@casual-simulation/crypto 2.0.12

package/CryptoImpl.d.ts

@@ -0,0 +1,91 @@
+/**
+ * Defines an interface for objects that can sign and verify
+ * messages.
+ *
+ * Note that signing and verifying the integrity of messages has nothing to do with
+ * confidentiality. That is, anyone can read the data even after signing.
+ */
+export interface SigningCryptoImpl {
+    /**
+     * Gets whether this crypto implementation is supported on this platform.
+     */
+    supported(): boolean;
+    /**
+     * Signs the given data using the given private key and returns a promise
+     * that contains the signed data.
+     *
+     * Returns a promise that resolves with a buffer that contains the signature needed to verify that the given
+     * data was signed with the given key.
+     *
+     * @param key The key to use to sign the data.
+     * @param data The data to sign.
+     */
+    sign(key: PrivateCryptoKey, data: ArrayBuffer): Promise<ArrayBuffer>;
+    /**
+     * Verifies that the given signature was created by the private key
+     * corresponding to the given public key and that it was used for the given data.
+     *
+     * Returns a promise that resolves with true if the data is valid, and resolves false otherwise.
+     *
+     * When the result is true, then we know that the party that posseses the private key created the signature
+     * for the data. Additionally, we know that the data has not been tampered with. We do not, however, know that the
+     * data was kept confidential.
+     *
+     * When the result is false, then we know that either another party is attempting to impersonate the valid one or that
+     * the data got changed/corrupted/tampered with while in transit.
+     *
+     * @param key The key to use to verify the data.
+     * @param signature The signature to verify.
+     * @param data The data to verify.
+     */
+    verify(key: PublicCryptoKey, signature: ArrayBuffer, data: ArrayBuffer): Promise<boolean>;
+    /**
+     * Verifies that the given signatures were created by the private key corresponding to the given public key
+     * and that it was used for the given datas.
+     * @param key The key to use to verify the data.
+     * @param signatures The signatures to verify.
+     * @param datas The data to verify.
+     */
+    verifyBatch(key: PublicCryptoKey, signatures: ArrayBuffer[], datas: ArrayBuffer[]): Promise<boolean[]>;
+    /**
+     * Exports the private key in PKCS #8 format encoded as PEM.
+     * @param key The key to export.
+     */
+    exportKey(key: PrivateCryptoKey): Promise<string>;
+    /**
+     * Exports the public key in SPKI format encoded as PEM.
+     * @param key
+     */
+    exportKey(key: PublicCryptoKey): Promise<string>;
+    /**
+     * Imports the given public key.
+     * @param key The key to import.
+     */
+    importPublicKey(key: string): Promise<PublicCryptoKey>;
+    /**
+     * Imports the given private key.
+     * @param key The key to import.
+     */
+    importPrivateKey(key: string): Promise<PrivateCryptoKey>;
+    /**
+     * Generates a new public/private key pair.
+     */
+    generateKeyPair(): Promise<[PublicCryptoKey, PrivateCryptoKey]>;
+}
+/**
+ * Defines an interface for a private key.
+ */
+export interface PrivateCryptoKey {
+    type: 'private';
+}
+/**
+ * Defines an interface for a public key.
+ */
+export interface PublicCryptoKey {
+    type: 'public';
+}
+/**
+ * Defines a crypto key that is used for signing and verification.
+ */
+export declare type SigningCryptoKey = PrivateCryptoKey | PublicCryptoKey;
+//# sourceMappingURL=CryptoImpl.d.ts.map

package/CryptoImpl.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=CryptoImpl.js.map

package/CryptoImpl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CryptoImpl.js","sourceRoot":"","sources":["CryptoImpl.ts"],"names":[],"mappings":""}

package/Encryption.d.ts

@@ -0,0 +1,166 @@
+interface DerivedKey {
+    salt: Uint8Array;
+    hash: Uint8Array;
+}
+export declare function deriveKey(password: Uint8Array, salt: Uint8Array): DerivedKey;
+/**
+ * Encrypts the given data with the given password and returns the resulting cyphertext.
+ *
+ * The returned cyphertext contains a version number at the beginning which determines the format of the following data.
+ *
+ * v1 encryptions use XSalsa20 as the cipher and Poly1305 for authentication in addition to scrypt for password-based key derivation.
+ * The output string is formatted as following with periods between the components:
+ * 1. The version number (v1)
+ * 2. The base64 of the salt used to derive the key from the password. (pseudorandom)
+ * 3. The base64 of the nonce used by the cipher. (pseudorandom)
+ * 4. The base64 of the encrypted data.
+ *
+ * @param password The password to use to encrypt.
+ * @param data The data to encrypt.
+ */
+export declare function encrypt(password: string, data: Uint8Array): string;
+/**
+ * Decrypts the given cyphertext with the given password and returns the original plaintext.
+ * Returns null if the data was unable to be decrypted.
+ * @param password The password to use to decrypt.
+ * @param cyphertext The data to decrypt.
+ */
+export declare function decrypt(password: string, cyphertext: string): Uint8Array;
+/**
+ * Encrypts the given data with the given password using version 1 of the encryption mechanisms in this file and returns the resulting
+ * cyphertext.
+ *
+ * version 1 encryptions use XSalsa20 as the cipher and Poly1305 for authentication in addition to scrypt for password-based key derivation.
+ * The output string is formatted as following with periods between the components:
+ * 1. The version number (v1)
+ * 2. The base64 of the salt used to derive the key from the password. (pseudorandom)
+ * 3. The base64 of the nonce used by the cipher. (pseudorandom)
+ * 4. The base64 of the encrypted data.
+ *
+ * @param password The password to use to encrypt the data.
+ * @param data The data to encrypt.
+ */
+export declare function encryptV1(password: string, data: Uint8Array): string;
+/**
+ * Decrypts the given data with the given password using version 1 of the encryption mechanisms in this file and returns the resulting
+ * plaintext.
+ *
+ * version 1 encryptions use XSalsa20 as the cipher and Poly1305 for authentication in addition to scrypt for password-based key derivation.
+ *
+ * @param password The password to use to decrypt the data.
+ * @param cyphertext The cyphertext produced from encryptV1().
+ */
+export declare function decryptV1(password: string, cyphertext: string): Uint8Array;
+/**
+ * Determines whether the given keypair is a valid asymmetric keypair.
+ * Note that this function only determines if the keypair could have been generated by asymmetricKeypair(),
+ * not that it was or that it can be used to decrypt something.
+ * @param keypair The keypair to test.
+ */
+export declare function isAsymmetricKeypair(keypair: string): boolean;
+/**
+ * Creates a keypair that can be used for public key authenticated encryption.
+ *
+ * The returned keypair contains a version number at the beginning which determines the format of the following data.
+ *
+ * vEK1 keypairs use x25519 with XSalsa20 and Poly1305.
+ * The output string is formatting as following with periods between the components:
+ * 1. The version number (vEK1) - the EK is for "encryption keypair".
+ * 2. The base64 of the public key.
+ * 3. The base64 of the encrypted private key.
+ *
+ * @param password The password that should be used to encrypt the private key of the keypair.
+ */
+export declare function asymmetricKeypair(password: string): string;
+/**
+ * Creates a version 1 keypair that can be used for public key authenticated encryption.
+ *
+ * The returned keypair contains a version number at the beginning which determines the format of the following data.
+ *
+ * vEK1 keypairs use x25519 with XSalsa20 and Poly1305.
+ * The output string is formatting as following with periods between the components:
+ * 1. The version number (vEK1) - the EK is for "encryption keypair".
+ * 2. The base64 of the public key.
+ * 3. The base64 of the encrypted private key.
+ *
+ * @param password The password that should be used to encrypt the private key of the keypair.
+ */
+export declare function asymmetricKeypairV1(password: string): string;
+/**
+ * Encrypts the given data with the given keypair and returns the resulting cyphertext.
+ *
+ * The returned cyphertext contains a version number at the beginning which determines the format of the following data.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * vA1 encryptions technically use two keypairs for encryption/decryption. One for the local party and one for the remote party.
+ * These two parties are used to calculate a shared key that is then used to encrypt and authenticate the data.
+ * When encrypting, a new keypair is generated and used for the "local" party while the given keypair is used for the remote party.
+ * The secret key is then discarded while the public key is included in the output to make it possible for the other party to decrypt the data.
+ *
+ * The output string is formatted as following with periods between the components:
+ * 1. The version number (vA1). The "A" means "asymmetric".
+ * 2. The base64 of the public key of the keypair used to encrypt the data.
+ * 3. The base64 of the nonce used by the cipher. (pseudorandom)
+ * 4. The base64 of the encrypted data.
+ *
+ * @param keypair The keypair to use to encrypt.
+ * @param data The data to encrypt.
+ */
+export declare function asymmetricEncrypt(keypair: string, data: Uint8Array): string;
+/**
+ * Encrypts the given data with the given keypair and returns the resulting cyphertext.
+ *
+ * The returned cyphertext contains a version number at the beginning which determines the format of the following data.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * vA1 encryptions technically use two keypairs for encryption/decryption. One for the local party and one for the remote party.
+ * These two parties are used to calculate a shared key that is then used to encrypt and authenticate the data.
+ * When encrypting, a new keypair is generated and used for the "local" party while the given keypair is used for the remote party.
+ * The secret key is then discarded while the public key is included in the output to make it possible for the other party to decrypt the data.
+ *
+ * The output string is formatted as following with periods between the components:
+ * 1. The version number (vA1). The "A" means "asymmetric".
+ * 2. The base64 of the public key of the keypair used to encrypt the data.
+ * 3. The base64 of the nonce used by the cipher. (pseudorandom)
+ * 4. The base64 of the encrypted data.
+ *
+ * @param keypair The keypair to use to encrypt.
+ * @param data The data to encrypt.
+ */
+export declare function asymmetricEncryptV1(keypair: string, data: Uint8Array): string;
+/**
+ * Decrypts the given data with the given keypair and returns the resulting plaintext.
+ * Returns null if the data was unable to be decrypted.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * @param keypair The keypair to use to decrypt the data.
+ * @param password The password that should be used to decrypt the keypair's private key.
+ * @param cyphertext The data to decrypt.
+ */
+export declare function asymmetricDecrypt(keypair: string, password: string, cyphertext: string): Uint8Array;
+/**
+ * Decrypts the given data with the given keypair using version 1 of the asymmetric encryption mechanisms in this file and returns the resulting
+ * plaintext. Returns null if the data was unable to be decrypted.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * @param keypair The keypair to use to decrypt the data.
+ * @param password The password that should be used to decrypt the keypair's private key.
+ * @param cyphertext The data to decrypt.
+ */
+export declare function asymmetricDecryptV1(keypair: string, password: string, cyphertext: string): Uint8Array;
+/**
+ * Determines whether the given data appears to be encrypted using asymmetric encryption.
+ * @param cyphertext The cyphertext to test.
+ */
+export declare function isAsymmetricEncrypted(cyphertext: string): boolean;
+/**
+ * Determines whether the given data appears to be encrypted using symmetric encryption.
+ * @param cyphertext The cyphertext to test.
+ */
+export declare function isEncrypted(cyphertext: string): boolean;
+export {};
+//# sourceMappingURL=Encryption.d.ts.map

package/Encryption.js

@@ -0,0 +1,355 @@
+import { randomBytes, secretbox, box } from 'tweetnacl';
+import { syncScrypt } from 'scrypt-js';
+import { fromByteArray, toByteArray } from 'base64-js';
+const ITERATIONS = 16384;
+const BLOCK_SIZE = 8;
+const PARALLELISM = 1;
+const KEY_LENGTH = secretbox.keyLength;
+export function deriveKey(password, salt) {
+    const result = syncScrypt(password, salt, ITERATIONS, BLOCK_SIZE, PARALLELISM, KEY_LENGTH);
+    return {
+        salt: salt,
+        hash: result,
+    };
+}
+/**
+ * Encrypts the given data with the given password and returns the resulting cyphertext.
+ *
+ * The returned cyphertext contains a version number at the beginning which determines the format of the following data.
+ *
+ * v1 encryptions use XSalsa20 as the cipher and Poly1305 for authentication in addition to scrypt for password-based key derivation.
+ * The output string is formatted as following with periods between the components:
+ * 1. The version number (v1)
+ * 2. The base64 of the salt used to derive the key from the password. (pseudorandom)
+ * 3. The base64 of the nonce used by the cipher. (pseudorandom)
+ * 4. The base64 of the encrypted data.
+ *
+ * @param password The password to use to encrypt.
+ * @param data The data to encrypt.
+ */
+export function encrypt(password, data) {
+    return encryptV1(password, data);
+}
+/**
+ * Decrypts the given cyphertext with the given password and returns the original plaintext.
+ * Returns null if the data was unable to be decrypted.
+ * @param password The password to use to decrypt.
+ * @param cyphertext The data to decrypt.
+ */
+export function decrypt(password, cyphertext) {
+    if (!password) {
+        throw new Error('Invalid password. Must not be null or undefined.');
+    }
+    if (!cyphertext) {
+        throw new Error('Invalid cyphertext. Must not be null or undefined.');
+    }
+    if (cyphertext.startsWith('v1.')) {
+        return decryptV1(password, cyphertext);
+    }
+    return null;
+}
+/**
+ * Encrypts the given data with the given password using version 1 of the encryption mechanisms in this file and returns the resulting
+ * cyphertext.
+ *
+ * version 1 encryptions use XSalsa20 as the cipher and Poly1305 for authentication in addition to scrypt for password-based key derivation.
+ * The output string is formatted as following with periods between the components:
+ * 1. The version number (v1)
+ * 2. The base64 of the salt used to derive the key from the password. (pseudorandom)
+ * 3. The base64 of the nonce used by the cipher. (pseudorandom)
+ * 4. The base64 of the encrypted data.
+ *
+ * @param password The password to use to encrypt the data.
+ * @param data The data to encrypt.
+ */
+export function encryptV1(password, data) {
+    if (!password) {
+        throw new Error('Invalid password. Must not be null or undefined.');
+    }
+    if (!data) {
+        throw new Error('Invalid data. Must not be null or undefined.');
+    }
+    const nonce = randomBytes(secretbox.nonceLength);
+    const salt = randomBytes(secretbox.nonceLength);
+    const textEncoder = new TextEncoder();
+    const passwordBytes = textEncoder.encode(password);
+    const key = deriveKey(passwordBytes, salt);
+    const cypherBytes = secretbox(data, nonce, key.hash);
+    const cyphertext = `v1.${fromByteArray(salt)}.${fromByteArray(nonce)}.${fromByteArray(cypherBytes)}`;
+    return cyphertext;
+}
+/**
+ * Decrypts the given data with the given password using version 1 of the encryption mechanisms in this file and returns the resulting
+ * plaintext.
+ *
+ * version 1 encryptions use XSalsa20 as the cipher and Poly1305 for authentication in addition to scrypt for password-based key derivation.
+ *
+ * @param password The password to use to decrypt the data.
+ * @param cyphertext The cyphertext produced from encryptV1().
+ */
+export function decryptV1(password, cyphertext) {
+    if (!password) {
+        throw new Error('Invalid password. Must not be null or undefined.');
+    }
+    if (!cyphertext) {
+        throw new Error('Invalid cyphertext. Must not be null or undefined.');
+    }
+    if (!cyphertext.startsWith('v1.')) {
+        throw new Error('Invalid cyphertext. Must start with "v1."');
+    }
+    const withoutVersion = cyphertext.slice('v1.'.length);
+    let nextPeriod = withoutVersion.indexOf('.');
+    if (nextPeriod < 0) {
+        return null;
+    }
+    const saltBase64 = withoutVersion.slice(0, nextPeriod);
+    const withoutSalt = withoutVersion.slice(nextPeriod + 1);
+    nextPeriod = withoutSalt.indexOf('.');
+    if (nextPeriod < 0) {
+        return null;
+    }
+    const nonceBase64 = withoutSalt.slice(0, nextPeriod);
+    const dataBase64 = withoutSalt.slice(nextPeriod + 1);
+    if (dataBase64.length <= 0) {
+        return null;
+    }
+    const salt = toByteArray(saltBase64);
+    const nonce = toByteArray(nonceBase64);
+    const data = toByteArray(dataBase64);
+    const textEncoder = new TextEncoder();
+    const passwordBytes = textEncoder.encode(password);
+    const key = deriveKey(passwordBytes, salt);
+    return secretbox.open(data, nonce, key.hash);
+}
+/**
+ * Determines whether the given keypair is a valid asymmetric keypair.
+ * Note that this function only determines if the keypair could have been generated by asymmetricKeypair(),
+ * not that it was or that it can be used to decrypt something.
+ * @param keypair The keypair to test.
+ */
+export function isAsymmetricKeypair(keypair) {
+    try {
+        const [publicKey, privateKey] = decodeAsymmetricKeypairV1(keypair);
+        return !!publicKey && !!privateKey;
+    }
+    catch (ex) {
+        return false;
+    }
+}
+/**
+ * Creates a keypair that can be used for public key authenticated encryption.
+ *
+ * The returned keypair contains a version number at the beginning which determines the format of the following data.
+ *
+ * vEK1 keypairs use x25519 with XSalsa20 and Poly1305.
+ * The output string is formatting as following with periods between the components:
+ * 1. The version number (vEK1) - the EK is for "encryption keypair".
+ * 2. The base64 of the public key.
+ * 3. The base64 of the encrypted private key.
+ *
+ * @param password The password that should be used to encrypt the private key of the keypair.
+ */
+export function asymmetricKeypair(password) {
+    return asymmetricKeypairV1(password);
+}
+/**
+ * Creates a version 1 keypair that can be used for public key authenticated encryption.
+ *
+ * The returned keypair contains a version number at the beginning which determines the format of the following data.
+ *
+ * vEK1 keypairs use x25519 with XSalsa20 and Poly1305.
+ * The output string is formatting as following with periods between the components:
+ * 1. The version number (vEK1) - the EK is for "encryption keypair".
+ * 2. The base64 of the public key.
+ * 3. The base64 of the encrypted private key.
+ *
+ * @param password The password that should be used to encrypt the private key of the keypair.
+ */
+export function asymmetricKeypairV1(password) {
+    const pair = box.keyPair();
+    const encryptedPrivateKey = encrypt(password, pair.secretKey);
+    const encoder = new TextEncoder();
+    const privateKeyBytes = encoder.encode(encryptedPrivateKey);
+    return `vEK1.${fromByteArray(pair.publicKey)}.${fromByteArray(privateKeyBytes)}`;
+}
+function decodeAsymmetricKeypairV1(keypair) {
+    const withoutVersion = keypair.slice('vEK1.'.length);
+    let nextPeriod = withoutVersion.indexOf('.');
+    if (nextPeriod < 0) {
+        return [null, null];
+    }
+    const publicKeyBase64 = withoutVersion.slice(0, nextPeriod);
+    const withoutPublicKey = withoutVersion.slice(nextPeriod + 1);
+    const privateKeyBase64 = withoutPublicKey;
+    const publicKey = toByteArray(publicKeyBase64);
+    const privateKeyBytes = toByteArray(privateKeyBase64);
+    const decoder = new TextDecoder();
+    const privateKey = decoder.decode(privateKeyBytes);
+    return [publicKey, privateKey];
+}
+/**
+ * Encrypts the given data with the given keypair and returns the resulting cyphertext.
+ *
+ * The returned cyphertext contains a version number at the beginning which determines the format of the following data.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * vA1 encryptions technically use two keypairs for encryption/decryption. One for the local party and one for the remote party.
+ * These two parties are used to calculate a shared key that is then used to encrypt and authenticate the data.
+ * When encrypting, a new keypair is generated and used for the "local" party while the given keypair is used for the remote party.
+ * The secret key is then discarded while the public key is included in the output to make it possible for the other party to decrypt the data.
+ *
+ * The output string is formatted as following with periods between the components:
+ * 1. The version number (vA1). The "A" means "asymmetric".
+ * 2. The base64 of the public key of the keypair used to encrypt the data.
+ * 3. The base64 of the nonce used by the cipher. (pseudorandom)
+ * 4. The base64 of the encrypted data.
+ *
+ * @param keypair The keypair to use to encrypt.
+ * @param data The data to encrypt.
+ */
+export function asymmetricEncrypt(keypair, data) {
+    return asymmetricEncryptV1(keypair, data);
+}
+/**
+ * Encrypts the given data with the given keypair and returns the resulting cyphertext.
+ *
+ * The returned cyphertext contains a version number at the beginning which determines the format of the following data.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * vA1 encryptions technically use two keypairs for encryption/decryption. One for the local party and one for the remote party.
+ * These two parties are used to calculate a shared key that is then used to encrypt and authenticate the data.
+ * When encrypting, a new keypair is generated and used for the "local" party while the given keypair is used for the remote party.
+ * The secret key is then discarded while the public key is included in the output to make it possible for the other party to decrypt the data.
+ *
+ * The output string is formatted as following with periods between the components:
+ * 1. The version number (vA1). The "A" means "asymmetric".
+ * 2. The base64 of the public key of the keypair used to encrypt the data.
+ * 3. The base64 of the nonce used by the cipher. (pseudorandom)
+ * 4. The base64 of the encrypted data.
+ *
+ * @param keypair The keypair to use to encrypt.
+ * @param data The data to encrypt.
+ */
+export function asymmetricEncryptV1(keypair, data) {
+    if (!keypair) {
+        throw new Error('Invalid keypair. Must not be null or undefined.');
+    }
+    if (!data) {
+        throw new Error('Invalid data. Must not be null or undefined.');
+    }
+    if (!keypair.startsWith('vEK1.')) {
+        throw new Error('Invalid keypair. Must start with "vEK1."');
+    }
+    const [theirPublicKey, theirPrivateKey] = decodeAsymmetricKeypairV1(keypair);
+    if (!theirPublicKey || !theirPrivateKey) {
+        throw new Error('Invalid keypair. Unable to be decoded.');
+    }
+    const localKeypair = box.keyPair();
+    const myPublicKey = localKeypair.publicKey;
+    const myPrivateKey = localKeypair.secretKey;
+    const nonce = randomBytes(box.nonceLength);
+    const cypherBytes = box(data, nonce, theirPublicKey, myPrivateKey);
+    const cyphertext = `vA1.${fromByteArray(myPublicKey)}.${fromByteArray(nonce)}.${fromByteArray(cypherBytes)}`;
+    return cyphertext;
+}
+/**
+ * Decrypts the given data with the given keypair and returns the resulting plaintext.
+ * Returns null if the data was unable to be decrypted.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * @param keypair The keypair to use to decrypt the data.
+ * @param password The password that should be used to decrypt the keypair's private key.
+ * @param cyphertext The data to decrypt.
+ */
+export function asymmetricDecrypt(keypair, password, cyphertext) {
+    if (!keypair) {
+        throw new Error('Invalid keypair. Must not be null or undefined.');
+    }
+    if (!password) {
+        throw new Error('Invalid password. Must not be null or undefined.');
+    }
+    if (cyphertext.startsWith('vA1.')) {
+        return asymmetricDecryptV1(keypair, password, cyphertext);
+    }
+    return null;
+}
+/**
+ * Decrypts the given data with the given keypair using version 1 of the asymmetric encryption mechanisms in this file and returns the resulting
+ * plaintext. Returns null if the data was unable to be decrypted.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * @param keypair The keypair to use to decrypt the data.
+ * @param password The password that should be used to decrypt the keypair's private key.
+ * @param cyphertext The data to decrypt.
+ */
+export function asymmetricDecryptV1(keypair, password, cyphertext) {
+    if (!keypair) {
+        throw new Error('Invalid keypair. Must not be null or undefined.');
+    }
+    if (!password) {
+        throw new Error('Invalid password. Must not be null or undefined.');
+    }
+    if (!keypair.startsWith('vEK1.')) {
+        throw new Error('Invalid keypair. Must start with "vEK1."');
+    }
+    if (!cyphertext.startsWith('vA1.')) {
+        throw new Error('Invalid cyphertext. Must start with "vA1."');
+    }
+    const [myPublicKey, myEncryptedPrivateKey] = decodeAsymmetricKeypairV1(keypair);
+    if (!myPublicKey || !myEncryptedPrivateKey) {
+        throw new Error('Invalid keypair. Unable to be decoded.');
+    }
+    const myPrivateKey = decrypt(password, myEncryptedPrivateKey);
+    if (!myPrivateKey) {
+        throw new Error('Invalid keypair. Unable to decrypt the private key.');
+    }
+    const withoutVersion = cyphertext.slice('vA1.'.length);
+    let nextPeriod = withoutVersion.indexOf('.');
+    if (nextPeriod < 0) {
+        return null;
+    }
+    const theirPublicKeyBase64 = withoutVersion.slice(0, nextPeriod);
+    const withoutPublicKey = withoutVersion.slice(nextPeriod + 1);
+    nextPeriod = withoutPublicKey.indexOf('.');
+    if (nextPeriod < 0) {
+        return null;
+    }
+    const nonceBase64 = withoutPublicKey.slice(0, nextPeriod);
+    const dataBase64 = withoutPublicKey.slice(nextPeriod + 1);
+    if (dataBase64.length <= 0) {
+        return null;
+    }
+    const theirPublicKey = toByteArray(theirPublicKeyBase64);
+    const nonce = toByteArray(nonceBase64);
+    const data = toByteArray(dataBase64);
+    return box.open(data, nonce, theirPublicKey, myPrivateKey);
+}
+/**
+ * Determines whether the given data appears to be encrypted using asymmetric encryption.
+ * @param cyphertext The cyphertext to test.
+ */
+export function isAsymmetricEncrypted(cyphertext) {
+    try {
+        return typeof cyphertext === 'string' && cyphertext.startsWith('vA1.');
+    }
+    catch (_a) {
+        return false;
+    }
+}
+/**
+ * Determines whether the given data appears to be encrypted using symmetric encryption.
+ * @param cyphertext The cyphertext to test.
+ */
+export function isEncrypted(cyphertext) {
+    try {
+        return typeof cyphertext === 'string' && cyphertext.startsWith('v1.');
+    }
+    catch (_a) {
+        return false;
+    }
+}
+//# sourceMappingURL=Encryption.js.map

package/Encryption.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Encryption.js","sourceRoot":"","sources":["Encryption.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAOvD,MAAM,UAAU,GAAG,KAAK,CAAC;AACzB,MAAM,UAAU,GAAG,CAAC,CAAC;AACrB,MAAM,WAAW,GAAG,CAAC,CAAC;AACtB,MAAM,UAAU,GAAG,SAAS,CAAC,SAAS,CAAC;AAEvC,MAAM,UAAU,SAAS,CAAC,QAAoB,EAAE,IAAgB;IAC5D,MAAM,MAAM,GAAG,UAAU,CACrB,QAAQ,EACR,IAAI,EACJ,UAAU,EACV,UAAU,EACV,WAAW,EACX,UAAU,CACb,CAAC;IAEF,OAAO;QACH,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,MAAM;KACf,CAAC;AACN,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,OAAO,CAAC,QAAgB,EAAE,IAAgB;IACtD,OAAO,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,OAAO,CAAC,QAAgB,EAAE,UAAkB;IACxD,IAAI,CAAC,QAAQ,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;KACvE;IACD,IAAI,CAAC,UAAU,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;KACzE;IACD,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE;QAC9B,OAAO,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;KAC1C;IACD,OAAO,IAAI,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,SAAS,CAAC,QAAgB,EAAE,IAAgB;IACxD,IAAI,CAAC,QAAQ,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;KACvE;IACD,IAAI,CAAC,IAAI,EAAE;QACP,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;KACnE;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACjD,MAAM,IAAI,GAAG,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAEhD,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;IACtC,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,SAAS,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;IAC3C,MAAM,WAAW,GAAG,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,IAAI,aAAa,CACzD,KAAK,CACR,IAAI,aAAa,CAAC,WAAW,CAAC,EAAE,CAAC;IAElC,OAAO,UAAU,CAAC;AACtB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,SAAS,CAAC,QAAgB,EAAE,UAAkB;IAC1D,IAAI,CAAC,QAAQ,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;KACvE;IACD,IAAI,CAAC,UAAU,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;KACzE;IACD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE;QAC/B,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;KAChE;IAED,MAAM,cAAc,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACtD,IAAI,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,UAAU,GAAG,CAAC,EAAE;QAChB,OAAO,IAAI,CAAC;KACf;IACD,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACvD,MAAM,WAAW,GAAG,cAAc,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IACzD,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,UAAU,GAAG,CAAC,EAAE;QAChB,OAAO,IAAI,CAAC;KACf;IACD,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IACrD,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE;QACxB,OAAO,IAAI,CAAC;KACf;IAED,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;IAErC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;IACtC,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,SAAS,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;IAE3C,OAAO,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAe;IAC/C,IAAI;QACA,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;QACnE,OAAO,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;KACtC;IAAC,OAAO,EAAE,EAAE;QACT,OAAO,KAAK,CAAC;KAChB;AACL,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAC9C,OAAO,mBAAmB,CAAC,QAAQ,CAAC,CAAC;AACzC,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAChD,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;IAC3B,MAAM,mBAAmB,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC9D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAC5D,OAAO,QAAQ,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,aAAa,CACzD,eAAe,CAClB,EAAE,CAAC;AACR,CAAC;AAED,SAAS,yBAAyB,CAAC,OAAe;IAC9C,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACrD,IAAI,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,UAAU,GAAG,CAAC,EAAE;QAChB,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;KACvB;IACD,MAAM,eAAe,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5D,MAAM,gBAAgB,GAAG,cAAc,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IAC9D,MAAM,gBAAgB,GAAG,gBAAgB,CAAC;IAC1C,MAAM,SAAS,GAAG,WAAW,CAAC,eAAe,CAAC,CAAC;IAC/C,MAAM,eAAe,GAAG,WAAW,CAAC,gBAAgB,CAAC,CAAC;IACtD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAEnD,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;AACnC,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe,EAAE,IAAgB;IAC/D,OAAO,mBAAmB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAe,EAAE,IAAgB;IACjE,IAAI,CAAC,OAAO,EAAE;QACV,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACtE;IACD,IAAI,CAAC,IAAI,EAAE;QACP,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;KACnE;IACD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QAC9B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;KAC/D;IACD,MAAM,CAAC,cAAc,EAAE,eAAe,CAAC,GAAG,yBAAyB,CAC/D,OAAO,CACV,CAAC;IACF,IAAI,CAAC,cAAc,IAAI,CAAC,eAAe,EAAE;QACrC,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;KAC7D;IACD,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;IACnC,MAAM,WAAW,GAAG,YAAY,CAAC,SAAS,CAAC;IAC3C,MAAM,YAAY,GAAG,YAAY,CAAC,SAAS,CAAC;IAC5C,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAE3C,MAAM,WAAW,GAAG,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;IAEnE,MAAM,UAAU,GAAG,OAAO,aAAa,CAAC,WAAW,CAAC,IAAI,aAAa,CACjE,KAAK,CACR,IAAI,aAAa,CAAC,WAAW,CAAC,EAAE,CAAC;IAElC,OAAO,UAAU,CAAC;AACtB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAC7B,OAAe,EACf,QAAgB,EAChB,UAAkB;IAElB,IAAI,CAAC,OAAO,EAAE;QACV,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACtE;IACD,IAAI,CAAC,QAAQ,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;KACvE;IACD,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE;QAC/B,OAAO,mBAAmB,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;KAC7D;IACD,OAAO,IAAI,CAAC;AAChB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,mBAAmB,CAC/B,OAAe,EACf,QAAgB,EAChB,UAAkB;IAElB,IAAI,CAAC,OAAO,EAAE;QACV,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACtE;IACD,IAAI,CAAC,QAAQ,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;KACvE;IACD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QAC9B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;KAC/D;IACD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE;QAChC,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;KACjE;IACD,MAAM,CAAC,WAAW,EAAE,qBAAqB,CAAC,GAAG,yBAAyB,CAClE,OAAO,CACV,CAAC;IACF,IAAI,CAAC,WAAW,IAAI,CAAC,qBAAqB,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;KAC7D;IACD,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IAC9D,IAAI,CAAC,YAAY,EAAE;QACf,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KAC1E;IAED,MAAM,cAAc,GAAG,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACvD,IAAI,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,UAAU,GAAG,CAAC,EAAE;QAChB,OAAO,IAAI,CAAC;KACf;IACD,MAAM,oBAAoB,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACjE,MAAM,gBAAgB,GAAG,cAAc,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IAC9D,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC3C,IAAI,UAAU,GAAG,CAAC,EAAE;QAChB,OAAO,IAAI,CAAC;KACf;IACD,MAAM,WAAW,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IAC1D,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE;QACxB,OAAO,IAAI,CAAC;KACf;IAED,MAAM,cAAc,GAAG,WAAW,CAAC,oBAAoB,CAAC,CAAC;IACzD,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;IAErC,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;AAC/D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAkB;IACpD,IAAI;QACA,OAAO,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;KAC1E;IAAC,WAAM;QACJ,OAAO,KAAK,CAAC;KAChB;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,UAAkB;IAC1C,IAAI;QACA,OAAO,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;KACzE;IAAC,WAAM;QACJ,OAAO,KAAK,CAAC;KAChB;AACL,CAAC"}

package/HashHelpers.d.ts

@@ -0,0 +1,24 @@
+/// <reference types="node" />
+/**
+ * Calculates the SHA-256 hash of the given object.
+ * @param obj The object to calculate the hash of.
+ */
+export declare function getHash(obj: any): string;
+/**
+ * Calculates the SHA-256 hash of the given object and
+ * returns a byte buffer containing the hash.
+ * @param obj The object to hash.
+ */
+export declare function getHashBuffer(obj: any): Buffer;
+/**
+ * Hashes the given password using scrypt and returns the result.
+ * @param password The password that should be hashed.
+ */
+export declare function hashPassword(password: string): string;
+/**
+ * Verifies that the given password matches the given hash.
+ * @param password The password to check.
+ * @param hash The hash to check the password against.
+ */
+export declare function verifyPassword(password: string, hash: string): boolean;
+//# sourceMappingURL=HashHelpers.d.ts.map