, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, fieldName: Base64String, fieldValue: Base64String, counterparty: WalletCounterparty, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<{
+        fieldRevelationKey: number[];
+        decryptedFieldValue: string;
+    }>
 }
 ```
-See also: [Base64String](#type-base64string), [Certificate](#class-certificate), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [HexString](#type-hexstring), [OutpointString](#type-outpointstring), [PubKeyHex](#type-pubkeyhex), [WalletCounterparty](#type-walletcounterparty), [WalletInterface](#interface-walletinterface)
+See also: [Base64String](#type-base64string), [Certificate](#class-certificate), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [HexString](#type-hexstring), [OriginatorDomainNameStringUnder250Bytes](#type-originatordomainnamestringunder250bytes), [OutpointString](#type-outpointstring), [ProtoWallet](#class-protowallet), [PubKeyHex](#type-pubkeyhex), [WalletCounterparty](#type-walletcounterparty)
 <details>
@@ -486,9 +490,9 @@ This method returns a master keyring tied to a specific certifier or subject who
 and sign off on the fields, along with the encrypted certificate fields.
 ```ts
-static async createCertificateFields(creatorWallet: WalletInterface, certifierOrSubject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>): Promise<CreateCertificateFieldsResult>
+static async createCertificateFields(creatorWallet: ProtoWallet, certifierOrSubject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<CreateCertificateFieldsResult>
 ```
-See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [WalletCounterparty](#type-walletcounterparty), [WalletInterface](#interface-walletinterface)
+See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [OriginatorDomainNameStringUnder250Bytes](#type-originatordomainnamestringunder250bytes), [ProtoWallet](#class-protowallet), [WalletCounterparty](#type-walletcounterparty)
 Returns
@@ -515,9 +519,9 @@ for the verifier's identity key. The result is a keyring containing the keys nec
 for the verifier to access the designated fields.
 ```ts
-static async createKeyringForVerifier(subjectWallet: WalletInterface, certifier: WalletCounterparty, verifier: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, fieldsToReveal: string[], masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, serialNumber: Base64String, originator?: string): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
+static async createKeyringForVerifier(subjectWallet: ProtoWallet, certifier: WalletCounterparty, verifier: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, fieldsToReveal: string[], masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, serialNumber: Base64String, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
 ```
-See also: [Base64String](#type-base64string), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [WalletCounterparty](#type-walletcounterparty), [WalletInterface](#interface-walletinterface)
+See also: [Base64String](#type-base64string), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [OriginatorDomainNameStringUnder250Bytes](#type-originatordomainnamestringunder250bytes), [ProtoWallet](#class-protowallet), [WalletCounterparty](#type-walletcounterparty)
 Returns
@@ -552,9 +556,9 @@ The counterparty used for decryption depends on how the certificate fields were
 - Otherwise, the counterparty should always be the other party involved in the certificate issuance process (the subject or certifier).
 ```ts
-static async decryptFields(subjectOrCertifierWallet: WalletInterface, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, counterparty: WalletCounterparty): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
+static async decryptFields(subjectOrCertifierWallet: ProtoWallet, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, counterparty: WalletCounterparty): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
 ```
-See also: [Base64String](#type-base64string), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [WalletCounterparty](#type-walletcounterparty), [WalletInterface](#interface-walletinterface)
+See also: [Base64String](#type-base64string), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [ProtoWallet](#class-protowallet), [WalletCounterparty](#type-walletcounterparty)
 Returns
@@ -585,9 +589,9 @@ generated symmetric key, which is then encrypted for the subject. The certificat
 can also includes a revocation outpoint to manage potential revocation.
 ```ts
-static async issueCertificateForSubject(certifierWallet: WalletInterface, subject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, certificateType: string, getRevocationOutpoint = async (serialNumber: string): Promise<string> => { return "Certificate revocation not tracked."; }, serialNumber?: string): Promise<MasterCertificate>
+static async issueCertificateForSubject(certifierWallet: ProtoWallet, subject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, certificateType: string, getRevocationOutpoint = async (serialNumber: string): Promise<string> => { return "Certificate revocation not tracked."; }, serialNumber?: string): Promise<MasterCertificate>
 ```
-See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [MasterCertificate](#class-mastercertificate), [WalletCounterparty](#type-walletcounterparty), [WalletInterface](#interface-walletinterface)
+See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [MasterCertificate](#class-mastercertificate), [ProtoWallet](#class-protowallet), [WalletCounterparty](#type-walletcounterparty)
 Returns
@@ -1117,11 +1121,11 @@ export class VerifiableCertificate extends Certificate {
     keyring: Record<CertificateFieldNameUnder50Bytes, string>;
     decryptedFields?: Record<CertificateFieldNameUnder50Bytes, Base64String>;
     constructor(type: Base64String, serialNumber: Base64String, subject: PubKeyHex, certifier: PubKeyHex, revocationOutpoint: OutpointString, fields: Record<CertificateFieldNameUnder50Bytes, string>, keyring: Record<CertificateFieldNameUnder50Bytes, string>, signature?: HexString, decryptedFields?: Record<CertificateFieldNameUnder50Bytes, Base64String>)
-    async decryptFields(verifierWallet: WalletInterface): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
+    async decryptFields(verifierWallet: ProtoWallet): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
 }
 ```
-See also: [Base64String](#type-base64string), [Certificate](#class-certificate), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [HexString](#type-hexstring), [OutpointString](#type-outpointstring), [PubKeyHex](#type-pubkeyhex), [WalletInterface](#interface-walletinterface)
+See also: [Base64String](#type-base64string), [Certificate](#class-certificate), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [HexString](#type-hexstring), [OutpointString](#type-outpointstring), [ProtoWallet](#class-protowallet), [PubKeyHex](#type-pubkeyhex)
 <details>
@@ -1132,9 +1136,9 @@ See also: [Base64String](#type-base64string), [Certificate](#class-certificate),
 Decrypts selectively revealed certificate fields using the provided keyring and verifier wallet
 ```ts
-async decryptFields(verifierWallet: WalletInterface): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
+async decryptFields(verifierWallet: ProtoWallet): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
 ```
-See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [WalletInterface](#interface-walletinterface)
+See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [ProtoWallet](#class-protowallet)
 Returns

package/docs/wallet.md CHANGED Viewed

@@ -2115,23 +2115,23 @@ enable the management of identity certificates, or store any data. It is also no
 ```ts
 export class ProtoWallet {
-    keyDeriver: KeyDeriverApi;
-    constructor(rootKeyOrKeyDeriver: PrivateKey | "anyone" | KeyDeriverApi)
-    async getPublicKey(args: GetPublicKeyArgs): Promise<{
+    keyDeriver?: KeyDeriverApi;
+    constructor(rootKeyOrKeyDeriver?: PrivateKey | "anyone" | KeyDeriverApi)
+    async getPublicKey(args: GetPublicKeyArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<{
         publicKey: PubKeyHex;
     }>
-    async revealCounterpartyKeyLinkage(args: RevealCounterpartyKeyLinkageArgs): Promise<RevealCounterpartyKeyLinkageResult>
-    async revealSpecificKeyLinkage(args: RevealSpecificKeyLinkageArgs): Promise<RevealSpecificKeyLinkageResult>
-    async encrypt(args: WalletEncryptArgs): Promise<WalletEncryptResult>
-    async decrypt(args: WalletDecryptArgs): Promise<WalletDecryptResult>
-    async createHmac(args: CreateHmacArgs): Promise<CreateHmacResult>
-    async verifyHmac(args: VerifyHmacArgs): Promise<VerifyHmacResult>
-    async createSignature(args: CreateSignatureArgs): Promise<CreateSignatureResult>
-    async verifySignature(args: VerifySignatureArgs): Promise<VerifySignatureResult>
+    async revealCounterpartyKeyLinkage(args: RevealCounterpartyKeyLinkageArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<RevealCounterpartyKeyLinkageResult>
+    async revealSpecificKeyLinkage(args: RevealSpecificKeyLinkageArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<RevealSpecificKeyLinkageResult>
+    async encrypt(args: WalletEncryptArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<WalletEncryptResult>
+    async decrypt(args: WalletDecryptArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<WalletDecryptResult>
+    async createHmac(args: CreateHmacArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<CreateHmacResult>
+    async verifyHmac(args: VerifyHmacArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<VerifyHmacResult>
+    async createSignature(args: CreateSignatureArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<CreateSignatureResult>
+    async verifySignature(args: VerifySignatureArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<VerifySignatureResult>
 }
 ```
-See also: [CreateHmacArgs](#interface-createhmacargs), [CreateHmacResult](#interface-createhmacresult), [CreateSignatureArgs](#interface-createsignatureargs), [CreateSignatureResult](#interface-createsignatureresult), [GetPublicKeyArgs](#interface-getpublickeyargs), [KeyDeriverApi](#interface-keyderiverapi), [PrivateKey](#class-privatekey), [PubKeyHex](#type-pubkeyhex), [RevealCounterpartyKeyLinkageArgs](#interface-revealcounterpartykeylinkageargs), [RevealCounterpartyKeyLinkageResult](#interface-revealcounterpartykeylinkageresult), [RevealSpecificKeyLinkageArgs](#interface-revealspecifickeylinkageargs), [RevealSpecificKeyLinkageResult](#interface-revealspecifickeylinkageresult), [VerifyHmacArgs](#interface-verifyhmacargs), [VerifyHmacResult](#interface-verifyhmacresult), [VerifySignatureArgs](#interface-verifysignatureargs), [VerifySignatureResult](#interface-verifysignatureresult), [WalletDecryptArgs](#interface-walletdecryptargs), [WalletDecryptResult](#interface-walletdecryptresult), [WalletEncryptArgs](#interface-walletencryptargs), [WalletEncryptResult](#interface-walletencryptresult), [decrypt](#variable-decrypt), [encrypt](#variable-encrypt)
+See also: [CreateHmacArgs](#interface-createhmacargs), [CreateHmacResult](#interface-createhmacresult), [CreateSignatureArgs](#interface-createsignatureargs), [CreateSignatureResult](#interface-createsignatureresult), [GetPublicKeyArgs](#interface-getpublickeyargs), [KeyDeriverApi](#interface-keyderiverapi), [OriginatorDomainNameStringUnder250Bytes](#type-originatordomainnamestringunder250bytes), [PrivateKey](#class-privatekey), [PubKeyHex](#type-pubkeyhex), [RevealCounterpartyKeyLinkageArgs](#interface-revealcounterpartykeylinkageargs), [RevealCounterpartyKeyLinkageResult](#interface-revealcounterpartykeylinkageresult), [RevealSpecificKeyLinkageArgs](#interface-revealspecifickeylinkageargs), [RevealSpecificKeyLinkageResult](#interface-revealspecifickeylinkageresult), [VerifyHmacArgs](#interface-verifyhmacargs), [VerifyHmacResult](#interface-verifyhmacresult), [VerifySignatureArgs](#interface-verifysignatureargs), [VerifySignatureResult](#interface-verifysignatureresult), [WalletDecryptArgs](#interface-walletdecryptargs), [WalletDecryptResult](#interface-walletdecryptresult), [WalletEncryptArgs](#interface-walletencryptargs), [WalletEncryptResult](#interface-walletencryptresult), [decrypt](#variable-decrypt), [encrypt](#variable-encrypt)
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.3.11",
+  "version": "1.3.12",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",

package/src/auth/certificates/Certificate.ts CHANGED Viewed

@@ -5,7 +5,6 @@ import {
   HexString,
   OutpointString,
   CertificateFieldNameUnder50Bytes,
-  WalletInterface,
   Signature,
   WalletProtocol,
   ProtoWallet
@@ -232,7 +231,7 @@ export default class Certificate {
    * @param {Wallet} certifierWallet - The wallet representing the certifier.
    * @returns {Promise<void>}
    */
-  async sign(certifierWallet: WalletInterface): Promise<void> {
+  async sign(certifierWallet: ProtoWallet): Promise<void> {
     if (this.signature) {
       throw new Error(`Certificate has already been signed! Signature present: ${this.signature}`)
     }

package/src/auth/certificates/MasterCertificate.ts CHANGED Viewed

@@ -8,7 +8,8 @@ import {
   PubKeyHex,
   Random,
   WalletCounterparty,
-  WalletInterface
+  ProtoWallet,
+  OriginatorDomainNameStringUnder250Bytes
 } from '../../../mod.js'
 import Certificate from './Certificate.js'
@@ -65,7 +66,7 @@ export class MasterCertificate extends Certificate {
    * This method returns a master keyring tied to a specific certifier or subject who will validate
    * and sign off on the fields, along with the encrypted certificate fields.
    *
-   * @param {WalletInterface} creatorWallet - The wallet of the creator responsible for encrypting the fields.
+   * @param {ProtoWallet} creatorWallet - The wallet of the creator responsible for encrypting the fields.
    * @param {WalletCounterparty} certifierOrSubject - The certifier or subject who will validate the certificate fields.
    * @param {Record<CertificateFieldNameUnder50Bytes, string>} fields - A record of certificate field names (under 50 bytes) mapped to their values.
    * @returns {Promise<CreateCertificateFieldsResult>} A promise resolving to an object containing:
@@ -75,9 +76,10 @@ export class MasterCertificate extends Certificate {
    *     The master keyring containing encrypted revelation keys for each field.
    */
   static async createCertificateFields(
-    creatorWallet: WalletInterface,
+    creatorWallet: ProtoWallet,
     certifierOrSubject: WalletCounterparty,
-    fields: Record<CertificateFieldNameUnder50Bytes, string>
+    fields: Record<CertificateFieldNameUnder50Bytes, string>,
+    originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<CreateCertificateFieldsResult> {
     const certificateFields: Record<CertificateFieldNameUnder50Bytes, Base64String> = {}
     const masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String> = {}
@@ -90,7 +92,7 @@ export class MasterCertificate extends Certificate {
         plaintext: fieldSymmetricKey.toArray(),
         ...Certificate.getCertificateFieldEncryptionDetails(fieldName), // Only fieldName used on MasterCertificate
         counterparty: certifierOrSubject
-      })
+      }, originator)
       masterKeyring[fieldName] = Utils.toBase64(encryptedFieldRevelationKey)
     }
@@ -106,7 +108,7 @@ export class MasterCertificate extends Certificate {
    * for the verifier's identity key. The result is a keyring containing the keys necessary
    * for the verifier to access the designated fields.
    *
-   * @param {WalletInterface} subjectWallet - The wallet instance of the subject, used to decrypt and re-encrypt field keys.
+   * @param {ProtoWallet} subjectWallet - The wallet instance of the subject, used to decrypt and re-encrypt field keys.
    * @param {WalletCounterparty} verifier - The verifier who will receive access to the selectively revealed fields. Can be an identity key as hex, 'anyone', or 'self'.
    * @param {string[]} fieldsToReveal - An array of field names to be revealed to the verifier. Must be a subset of the certificate's fields.
    * @param {string} [originator] - Optional originator identifier, used if additional context is needed for decryption and encryption operations.
@@ -117,14 +119,14 @@ export class MasterCertificate extends Certificate {
    *   - The decrypted master field key fails to decrypt the corresponding field (indicating an invalid key).
    */
   static async createKeyringForVerifier(
-    subjectWallet: WalletInterface,
+    subjectWallet: ProtoWallet,
     certifier: WalletCounterparty,
     verifier: WalletCounterparty,
     fields: Record<CertificateFieldNameUnder50Bytes, Base64String>,
     fieldsToReveal: string[],
     masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>,
     serialNumber: Base64String,
-    originator?: string): Promise<Record<CertificateFieldNameUnder50Bytes, string>> {
+    originator?: OriginatorDomainNameStringUnder250Bytes): Promise<Record<CertificateFieldNameUnder50Bytes, string>> {
     if (!Array.isArray(fieldsToReveal)) {
       throw new Error('fieldsToReveal must be an array of strings')
     }
@@ -161,7 +163,7 @@ export class MasterCertificate extends Certificate {
    * generated symmetric key, which is then encrypted for the subject. The certificate
    * can also includes a revocation outpoint to manage potential revocation.
    *
-   * @param {WalletInterface} certifierWallet - The wallet of the certifier, used to sign the certificate and encrypt field keys.
+   * @param {ProtoWallet} certifierWallet - The wallet of the certifier, used to sign the certificate and encrypt field keys.
    * @param {WalletCounterparty} subject - The subject for whom the certificate is issued.
    * @param {Record<CertificateFieldNameUnder50Bytes, string>} fields - Unencrypted certificate fields to include, with their names and values.
    * @param {string} certificateType - The type of certificate being issued.
@@ -173,7 +175,7 @@ export class MasterCertificate extends Certificate {
    * @throws {Error} Throws an error if any operation (e.g., encryption, signing) fails during certificate issuance.
    */
   static async issueCertificateForSubject(
-    certifierWallet: WalletInterface,
+    certifierWallet: ProtoWallet,
     subject: WalletCounterparty,
     fields: Record<CertificateFieldNameUnder50Bytes, string>,
     certificateType: string,
@@ -224,7 +226,7 @@ export class MasterCertificate extends Certificate {
    * - If the certificate is self-signed, the counterparty should be set to 'self'.
    * - Otherwise, the counterparty should always be the other party involved in the certificate issuance process (the subject or certifier).
    *
-   * @param {WalletInterface} subjectOrCertifierWallet - The wallet of the subject or certifier, used to decrypt the master keyring and field values.
+   * @param {ProtoWallet} subjectOrCertifierWallet - The wallet of the subject or certifier, used to decrypt the master keyring and field values.
    * @param {Record<CertificateFieldNameUnder50Bytes, Base64String>} masterKeyring - A record containing encrypted keys for each field.
    * @param {Record<CertificateFieldNameUnder50Bytes, Base64String>} fields - A record of encrypted field names and their values.
    * @param {WalletCounterparty} counterparty - The counterparty responsible for creating or signing the certificate. For self-signed certificates, use 'self'.
@@ -233,7 +235,7 @@ export class MasterCertificate extends Certificate {
    * @throws {Error} Throws an error if the `masterKeyring` is invalid or if decryption fails for any field.
    */
   static async decryptFields(
-    subjectOrCertifierWallet: WalletInterface,
+    subjectOrCertifierWallet: ProtoWallet,
     masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>,
     fields: Record<CertificateFieldNameUnder50Bytes, Base64String>,
     counterparty: WalletCounterparty
@@ -254,11 +256,12 @@ export class MasterCertificate extends Certificate {
   }
   static async decryptField(
-    subjectOrCertifierWallet: WalletInterface,
+    subjectOrCertifierWallet: ProtoWallet,
     masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>,
     fieldName: Base64String,
     fieldValue: Base64String,
-    counterparty: WalletCounterparty
+    counterparty: WalletCounterparty,
+    originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<{ fieldRevelationKey: number[], decryptedFieldValue: string }> {
     if (!masterKeyring || Object.keys(masterKeyring).length === 0) {
       throw new Error('A MasterCertificate must have a valid masterKeyring!')
@@ -268,7 +271,7 @@ export class MasterCertificate extends Certificate {
         ciphertext: Utils.toArray(masterKeyring[fieldName], 'base64'),
         ...Certificate.getCertificateFieldEncryptionDetails(fieldName), // Only fieldName used on MasterCertificate
         counterparty
-      })
+      }, originator)
       const decryptedFieldValue = new SymmetricKey(fieldRevelationKey).decrypt(Utils.toArray(fieldValue, 'base64'))
       return {

package/src/auth/certificates/VerifiableCertificate.ts CHANGED Viewed

@@ -6,7 +6,7 @@ import {
   HexString,
   OutpointString,
   PubKeyHex,
-  WalletInterface
+  ProtoWallet
 } from '../../../mod.js'
 import Certificate from './Certificate.js'
@@ -44,11 +44,11 @@ export class VerifiableCertificate extends Certificate {
   /**
    * Decrypts selectively revealed certificate fields using the provided keyring and verifier wallet
-   * @param {WalletInterface} verifierWallet - The wallet instance of the certificate's verifier, used to decrypt field keys.
+   * @param {ProtoWallet} verifierWallet - The wallet instance of the certificate's verifier, used to decrypt field keys.
    * @returns {Promise<Record<CertificateFieldNameUnder50Bytes, string>>} - A promise that resolves to an object where each key is a field name and each value is the decrypted field value as a string.
    * @throws {Error} Throws an error if any of the decryption operations fail, with a message indicating the failure context.
    */
-  async decryptFields(verifierWallet: WalletInterface): Promise<Record<CertificateFieldNameUnder50Bytes, string>> {
+  async decryptFields(verifierWallet: ProtoWallet): Promise<Record<CertificateFieldNameUnder50Bytes, string>> {
     if (!this.keyring || Object.keys(this.keyring).length === 0) {
       throw new Error('A keyring is required to decrypt certificate fields for the verifier.')
     }

package/src/auth/certificates/__tests/VerifiableCertificate.test.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import { PrivateKey, SymmetricKey, Utils } from '../../../../dist/cjs/src/primit
 import { CompletedProtoWallet } from '../../../../dist/cjs/src/auth/certificates/__tests/CompletedProtoWallet.js'
 import { Certificate } from '../../../../dist/cjs/src/auth/certificates/index.js'
 import { MasterCertificate } from '../../../../dist/cjs/src/auth/certificates/MasterCertificate.js'
+import { ProtoWallet } from '../../../../dist/cjs/src/wallet/index.js'
 describe('VerifiableCertificate', () => {
   const subjectPrivateKey = PrivateKey.fromRandom()
@@ -108,5 +109,33 @@ describe('VerifiableCertificate', () => {
         /Failed to decrypt selectively revealed certificate fields using keyring/
       )
     })
+    it('should be able to decrypt fields using the anyone wallet', async () => {
+      const { certificateFields, masterKeyring } = await MasterCertificate.createCertificateFields(
+        subjectWallet,
+        certifierIdentityKey,
+        plaintextFields
+      )
+      const keyringForVerifier = await MasterCertificate.createKeyringForVerifier(
+        subjectWallet,
+        certifierIdentityKey,
+        'anyone',
+        certificateFields,
+        Object.keys(certificateFields),
+        masterKeyring,
+        sampleSerialNumber
+      )
+      verifiableCert = new VerifiableCertificate(
+        sampleType,
+        sampleSerialNumber,
+        subjectIdentityKey,
+        'anyone',
+        sampleRevocationOutpoint,
+        certificateFields,
+        keyringForVerifier
+      )
+      const decrypted = await verifiableCert.decryptFields(new ProtoWallet('anyone'))
+      expect(decrypted).toEqual(plaintextFields)
+    })
   })
 })

package/src/wallet/ProtoWallet.ts CHANGED Viewed

@@ -33,9 +33,9 @@ import {
  * enable the management of identity certificates, or store any data. It is also not concerned with privileged keys.
  */
 export class ProtoWallet {
-  keyDeriver: KeyDeriverApi
+  keyDeriver?: KeyDeriverApi
-  constructor (rootKeyOrKeyDeriver: PrivateKey | 'anyone' | KeyDeriverApi) {
+  constructor (rootKeyOrKeyDeriver?: PrivateKey | 'anyone' | KeyDeriverApi) {
     if (typeof (rootKeyOrKeyDeriver as KeyDeriver).identityKey !== 'string') {
       rootKeyOrKeyDeriver = new KeyDeriver(rootKeyOrKeyDeriver as PrivateKey | 'anyone')
     }
@@ -43,7 +43,8 @@ export class ProtoWallet {
   }
   async getPublicKey (
-    args: GetPublicKeyArgs
+    args: GetPublicKeyArgs,
+    originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<{ publicKey: PubKeyHex }> {
     if (args.identityKey) {
       return { publicKey: this.keyDeriver.rootKey.toPublicKey().toString() }
@@ -65,7 +66,8 @@ export class ProtoWallet {
   }
   async revealCounterpartyKeyLinkage (
-    args: RevealCounterpartyKeyLinkageArgs
+    args: RevealCounterpartyKeyLinkageArgs,
+    originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<RevealCounterpartyKeyLinkageResult> {
     const { publicKey: identityKey } = await this.getPublicKey({ identityKey: true })
     const linkage = this.keyDeriver.revealCounterpartySecret(args.counterparty)
@@ -99,7 +101,8 @@ export class ProtoWallet {
   }
   async revealSpecificKeyLinkage (
-    args: RevealSpecificKeyLinkageArgs
+    args: RevealSpecificKeyLinkageArgs,
+    originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<RevealSpecificKeyLinkageResult> {
     const { publicKey: identityKey } = await this.getPublicKey({ identityKey: true })
     const linkage = this.keyDeriver.revealSpecificSecret(
@@ -132,7 +135,8 @@ export class ProtoWallet {
   }
   async encrypt (
-    args: WalletEncryptArgs
+    args: WalletEncryptArgs,
+    originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<WalletEncryptResult> {
     const key = this.keyDeriver.deriveSymmetricKey(
       args.protocolID,
@@ -143,7 +147,8 @@ export class ProtoWallet {
   }
   async decrypt (
-    args: WalletDecryptArgs
+    args: WalletDecryptArgs,
+    originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<WalletDecryptResult> {
     const key = this.keyDeriver.deriveSymmetricKey(
       args.protocolID,
@@ -154,7 +159,8 @@ export class ProtoWallet {
   }
   async createHmac (
-    args: CreateHmacArgs
+    args: CreateHmacArgs,
+    originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<CreateHmacResult> {
     const key = this.keyDeriver.deriveSymmetricKey(
       args.protocolID,
@@ -165,7 +171,8 @@ export class ProtoWallet {
   }
   async verifyHmac (
-    args: VerifyHmacArgs
+    args: VerifyHmacArgs,
+    originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<VerifyHmacResult> {
     const key = this.keyDeriver.deriveSymmetricKey(
       args.protocolID,
@@ -182,7 +189,8 @@ export class ProtoWallet {
   }
   async createSignature (
-    args: CreateSignatureArgs
+    args: CreateSignatureArgs,
+    originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<CreateSignatureResult> {
     if (!args.hashToDirectlySign && !args.data) {
       throw new Error('args.data or args.hashToDirectlySign must be valid')
@@ -197,7 +205,8 @@ export class ProtoWallet {
   }
   async verifySignature (
-    args: VerifySignatureArgs
+    args: VerifySignatureArgs,
+    originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<VerifySignatureResult> {
     if (!args.hashToDirectlyVerify && !args.data) {
       throw new Error('args.data or args.hashToDirectlyVerify must be valid')