@cryptforge/cryptography 0.2.0

package/dist/index.mjs

@@ -0,0 +1,91 @@
+// src/client/CryptoBrowser.ts
+var CryptoBrowser = class {
+  encryptionKey;
+  /**
+   * Creates a new CryptoBrowser instance.
+   * @param getEncryptionKey - Function that returns the encryption key for this instance
+   */
+  constructor() {
+  }
+  /**
+   * Sets the encryption key for the encrypt and decrypt operations.
+   * Validates that the key is AES-GCM with 256-bit length for cross-platform compatibility.
+   *
+   * @param key - The encryption key to set (must be AES-GCM 256-bit)
+   * @throws {Error} If key is not AES-GCM or not 256-bit
+   */
+  setEncryptionKey = (key) => {
+    if (key.algorithm.name !== "AES-GCM") {
+      throw new Error(
+        `Invalid key algorithm: ${key.algorithm.name}. Key must be AES-GCM for cross-platform compatibility with CryptoServer.`
+      );
+    }
+    const keyLength = key.algorithm.length;
+    if (keyLength !== 256) {
+      throw new Error(
+        `Invalid key length: ${keyLength} bits. Key must be 256-bit for cross-platform compatibility with CryptoServer (AES-256-GCM).`
+      );
+    }
+    this.encryptionKey = key;
+  };
+  /**
+   * Creates an encryption function that encrypts string data using AES-GCM encryption.
+   * Uses a random initialization vector (IV) for each encryption operation.
+   * The IV is prepended to the ciphertext and the result is base64-encoded.
+   * Uses the encryption key provided via the `setEncryptionKey` method.
+   *
+   * @returns A curried function that encrypts data
+   */
+  encrypt = () => async (data) => {
+    const key = this.encryptionKey;
+    if (!key) {
+      throw new Error(
+        "Encryption key not available. You must call `setEncryptionKey` before using this instance."
+      );
+    }
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const encrypted = await crypto.subtle.encrypt(
+      { name: "AES-GCM", iv },
+      key,
+      new TextEncoder().encode(data)
+    );
+    const combined = new Uint8Array(iv.length + encrypted.byteLength);
+    combined.set(iv);
+    combined.set(new Uint8Array(encrypted), iv.length);
+    return btoa(String.fromCharCode(...combined));
+  };
+  /**
+   * Creates a decryption function that decrypts encrypted string data using AES-GCM decryption.
+   * Extracts the IV from the beginning of the encrypted data and uses it to decrypt the ciphertext.
+   * Uses the encryption key provided via the constructor.
+   *
+   * @returns A curried function that decrypts data
+   */
+  decrypt = () => async (encryptedData) => {
+    const key = this.encryptionKey;
+    if (!key) {
+      throw new Error(
+        "Encryption key not available. You must call `setEncryptionKey` before using this instance."
+      );
+    }
+    const combined = Uint8Array.from(
+      atob(encryptedData),
+      (c) => c.charCodeAt(0)
+    );
+    const iv = combined.slice(0, 12);
+    const ciphertext = combined.slice(12);
+    const decrypted = await crypto.subtle.decrypt(
+      { name: "AES-GCM", iv },
+      key,
+      ciphertext
+    );
+    return new TextDecoder().decode(decrypted);
+  };
+};
+
+// src/index.ts
+var version = "0.1.0";
+export {
+  CryptoBrowser,
+  version
+};

package/dist/server.d.mts

@@ -0,0 +1,172 @@
+/**
+ * Generic interface for cryptographic operations.
+ *
+ * @template TKey - The encryption key type (CryptoKey for browser, Buffer for Node.js)
+ */
+interface CryptoOperations<TKey = unknown> {
+    /**
+     * Encryption key for all document operations.
+     * All documents are encrypted at rest using this key.
+     * Browser implementations use CryptoKey, Node.js implementations use Buffer.
+     */
+    setEncryptionKey?: (key: TKey) => void;
+    /**
+     * Creates an encryption function that encrypts string data using AES-GCM encryption.
+     * Returns a curried function that uses the instance's encryption key from `setEncryptionKey`.
+     *
+     * The returned function signature:
+     * - `data`: The plaintext string to encrypt
+     * - Returns: A promise resolving to the encrypted data as a string
+     */
+    encrypt: () => (data: string) => Promise<string>;
+    /**
+     * Creates a decryption function that decrypts encrypted string data using AES-GCM decryption.
+     * Returns a curried function that uses the instance's encryption key from `setEncryptionKey`.
+     *
+     * The returned function signature:
+     * - `encryptedData`: The encrypted string data to decrypt
+     * - Returns: A promise resolving to the decrypted plaintext string
+     */
+    decrypt: () => (encryptedData: string) => Promise<string>;
+}
+/**
+ * Configuration options for cryptographic operations
+ */
+interface CryptoConfig {
+    /**
+     * Algorithm to use for encryption/decryption
+     */
+    algorithm?: string;
+    /**
+     * Key derivation iterations (if applicable)
+     */
+    iterations?: number;
+}
+/**
+ * Result of an encryption operation
+ */
+interface EncryptionResult {
+    /**
+     * Encrypted data
+     */
+    ciphertext: Uint8Array;
+    /**
+     * Initialization vector or nonce
+     */
+    iv: Uint8Array;
+    /**
+     * Authentication tag (for authenticated encryption)
+     */
+    tag?: Uint8Array;
+}
+/**
+ * Result of a decryption operation
+ */
+interface DecryptionResult {
+    /**
+     * Decrypted plaintext data
+     */
+    plaintext: Uint8Array;
+}
+/**
+ * Key pair for asymmetric cryptography
+ */
+interface KeyPair {
+    /**
+     * Public key
+     */
+    publicKey: Uint8Array;
+    /**
+     * Private key
+     */
+    privateKey: Uint8Array;
+}
+
+/**
+ * Browser implementation of cryptographic operations using Web Crypto API.
+ * Uses CryptoKey for encryption/decryption operations.
+ */
+declare class CryptoBrowser implements CryptoOperations<CryptoKey> {
+    private encryptionKey?;
+    /**
+     * Creates a new CryptoBrowser instance.
+     * @param getEncryptionKey - Function that returns the encryption key for this instance
+     */
+    constructor();
+    /**
+     * Sets the encryption key for the encrypt and decrypt operations.
+     * Validates that the key is AES-GCM with 256-bit length for cross-platform compatibility.
+     *
+     * @param key - The encryption key to set (must be AES-GCM 256-bit)
+     * @throws {Error} If key is not AES-GCM or not 256-bit
+     */
+    setEncryptionKey: (key: CryptoKey) => void;
+    /**
+     * Creates an encryption function that encrypts string data using AES-GCM encryption.
+     * Uses a random initialization vector (IV) for each encryption operation.
+     * The IV is prepended to the ciphertext and the result is base64-encoded.
+     * Uses the encryption key provided via the `setEncryptionKey` method.
+     *
+     * @returns A curried function that encrypts data
+     */
+    encrypt: () => (data: string) => Promise<string>;
+    /**
+     * Creates a decryption function that decrypts encrypted string data using AES-GCM decryption.
+     * Extracts the IV from the beginning of the encrypted data and uses it to decrypt the ciphertext.
+     * Uses the encryption key provided via the constructor.
+     *
+     * @returns A curried function that decrypts data
+     */
+    decrypt: () => (encryptedData: string) => Promise<string>;
+}
+
+/**
+ * Server/Node.js implementation of cryptographic operations using Node.js crypto module.
+ * Uses Buffer for encryption/decryption operations.
+ *
+ * IMPORTANT: This implementation is compatible with CryptoBrowser - data encrypted
+ * by CryptoBrowser can be decrypted by CryptoServer and vice versa.
+ */
+declare class CryptoServer implements CryptoOperations<Buffer> {
+    /**
+     * The encryption key for the encrypt and decrypt operations.
+     */
+    private encryptionKey?;
+    /**
+     * Creates a new CryptoServer instance.
+     */
+    constructor();
+    /**
+     * Sets the encryption key for the encrypt and decrypt operations.
+     * Validates that the key is 32 bytes (256 bits) for AES-256-GCM.
+     *
+     * @param key - The encryption key to set (must be 32 bytes / 256 bits)
+     * @throws {Error} If key is not 32 bytes
+     */
+    setEncryptionKey: (key: Buffer) => void;
+    /**
+     * Creates an encryption function that encrypts string data using AES-GCM encryption.
+     * Uses a random initialization vector (IV) for each encryption operation.
+     * The IV is prepended to the ciphertext and the result is base64-encoded.
+     * Uses the encryption key provided via the `setEncryptionKey` method.
+     *
+     * Format matches CryptoBrowser: [IV (12 bytes)][Ciphertext + AuthTag (16 bytes)] -> base64
+     *
+     * @returns A curried function that encrypts data
+     */
+    encrypt: () => (data: string) => Promise<string>;
+    /**
+     * Creates a decryption function that decrypts encrypted string data using AES-GCM decryption.
+     * Extracts the IV from the beginning of the encrypted data and uses it to decrypt the ciphertext.
+     * Uses the encryption key provided via the constructor.
+     *
+     * Format matches CryptoBrowser: base64 -> [IV (12 bytes)][Ciphertext + AuthTag (16 bytes)]
+     *
+     * @returns A curried function that decrypts data
+     */
+    decrypt: () => (encryptedData: string) => Promise<string>;
+}
+
+declare const version = "0.1.0-server";
+
+export { CryptoBrowser, type CryptoConfig, type CryptoOperations, CryptoServer, type DecryptionResult, type EncryptionResult, type KeyPair, version };

package/dist/server.d.ts

@@ -0,0 +1,172 @@
+/**
+ * Generic interface for cryptographic operations.
+ *
+ * @template TKey - The encryption key type (CryptoKey for browser, Buffer for Node.js)
+ */
+interface CryptoOperations<TKey = unknown> {
+    /**
+     * Encryption key for all document operations.
+     * All documents are encrypted at rest using this key.
+     * Browser implementations use CryptoKey, Node.js implementations use Buffer.
+     */
+    setEncryptionKey?: (key: TKey) => void;
+    /**
+     * Creates an encryption function that encrypts string data using AES-GCM encryption.
+     * Returns a curried function that uses the instance's encryption key from `setEncryptionKey`.
+     *
+     * The returned function signature:
+     * - `data`: The plaintext string to encrypt
+     * - Returns: A promise resolving to the encrypted data as a string
+     */
+    encrypt: () => (data: string) => Promise<string>;
+    /**
+     * Creates a decryption function that decrypts encrypted string data using AES-GCM decryption.
+     * Returns a curried function that uses the instance's encryption key from `setEncryptionKey`.
+     *
+     * The returned function signature:
+     * - `encryptedData`: The encrypted string data to decrypt
+     * - Returns: A promise resolving to the decrypted plaintext string
+     */
+    decrypt: () => (encryptedData: string) => Promise<string>;
+}
+/**
+ * Configuration options for cryptographic operations
+ */
+interface CryptoConfig {
+    /**
+     * Algorithm to use for encryption/decryption
+     */
+    algorithm?: string;
+    /**
+     * Key derivation iterations (if applicable)
+     */
+    iterations?: number;
+}
+/**
+ * Result of an encryption operation
+ */
+interface EncryptionResult {
+    /**
+     * Encrypted data
+     */
+    ciphertext: Uint8Array;
+    /**
+     * Initialization vector or nonce
+     */
+    iv: Uint8Array;
+    /**
+     * Authentication tag (for authenticated encryption)
+     */
+    tag?: Uint8Array;
+}
+/**
+ * Result of a decryption operation
+ */
+interface DecryptionResult {
+    /**
+     * Decrypted plaintext data
+     */
+    plaintext: Uint8Array;
+}
+/**
+ * Key pair for asymmetric cryptography
+ */
+interface KeyPair {
+    /**
+     * Public key
+     */
+    publicKey: Uint8Array;
+    /**
+     * Private key
+     */
+    privateKey: Uint8Array;
+}
+
+/**
+ * Browser implementation of cryptographic operations using Web Crypto API.
+ * Uses CryptoKey for encryption/decryption operations.
+ */
+declare class CryptoBrowser implements CryptoOperations<CryptoKey> {
+    private encryptionKey?;
+    /**
+     * Creates a new CryptoBrowser instance.
+     * @param getEncryptionKey - Function that returns the encryption key for this instance
+     */
+    constructor();
+    /**
+     * Sets the encryption key for the encrypt and decrypt operations.
+     * Validates that the key is AES-GCM with 256-bit length for cross-platform compatibility.
+     *
+     * @param key - The encryption key to set (must be AES-GCM 256-bit)
+     * @throws {Error} If key is not AES-GCM or not 256-bit
+     */
+    setEncryptionKey: (key: CryptoKey) => void;
+    /**
+     * Creates an encryption function that encrypts string data using AES-GCM encryption.
+     * Uses a random initialization vector (IV) for each encryption operation.
+     * The IV is prepended to the ciphertext and the result is base64-encoded.
+     * Uses the encryption key provided via the `setEncryptionKey` method.
+     *
+     * @returns A curried function that encrypts data
+     */
+    encrypt: () => (data: string) => Promise<string>;
+    /**
+     * Creates a decryption function that decrypts encrypted string data using AES-GCM decryption.
+     * Extracts the IV from the beginning of the encrypted data and uses it to decrypt the ciphertext.
+     * Uses the encryption key provided via the constructor.
+     *
+     * @returns A curried function that decrypts data
+     */
+    decrypt: () => (encryptedData: string) => Promise<string>;
+}
+
+/**
+ * Server/Node.js implementation of cryptographic operations using Node.js crypto module.
+ * Uses Buffer for encryption/decryption operations.
+ *
+ * IMPORTANT: This implementation is compatible with CryptoBrowser - data encrypted
+ * by CryptoBrowser can be decrypted by CryptoServer and vice versa.
+ */
+declare class CryptoServer implements CryptoOperations<Buffer> {
+    /**
+     * The encryption key for the encrypt and decrypt operations.
+     */
+    private encryptionKey?;
+    /**
+     * Creates a new CryptoServer instance.
+     */
+    constructor();
+    /**
+     * Sets the encryption key for the encrypt and decrypt operations.
+     * Validates that the key is 32 bytes (256 bits) for AES-256-GCM.
+     *
+     * @param key - The encryption key to set (must be 32 bytes / 256 bits)
+     * @throws {Error} If key is not 32 bytes
+     */
+    setEncryptionKey: (key: Buffer) => void;
+    /**
+     * Creates an encryption function that encrypts string data using AES-GCM encryption.
+     * Uses a random initialization vector (IV) for each encryption operation.
+     * The IV is prepended to the ciphertext and the result is base64-encoded.
+     * Uses the encryption key provided via the `setEncryptionKey` method.
+     *
+     * Format matches CryptoBrowser: [IV (12 bytes)][Ciphertext + AuthTag (16 bytes)] -> base64
+     *
+     * @returns A curried function that encrypts data
+     */
+    encrypt: () => (data: string) => Promise<string>;
+    /**
+     * Creates a decryption function that decrypts encrypted string data using AES-GCM decryption.
+     * Extracts the IV from the beginning of the encrypted data and uses it to decrypt the ciphertext.
+     * Uses the encryption key provided via the constructor.
+     *
+     * Format matches CryptoBrowser: base64 -> [IV (12 bytes)][Ciphertext + AuthTag (16 bytes)]
+     *
+     * @returns A curried function that decrypts data
+     */
+    decrypt: () => (encryptedData: string) => Promise<string>;
+}
+
+declare const version = "0.1.0-server";
+
+export { CryptoBrowser, type CryptoConfig, type CryptoOperations, CryptoServer, type DecryptionResult, type EncryptionResult, type KeyPair, version };

package/dist/server.js

@@ -0,0 +1,213 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/server.ts
+var server_exports = {};
+__export(server_exports, {
+  CryptoBrowser: () => CryptoBrowser,
+  CryptoServer: () => CryptoServer,
+  version: () => version
+});
+module.exports = __toCommonJS(server_exports);
+
+// src/client/CryptoBrowser.ts
+var CryptoBrowser = class {
+  encryptionKey;
+  /**
+   * Creates a new CryptoBrowser instance.
+   * @param getEncryptionKey - Function that returns the encryption key for this instance
+   */
+  constructor() {
+  }
+  /**
+   * Sets the encryption key for the encrypt and decrypt operations.
+   * Validates that the key is AES-GCM with 256-bit length for cross-platform compatibility.
+   *
+   * @param key - The encryption key to set (must be AES-GCM 256-bit)
+   * @throws {Error} If key is not AES-GCM or not 256-bit
+   */
+  setEncryptionKey = (key) => {
+    if (key.algorithm.name !== "AES-GCM") {
+      throw new Error(
+        `Invalid key algorithm: ${key.algorithm.name}. Key must be AES-GCM for cross-platform compatibility with CryptoServer.`
+      );
+    }
+    const keyLength = key.algorithm.length;
+    if (keyLength !== 256) {
+      throw new Error(
+        `Invalid key length: ${keyLength} bits. Key must be 256-bit for cross-platform compatibility with CryptoServer (AES-256-GCM).`
+      );
+    }
+    this.encryptionKey = key;
+  };
+  /**
+   * Creates an encryption function that encrypts string data using AES-GCM encryption.
+   * Uses a random initialization vector (IV) for each encryption operation.
+   * The IV is prepended to the ciphertext and the result is base64-encoded.
+   * Uses the encryption key provided via the `setEncryptionKey` method.
+   *
+   * @returns A curried function that encrypts data
+   */
+  encrypt = () => async (data) => {
+    const key = this.encryptionKey;
+    if (!key) {
+      throw new Error(
+        "Encryption key not available. You must call `setEncryptionKey` before using this instance."
+      );
+    }
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const encrypted = await crypto.subtle.encrypt(
+      { name: "AES-GCM", iv },
+      key,
+      new TextEncoder().encode(data)
+    );
+    const combined = new Uint8Array(iv.length + encrypted.byteLength);
+    combined.set(iv);
+    combined.set(new Uint8Array(encrypted), iv.length);
+    return btoa(String.fromCharCode(...combined));
+  };
+  /**
+   * Creates a decryption function that decrypts encrypted string data using AES-GCM decryption.
+   * Extracts the IV from the beginning of the encrypted data and uses it to decrypt the ciphertext.
+   * Uses the encryption key provided via the constructor.
+   *
+   * @returns A curried function that decrypts data
+   */
+  decrypt = () => async (encryptedData) => {
+    const key = this.encryptionKey;
+    if (!key) {
+      throw new Error(
+        "Encryption key not available. You must call `setEncryptionKey` before using this instance."
+      );
+    }
+    const combined = Uint8Array.from(
+      atob(encryptedData),
+      (c) => c.charCodeAt(0)
+    );
+    const iv = combined.slice(0, 12);
+    const ciphertext = combined.slice(12);
+    const decrypted = await crypto.subtle.decrypt(
+      { name: "AES-GCM", iv },
+      key,
+      ciphertext
+    );
+    return new TextDecoder().decode(decrypted);
+  };
+};
+
+// src/server/CryptoServer.ts
+var import_crypto = __toESM(require("crypto"));
+var CryptoServer = class {
+  /**
+   * The encryption key for the encrypt and decrypt operations.
+   */
+  encryptionKey;
+  /**
+   * Creates a new CryptoServer instance.
+   */
+  constructor() {
+  }
+  /**
+   * Sets the encryption key for the encrypt and decrypt operations.
+   * Validates that the key is 32 bytes (256 bits) for AES-256-GCM.
+   *
+   * @param key - The encryption key to set (must be 32 bytes / 256 bits)
+   * @throws {Error} If key is not 32 bytes
+   */
+  setEncryptionKey = (key) => {
+    if (key.length !== 32) {
+      throw new Error(
+        `Invalid key length: ${key.length} bytes (${key.length * 8} bits). Key must be 32 bytes (256 bits) for AES-256-GCM cross-platform compatibility with CryptoBrowser.`
+      );
+    }
+    this.encryptionKey = key;
+  };
+  /**
+   * Creates an encryption function that encrypts string data using AES-GCM encryption.
+   * Uses a random initialization vector (IV) for each encryption operation.
+   * The IV is prepended to the ciphertext and the result is base64-encoded.
+   * Uses the encryption key provided via the `setEncryptionKey` method.
+   *
+   * Format matches CryptoBrowser: [IV (12 bytes)][Ciphertext + AuthTag (16 bytes)] -> base64
+   *
+   * @returns A curried function that encrypts data
+   */
+  encrypt = () => async (data) => {
+    const key = this.encryptionKey;
+    if (!key) {
+      throw new Error(
+        "Encryption key not available. You must call `setEncryptionKey` before using this instance."
+      );
+    }
+    const iv = import_crypto.default.randomBytes(12);
+    const cipher = import_crypto.default.createCipheriv("aes-256-gcm", key, iv);
+    let encrypted = cipher.update(data, "utf8");
+    encrypted = Buffer.concat([encrypted, cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    const ciphertextWithAuthTag = Buffer.concat([encrypted, authTag]);
+    const combined = Buffer.concat([iv, ciphertextWithAuthTag]);
+    return combined.toString("base64");
+  };
+  /**
+   * Creates a decryption function that decrypts encrypted string data using AES-GCM decryption.
+   * Extracts the IV from the beginning of the encrypted data and uses it to decrypt the ciphertext.
+   * Uses the encryption key provided via the constructor.
+   *
+   * Format matches CryptoBrowser: base64 -> [IV (12 bytes)][Ciphertext + AuthTag (16 bytes)]
+   *
+   * @returns A curried function that decrypts data
+   */
+  decrypt = () => async (encryptedData) => {
+    const key = this.encryptionKey;
+    if (!key) {
+      throw new Error(
+        "Encryption key not available. You must call `setEncryptionKey` before using this instance."
+      );
+    }
+    const combined = Buffer.from(encryptedData, "base64");
+    const iv = combined.slice(0, 12);
+    const ciphertextWithAuthTag = combined.slice(12);
+    const authTag = ciphertextWithAuthTag.slice(-16);
+    const ciphertext = ciphertextWithAuthTag.slice(0, -16);
+    const decipher = import_crypto.default.createDecipheriv("aes-256-gcm", key, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(ciphertext);
+    decrypted = Buffer.concat([decrypted, decipher.final()]);
+    return decrypted.toString("utf8");
+  };
+};
+
+// src/server.ts
+var version = "0.1.0-server";
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  CryptoBrowser,
+  CryptoServer,
+  version
+});