@bsv/sdk 1.9.19 → 1.9.22

package/docs/reference/auth.md

@@ -502,7 +502,7 @@ export class MasterCertificate extends Certificate {
     static async createKeyringForVerifier(subjectWallet: ProtoWallet, certifier: WalletCounterparty, verifier: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, fieldsToReveal: string[], masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, serialNumber: Base64String, privileged?: boolean, privilegedReason?: string): Promise<Record<CertificateFieldNameUnder50Bytes, string>> 
     static async issueCertificateForSubject(certifierWallet: ProtoWallet, subject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, certificateType: string, getRevocationOutpoint = async (_serial: string): Promise<string> => {
         void _serial;
-        return "Certificate revocation not tracked.";
+        return "00".repeat(32);
     }, serialNumber?: string): Promise<MasterCertificate> 
     static async decryptFields(subjectOrCertifierWallet: ProtoWallet, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, counterparty: WalletCounterparty, privileged?: boolean, privilegedReason?: string): Promise<Record<CertificateFieldNameUnder50Bytes, string>> 
     static async decryptField(subjectOrCertifierWallet: ProtoWallet, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, fieldName: Base64String, fieldValue: Base64String, counterparty: WalletCounterparty, privileged?: boolean, privilegedReason?: string): Promise<{
@@ -634,7 +634,7 @@ can also includes a revocation outpoint to manage potential revocation.
 ```ts
 static async issueCertificateForSubject(certifierWallet: ProtoWallet, subject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, certificateType: string, getRevocationOutpoint = async (_serial: string): Promise<string> => {
     void _serial;
-    return "Certificate revocation not tracked.";
+    return "00".repeat(32);
 }, serialNumber?: string): Promise<MasterCertificate> 
 ```
 See also: [CertificateFieldNameUnder50Bytes](./wallet.md#type-certificatefieldnameunder50bytes), [MasterCertificate](./auth.md#class-mastercertificate), [ProtoWallet](./wallet.md#class-protowallet), [WalletCounterparty](./wallet.md#type-walletcounterparty)

package/docs/reference/primitives.md

@@ -829,7 +829,17 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 ---
 ### Class: DRBG
 
-This class behaves as a HMAC-based deterministic random bit generator (DRBG). It implements a deterministic random number generator using SHA256HMAC HASH function. It takes an initial entropy and nonce when instantiated for seeding purpose.
+HMAC-DRBG used **only** for deterministic ECDSA nonce generation.
+
+This implementation follows the RFC 6979-style HMAC-DRBG construction for secp256k1
+and is wired internally into the ECDSA signing code. It is **not forward-secure**
+and MUST NOT be used as a general-purpose DRBG, key generator, or randomness source.
+
+Security note:
+- Intended scope: internal ECDSA nonce generation with fixed-size inputs.
+- Out-of-scope: generic randomness, long-lived session keys, or any context
+  where forward secrecy is required.
+- API stability: this class is internal.
 
 Example
 
@@ -4953,8 +4963,10 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 | [AES](#function-aes) |
 | [AESGCM](#function-aesgcm) |
 | [AESGCMDecrypt](#function-aesgcmdecrypt) |
+| [assertValidHex](#function-assertvalidhex) |
 | [base64ToArray](#function-base64toarray) |
 | [ghash](#function-ghash) |
+| [normalizeHex](#function-normalizehex) |
 | [pbkdf2](#function-pbkdf2) |
 | [red](#function-red) |
 | [toArray](#function-toarray) |
@@ -4994,6 +5006,15 @@ export function AESGCMDecrypt(cipherText: number[], additionalAuthenticatedData:
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
 
+---
+### Function: assertValidHex
+
+```ts
+export function assertValidHex(msg: string): void 
+```
+
+Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
+
 ---
 ### Function: base64ToArray
 
@@ -5012,6 +5033,15 @@ export function ghash(input: number[], hashSubKey: number[]): number[]
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
 
+---
+### Function: normalizeHex
+
+```ts
+export function normalizeHex(msg: string): string 
+```
+
+Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
+
 ---
 ### Function: pbkdf2
 
@@ -5939,7 +5969,7 @@ sign = (msg: BigNumber, key: BigNumber, forceLowS: boolean = false, customK?: Bi
         if (kBN == null)
             throw new Error("k is undefined");
         kBN = truncateToN(kBN, true);
-        if (kBN.cmpn(1) <= 0 || kBN.cmp(ns1) >= 0) {
+        if (kBN.cmpn(1) < 0 || kBN.cmp(ns1) > 0) {
             if (BigNumber.isBN(customK)) {
                 throw new Error("Invalid fixed custom K value (must be >1 and <N\u20111)");
             }
@@ -6090,49 +6120,78 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 ```ts
 toUTF8 = (arr: number[]): string => {
     let result = "";
-    let skip = 0;
+    const replacementChar = "\uFFFD";
     for (let i = 0; i < arr.length; i++) {
-        const byte = arr[i];
-        if (skip > 0) {
-            skip--;
+        const byte1 = arr[i];
+        if (byte1 <= 127) {
+            result += String.fromCharCode(byte1);
             continue;
         }
-        if (byte <= 127) {
-            result += String.fromCharCode(byte);
-            continue;
-        }
-        if (byte >= 192 && byte <= 223) {
-            const avail = arr.length - (i + 1);
-            const byte2 = avail >= 1 ? arr[i + 1] : 0;
-            skip = Math.min(1, avail);
-            const codePoint = ((byte & 31) << 6) | (byte2 & 63);
+        const emitReplacement = (): void => {
+            result += replacementChar;
+        };
+        if (byte1 >= 192 && byte1 <= 223) {
+            if (i + 1 >= arr.length) {
+                emitReplacement();
+                continue;
+            }
+            const byte2 = arr[i + 1];
+            if ((byte2 & 192) !== 128) {
+                emitReplacement();
+                i += 1;
+                continue;
+            }
+            const codePoint = ((byte1 & 31) << 6) | (byte2 & 63);
             result += String.fromCharCode(codePoint);
+            i += 1;
             continue;
         }
-        if (byte >= 224 && byte <= 239) {
-            const avail = arr.length - (i + 1);
-            const byte2 = avail >= 1 ? arr[i + 1] : 0;
-            const byte3 = avail >= 2 ? arr[i + 2] : 0;
-            skip = Math.min(2, avail);
-            const codePoint = ((byte & 15) << 12) | ((byte2 & 63) << 6) | (byte3 & 63);
+        if (byte1 >= 224 && byte1 <= 239) {
+            if (i + 2 >= arr.length) {
+                emitReplacement();
+                continue;
+            }
+            const byte2 = arr[i + 1];
+            const byte3 = arr[i + 2];
+            if ((byte2 & 192) !== 128 || (byte3 & 192) !== 128) {
+                emitReplacement();
+                i += 2;
+                continue;
+            }
+            const codePoint = ((byte1 & 15) << 12) |
+                ((byte2 & 63) << 6) |
+                (byte3 & 63);
             result += String.fromCharCode(codePoint);
+            i += 2;
             continue;
         }
-        if (byte >= 240 && byte <= 247) {
-            const avail = arr.length - (i + 1);
-            const byte2 = avail >= 1 ? arr[i + 1] : 0;
-            const byte3 = avail >= 2 ? arr[i + 2] : 0;
-            const byte4 = avail >= 3 ? arr[i + 3] : 0;
-            skip = Math.min(3, avail);
-            const codePoint = ((byte & 7) << 18) |
+        if (byte1 >= 240 && byte1 <= 247) {
+            if (i + 3 >= arr.length) {
+                emitReplacement();
+                continue;
+            }
+            const byte2 = arr[i + 1];
+            const byte3 = arr[i + 2];
+            const byte4 = arr[i + 3];
+            if ((byte2 & 192) !== 128 ||
+                (byte3 & 192) !== 128 ||
+                (byte4 & 192) !== 128) {
+                emitReplacement();
+                i += 3;
+                continue;
+            }
+            const codePoint = ((byte1 & 7) << 18) |
                 ((byte2 & 63) << 12) |
                 ((byte3 & 63) << 6) |
                 (byte4 & 63);
-            const surrogate1 = 55296 + ((codePoint - 65536) >> 10);
-            const surrogate2 = 56320 + ((codePoint - 65536) & 1023);
-            result += String.fromCharCode(surrogate1, surrogate2);
+            const offset = codePoint - 65536;
+            const highSurrogate = 55296 + (offset >> 10);
+            const lowSurrogate = 56320 + (offset & 1023);
+            result += String.fromCharCode(highSurrogate, lowSurrogate);
+            i += 3;
             continue;
         }
+        emitReplacement();
     }
     return result;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.9.19",
+  "version": "1.9.22",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",

package/src/auth/__tests/Peer.test.ts

@@ -12,6 +12,7 @@ import { SimplifiedFetchTransport } from '../../auth/transports/SimplifiedFetchT
 const certifierPrivKey = new PrivateKey(21)
 const alicePrivKey = new PrivateKey(22)
 const bobPrivKey = new PrivateKey(23)
+const DUMMY_REVOCATION_OUTPOINT_HEX = '00'.repeat(36)
 
 jest.mock('../../auth/utils/getVerifiableCertificates')
 
@@ -101,7 +102,7 @@ describe('Peer class mutual authentication and certificate exchange', () => {
         subjectPubKey,
         fields,
         certificateType,
-        async () => 'revocationOutpoint' // or any revocation outpoint logic you want
+        async () => DUMMY_REVOCATION_OUTPOINT_HEX
       )
 
     // For test consistency, you could override the auto-generated serialNumber:

package/src/auth/certificates/MasterCertificate.ts

@@ -232,7 +232,7 @@ export class MasterCertificate extends Certificate {
     certificateType: string,
     getRevocationOutpoint = async (_serial: string): Promise<string> => {
       void _serial // Explicitly acknowledge unused parameter
-      return 'Certificate revocation not tracked.'
+      return '00'.repeat(32)
     },
     serialNumber?: string
   ): Promise<MasterCertificate> {
@@ -246,11 +246,18 @@ export class MasterCertificate extends Certificate {
     // 3. Obtain a revocation outpoint
     const revocationOutpoint = await getRevocationOutpoint(finalSerialNumber)
 
+    let subjectIdentityKey: string
+      if (subject === 'self') {
+        subjectIdentityKey = (await certifierWallet.getPublicKey({ identityKey: true })).publicKey
+      } else {
+        subjectIdentityKey = subject
+      }
+
     // 4. Create new MasterCertificate instance
     const certificate = new MasterCertificate(
       certificateType,
       finalSerialNumber,
-      subject,
+      subjectIdentityKey,
       (await certifierWallet.getPublicKey({ identityKey: true })).publicKey,
       revocationOutpoint,
       certificateFields,

package/src/auth/certificates/__tests/MasterCertificate.test.ts

@@ -14,7 +14,8 @@ const verifierKey2 = new PrivateKey(81)
 
 // A mock revocation outpoint for testing
 const mockRevocationOutpoint =
-  'deadbeefdeadbeefdeadbeefdeadbeef00000000000000000000000000000000.1'
+  'deadbeefdeadbeefdeadbeefdeadbeef00000001'
+
 
 // Arbitrary certificate data (in plaintext)
 const plaintextFields = {
@@ -355,33 +356,69 @@ describe('MasterCertificate', () => {
         expect(newCert.fields[fieldName]).toMatch(/^[A-Za-z0-9+/]+=*$/)
       }
     })
+
     it('should allow issuing a self-signed certificate and decrypt it with the same wallet', async () => {
-      // In a self-signed scenario, the subject and certifier are the same
       const subjectWallet = new CompletedProtoWallet(subjectKey2)
 
-      // Some sample fields
       const selfSignedFields = {
         owner: 'Bob',
         organization: 'SelfCo'
       }
 
-      // Issue the certificate for "self"
+      const subjectIdentityKey = (
+        await subjectWallet.getPublicKey({ identityKey: true })
+      ).publicKey
+
+      // Issue the certificate: subject = actual identity key (valid hex)
       const selfSignedCert = await MasterCertificate.issueCertificateForSubject(
-        subjectWallet, // act as certifier
-        'self',
+        subjectWallet,        // acts as certifier
+        subjectIdentityKey,   // <-- was 'self', now real hex
         selfSignedFields,
         'SELF_SIGNED_TEST'
       )
 
-      // Now we attempt to decrypt the fields with the same wallet
+      // Decrypt with the same wallet
       const decrypted = await MasterCertificate.decryptFields(
         subjectWallet,
         selfSignedCert.masterKeyring,
         selfSignedCert.fields,
-        'self'
+        'self' // still fine here if decryptFields treats 'self' specially
       )
 
       expect(decrypted).toEqual(selfSignedFields)
     })
+
+    it('resolves subject === "self" to the certifier wallet identity key', async () => {
+      const certifierWallet = new CompletedProtoWallet(new PrivateKey(99))
+
+      const certifierIdentityKey = (
+        await certifierWallet.getPublicKey({ identityKey: true })
+      ).publicKey
+
+      const cert = await MasterCertificate.issueCertificateForSubject(
+        certifierWallet,
+        'self',
+        { name: 'Alice' },
+        'TEST_CERT'
+      )
+
+      expect(cert.subject).toBe(certifierIdentityKey)
+    })
+
+    it('uses provided subjectIdentityKey when subject is a valid hex string', async () => {
+      const certifierWallet = new CompletedProtoWallet(new PrivateKey(42))
+
+      const validPubkey =
+        '0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798'
+
+      const cert = await MasterCertificate.issueCertificateForSubject(
+        certifierWallet,
+        validPubkey,
+        { name: 'Alice' },
+        'TEST_CERT'
+      )
+
+      expect(cert.subject).toBe(validPubkey)
+    })
   })
-})
+})

package/src/primitives/DRBG.ts

@@ -2,7 +2,18 @@ import { SHA256HMAC } from './Hash.js'
 import { toHex, toArray } from './utils.js'
 
 /**
- * This class behaves as a HMAC-based deterministic random bit generator (DRBG). It implements a deterministic random number generator using SHA256HMAC HASH function. It takes an initial entropy and nonce when instantiated for seeding purpose.
+ * HMAC-DRBG used **only** for deterministic ECDSA nonce generation.
+ *
+ * This implementation follows the RFC 6979-style HMAC-DRBG construction for secp256k1
+ * and is wired internally into the ECDSA signing code. It is **not forward-secure**
+ * and MUST NOT be used as a general-purpose DRBG, key generator, or randomness source.
+ *
+ * Security note:
+ * - Intended scope: internal ECDSA nonce generation with fixed-size inputs.
+ * - Out-of-scope: generic randomness, long-lived session keys, or any context
+ *   where forward secrecy is required.
+ * - API stability: this class is internal.
+ *
  * @class DRBG
  *
  * @constructor

package/src/primitives/Hash.ts

@@ -1,6 +1,8 @@
 
 // @ts-nocheck
 /* eslint-disable @typescript-eslint/naming-convention */
+import { assertValidHex, normalizeHex } from './hex.js'
+
 const assert = (
   expression: unknown,
   message: string = 'Hash assertion failed'
@@ -169,6 +171,10 @@ abstract class BaseHash {
    */
   private _pad (): number[] {
     const len = this.pendingTotal
+    if (!Number.isSafeInteger(len) || len < 0) {
+      throw new Error('Message too long for this hash function')
+    }
+
     const bytes = this._delta8
     const k = bytes - ((len + this.padLength) % bytes)
     const res = new Array(k + this.padLength)
@@ -177,8 +183,6 @@ abstract class BaseHash {
     for (i = 1; i < k; i++) {
       res[i] = 0
     }
-
-    // Append length
     const lengthBytes = this.padLength
     const maxBits = 1n << BigInt(lengthBytes * 8)
     let totalBits = BigInt(len) * 8n
@@ -204,6 +208,7 @@ abstract class BaseHash {
         totalBits >>= 8n
       }
     }
+
     return res
   }
 }
@@ -262,10 +267,8 @@ export function toArray (
         }
       }
     } else {
-      msg = msg.replace(/[^a-z0-9]+/gi, '')
-      if (msg.length % 2 !== 0) {
-        msg = '0' + msg
-      }
+      assertValidHex(msg)
+      msg = normalizeHex(msg)
       for (let i = 0; i < msg.length; i += 2) {
         res.push(parseInt(msg[i] + msg[i + 1], 16))
       }

package/src/primitives/__tests/HMAC.test.ts

@@ -48,11 +48,22 @@ describe('HMAC', function () {
       res: 'cf5ad5984f9e43917aa9087380dac46e410ddc8a7731859c84e9d0f31bd43655'
     })
 
+    function normalizeKey (key: string | number[]): string | number[] {
+      if (typeof key === 'string') {
+        // test-only helper: remove whitespace between hex groups
+        return key.replace(/\s+/g, '')
+      }
+      return key
+    }
+
     function test (opt): void {
       it(`should not fail at ${opt.name as string}`, function (): void {
-        let h = new SHA256HMAC(opt.key)
+        const key = normalizeKey(opt.key)
+
+        let h = new SHA256HMAC(key as any)
         expect(h.update(opt.msg, opt.msgEnc).digestHex()).toEqual(opt.res)
-        h = h = new SHA256HMAC(opt.key)
+
+        h = new SHA256HMAC(key as any)
         expect(
           h
             .update(opt.msg.slice(0, 10), opt.msgEnc)

package/src/primitives/__tests/Hash.test.ts

@@ -3,6 +3,7 @@ import * as hash from '../../primitives/Hash'
 import * as crypto from 'crypto'
 import PBKDF2Vectors from './PBKDF2.vectors'
 import { toArray, toHex } from '../../primitives/utils'
+import { SHA1 } from '../..//primitives/Hash'
 
 describe('Hash', function () {
   function test (Hash, cases): void {
@@ -177,4 +178,27 @@ describe('Hash', function () {
       })
     }
   })
+
+  describe('Hash strict length validation (TOB-21)', () => {
+
+    it('throws when pendingTotal is not a safe integer', () => {
+      const h = new SHA1()
+
+      h.pendingTotal = Number.MAX_SAFE_INTEGER + 10
+
+      expect(() => {
+        h.digest()
+      }).toThrow('Message too long for this hash function')
+    })
+
+    it('throws when pendingTotal is negative', () => {
+      const h = new SHA1()
+
+      h.pendingTotal = -5
+
+      expect(() => {
+        h.digest()
+      }).toThrow('Message too long for this hash function')
+    })
+  })
 })

package/src/primitives/__tests/hex.test.ts

@@ -0,0 +1,57 @@
+/* eslint-env jest */
+
+import { assertValidHex, normalizeHex } from '../../primitives/hex'
+
+describe('hex utils', () => {
+  describe('assertValidHex', () => {
+    it('should not throw on valid hex strings', () => {
+      expect(() => assertValidHex('')).not.toThrow()          // empty is allowed
+      expect(() => assertValidHex('00')).not.toThrow()
+      expect(() => assertValidHex('abcdef')).not.toThrow()
+      expect(() => assertValidHex('ABCDEF')).not.toThrow()
+      expect(() => assertValidHex('1234567890')).not.toThrow()
+    })
+
+    it('should throw on non-hex characters', () => {
+      expect(() => assertValidHex('zz')).toThrow('Invalid hex string')
+      expect(() => assertValidHex('0x1234')).toThrow('Invalid hex string')
+      expect(() => assertValidHex('12 34')).toThrow('Invalid hex string')
+      expect(() => assertValidHex('g1')).toThrow('Invalid hex string')
+    })
+
+    // ❌ old behavior: empty string was considered invalid
+    // it('should throw on empty string', () => {
+    //   expect(() => assertValidHex('')).toThrow('Invalid hex string')
+    // })
+
+    it('should throw on undefined or null', () => {
+      expect(() => assertValidHex(undefined as any)).toThrow('Invalid hex string')
+      expect(() => assertValidHex(null as any)).toThrow('Invalid hex string')
+    })
+  })
+
+  describe('normalizeHex', () => {
+    it('should return lowercase hex', () => {
+      expect(normalizeHex('ABCD')).toBe('abcd')
+    })
+
+    it('should prepend 0 to odd-length hex strings', () => {
+      expect(normalizeHex('abc')).toBe('0abc')
+      expect(normalizeHex('f')).toBe('0f')
+    })
+
+    it('should leave even-length hex strings untouched (except lowercase)', () => {
+      expect(normalizeHex('AABB')).toBe('aabb')
+      expect(normalizeHex('001122')).toBe('001122')
+    })
+
+    it('should return empty string unchanged', () => {
+      expect(normalizeHex('')).toBe('')
+    })
+
+    it('should throw on invalid hex', () => {
+      expect(() => normalizeHex('xyz')).toThrow('Invalid hex string')
+      expect(() => normalizeHex('12 34')).toThrow('Invalid hex string')
+    })
+  })
+})

package/src/primitives/__tests/utils.test.ts

@@ -320,3 +320,42 @@ describe('verifyNotNull', () => {
     expect(() => verifyNotNull(undefined, 'Another custom error')).toThrow('Another custom error')
   })
 })
+
+describe('toUTF8 strict UTF-8 decoding (TOB-21)', () => {
+
+  it('replaces invalid 2-byte sequences with U+FFFD', () => {
+    // 0xC2 should expect a continuation byte 0x80–0xBF
+    const arr = [0xC2, 0x20]   // 0x20 is INVALID continuation
+    const str = toUTF8(arr)
+    expect(str).toBe('\uFFFD')
+  })
+
+  it('decodes valid 3-byte sequences', () => {
+    const euro = [0xE2, 0x82, 0xAC]
+    expect(toUTF8(euro)).toBe('€')
+  })
+
+  it('replaces invalid 3-byte sequences', () => {
+    // Middle byte invalid
+    const arr = [0xE2, 0x20, 0xAC]
+    expect(toUTF8(arr)).toBe('\uFFFD')
+  })
+
+  it('decodes valid 4-byte sequences into surrogate pairs', () => {
+    const smile = [0xF0, 0x9F, 0x98, 0x80] // 😀
+    expect(toUTF8(smile)).toBe('😀')
+  })
+
+  it('replaces invalid 4-byte sequences with U+FFFD', () => {
+    // 0x9F is valid, 0x20 is INVALID continuation for byte 3
+    const arr = [0xF0, 0x9F, 0x20, 0x80]
+    expect(toUTF8(arr)).toBe('\uFFFD')
+  })
+
+  it('replaces incomplete UTF-8 sequence at end', () => {
+    const arr = [0xE2] // incomplete 3-byte seq
+    expect(toUTF8(arr)).toBe('\uFFFD')
+  })
+
+})
+

package/src/primitives/hex.ts

@@ -0,0 +1,35 @@
+// src/primitives/hex.ts
+
+// Accepts empty string because empty byte arrays are valid in Bitcoin.
+const PURE_HEX_REGEX = /^[0-9a-fA-F]*$/
+
+export function assertValidHex (msg: string): void {
+  if (typeof msg !== 'string') {
+    console.error('assertValidHex FAIL (non-string):', msg)
+    throw new Error('Invalid hex string')
+  }
+
+  // allow empty
+  if (msg.length === 0) return
+
+  if (!PURE_HEX_REGEX.test(msg)) {
+    console.error('assertValidHex FAIL (bad hex):', msg)
+    throw new Error('Invalid hex string')
+  }
+}
+
+export function normalizeHex (msg: string): string {
+  assertValidHex(msg)
+
+  // If empty, return empty — never force to "00"
+  if (msg.length === 0) return ''
+
+  let normalized = msg.toLowerCase()
+
+  // Pad odd-length hex
+  if (normalized.length % 2 !== 0) {
+    normalized = '0' + normalized
+  }
+
+  return normalized
+}

package/src/primitives/index.ts

@@ -5,7 +5,6 @@ export { default as PublicKey } from './PublicKey.js'
 export { default as Signature } from './Signature.js'
 export { default as PrivateKey, KeyShares } from './PrivateKey.js'
 export { default as SymmetricKey } from './SymmetricKey.js'
-export { default as DRBG } from './DRBG.js'
 export * as ECDSA from './ECDSA.js'
 export * as Utils from './utils.js'
 export * as Hash from './Hash.js'