@did-btcr2/keypair 0.10.0 → 0.11.0

package/dist/types/public.d.ts

@@ -1,5 +1,6 @@
 import { Bytes, Hex, KeyBytes, MultibaseObject, PublicKeyObject } from '@did-btcr2/common';
-import { Secp256k1SecretKey } from './secret.js';
+/** Fixed public key header bytes per the Data Integrity BIP340 Cryptosuite spec: [0xe7, 0x01] */
+export declare const BIP340_PUBLIC_KEY_MULTIBASE_PREFIX: Bytes;
 import { CryptoOptions } from './types.js';
 /**
  * Point Interface representing an (x, y) coordinate on the secp256k1 curve.
@@ -77,11 +78,11 @@ export interface PublicKey {
      */
     encode(): string;
     /**
-     * CompressedSecp256k1PublicKey key equality check. Checks if `this` public key is equal to `other` public key.
-     * @param {CompressedSecp256k1PublicKey} other The public key to compare.
+     * Public key equality check.
+     * @param {PublicKey} other The public key to compare.
      * @returns {boolean} True if the public keys are equal.
      */
-    equals(other: CompressedSecp256k1PublicKey): boolean;
+    equals(other: PublicKey): boolean;
 }
 /**
  * Encapsulates a secp256k1 public key compliant to BIP-340 BIP schnorr signature scheme.
@@ -174,61 +175,26 @@ export declare class CompressedSecp256k1PublicKey implements PublicKey {
     verify(signature: Bytes, data: Bytes, opts?: CryptoOptions): boolean;
     /**
      * Compares this public key to another public key.
-     * @param {CompressedSecp256k1PublicKey} other The other public key to compare
+     * @param {PublicKey} other The other public key to compare
      * @returns {boolean} True if the public keys are equal, false otherwise.
      */
-    equals(other: CompressedSecp256k1PublicKey): boolean;
+    equals(other: PublicKey): boolean;
     /**
      * JSON representation of a CompressedSecp256k1PublicKey object.
      * @returns {PublicKeyObject} The CompressedSecp256k1PublicKey as a JSON object.
      */
     toJSON(): PublicKeyObject;
-    /**
-     * Computes modular exponentiation: (base^exp) % mod.
-     * Used for computing modular square roots.
-     * @param {bigint} base The base value
-     * @param {bigint} exp The exponent value
-     * @param {bigint} mod The modulus value
-     * @returns {bigint} The result of the modular exponentiation
-     */
-    modPow(base: bigint, exp: bigint, mod: bigint): bigint;
-    /**
-     * Computes `sqrt(a) mod p` using Tonelli-Shanks algorithm.
-     * This finds `y` such that `y^2 ≡ a mod p`.
-     * @param {bigint} a The value to find the square root of
-     * @param {bigint} p The prime modulus
-     * @returns {bigint} The square root of `a` mod `p`
-     */
-    sqrtMod(a: bigint, p: bigint): bigint;
-    /**
-     * Lifts a 32-byte x-only coordinate into a full secp256k1 point (x, y).
-     * @param xBytes 32-byte x-coordinate
-     * @returns {Uint8Array} 65-byte uncompressed public key (starts with `0x04`)
-     */
-    liftX(): Uint8Array;
     /**
      * Static method to validate a public key.
      * @param {Hex} pk The public key in hex (Uint8Array or string) format.
      * @returns {boolean} True if the public key is valid, false otherwise.
      */
     static isValid(pk: Hex): boolean;
-    /**
-     * Returns the point of the public key.
-     * @param {Hex} pk The public key in hex (Uint8Array or string) format.
-     * @returns {Point} The point of the public key.
-     * @throws {PublicKeyError} If the public key is not a valid hex string or byte array.
-     */
-    static point(pk: Hex): Point;
     /**
      * Creates a CompressedSecp256k1PublicKey object from a JSON representation.
      * @param {PublicKeyObject} json The JSON object to initialize the CompressedSecp256k1PublicKey.
      * @returns {CompressedSecp256k1PublicKey} The initialized CompressedSecp256k1PublicKey object.
      */
     static fromJSON(json: PublicKeyObject): CompressedSecp256k1PublicKey;
-    /**
-     * Computes the deterministic public key for a given secret key.
-     * @param {Secp256k1SecretKey | KeyBytes} sk The Secp256k1SecretKey object or the secret key bytes
-     * @returns {CompressedSecp256k1PublicKey} A new CompressedSecp256k1PublicKey object
-     */
-    static fromSecretKey(sk: Secp256k1SecretKey | KeyBytes): CompressedSecp256k1PublicKey;
 }
+//# sourceMappingURL=public.d.ts.map

package/dist/types/public.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"public.d.ts","sourceRoot":"","sources":["../../src/public.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,EAEL,GAAG,EACH,QAAQ,EACR,eAAe,EAEf,eAAe,EAChB,MAAM,mBAAmB,CAAC;AAI3B,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C;;;;GAIG;AACH,MAAM,WAAW,KAAK;IACpB,CAAC,EAAE,QAAQ,CAAC;IACZ,CAAC,EAAE,QAAQ,CAAC;CACb;AAED;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACxB;;;OAGG;IACH,UAAU,EAAE,QAAQ,CAAC;IAErB;;;OAGG;IACH,YAAY,EAAE,QAAQ,CAAC;IAEvB;;;OAGG;IACH,KAAK,EAAE,QAAQ,CAAC;IAEhB;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,MAAM,EAAE,OAAO,CAAC;IAEhB;;;OAGG;IACH,CAAC,EAAE,QAAQ,CAAC;IAEZ;;;OAGG;IACH,CAAC,EAAE,QAAQ,CAAC;IAEZ;;;OAGG;IACH,SAAS,EAAE,eAAe,CAAC;IAE3B;;;OAGG;IACH,GAAG,EAAE,GAAG,CAAC;IAET;;;OAGG;IACH,KAAK,EAAE,KAAK,CAAC;IAEb;;;OAGG;IACH,MAAM,IAAI,QAAQ,CAAC;IAEnB;;;OAGG;IACH,MAAM,IAAI,MAAM,CAAC;IAEjB;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,4BAA4B,GAAG,OAAO,CAAC;CACtD;AAED;;;;;;GAMG;AACH,qBAAa,4BAA6B,YAAW,SAAS;;IAe5D;;;;OAIG;gBACS,YAAY,EAAE,GAAG;IA6B7B;;;OAGG;IACH,IAAI,UAAU,IAAI,QAAQ,CAGzB;IAED;;;OAGG;IACH,IAAI,YAAY,IAAI,QAAQ,CAG3B;IAED;;OAEG;IACH,IAAI,KAAK,IAAI,QAAQ,CAGpB;IAED;;;;OAIG;IACH,IAAI,MAAM,IAAI,IAAI,GAAG,IAAI,CASxB;IAED;;;OAGG;IACH,IAAI,MAAM,IAAI,OAAO,CAEpB;IAED;;;OAGG;IACH,IAAI,CAAC,IAAI,QAAQ,CAGhB;IAED;;;OAGG;IACH,IAAI,CAAC,IAAI,QAAQ,CAGhB;IAED;;;OAGG;IACH,IAAI,SAAS,IAAI,eAAe,CAG/B;IAED;;;OAGG;IACH,IAAI,GAAG,IAAI,MAAM,CAGhB;IAED;;;OAGG;IACH,IAAI,KAAK,IAAI,KAAK,CAKjB;IAED;;;OAGG;IACH,MAAM,IAAI,QAAQ;IAIlB;;;OAGG;IACH,MAAM,IAAI,QAAQ;IA8BlB;;;OAGG;IACH,MAAM,IAAI,MAAM;IAsBhB;;;;;;;OAOG;IACH,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,aAAa,GAAG,OAAO;IAiBpE;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,4BAA4B,GAAG,OAAO;IAIpD;;;OAGG;IACH,MAAM,IAAI,eAAe;IAYzB;;;;;;;OAOG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM;IAUtD;;;;;;OAMG;IACH,OAAO,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM;IAIrC;;;;OAIG;IACH,KAAK,IAAI,UAAU;IAyBnB;;;;OAIG;IACH,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,GAAG,GAAG,OAAO;IAShC;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,GAAG,KAAK;IAoB5B;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,eAAe,GAAG,4BAA4B;IAKpE;;;;OAIG;IACH,MAAM,CAAC,aAAa,CAAC,EAAE,EAAE,kBAAkB,GAAG,QAAQ,GAAG,4BAA4B;CAiBtF"}
+{"version":3,"file":"public.d.ts","sourceRoot":"","sources":["../../src/public.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,EACL,GAAG,EACH,QAAQ,EACR,eAAe,EAEf,eAAe,EAChB,MAAM,mBAAmB,CAAC;AAE3B,iGAAiG;AACjG,eAAO,MAAM,kCAAkC,EAAE,KAAoC,CAAC;AAItF,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C;;;;GAIG;AACH,MAAM,WAAW,KAAK;IACpB,CAAC,EAAE,QAAQ,CAAC;IACZ,CAAC,EAAE,QAAQ,CAAC;CACb;AAED;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACxB;;;OAGG;IACH,UAAU,EAAE,QAAQ,CAAC;IAErB;;;OAGG;IACH,YAAY,EAAE,QAAQ,CAAC;IAEvB;;;OAGG;IACH,KAAK,EAAE,QAAQ,CAAC;IAEhB;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,MAAM,EAAE,OAAO,CAAC;IAEhB;;;OAGG;IACH,CAAC,EAAE,QAAQ,CAAC;IAEZ;;;OAGG;IACH,CAAC,EAAE,QAAQ,CAAC;IAEZ;;;OAGG;IACH,SAAS,EAAE,eAAe,CAAC;IAE3B;;;OAGG;IACH,GAAG,EAAE,GAAG,CAAC;IAET;;;OAGG;IACH,KAAK,EAAE,KAAK,CAAC;IAEb;;;OAGG;IACH,MAAM,IAAI,QAAQ,CAAC;IAEnB;;;OAGG;IACH,MAAM,IAAI,MAAM,CAAC;IAEjB;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC;CACnC;AAED;;;;;;GAMG;AACH,qBAAa,4BAA6B,YAAW,SAAS;;IAe5D;;;;OAIG;gBACS,YAAY,EAAE,GAAG;IA6B7B;;;OAGG;IACH,IAAI,UAAU,IAAI,QAAQ,CAGzB;IAED;;;OAGG;IACH,IAAI,YAAY,IAAI,QAAQ,CAE3B;IAED;;OAEG;IACH,IAAI,KAAK,IAAI,QAAQ,CAGpB;IAED;;;;OAIG;IACH,IAAI,MAAM,IAAI,IAAI,GAAG,IAAI,CASxB;IAED;;;OAGG;IACH,IAAI,MAAM,IAAI,OAAO,CAEpB;IAED;;;OAGG;IACH,IAAI,CAAC,IAAI,QAAQ,CAGhB;IAED;;;OAGG;IACH,IAAI,CAAC,IAAI,QAAQ,CAGhB;IAED;;;OAGG;IACH,IAAI,SAAS,IAAI,eAAe,CAM/B;IAED;;;OAGG;IACH,IAAI,GAAG,IAAI,MAAM,CAGhB;IAED;;;OAGG;IACH,IAAI,KAAK,IAAI,KAAK,CAKjB;IAED;;;OAGG;IACH,MAAM,IAAI,QAAQ;IAIlB;;;OAGG;IACH,MAAM,IAAI,QAAQ;IAIlB;;;OAGG;IACH,MAAM,IAAI,MAAM;IAOhB;;;;;;;OAOG;IACH,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,aAAa,GAAG,OAAO;IAepE;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO;IAIjC;;;OAGG;IACH,MAAM,IAAI,eAAe;IAYzB;;;;OAIG;IACH,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,GAAG,GAAG,OAAO;IAShC;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,eAAe,GAAG,4BAA4B;CAIrE"}

package/dist/types/secret.d.ts

@@ -1,5 +1,4 @@
 import { Bytes, Hex, HexString, KeyBytes, SecretKeyObject, SignatureBytes } from '@did-btcr2/common';
-import { SchnorrKeyPair } from './pair.js';
 import { CompressedSecp256k1PublicKey } from './public.js';
 import { CryptoOptions } from './types.js';
 /**
@@ -26,10 +25,10 @@ export interface SecretKey {
     hex: Hex;
     /**
      * Checks if this secret key is equal to another secret key.
-     * @param {Secp256k1SecretKey} other The other secret key to compare.
+     * @param {SecretKey} other The other secret key to compare.
      * @returns {boolean} True if the private keys are equal.
      */
-    equals(other: Secp256k1SecretKey): boolean;
+    equals(other: SecretKey): boolean;
     /**
      * Uses the secret key to compute the corresponding public key.
      * @returns {CompressedSecp256k1PublicKey} The computed public key bytes.
@@ -57,6 +56,11 @@ export declare class Secp256k1SecretKey implements SecretKey {
      * @throws {SecretKeyError} If entropy is not provided, not a valid 32-byte secret key or not a valid bigint seed
      */
     constructor(entropy: Bytes | bigint);
+    /**
+     * Zeros out secret key material from memory.
+     * The instance should not be used after calling this method.
+     */
+    destroy(): void;
     /**
      * Get the secret key entropy as a byte array.
      * @returns {KeyBytes} The secret key bytes as a Uint8Array
@@ -84,20 +88,29 @@ export declare class Secp256k1SecretKey implements SecretKey {
     encode(): string;
     /**
      * Checks if this secret key is equal to another.
-     * @param {Secp256k1SecretKey} other The other secret key
+     * @param {SecretKey} other The other secret key
      * @returns {boolean} True if the private keys are equal, false otherwise
      */
-    equals(other: Secp256k1SecretKey): boolean;
+    equals(other: SecretKey): boolean;
     /**
      * Computes the public key from the secret key bytes.
      * @returns {CompressedSecp256k1PublicKey} The computed public key
      */
     computePublicKey(): CompressedSecp256k1PublicKey;
     /**
-     * Converts the secret key to a JSON object.
+     * Safe JSON representation. Does not expose secret material.
+     * Called implicitly by JSON.stringify(). Use exportJSON() for full serialization.
+     */
+    toJSON(): {
+        type: string;
+    };
+    /**
+     * Exports the secret key as a JSON object. Contains sensitive material.
      * @returns {SecretKeyObject} The secret key as a JSON object
      */
-    toJSON(): SecretKeyObject;
+    exportJSON(): SecretKeyObject;
+    /** @override Prevents secret material from appearing in console.log */
+    toString(): string;
     /**
      * Checks if the secret key is valid.
      * @returns {boolean} True if the secret key is valid, false otherwise
@@ -129,13 +142,6 @@ export declare class Secp256k1SecretKey implements SecretKey {
      * @returns {Secp256k1SecretKey} A new Secp256k1SecretKey object
      */
     static fromJSON(json: SecretKeyObject): Secp256k1SecretKey;
-    /**
-     * Converts a Secp256k1SecretKey or KeyBytes to a SchnorrKeyPair.
-     * @param {KeyBytes} bytes The secret key bytes
-     * @returns {SchnorrKeyPair} The SchnorrKeyPair object containing the public and private keys
-     * @throws {SecretKeyError} If the secret key is not valid
-     */
-    static toKeyPair(bytes: KeyBytes): SchnorrKeyPair;
     /**
      * Convert a bigint secret to secret key bytes.
      * @param {KeyBytes} bytes The secret key bytes
@@ -148,12 +154,6 @@ export declare class Secp256k1SecretKey implements SecretKey {
      * @returns {KeyBytes} The secret key secret as secret key bytes.
      */
     static toBytes(secret: bigint): KeyBytes;
-    /**
-     * Creates a new Secp256k1SecretKey object from random bytes.
-     * @param {KeyBytes} bytes The secret key bytes
-     * @returns {Secp256k1SecretKey} A new Secp256k1SecretKey object
-     */
-    static fromBytes(bytes: KeyBytes): Secp256k1SecretKey;
     /**
      * Creates a new Secp256k1SecretKey object from a bigint secret.
      * @param {bigint} bint The secret bigint
@@ -177,3 +177,4 @@ export declare class Secp256k1SecretKey implements SecretKey {
      */
     static getPublicKey(bytes: KeyBytes): CompressedSecp256k1PublicKey;
 }
+//# sourceMappingURL=secret.d.ts.map

package/dist/types/secret.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"secret.d.ts","sourceRoot":"","sources":["../../src/secret.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,EAEL,GAAG,EACH,SAAS,EACT,QAAQ,EAER,eAAe,EACf,cAAc,EACf,MAAM,mBAAmB,CAAC;AAK3B,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACxB;;;OAGG;IACH,KAAK,EAAE,QAAQ,CAAC;IAEhB;;;;OAIG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,GAAG,EAAE,GAAG,CAAC;IAET;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC;IAE3C;;;OAGG;IACH,gBAAgB,IAAI,4BAA4B,CAAC;IAEjD;;;OAGG;IACH,OAAO,IAAI,OAAO,CAAC;CACpB;AAED;;;;;;;GAOG;AACH,qBAAa,kBAAmB,YAAW,SAAS;;IAUlD;;;;OAIG;gBACS,OAAO,EAAE,KAAK,GAAG,MAAM;IAyCnC;;;OAGG;IACH,IAAI,KAAK,IAAI,UAAU,CAItB;IAED;;;OAGG;IACH,IAAI,IAAI,IAAI,MAAM,CAIjB;IAED;;;OAGG;IACH,IAAI,GAAG,IAAI,SAAS,CAGnB;IAGD;;;OAGG;IACH,IAAI,SAAS,IAAI,MAAM,CAGtB;IAED;;;OAGG;IACI,MAAM,IAAI,MAAM;IAoBvB;;;;OAIG;IACI,MAAM,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO;IAKjD;;;OAGG;IACI,gBAAgB,IAAI,4BAA4B;IAuBvD;;;OAGG;IACI,MAAM,IAAI,eAAe;IAQhC;;;OAGG;IACI,OAAO,IAAI,OAAO;IAIzB;;;OAGG;IACI,iBAAiB,IAAI,OAAO;IAanC;;;;;;;OAOG;IACI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,aAAa,GAAG,cAAc;IAiB9D;;;;OAIG;WACW,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,KAAK;IA8B9C;;;;OAIG;WACW,QAAQ,CAAC,IAAI,EAAE,eAAe,GAAG,kBAAkB;IAIjE;;;;;OAKG;WACW,SAAS,CAAC,KAAK,EAAE,QAAQ,GAAG,cAAc;IAWxD;;;;OAIG;WACW,QAAQ,CAAC,KAAK,EAAE,QAAQ,GAAG,MAAM;IAI/C;;;;OAIG;WACW,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,QAAQ;IAiB/C;;;;OAIG;WACW,SAAS,CAAC,KAAK,EAAE,QAAQ,GAAG,kBAAkB;IAK5D;;;;OAIG;WACW,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB;IAS1D;;;OAGG;WACW,MAAM,IAAI,QAAQ;IAQhC;;;OAGG;WACW,QAAQ,IAAI,kBAAkB;IAQ5C;;;;OAIG;WACW,YAAY,CAAC,KAAK,EAAE,QAAQ,GAAG,4BAA4B;CAI1E"}
+{"version":3,"file":"secret.d.ts","sourceRoot":"","sources":["../../src/secret.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,EACL,GAAG,EACH,SAAS,EACT,QAAQ,EAER,eAAe,EACf,cAAc,EACf,MAAM,mBAAmB,CAAC;AAM3B,OAAO,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAO3C;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACxB;;;OAGG;IACH,KAAK,EAAE,QAAQ,CAAC;IAEhB;;;;OAIG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,GAAG,EAAE,GAAG,CAAC;IAET;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC;IAElC;;;OAGG;IACH,gBAAgB,IAAI,4BAA4B,CAAC;IAEjD;;;OAGG;IACH,OAAO,IAAI,OAAO,CAAC;CACpB;AAED;;;;;;;GAOG;AACH,qBAAa,kBAAmB,YAAW,SAAS;;IAUlD;;;;OAIG;gBACS,OAAO,EAAE,KAAK,GAAG,MAAM;IAyCnC;;;OAGG;IACI,OAAO,IAAI,IAAI;IAMtB;;;OAGG;IACH,IAAI,KAAK,IAAI,UAAU,CAItB;IAED;;;OAGG;IACH,IAAI,IAAI,IAAI,MAAM,CAIjB;IAED;;;OAGG;IACH,IAAI,GAAG,IAAI,SAAS,CAGnB;IAGD;;;OAGG;IACH,IAAI,SAAS,IAAI,MAAM,CAGtB;IAED;;;OAGG;IACI,MAAM,IAAI,MAAM;IAOvB;;;;OAIG;IACI,MAAM,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO;IAIxC;;;OAGG;IACI,gBAAgB,IAAI,4BAA4B;IAIvD;;;OAGG;IACI,MAAM,IAAI;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE;IAIjC;;;OAGG;IACI,UAAU,IAAI,eAAe;IAQpC,uEAAuE;IAChE,QAAQ,IAAI,MAAM;IASzB;;;OAGG;IACI,OAAO,IAAI,OAAO;IAIzB;;;OAGG;IACI,iBAAiB,IAAI,OAAO;IASnC;;;;;;;OAOG;IACI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,aAAa,GAAG,cAAc;IAe9D;;;;OAIG;WACW,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,KAAK;IA8B9C;;;;OAIG;WACW,QAAQ,CAAC,IAAI,EAAE,eAAe,GAAG,kBAAkB;IAIjE;;;;OAIG;WACW,QAAQ,CAAC,KAAK,EAAE,QAAQ,GAAG,MAAM;IAI/C;;;;OAIG;WACW,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,QAAQ;IAiB/C;;;;OAIG;WACW,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB;IAI1D;;;OAGG;WACW,MAAM,IAAI,QAAQ;IAShC;;;OAGG;WACW,QAAQ,IAAI,kBAAkB;IAQ5C;;;;OAIG;WACW,YAAY,CAAC,KAAK,EAAE,QAAQ,GAAG,4BAA4B;CAI1E"}

package/dist/types/types.d.ts

@@ -1,6 +1,6 @@
 import { Hex, KeyBytes } from '@did-btcr2/common';
-import { CompressedSecp256k1PublicKey } from './public.js';
-import { Secp256k1SecretKey } from './secret.js';
+import type { CompressedSecp256k1PublicKey } from './public.js';
+import type { Secp256k1SecretKey } from './secret.js';
 export type CryptoOptions = {
     scheme: 'ecdsa' | 'schnorr';
 };
@@ -21,3 +21,4 @@ export interface MultibaseKeys {
     publicKeyMultibase: string;
     secretKeyMultibase: string;
 }
+//# sourceMappingURL=types.d.ts.map

package/dist/types/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD,MAAM,MAAM,aAAa,GAAG;IAAE,MAAM,EAAE,OAAO,GAAG,SAAS,CAAA;CAAE,CAAA;AAE3D,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,QAAQ,CAAC;IACjB,MAAM,CAAC,EAAE,QAAQ,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,GAAG,CAAC;IACZ,MAAM,CAAC,EAAE,GAAG,CAAA;CACb,CAAA;AAED,wDAAwD;AACxD,MAAM,WAAW,oBAAoB;IACnC,SAAS,CAAC,EAAE,kBAAkB,GAAG,QAAQ,CAAC;IAC1C,SAAS,CAAC,EAAE,4BAA4B,GAAG,QAAQ,CAAC;CACrD;AAED,MAAM,WAAW,aAAa;IAC5B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAA;CAC3B"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAChE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEtD,MAAM,MAAM,aAAa,GAAG;IAAE,MAAM,EAAE,OAAO,GAAG,SAAS,CAAA;CAAE,CAAA;AAE3D,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,QAAQ,CAAC;IACjB,MAAM,CAAC,EAAE,QAAQ,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,GAAG,CAAC;IACZ,MAAM,CAAC,EAAE,GAAG,CAAA;CACb,CAAA;AAED,wDAAwD;AACxD,MAAM,WAAW,oBAAoB;IACnC,SAAS,CAAC,EAAE,kBAAkB,GAAG,QAAQ,CAAC;IAC1C,SAAS,CAAC,EAAE,4BAA4B,GAAG,QAAQ,CAAC;CACrD;AAED,MAAM,WAAW,aAAa;IAC5B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAA;CAC3B"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@did-btcr2/keypair",
-  "version": "0.10.0",
+  "version": "0.11.0",
   "type": "module",
   "description": "JavaScript/TypeScript implementation of secp256k1 public/private key pairs with BIP340 schnorr signatures. Used by various parts of the did-btcr2-js monorepo.",
   "main": "./dist/cjs/index.js",
@@ -59,10 +59,10 @@
     "bip340 key pair"
   ],
   "dependencies": {
+    "@noble/curves": "^2.0.1",
     "@noble/hashes": "^1.7.1",
-    "multiformats": "^13.3.2",
-    "tiny-secp256k1": "^2.2.3",
-    "@did-btcr2/common": "5.0.0"
+    "@scure/base": "^2.0.0",
+    "@did-btcr2/common": "7.0.0"
   },
   "devDependencies": {
     "@eslint/js": "^9.20.0",

package/src/pair.ts

@@ -3,6 +3,7 @@ import {
   HexString,
   KeyBytes,
   KeyPairError,
+  PublicKeyObject,
   SchnorrKeyPairObject
 } from '@did-btcr2/common';
 import { CompressedSecp256k1PublicKey, PublicKey } from './public.js';
@@ -32,26 +33,9 @@ export interface KeyPair {
  * @type {SchnorrKeyPair}
  */
 export class SchnorrKeyPair implements KeyPair {
-  /**
-   * The secret key objec
-    */
   #secretKey?: Secp256k1SecretKey;
-
-  /**
-   * The public key object
-   */;
   #publicKey: CompressedSecp256k1PublicKey;
 
-  /**
-   * The public key in multibase forma
-    */
-  #publicKeyMultibase: string;
-
-  /**
-   * The secret key in multibase forma
-    */
-  #secretKeyMultibase: string;
-
   /**
    * Creates an instance of Keys. Must provide a at least a secret key.
    * Can optionally provide both a secret and public key, but must be a valid pair.
@@ -83,8 +67,13 @@ export class SchnorrKeyPair implements KeyPair {
       this.#publicKey = this.#secretKey!.computePublicKey();
     }
 
-    this.#publicKeyMultibase = this.#publicKey.multibase.encoded;
-    this.#secretKeyMultibase = this.#secretKey ? this.#secretKey.multibase : '';
+    // Validate that an explicitly provided public key matches the secret key
+    if (this.#secretKey && params.publicKey) {
+      const derived = this.#secretKey.computePublicKey();
+      if (!this.#publicKey.equals(derived)) {
+        throw new KeyPairError('Public key does not match secret key', 'CONSTRUCTOR_ERROR');
+      }
+    }
   }
 
   /**
@@ -112,18 +101,13 @@ export class SchnorrKeyPair implements KeyPair {
    * @throws {KeyPairError} If the public key is not a valid pair with the secret key.
    */
   set publicKey(publicKey: CompressedSecp256k1PublicKey) {
-    // If the public key is not a valid pair with the secret key, throw an error
-    if(this.secretKey) {
-      if(!this.secretKey.hasValidPublicKey()) {
-        throw new KeyPairError('Secret key is not valid', 'SECRET_KEY_ERROR');
+    if(this.#secretKey) {
+      const derived = this.#secretKey.computePublicKey();
+      if(!publicKey.equals(derived)) {
+        throw new KeyPairError('Public key does not match secret key', 'PUBLIC_KEY_ERROR');
       }
-      const cPk = this.secretKey.computePublicKey();
-      if(!publicKey.equals(cPk))
-        throw new KeyPairError('Public key is not a valid pair with the secret key', 'PUBLIC_KEY_ERROR');
     }
     this.#publicKey = publicKey;
-    this.#publicKeyMultibase = publicKey.multibase.encoded;
-    this.#secretKeyMultibase = this.#secretKey ? this.#secretKey.multibase : '';
   }
 
   /**
@@ -131,8 +115,15 @@ export class SchnorrKeyPair implements KeyPair {
    * @returns {CompressedSecp256k1PublicKey} The CompressedSecp256k1PublicKey object
    */
   get publicKey(): CompressedSecp256k1PublicKey {
-    const publicKey = this.#publicKey;
-    return publicKey;
+    return this.#publicKey;
+  }
+
+  /**
+   * Whether this key pair contains a secret key.
+   * @returns {boolean} True if the secret key is present.
+   */
+  get hasSecretKey(): boolean {
+    return !!this.#secretKey;
   }
 
   /**
@@ -142,7 +133,7 @@ export class SchnorrKeyPair implements KeyPair {
   get raw(): RawSchnorrKeyPair {
     return {
       public : this.publicKey.x,
-      secret : this.secretKey ? this.secretKey.bytes : undefined
+      secret : this.#secretKey ? this.#secretKey.bytes : undefined
     };
   }
 
@@ -153,7 +144,7 @@ export class SchnorrKeyPair implements KeyPair {
   get hex(): HexSchnorrKeyPair {
     return {
       public : this.publicKey.hex,
-      secret : this.#secretKey ? this.secretKey.hex : undefined
+      secret : this.#secretKey ? this.#secretKey.hex : undefined
     };
   }
 
@@ -163,22 +154,43 @@ export class SchnorrKeyPair implements KeyPair {
    */
   get multibase(): MultibaseKeys {
     return {
-      publicKeyMultibase : this.#publicKeyMultibase,
-      secretKeyMultibase : this.#secretKeyMultibase,
+      publicKeyMultibase : this.#publicKey.multibase.encoded,
+      secretKeyMultibase : this.#secretKey ? this.#secretKey.multibase : '',
     };
   }
 
   /**
-   * JSON representation of a Keys.
-   * @returns {SchnorrKeyPairObject} The Keys as a JSON object
+   * Safe JSON representation. Only includes the public key.
+   * Called implicitly by JSON.stringify(). Use exportJSON() for full serialization.
+   * @returns {{ publicKey: PublicKeyObject }} The JSON representation of the public key
    */
-  toJSON(): SchnorrKeyPairObject {
+  toJSON(): { publicKey: PublicKeyObject } {
+    return { publicKey: this.publicKey.toJSON() };
+  }
+
+  /**
+   * Exports the full key pair as a JSON object. Contains sensitive material.
+   * @returns {SchnorrKeyPairObject} The key pair as a JSON object
+   * @throws {KeyPairError} If the secret key is not available
+   */
+  exportJSON(): SchnorrKeyPairObject {
+    if (!this.#secretKey) {
+      throw new KeyPairError(
+        'Cannot export: secret key required. Use publicKey.toJSON() for public-key-only pairs.',
+        'SERIALIZE_ERROR'
+      );
+    }
     return {
-      secretKey : this.secretKey.toJSON(),
+      secretKey : this.#secretKey.exportJSON(),
       publicKey : this.publicKey.toJSON()
     };
   }
 
+  /** @override Prevents secret material from appearing in Node.js inspect */
+  [Symbol.for('nodejs.util.inspect.custom')](): string {
+    return `[SchnorrKeyPair ${this.publicKey.hex}]`;
+  }
+
   /**
    * Static method creates a new Keys from a JSON object.
    * @param {SchnorrKeyPairObject} keys The JSON object to initialize the Keys.
@@ -245,24 +257,7 @@ export class SchnorrKeyPair implements KeyPair {
    * @returns {boolean} True if the public key and secret key are equal, false otherwise.
    */
   static equals(kp: SchnorrKeyPair, otherKp: SchnorrKeyPair): boolean {
-    // Deconstruct the public keys from the key pairs
-    const pk = kp.publicKey;
-    const otherPk = otherKp.publicKey;
-
-    // If publicKeys present, use to compare as hex strings.
-    if(pk && otherPk) {
-      return pk.hex === otherPk.hex;
-    }
-
-    // Deconstruct the secret keys from the key pairs
-    const sk = kp.secretKey;
-    const otherSk = otherKp.secretKey;
-    if(sk && otherSk) {
-      // Get the public key hex strings for both key pair publicKeys
-      return sk.hex === otherSk.hex;
-    }
-
-    throw new KeyPairError('Cannot compare invalid key pair(s)', 'KEYPAIR_EQUALS_ERROR');
+    return kp.publicKey.equals(otherKp.publicKey);
   }
 
   /**