@did-btcr2/kms 0.1.0

package/dist/types/interface.d.ts

@@ -0,0 +1,79 @@
+import { Bytes, HashBytes, KeyBytes, KeyIdentifier, SignatureBytes } from '@did-btcr2/common';
+import { SchnorrKeyPair } from '@did-btcr2/keypair';
+/**
+ * The interface for the Kms class.
+ * @interface KeyManager
+ * @type {KeyManager}
+ */
+export interface KeyManager {
+    /**
+     * The ID of the active key.
+     * @readonly
+     * @type {KeyIdentifier}
+     */
+    readonly activeKeyId?: KeyIdentifier;
+    /**
+     * Set the active key id.
+     * @param id The key id to set as active.
+     */
+    setActiveKey(id: KeyIdentifier): void;
+    /**
+     * Import a key pair.
+     * @param {SchnorrKeyPair} keyPair The secret key to import.
+     * @param {{ id?: KeyIdentifier, setActive?: boolean }} options The options for importing the key pair.
+     * @param {KeyIdentifier} [options.id] The ID of the key to import (optional).
+     * @param {boolean} [options.setActive] Whether to set the key as active (optional, default: false).
+     * @returns {KeyIdentifier} A promise that resolves to the key identifier of the imported key.
+     */
+    importKey(keyPair: SchnorrKeyPair, options: {
+        id?: KeyIdentifier;
+        setActive?: boolean;
+    }): KeyIdentifier;
+    /**
+     * Removes a key from the key store.
+     * @param {KeyIdentifier} id The key identifier of the key to remove.
+     * @param {{ force?: boolean }} options The options for removing the key.
+     * @param {boolean} [options.force] Whether to force the removal of the key.
+     * @returns {void} A promise that resolves when the key is removed.
+     */
+    removeKey(id: KeyIdentifier, options: {
+        force?: boolean;
+    }): void;
+    /**
+     * Lists all key identifiers in the key store.
+     * @returns {KeyIdentifier[]} An array of key identifiers.
+     */
+    listKeys(): KeyIdentifier[];
+    /**
+     * Gets the public key associated with the ID or active key.
+     * @param {KeyIdentifier} [id] The ID of the key to get the public key for.
+     * @returns {KeyBytes} A promise resolving to the public key bytes.
+     */
+    getPublicKey(id?: KeyIdentifier): KeyBytes;
+    /**
+     * Signs the given data using the key associated with the key ID.
+     * @param {Bytes} data The data to sign.
+     * @param {KeyIdentifier} [id] The ID of the key to sign the data with.
+     * @returns {SignatureBytes} A promise resolving to the signature of the data.
+     */
+    sign(data: Bytes, id?: KeyIdentifier): SignatureBytes;
+    /**
+     * Verifies a signature using the key associated with the key ID.
+     * @param {KeyIdentifier} id The ID of the key to verify the signature with.
+     * @param {SignatureBytes} signature The signature to verify.
+     * @param {Hex} data The data to verify the signature with.
+     * @returns {boolean} A promise resolving to a boolean indicating the verification result.
+     */
+    verify(signature: SignatureBytes, data: Bytes, id?: KeyIdentifier): boolean;
+    /**
+     * Computes the hash of the given data.
+     * @param {Uint8Array} data The data to hash.
+     * @returns {HashBytes} The hash of the data.
+     */
+    digest(data: Uint8Array): HashBytes;
+    /**
+     * Generates a new key pair and stores it in the key store.
+     * @returns {KeyIdentifier} The identifier of the newly generated key.
+     */
+    generateKey(): KeyIdentifier;
+}

package/dist/types/interface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../src/interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC9F,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB;;;;OAIG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,aAAa,CAAA;IAEpC;;;OAGG;IACH,YAAY,CAAC,EAAE,EAAE,aAAa,GAAG,IAAI,CAAC;IAEtC;;;;;;;OAOG;IACH,SAAS,CAAC,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE;QAAE,EAAE,CAAC,EAAE,aAAa,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,aAAa,CAAC;IAExG;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,IAAI,CAAC;IAEjE;;;OAGG;IACH,QAAQ,IAAI,aAAa,EAAE,CAAC;IAE5B;;;;OAIG;IACH,YAAY,CAAC,EAAE,CAAC,EAAE,aAAa,GAAG,QAAQ,CAAC;IAE3C;;;;;OAKG;IACH,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,aAAa,GAAG,cAAc,CAAC;IAEtD;;;;;;OAMG;IACH,MAAM,CAAC,SAAS,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC;IAE5E;;;;OAIG;IACH,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,SAAS,CAAC;IAEpC;;;OAGG;IACH,WAAW,IAAI,aAAa,CAAC;CAC9B"}

package/dist/types/kms.d.ts

@@ -0,0 +1,106 @@
+import { Bytes, HashBytes, KeyBytes, KeyIdentifier, SignatureBytes } from '@did-btcr2/common';
+import { SchnorrKeyPair } from '@did-btcr2/keypair';
+import { KeyManager } from './interface.js';
+import { KeyValueStore } from './store.js';
+/**
+ * Class for managing cryptographic keys for the BTCR2 DID method.
+ * @class Kms
+ * @type {Kms}
+ */
+export declare class Kms implements KeyManager {
+    #private;
+    /**
+     * Creates an instance of KeyManager.
+     * @param {KeyValueStore<KeyIdentifier, KeyBytes>} store An optional property to specify a custom
+     * `KeyValueStore` instance for key management. If not provided, {@link KeyManager} uses a default `MemoryStore`
+     * instance. This store is responsible for managing cryptographic keys, allowing them to be retrieved, stored, and
+     * managed during cryptographic operations.
+     */
+    constructor(store?: KeyValueStore<KeyIdentifier, KeyBytes>);
+    /**
+     * Gets the ID of the active key.
+     * @returns {KeyIdentifier | undefined} The ID of the active key.
+     */
+    get activeKeyId(): KeyIdentifier | undefined;
+    /**
+     * Removes a key from the key store.
+     * @param {KeyIdentifier} id The key identifier of the key to remove.
+     * @param {{ force?: boolean }} options The options for removing the key.
+     * @param {boolean} [options.force] Whether to force the removal of the key.
+     * @returns {void} A promise that resolves when the key is removed.
+     * @throws {KeyManagerError} If attempting to remove the active key without force.
+     */
+    removeKey(id: KeyIdentifier, options?: {
+        force?: boolean;
+    }): void;
+    /**
+     * Lists all key identifiers in the key store.
+     * @returns {Promise<KeyIdentifier[]>} A promise that resolves to an array of key identifiers.
+     */
+    listKeys(): KeyIdentifier[];
+    /**
+     * Sets the active key to the key associated with the given ID.
+     * @param {KeyIdentifier} id The ID of the key to set as active.
+     * @returns {Promise<void>} A promise that resolves when the active key is set.
+     * @throws {KeyManagerError} If the key is not found.
+     */
+    setActiveKey(id: KeyIdentifier): void;
+    /**
+     * Gets the public key associated with the given ID or the active key if no ID is provided.
+     * @param {KeyIdentifier} [id] The ID of the key to get the public key for.
+     * @returns {Promise<KeyBytes>} A promise resolving to the public key bytes.
+     */
+    getPublicKey(id?: KeyIdentifier): KeyBytes;
+    /**
+     * Signs the given data using the key associated with the key ID.
+     * @param {Bytes} data The data to sign.
+     * @param {KeyIdentifier} [id] The ID of the key to sign the data with.
+     * @returns {Promise<SignatureBytes>} A promise resolving to the signature of the data.
+     */
+    sign(data: Bytes, id?: KeyIdentifier): SignatureBytes;
+    /**
+     * Verifies a signature using the key associated with the key ID.
+     * @param {KeyIdentifier} id The ID of the key to verify the signature with.
+     * @param {SignatureBytes} signature The signature to verify.
+     * @param {Hex} data The data to verify the signature with.
+     * @returns {Promise<boolean>} A promise resolving to a boolean indicating the verification result.
+     */
+    verify(signature: SignatureBytes, data: Bytes, id?: KeyIdentifier): boolean;
+    /**
+     * Imports a key pair into the key store.
+     * @param {SchnorrKeyPair} keyPair The key pair to import.
+     * @param {{ id?: KeyIdentifier; setActive?: boolean }} options The options for importing the key pair.
+     * @param {KeyIdentifier} [options.id] The ID of the key to import (optional).
+     * @param {boolean} [options.setActive] Whether to set the key as active (optional, default: true).
+     * @returns {Promise<KeyIdentifier>} A promise resolving to the ID of the imported key.
+     */
+    importKey(keyPair: SchnorrKeyPair, options?: {
+        id?: KeyIdentifier;
+        setActive?: boolean;
+    }): KeyIdentifier;
+    /**
+     * Computes the hash of the given data.
+     * @param {Uint8Array} data The data to hash.
+     * @returns {HashBytes} The hash of the data.
+     */
+    digest(data: Uint8Array): HashBytes;
+    /**
+     * Generates a new key pair and stores it in the key store.
+     * @returns {KeyIdentifier} The key identifier of the generated key.
+     */
+    generateKey(): KeyIdentifier;
+    /**
+     * Initializes a singleton KeyManager instance.
+     * @param {SchnorrKeyPair} keyPair The secret key to import.
+     * @param {string} id The ID to set as the active key.
+     * @returns {void}
+     */
+    static initialize(keyPair: SchnorrKeyPair, id: string): Kms;
+    /**
+     * Retrieves a keypair from the key store using the provided key ID.
+     * @public
+     * @param {KeyIdentifier} id The ID of the keypair to retrieve.
+     * @returns {Promise<SchnorrKeyPair | undefined>} The retrieved keypair, or undefined if not found.
+     */
+    static getKey(id?: KeyIdentifier): SchnorrKeyPair | undefined;
+}

package/dist/types/kms.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kms.d.ts","sourceRoot":"","sources":["../../src/kms.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAmB,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC/G,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAe,MAAM,YAAY,CAAC;AAExD;;;;GAIG;AACH,qBAAa,GAAI,YAAW,UAAU;;IA+BpC;;;;;;OAMG;gBACS,KAAK,CAAC,EAAE,aAAa,CAAC,aAAa,EAAE,QAAQ,CAAC;IAK1D;;;OAGG;IACH,IAAI,WAAW,IAAI,aAAa,GAAG,SAAS,CAE3C;IAuCD;;;;;;;OAOG;IACH,SAAS,CAAC,EAAE,EAAE,aAAa,EAAE,OAAO,GAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAO,GAAG,IAAI;IAoBrE;;;OAGG;IACH,QAAQ,IAAI,aAAa,EAAE;IAI3B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,EAAE,aAAa,GAAG,IAAI;IAQrC;;;;OAIG;IACH,YAAY,CAAC,EAAE,CAAC,EAAE,aAAa,GAAG,QAAQ;IAQ1C;;;;;OAKG;IACH,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,aAAa,GAAG,cAAc;IAarD;;;;;;OAMG;IACH,MAAM,CAAC,SAAS,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,aAAa,GAAG,OAAO;IAQ3E;;;;;;;OAOG;IACH,SAAS,CACP,OAAO,EAAE,cAAc,EACvB,OAAO,GAAE;QACP,EAAE,CAAC,EAAE,aAAa,CAAC;QACnB,SAAS,CAAC,EAAE,OAAO,CAAA;KACf,GACL,aAAa;IA6BhB;;;;OAIG;IACH,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,SAAS;IAInC;;;OAGG;IACH,WAAW,IAAI,aAAa;IAe5B;;;;;OAKG;IACH,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,GAAG,GAAG;IAgC3D;;;;;OAKG;IACH,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,aAAa,GAAG,cAAc,GAAG,SAAS;CAY9D"}

package/dist/types/signer.d.ts

@@ -0,0 +1,48 @@
+import { AvailableNetworks } from '@did-btcr2/bitcoin';
+import { KeyBytes, Bytes, SignatureBytes } from '@did-btcr2/common';
+import { SchnorrKeyPair } from '@did-btcr2/keypair';
+/**
+ * Class representing a signer for cryptographic operations.
+ * Remains for backwards compatibility. Plan to migrate to Kms.
+ * @class Signer
+ * @type {Signer}
+ */
+export declare class Signer {
+    /**
+     * The key pair used for signing.
+     * @type {SchnorrKeyPair}
+     */
+    keyPair: SchnorrKeyPair;
+    /**
+     * The network associated with the signer.
+     * @type {keyof AvailableNetworks}
+     */
+    network: keyof AvailableNetworks;
+    /**
+     * Creates an instance of Signer.
+     * @param {{ keyPair: SchnorrKeyPair; network: keyof AvailableNetworks; }} params The parameters for the signer.
+     * @param {SchnorrKeyPair} params.keyPair The key pair used for signing.
+     * @param {keyof AvailableNetworks} params.network The network associated with the signer.
+     */
+    constructor(params: {
+        keyPair: SchnorrKeyPair;
+        network: keyof AvailableNetworks;
+    });
+    /**
+     * Gets the public key bytes.
+     * @returns {KeyBytes} The public key bytes.
+     */
+    get publicKey(): KeyBytes;
+    /**
+     * Signs the given hash using ECDSA.
+     * @param {Bytes} hash The hash to sign.
+     * @returns {SignatureBytes} The signature of the hash.
+     */
+    signEcdsa(hash: Bytes): SignatureBytes;
+    /**
+     * Signs the given hash using Schnorr signature.
+     * @param {Bytes} hash The hash to sign.
+     * @returns {SignatureBytes} The Schnorr signature of the hash.
+     */
+    sign(hash: Bytes): SignatureBytes;
+}

package/dist/types/signer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACpE,OAAO,EAAG,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAErD;;;;;GAKG;AACH,qBAAa,MAAM;IACjB;;;OAGG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;;OAGG;IACH,OAAO,EAAE,MAAM,iBAAiB,CAAC;IAEjC;;;;;OAKG;gBACS,MAAM,EAAE;QAAE,OAAO,EAAE,cAAc,CAAC;QAAC,OAAO,EAAE,MAAM,iBAAiB,CAAC;KAAE;IAKlF;;;OAGG;IACH,IAAI,SAAS,IAAI,QAAQ,CAExB;IAED;;;;OAIG;IACH,SAAS,CAAC,IAAI,EAAE,KAAK,GAAG,cAAc;IAItC;;;;OAIG;IACH,IAAI,CAAC,IAAI,EAAE,KAAK,GAAG,cAAc;CAGlC"}

package/dist/types/store.d.ts

@@ -0,0 +1,123 @@
+/**
+ * Re-implmentation of a interface for a generic key-value store.
+ */
+export interface KeyValueStore<K, V> {
+    /**
+     * Clears the store, removing all key-value pairs.
+     *
+     * @returns {void} when the store has been cleared.
+     */
+    clear(): void;
+    /**
+     * Closes the store, freeing up any resources used. After calling this method, no other operations can be performed on the store.
+     *
+     * @returns {void} when the store has been closed.
+     */
+    close(): void;
+    /**
+     * Deletes a key-value pair from the store.
+     *
+     * @param {K} key - The key of the value to delete.
+     * @returns {boolean | void} True if the element existed and has been removed, or false if the element does not exist.
+     */
+    delete(key: K): boolean | void;
+    /**
+     * Fetches a value from the store given its key.
+     *
+     * @param {K} key - The key of the value to retrieve.
+     * @returns {V | undefined} The value associated with the key, or `undefined` if no value exists for that key.
+     */
+    get(key: K): V | undefined;
+    /**
+     * Sets the value for a key in the store.
+     *
+     * @param {K} key - The key under which to store the value.
+     * @param {V} value - The value to be stored.
+     * @returns {void} once the value has been set.
+     */
+    set(key: K, value: V): void;
+    /**
+     * Fetches the keys and values as a nested array.
+     *
+     * @returns {Array<[K, V]>} An array of key-value pair arrays in the store.
+     */
+    entries(): Array<[K, V]>;
+}
+/**
+ * Re-implementation of a simple in-memory key-value store.
+ *
+ * The `MemoryStore` class is an implementation of
+ * `KeyValueStore` that holds data in memory.
+ *
+ * It provides a basic key-value store that works synchronously and keeps all
+ * data in memory. This can be used for testing, or for handling small amounts
+ * of data with simple key-value semantics.
+ *
+ * Example usage:
+ *
+ * ```ts
+ * const memoryStore = new MemoryStore<string, number>();
+ * await memoryStore.set("key1", 1);
+ * const value = await memoryStore.get("key1");
+ * console.log(value); // 1
+ * ```
+ *
+ * @public
+ */
+export declare class MemoryStore<K, V> implements KeyValueStore<K, V> {
+    /**
+     * A private field that contains the Map used as the key-value store.
+     */
+    private store;
+    /**
+     * Clears all entries in the key-value store.
+     *
+     * @returns {void} returns once the operation is complete.
+     */
+    clear(): void;
+    /**
+     * This operation is no-op for `MemoryStore`.
+     */
+    close(): void;
+    /**
+     * Deletes an entry from the key-value store by its key.
+     *
+     * @param {K} id - The key of the entry to delete.
+     * @returns {boolean} a boolean indicating whether the entry was successfully deleted.
+     */
+    delete(id: K): boolean;
+    /**
+     * Retrieves the value of an entry by its key.
+     *
+     * @param {K} id - The key of the entry to retrieve.
+     * @returns {V | undefined} the value of the entry, or `undefined` if the entry does not exist.
+     */
+    get(id: K): V | undefined;
+    /**
+     * Checks for the presence of an entry by key.
+     *
+     * @param {K} id - The key to check for the existence of.
+     * @returns {boolean} a boolean indicating whether an element with the specified key exists or not.
+     */
+    has(id: K): boolean;
+    /**
+     * Retrieves all values in the key-value store.
+  
+     * @returns {Array<V>} an array of all values in the store.
+     */
+    list(): Array<V>;
+    /**
+     * Retrieves all entries in the key-value store.
+     *
+     * @returns {Array<[K, V]>} an array of key-value pairs in the store.
+     */
+    entries(): Array<[K, V]>;
+    /**
+     * Sets the value of an entry in the key-value store.
+     *
+     * @param {K} id - The key of the entry to set.
+     * @param {V} key - The new value for the entry.
+     * @returns {void} once operation is complete.
+     */
+    set(id: K, key: V): void;
+}

package/dist/types/store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/store.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,aAAa,CAAC,CAAC,EAAE,CAAC;IACjC;;;;OAIG;IACH,KAAK,IAAI,IAAI,CAAC;IAEd;;;;OAIG;IACH,KAAK,IAAI,IAAI,CAAC;IAEd;;;;;OAKG;IACH,MAAM,CAAC,GAAG,EAAE,CAAC,GAAG,OAAO,GAAG,IAAI,CAAC;IAE/B;;;;;OAKG;IACH,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;IAE3B;;;;;;OAMG;IACH,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC;IAE5B;;;;OAIG;IACH,OAAO,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;CAC1B;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,WAAW,CAAC,CAAC,EAAE,CAAC,CAAE,YAAW,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC;IAC3D;;OAEG;IACH,OAAO,CAAC,KAAK,CAAwB;IAErC;;;;OAIG;IACH,KAAK,IAAI,IAAI;IAIb;;OAEG;IACH,KAAK,IAAI,IAAI;IAIb;;;;;OAKG;IACH,MAAM,CAAC,EAAE,EAAE,CAAC,GAAG,OAAO;IAItB;;;;;OAKG;IACH,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,SAAS;IAIzB;;;;;OAKG;IACH,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,OAAO;IAInB;;;;OAIG;IACH,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC;IAIhB;;;;OAIG;IACH,OAAO,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAIxB;;;;;;OAMG;IACH,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,IAAI;CAGzB"}

package/package.json

@@ -0,0 +1,107 @@
+{
+  "name": "@did-btcr2/kms",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "Key manager that can be used with the did:btcr2 DID method",
+  "main": "./dist/cjs/index.js",
+  "module": "./dist/esm/index.js",
+  "types": "./dist/types/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/types/index.d.ts",
+      "import": "./dist/esm/index.js",
+      "require": "./dist/cjs/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "src"
+  ],
+  "license": "MPL-2.0",
+  "contributors": [
+    {
+      "name": "dcdpr",
+      "url": "https://github.com/dcdpr"
+    },
+    {
+      "name": "jintekc",
+      "url": "https://github.com/jintekc",
+      "email": "github@jintek.consulting"
+    }
+  ],
+  "homepage": "https://github.com/dcdpr/did-btcr2-js/tree/main/packages/kms",
+  "repository": {
+    "type": "git",
+    "url": "git+ssh://git@github.com:dcdpr/did-btcr2-js.git",
+    "directory": "packages/kms"
+  },
+  "bugs": "https://github.com/dcdpr/did-btcr2-js/issues",
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=22.0.0"
+  },
+  "keywords": [
+    "did",
+    "dids",
+    "decentralized identity",
+    "decentralized identifiers",
+    "did method",
+    "did:btcr2",
+    "btcr2",
+    "kms",
+    "key management system",
+    "key manager"
+  ],
+  "dependencies": {
+    "@noble/hashes": "^2.0.1",
+    "@did-btcr2/common": "2.2.1",
+    "@did-btcr2/bitcoin": "0.3.1",
+    "@did-btcr2/keypair": "0.7.1",
+    "@did-btcr2/cryptosuite": "3.2.1"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.22.0",
+    "@types/chai": "^5.0.1",
+    "@types/chai-as-promised": "^8.0.1",
+    "@types/eslint": "^9.6.1",
+    "@types/mocha": "^10.0.9",
+    "@types/node": "^22.5.4",
+    "@typescript-eslint/eslint-plugin": "^8.5.0",
+    "@typescript-eslint/parser": "^8.5.0",
+    "c8": "^10.1.2",
+    "chai": "^5.1.2",
+    "chai-as-promised": "^8.0.0",
+    "esbuild": "^0.24.2",
+    "eslint": "^9.14.0",
+    "eslint-plugin-mocha": "^10.5.0",
+    "globals": "^15.11.0",
+    "mocha": "^10.8.2",
+    "mocha-junit-reporter": "^2.2.1",
+    "node-stdlib-browser": "^1.3.1",
+    "rimraf": "^6.0.1",
+    "typedoc-plugin-markdown": "^4.7.0",
+    "typescript": "^5.6.2",
+    "typescript-eslint": "^8.19.1"
+  },
+  "scripts": {
+    "clean:build": "rimraf dist",
+    "clean:tests": "rimraf coverage tests/compiled",
+    "clean:deps": "rimraf node_modules pnpm-lock.json",
+    "clean": "pnpm clean:build && pnpm clean:tests",
+    "wipe": "pnpm clean && pnpm clean:deps",
+    "reinstall": "pnpm install --force",
+    "build": "pnpm clean:build && pnpm build:esm && pnpm build:cjs",
+    "build:esm": "rimraf dist/esm dist/types && pnpm tsc -p tsconfig.json",
+    "build:cjs": "rimraf dist/cjs && tsc -p tsconfig.cjs.json && echo '{\"type\": \"commonjs\"}' > ./dist/cjs/package.json",
+    "build:tests": "pnpm clean:tests && pnpm tsc -p tests/tsconfig.json",
+    "build:all": "pnpm build && pnpm build:tests",
+    "lint": "eslint . --max-warnings 0",
+    "lint:fix": "eslint . --fix",
+    "test": "pnpm c8 mocha",
+    "build:test": "pnpm build && pnpm build:tests && pnpm c8 mocha",
+    "build:lint": "pnpm build && pnpm build:tests && pnpm lint:fix",
+    "prepublish": "pnpm build"
+  }
+}

package/src/index.ts

@@ -0,0 +1,4 @@
+export * from './interface.js';
+export * from './kms.js';
+export * from './signer.js';
+export * from './store.js';

package/src/interface.ts

@@ -0,0 +1,84 @@
+import { Bytes, HashBytes, KeyBytes, KeyIdentifier, SignatureBytes } from '@did-btcr2/common';
+import { SchnorrKeyPair } from '@did-btcr2/keypair';
+
+/**
+ * The interface for the Kms class.
+ * @interface KeyManager
+ * @type {KeyManager}
+ */
+export interface KeyManager {
+  /**
+   * The ID of the active key.
+   * @readonly
+   * @type {KeyIdentifier}
+   */
+  readonly activeKeyId?: KeyIdentifier
+
+  /**
+   * Set the active key id.
+   * @param id The key id to set as active.
+   */
+  setActiveKey(id: KeyIdentifier): void;
+
+  /**
+   * Import a key pair.
+   * @param {SchnorrKeyPair} keyPair The secret key to import.
+   * @param {{ id?: KeyIdentifier, setActive?: boolean }} options The options for importing the key pair.
+   * @param {KeyIdentifier} [options.id] The ID of the key to import (optional).
+   * @param {boolean} [options.setActive] Whether to set the key as active (optional, default: false).
+   * @returns {KeyIdentifier} A promise that resolves to the key identifier of the imported key.
+   */
+  importKey(keyPair: SchnorrKeyPair, options: { id?: KeyIdentifier; setActive?: boolean }): KeyIdentifier;
+
+  /**
+   * Removes a key from the key store.
+   * @param {KeyIdentifier} id The key identifier of the key to remove.
+   * @param {{ force?: boolean }} options The options for removing the key.
+   * @param {boolean} [options.force] Whether to force the removal of the key.
+   * @returns {void} A promise that resolves when the key is removed.
+   */
+  removeKey(id: KeyIdentifier, options: { force?: boolean }): void;
+
+  /**
+   * Lists all key identifiers in the key store.
+   * @returns {KeyIdentifier[]} An array of key identifiers.
+   */
+  listKeys(): KeyIdentifier[];
+
+  /**
+   * Gets the public key associated with the ID or active key.
+   * @param {KeyIdentifier} [id] The ID of the key to get the public key for.
+   * @returns {KeyBytes} A promise resolving to the public key bytes.
+   */
+  getPublicKey(id?: KeyIdentifier): KeyBytes;
+
+  /**
+   * Signs the given data using the key associated with the key ID.
+   * @param {Bytes} data The data to sign.
+   * @param {KeyIdentifier} [id] The ID of the key to sign the data with.
+   * @returns {SignatureBytes} A promise resolving to the signature of the data.
+   */
+  sign(data: Bytes, id?: KeyIdentifier): SignatureBytes;
+
+  /**
+   * Verifies a signature using the key associated with the key ID.
+   * @param {KeyIdentifier} id The ID of the key to verify the signature with.
+   * @param {SignatureBytes} signature The signature to verify.
+   * @param {Hex} data The data to verify the signature with.
+   * @returns {boolean} A promise resolving to a boolean indicating the verification result.
+   */
+  verify(signature: SignatureBytes, data: Bytes, id?: KeyIdentifier): boolean;
+
+  /**
+   * Computes the hash of the given data.
+   * @param {Uint8Array} data The data to hash.
+   * @returns {HashBytes} The hash of the data.
+   */
+  digest(data: Uint8Array): HashBytes;
+
+  /**
+   * Generates a new key pair and stores it in the key store.
+   * @returns {KeyIdentifier} The identifier of the newly generated key.
+   */
+  generateKey(): KeyIdentifier;
+}