npm - @digitaldefiance/node-ecies-lib - Versions diffs - 1.1.20 → 1.1.22 - Mend

@digitaldefiance/node-ecies-lib 1.1.20 → 1.1.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (211) hide show

package/README.md +8 -0
package/package.json +14 -35
package/src/constants.ts +182 -0
package/src/enumerations/index.ts +1 -0
package/src/enumerations/pbkdf2-profile.ts +8 -0
package/src/i18n/ecies-i18n-factory.ts +435 -0
package/{dist/i18n/index.d.ts → src/i18n/index.ts} +0 -1
package/{dist/index.d.ts → src/index.ts} +0 -1
package/src/interfaces/authenticated-cipher.ts +9 -0
package/src/interfaces/authenticated-decipher.ts +8 -0
package/src/interfaces/checksum-config.ts +4 -0
package/src/interfaces/checksum-consts.ts +13 -0
package/src/interfaces/constants.ts +43 -0
package/src/interfaces/ecies-consts.ts +99 -0
package/src/interfaces/encryption-consts.ts +10 -0
package/{dist/interfaces/index.d.ts → src/interfaces/index.ts} +0 -1
package/src/interfaces/keypair-buffer-with-un-encrypted-private-key.ts +7 -0
package/src/interfaces/keyring-consts.ts +5 -0
package/src/interfaces/member-operational.ts +52 -0
package/{dist/interfaces/member-with-mnemonic.d.ts → src/interfaces/member-with-mnemonic.ts} +3 -3
package/{dist/interfaces/multi-encrypted-message.d.ts → src/interfaces/multi-encrypted-message.ts} +5 -5
package/src/interfaces/multi-encrypted-parsed-header.ts +24 -0
package/{dist/interfaces/pbkdf-profiles.d.ts → src/interfaces/pbkdf-profiles.ts} +2 -2
package/src/interfaces/pbkdf2-result.ts +5 -0
package/src/interfaces/signing-key-private-key-info.ts +12 -0
package/{dist/interfaces/simple-keypair-buffer.d.ts → src/interfaces/simple-keypair-buffer.ts} +3 -3
package/{dist/interfaces/simple-keypair.d.ts → src/interfaces/simple-keypair.ts} +3 -3
package/src/interfaces/simple-public-key-only-buffer.ts +3 -0
package/src/interfaces/simple-public-key-only.ts +3 -0
package/src/interfaces/single-encrypted-parsed-header.ts +35 -0
package/{dist/interfaces/wallet-seed.d.ts → src/interfaces/wallet-seed.ts} +3 -3
package/src/interfaces/wrapped-key-consts.ts +6 -0
package/src/member.ts +463 -0
package/src/services/aes-gcm.ts +160 -0
package/src/services/ecies/crypto-core.ts +213 -0
package/src/services/ecies/file.ts +174 -0
package/{dist/services/ecies/index.d.ts → src/services/ecies/index.ts} +0 -1
package/src/services/ecies/multi-recipient.ts +583 -0
package/src/services/ecies/service.ts +351 -0
package/src/services/ecies/signature.ts +91 -0
package/src/services/ecies/single-recipient.ts +676 -0
package/src/services/ecies/utilities.ts +111 -0
package/src/services/index.ts +3 -0
package/src/services/pbkdf2.ts +307 -0
package/{dist/types.d.ts → src/types.ts} +26 -9
package/src/utils.ts +104 -0
package/dist/constants.d.ts +0 -32
package/dist/constants.d.ts.map +0 -1
package/dist/constants.js +0 -137
package/dist/constants.js.map +0 -1
package/dist/enumerations/index.d.ts +0 -2
package/dist/enumerations/index.d.ts.map +0 -1
package/dist/enumerations/index.js +0 -18
package/dist/enumerations/index.js.map +0 -1
package/dist/enumerations/pbkdf2-profile.d.ts +0 -9
package/dist/enumerations/pbkdf2-profile.d.ts.map +0 -1
package/dist/enumerations/pbkdf2-profile.js +0 -13
package/dist/enumerations/pbkdf2-profile.js.map +0 -1
package/dist/i18n/ecies-i18n-factory.d.ts +0 -54
package/dist/i18n/ecies-i18n-factory.d.ts.map +0 -1
package/dist/i18n/ecies-i18n-factory.js +0 -332
package/dist/i18n/ecies-i18n-factory.js.map +0 -1
package/dist/i18n/index.d.ts.map +0 -1
package/dist/i18n/index.js +0 -18
package/dist/i18n/index.js.map +0 -1
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -24
package/dist/index.js.map +0 -1
package/dist/interfaces/authenticated-cipher.d.ts +0 -10
package/dist/interfaces/authenticated-cipher.d.ts.map +0 -1
package/dist/interfaces/authenticated-cipher.js +0 -3
package/dist/interfaces/authenticated-cipher.js.map +0 -1
package/dist/interfaces/authenticated-decipher.d.ts +0 -9
package/dist/interfaces/authenticated-decipher.d.ts.map +0 -1
package/dist/interfaces/authenticated-decipher.js +0 -3
package/dist/interfaces/authenticated-decipher.js.map +0 -1
package/dist/interfaces/checksum-config.d.ts +0 -5
package/dist/interfaces/checksum-config.d.ts.map +0 -1
package/dist/interfaces/checksum-config.js +0 -3
package/dist/interfaces/checksum-config.js.map +0 -1
package/dist/interfaces/checksum-consts.d.ts +0 -11
package/dist/interfaces/checksum-consts.d.ts.map +0 -1
package/dist/interfaces/checksum-consts.js +0 -3
package/dist/interfaces/checksum-consts.js.map +0 -1
package/dist/interfaces/constants.d.ts +0 -43
package/dist/interfaces/constants.d.ts.map +0 -1
package/dist/interfaces/constants.js +0 -3
package/dist/interfaces/constants.js.map +0 -1
package/dist/interfaces/ecies-consts.d.ts +0 -88
package/dist/interfaces/ecies-consts.d.ts.map +0 -1
package/dist/interfaces/ecies-consts.js +0 -3
package/dist/interfaces/ecies-consts.js.map +0 -1
package/dist/interfaces/encryption-consts.d.ts +0 -11
package/dist/interfaces/encryption-consts.d.ts.map +0 -1
package/dist/interfaces/encryption-consts.js +0 -3
package/dist/interfaces/encryption-consts.js.map +0 -1
package/dist/interfaces/index.d.ts.map +0 -1
package/dist/interfaces/index.js +0 -34
package/dist/interfaces/index.js.map +0 -1
package/dist/interfaces/keypair-buffer-with-un-encrypted-private-key.d.ts +0 -6
package/dist/interfaces/keypair-buffer-with-un-encrypted-private-key.d.ts.map +0 -1
package/dist/interfaces/keypair-buffer-with-un-encrypted-private-key.js +0 -3
package/dist/interfaces/keypair-buffer-with-un-encrypted-private-key.js.map +0 -1
package/dist/interfaces/keyring-consts.d.ts +0 -6
package/dist/interfaces/keyring-consts.d.ts.map +0 -1
package/dist/interfaces/keyring-consts.js +0 -3
package/dist/interfaces/keyring-consts.js.map +0 -1
package/dist/interfaces/member-operational.d.ts +0 -36
package/dist/interfaces/member-operational.d.ts.map +0 -1
package/dist/interfaces/member-operational.js +0 -3
package/dist/interfaces/member-operational.js.map +0 -1
package/dist/interfaces/member-with-mnemonic.d.ts.map +0 -1
package/dist/interfaces/member-with-mnemonic.js +0 -3
package/dist/interfaces/member-with-mnemonic.js.map +0 -1
package/dist/interfaces/multi-encrypted-message.d.ts.map +0 -1
package/dist/interfaces/multi-encrypted-message.js +0 -3
package/dist/interfaces/multi-encrypted-message.js.map +0 -1
package/dist/interfaces/multi-encrypted-parsed-header.d.ts +0 -24
package/dist/interfaces/multi-encrypted-parsed-header.d.ts.map +0 -1
package/dist/interfaces/multi-encrypted-parsed-header.js +0 -3
package/dist/interfaces/multi-encrypted-parsed-header.js.map +0 -1
package/dist/interfaces/pbkdf-profiles.d.ts.map +0 -1
package/dist/interfaces/pbkdf-profiles.js +0 -3
package/dist/interfaces/pbkdf-profiles.js.map +0 -1
package/dist/interfaces/pbkdf2-result.d.ts +0 -6
package/dist/interfaces/pbkdf2-result.d.ts.map +0 -1
package/dist/interfaces/pbkdf2-result.js +0 -3
package/dist/interfaces/pbkdf2-result.js.map +0 -1
package/dist/interfaces/signing-key-private-key-info.d.ts +0 -11
package/dist/interfaces/signing-key-private-key-info.d.ts.map +0 -1
package/dist/interfaces/signing-key-private-key-info.js +0 -3
package/dist/interfaces/signing-key-private-key-info.js.map +0 -1
package/dist/interfaces/simple-keypair-buffer.d.ts.map +0 -1
package/dist/interfaces/simple-keypair-buffer.js +0 -3
package/dist/interfaces/simple-keypair-buffer.js.map +0 -1
package/dist/interfaces/simple-keypair.d.ts.map +0 -1
package/dist/interfaces/simple-keypair.js +0 -3
package/dist/interfaces/simple-keypair.js.map +0 -1
package/dist/interfaces/simple-public-key-only-buffer.d.ts +0 -4
package/dist/interfaces/simple-public-key-only-buffer.d.ts.map +0 -1
package/dist/interfaces/simple-public-key-only-buffer.js +0 -3
package/dist/interfaces/simple-public-key-only-buffer.js.map +0 -1
package/dist/interfaces/simple-public-key-only.d.ts +0 -4
package/dist/interfaces/simple-public-key-only.d.ts.map +0 -1
package/dist/interfaces/simple-public-key-only.js +0 -3
package/dist/interfaces/simple-public-key-only.js.map +0 -1
package/dist/interfaces/single-encrypted-parsed-header.d.ts +0 -35
package/dist/interfaces/single-encrypted-parsed-header.d.ts.map +0 -1
package/dist/interfaces/single-encrypted-parsed-header.js +0 -3
package/dist/interfaces/single-encrypted-parsed-header.js.map +0 -1
package/dist/interfaces/wallet-seed.d.ts.map +0 -1
package/dist/interfaces/wallet-seed.js +0 -3
package/dist/interfaces/wallet-seed.js.map +0 -1
package/dist/interfaces/wrapped-key-consts.d.ts +0 -7
package/dist/interfaces/wrapped-key-consts.d.ts.map +0 -1
package/dist/interfaces/wrapped-key-consts.js +0 -3
package/dist/interfaces/wrapped-key-consts.js.map +0 -1
package/dist/member.d.ts +0 -74
package/dist/member.d.ts.map +0 -1
package/dist/member.js +0 -273
package/dist/member.js.map +0 -1
package/dist/services/aes-gcm.d.ts +0 -66
package/dist/services/aes-gcm.d.ts.map +0 -1
package/dist/services/aes-gcm.js +0 -115
package/dist/services/aes-gcm.js.map +0 -1
package/dist/services/ecies/crypto-core.d.ts +0 -83
package/dist/services/ecies/crypto-core.d.ts.map +0 -1
package/dist/services/ecies/crypto-core.js +0 -166
package/dist/services/ecies/crypto-core.js.map +0 -1
package/dist/services/ecies/file.d.ts +0 -30
package/dist/services/ecies/file.d.ts.map +0 -1
package/dist/services/ecies/file.js +0 -144
package/dist/services/ecies/file.js.map +0 -1
package/dist/services/ecies/index.d.ts.map +0 -1
package/dist/services/ecies/index.js +0 -24
package/dist/services/ecies/index.js.map +0 -1
package/dist/services/ecies/multi-recipient.d.ts +0 -83
package/dist/services/ecies/multi-recipient.d.ts.map +0 -1
package/dist/services/ecies/multi-recipient.js +0 -360
package/dist/services/ecies/multi-recipient.js.map +0 -1
package/dist/services/ecies/service.d.ts +0 -71
package/dist/services/ecies/service.d.ts.map +0 -1
package/dist/services/ecies/service.js +0 -167
package/dist/services/ecies/service.js.map +0 -1
package/dist/services/ecies/signature.d.ts +0 -38
package/dist/services/ecies/signature.d.ts.map +0 -1
package/dist/services/ecies/signature.js +0 -69
package/dist/services/ecies/signature.js.map +0 -1
package/dist/services/ecies/single-recipient.d.ts +0 -86
package/dist/services/ecies/single-recipient.d.ts.map +0 -1
package/dist/services/ecies/single-recipient.js +0 -399
package/dist/services/ecies/single-recipient.js.map +0 -1
package/dist/services/ecies/utilities.d.ts +0 -22
package/dist/services/ecies/utilities.d.ts.map +0 -1
package/dist/services/ecies/utilities.js +0 -75
package/dist/services/ecies/utilities.js.map +0 -1
package/dist/services/index.d.ts +0 -4
package/dist/services/index.d.ts.map +0 -1
package/dist/services/index.js +0 -20
package/dist/services/index.js.map +0 -1
package/dist/services/pbkdf2.d.ts +0 -107
package/dist/services/pbkdf2.d.ts.map +0 -1
package/dist/services/pbkdf2.js +0 -195
package/dist/services/pbkdf2.js.map +0 -1
package/dist/types.d.ts.map +0 -1
package/dist/types.js +0 -3
package/dist/types.js.map +0 -1
package/dist/utils.d.ts +0 -11
package/dist/utils.d.ts.map +0 -1
package/dist/utils.js +0 -82
package/dist/utils.js.map +0 -1

package/src/interfaces/keyring-consts.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export interface IKeyringConsts {
+  ALGORITHM: string;
+  KEY_BITS: number;
+  MODE: string;
+}

package/src/interfaces/member-operational.ts ADDED Viewed

@@ -0,0 +1,52 @@
+import {
+  EmailString,
+  MemberType,
+  SecureBuffer,
+  SecureString,
+} from '@digitaldefiance/ecies-lib';
+import { Wallet } from '@ethereumjs/wallet';
+import { Types } from 'mongoose';
+import { SignatureBuffer } from '../types';
+/**
+ * Operational interface for member - defines getters and methods
+ */
+export interface IMemberOperational<I extends string | Types.ObjectId> {
+  // Required getters
+  get id(): I;
+  get type(): MemberType;
+  get name(): string;
+  get email(): EmailString;
+  get publicKey(): Uint8Array;
+  get creatorId(): I;
+  get dateCreated(): Date;
+  get dateUpdated(): Date;
+  // Optional private data getters
+  get privateKey(): SecureBuffer | undefined;
+  get wallet(): Wallet | undefined;
+  // State getters
+  get hasPrivateKey(): boolean;
+  // Methods
+  sign(data: Buffer): SignatureBuffer;
+  verify(signature: SignatureBuffer, data: Buffer): boolean;
+  encryptData(data: string | Buffer): Uint8Array;
+  decryptData(encryptedData: Buffer): Uint8Array;
+  toJson(): string;
+  // Private key management
+  loadWallet(mnemonic: SecureString): void;
+  unloadPrivateKey(): void;
+  unloadWallet(): void;
+  unloadWalletAndPrivateKey(): void;
+}
+/**
+ * Extended operational interface for test members
+ */
+export interface ITestBrightChainMemberOperational
+  extends IMemberOperational<Types.ObjectId> {
+  get mnemonic(): SecureString | undefined;
+}

package/{dist/interfaces/member-with-mnemonic.d.ts → src/interfaces/member-with-mnemonic.ts} RENAMED Viewed

@@ -1,7 +1,7 @@
 import { SecureString } from '@digitaldefiance/ecies-lib';
 import { Member } from '../member';
 export interface IBackendMemberWithMnemonic {
-    member: Member;
-    mnemonic: SecureString;
+  member: Member;
+  mnemonic: SecureString;
 }
-//# sourceMappingURL=member-with-mnemonic.d.ts.map

package/{dist/interfaces/multi-encrypted-message.d.ts → src/interfaces/multi-encrypted-message.ts} RENAMED Viewed

@@ -1,8 +1,8 @@
 import { IMultiEncryptedParsedHeader } from './multi-encrypted-parsed-header';
 export interface IMultiEncryptedMessage extends IMultiEncryptedParsedHeader {
-    /**
-     * The encrypted message.
-     */
-    readonly encryptedMessage: Buffer;
+  /**
+   * The encrypted message.
+   */
+  readonly encryptedMessage: Buffer;
 }
-//# sourceMappingURL=multi-encrypted-message.d.ts.map

package/src/interfaces/multi-encrypted-parsed-header.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import { Types } from 'mongoose';
+export interface IMultiEncryptedParsedHeader {
+  /**
+   * The length of the data before encryption
+   */
+  readonly dataLength: number;
+  /**
+   * The number of recipients
+   */
+  readonly recipientCount: number;
+  /**
+   * The IDs of the recipients
+   */
+  readonly recipientIds: Types.ObjectId[];
+  /**
+   * An encrypted version of the symmetric key for each recipient
+   */
+  readonly recipientKeys: Buffer[];
+  /**
+   * The size of the header, up to the encrypted message start (excludes encrypted message IV+auth tag)
+   */
+  readonly headerSize: number;
+}

package/{dist/interfaces/pbkdf-profiles.d.ts → src/interfaces/pbkdf-profiles.ts} RENAMED Viewed

@@ -1,6 +1,6 @@
 import { IPbkdf2Config } from '@digitaldefiance/ecies-lib';
 import { Pbkdf2ProfileEnum } from '../enumerations/pbkdf2-profile';
 export type PbkdfProfiles = {
-    [key in Pbkdf2ProfileEnum]: IPbkdf2Config;
+  [key in Pbkdf2ProfileEnum]: IPbkdf2Config;
 };
-//# sourceMappingURL=pbkdf-profiles.d.ts.map

package/src/interfaces/pbkdf2-result.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export interface IPbkdf2Result {
+  salt: Buffer;
+  hash: Buffer;
+  iterations: number;
+}

package/src/interfaces/signing-key-private-key-info.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { ec } from 'elliptic';
+import { IKeyPairBufferWithUnEncryptedPrivateKey } from './keypair-buffer-with-un-encrypted-private-key';
+export interface ISigningKeyPrivateKeyInfo
+  extends IKeyPairBufferWithUnEncryptedPrivateKey {
+  keyPair: ec.KeyPair;
+  publicKey: Buffer;
+  privateKey: Buffer;
+  seedHex: string;
+  entropy: string;
+  mnemonic: string;
+}

package/{dist/interfaces/simple-keypair-buffer.d.ts → src/interfaces/simple-keypair-buffer.ts} RENAMED Viewed

@@ -1,6 +1,6 @@
 import { ISimplePublicKeyOnlyBuffer } from './simple-public-key-only-buffer';
 export interface ISimpleKeyPairBuffer extends ISimplePublicKeyOnlyBuffer {
-    publicKey: Buffer;
-    privateKey: Buffer;
+  publicKey: Buffer;
+  privateKey: Buffer;
 }
-//# sourceMappingURL=simple-keypair-buffer.d.ts.map

package/{dist/interfaces/simple-keypair.d.ts → src/interfaces/simple-keypair.ts} RENAMED Viewed

@@ -1,6 +1,6 @@
 import { ISimplePublicKeyOnly } from './simple-public-key-only';
 export interface ISimpleKeyPair extends ISimplePublicKeyOnly {
-    publicKey: string;
-    privateKey: Buffer;
+  publicKey: string;
+  privateKey: Buffer;
 }
-//# sourceMappingURL=simple-keypair.d.ts.map

package/src/interfaces/simple-public-key-only-buffer.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export interface ISimplePublicKeyOnlyBuffer {
+  publicKey: Buffer;
+}

package/src/interfaces/simple-public-key-only.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export interface ISimplePublicKeyOnly {
+  publicKey: string;
+}

package/src/interfaces/single-encrypted-parsed-header.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { EciesEncryptionTypeEnum } from '@digitaldefiance/ecies-lib';
+/**
+ * Interface for encrypted messages
+ */
+export interface ISingleEncryptedParsedHeader {
+  /**
+   * The optional preamble, if specified/relevant
+   */
+  readonly preamble?: Buffer;
+  /**
+   * The encryption type used to encrypt the data
+   */
+  readonly encryptionType: EciesEncryptionTypeEnum;
+  /**
+   * The ephemeral public key used to encrypt the data
+   */
+  readonly ephemeralPublicKey: Buffer;
+  /**
+   * The initialization vector used to encrypt the data
+   */
+  readonly iv: Buffer;
+  /**
+   * The authentication tag used to encrypt the data
+   */
+  readonly authTag: Buffer;
+  /**
+   * The length of the encrypted data
+   */
+  readonly dataLength: number;
+  /**
+   * The size of the encrypted data header
+   */
+  readonly headerSize: number;
+}

package/{dist/interfaces/wallet-seed.d.ts → src/interfaces/wallet-seed.ts} RENAMED Viewed

@@ -1,7 +1,7 @@
 import { SecureBuffer } from '@digitaldefiance/ecies-lib';
 import { Wallet } from '@ethereumjs/wallet';
 export interface IWalletSeed {
-    wallet: Wallet;
-    seed: SecureBuffer;
+  wallet: Wallet;
+  seed: SecureBuffer;
 }
-//# sourceMappingURL=wallet-seed.d.ts.map

package/src/interfaces/wrapped-key-consts.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export interface IWrappedKeyConsts {
+  SALT_SIZE: number;
+  IV_SIZE: number;
+  MASTER_KEY_SIZE: number;
+  MIN_ITERATIONS: number;
+}

package/src/member.ts ADDED Viewed

@@ -0,0 +1,463 @@
+import {
+  ECIES,
+  EmailString,
+  IMemberStorageData,
+  MemberErrorType,
+  MemberType,
+  SecureBuffer,
+  SecureString,
+} from '@digitaldefiance/ecies-lib';
+import { Wallet } from '@ethereumjs/wallet';
+import {
+  getNodeEciesTranslation,
+  NodeEciesStringKey,
+} from './i18n/ecies-i18n-factory';
+/**
+ * Custom error classes that work with the plugin i18n system
+ */
+export class NodeMemberError extends Error {
+  constructor(message: string, public readonly type: MemberErrorType) {
+    super(message);
+    this.name = 'NodeMemberError';
+  }
+}
+import { ECIESService } from './services/ecies/service';
+// Removed: import { ServiceProvider } from './services/service.provider';
+import { ObjectId } from 'mongodb';
+import { Types } from 'mongoose';
+import { IMemberOperational } from './interfaces/member-operational';
+import { SignatureBuffer } from './types';
+/**
+ * A member of Brightchain.
+ * In the Owner Free Filesystem (OFF), members are used to:
+ * 1. Sign and verify data
+ * 2. Encrypt and decrypt data
+ * 3. Participate in voting
+ * 4. Establish ownership of data
+ */
+export class Member implements IMemberOperational<Types.ObjectId> {
+  private readonly _eciesService: ECIESService;
+  private readonly _id: Types.ObjectId;
+  private readonly _type: MemberType;
+  private readonly _name: string;
+  private readonly _email: EmailString;
+  private readonly _publicKey: Buffer;
+  private readonly _creatorId: Types.ObjectId;
+  private readonly _dateCreated: Date;
+  private readonly _dateUpdated: Date;
+  private _privateKey?: SecureBuffer;
+  private _wallet?: Wallet;
+  constructor(
+    // Add injected services as parameters
+    eciesService: ECIESService,
+    // Original parameters
+    type: MemberType,
+    name: string,
+    email: EmailString,
+    publicKey: Buffer,
+    privateKey?: SecureBuffer,
+    wallet?: Wallet,
+    id?: Types.ObjectId,
+    dateCreated?: Date,
+    dateUpdated?: Date,
+    creatorId?: Types.ObjectId,
+  ) {
+    // Assign injected services
+    this._eciesService = eciesService;
+    // Assign original parameters
+    this._type = type;
+    this._id = id ?? new ObjectId();
+    this._name = name;
+    if (!this._name || this._name.length == 0) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(
+          NodeEciesStringKey.Error_Member_MissingMemberName,
+        ),
+        MemberErrorType.MissingMemberName,
+      );
+    }
+    if (this._name.trim() != this._name) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(
+          NodeEciesStringKey.Error_Member_InvalidMemberNameWhitespace,
+        ),
+        MemberErrorType.InvalidMemberNameWhitespace,
+      );
+    }
+    this._email = email;
+    this._publicKey = publicKey;
+    this._privateKey = privateKey;
+    this._wallet = wallet;
+    // don't create a new date object with nearly identical values to the existing one
+    let _now: null | Date = null;
+    const now = function () {
+      if (!_now) {
+        _now = new Date();
+      }
+      return _now;
+    };
+    this._dateCreated = dateCreated ?? now();
+    this._dateUpdated = dateUpdated ?? now();
+    this._creatorId = creatorId ?? this._id;
+  }
+  // Required getters
+  public get id(): Types.ObjectId {
+    return this._id;
+  }
+  public get type(): MemberType {
+    return this._type;
+  }
+  public get name(): string {
+    return this._name;
+  }
+  public get email(): EmailString {
+    return this._email;
+  }
+  public get publicKey(): Buffer {
+    return this._publicKey;
+  }
+  public get creatorId(): Types.ObjectId {
+    return this._creatorId;
+  }
+  public get dateCreated(): Date {
+    return this._dateCreated;
+  }
+  public get dateUpdated(): Date {
+    return this._dateUpdated;
+  }
+  // Optional private data getters
+  public get privateKey(): SecureBuffer | undefined {
+    return this._privateKey;
+  }
+  public get wallet(): Wallet {
+    if (!this._wallet) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(NodeEciesStringKey.Error_Member_NoWallet),
+        MemberErrorType.NoWallet,
+      );
+    }
+    return this._wallet;
+  }
+  // State getters
+  public get hasPrivateKey(): boolean {
+    return this._privateKey !== undefined;
+  }
+  public unloadPrivateKey(): void {
+    // Do not dispose here; tests expect the same SecureBuffer instance to remain usable
+    // when reloaded into another member in the same process.
+    this._privateKey = undefined;
+  }
+  public unloadWallet(): void {
+    this._wallet = undefined;
+  }
+  public unloadWalletAndPrivateKey(): void {
+    this.unloadWallet();
+    this.unloadPrivateKey();
+  }
+  public loadWallet(mnemonic: SecureString): void {
+    if (this._wallet) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(
+          NodeEciesStringKey.Error_Member_WalletAlreadyLoaded,
+        ),
+        MemberErrorType.WalletAlreadyLoaded,
+      );
+    }
+    const { wallet } = this._eciesService.walletAndSeedFromMnemonic(mnemonic);
+    const privateKey = wallet.getPrivateKey();
+    const publicKey = wallet.getPublicKey();
+    const publicKeyWithPrefix = Buffer.concat([
+      Buffer.from([ECIES.PUBLIC_KEY_MAGIC]),
+      publicKey,
+    ]);
+    if (
+      publicKeyWithPrefix.toString('hex') !== this._publicKey.toString('hex')
+    ) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(
+          NodeEciesStringKey.Error_Member_InvalidMnemonic,
+        ),
+        MemberErrorType.InvalidMnemonic,
+      );
+    }
+    this._wallet = wallet;
+    this._privateKey = new SecureBuffer(privateKey);
+  }
+  /**
+   * Loads the private key and optionally the voting private key.
+   *
+   * @param privateKey The private key to load.
+   * @param votingPrivateKey The voting private key to load.
+   */
+  public loadPrivateKey(privateKey: SecureBuffer): void {
+    this._privateKey = privateKey;
+  }
+  public sign(data: Buffer): SignatureBuffer {
+    if (!this._privateKey) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(
+          NodeEciesStringKey.Error_Member_MissingPrivateKey,
+        ),
+        MemberErrorType.MissingPrivateKey,
+      );
+    }
+    return this._eciesService.signMessage(
+      Buffer.from(this._privateKey.value),
+      data,
+    );
+  }
+  public signData(data: Buffer): SignatureBuffer {
+    if (!this._privateKey) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(
+          NodeEciesStringKey.Error_Member_MissingPrivateKey,
+        ),
+        MemberErrorType.MissingPrivateKey,
+      );
+    }
+    return this._eciesService.signMessage(
+      Buffer.from(this._privateKey.value),
+      data,
+    );
+  }
+  public verify(signature: SignatureBuffer, data: Buffer): boolean {
+    return this._eciesService.verifyMessage(this._publicKey, data, signature);
+  }
+  public verifySignature(
+    data: Buffer,
+    signature: Buffer,
+    publicKey: Buffer,
+  ): boolean {
+    return this._eciesService.verifyMessage(
+      publicKey,
+      data,
+      signature as SignatureBuffer,
+    );
+  }
+  private static readonly MAX_ENCRYPTION_SIZE = 1024 * 1024 * 10; // 10MB limit
+  private static readonly VALID_STRING_REGEX = /^[\x20-\x7E\n\r\t]*$/; // Printable ASCII + common whitespace
+  public encryptData(
+    data: string | Buffer,
+    recipientPublicKey?: Buffer,
+  ): Buffer {
+    // Validate input
+    if (!data) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(
+          NodeEciesStringKey.Error_Member_MissingEncryptionData,
+        ),
+        MemberErrorType.MissingEncryptionData,
+      );
+    }
+    // Check size limit
+    const dataSize = Buffer.isBuffer(data)
+      ? data.length
+      : Buffer.byteLength(data);
+    if (dataSize > Member.MAX_ENCRYPTION_SIZE) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(
+          NodeEciesStringKey.Error_Member_EncryptionDataTooLarge,
+        ),
+        MemberErrorType.EncryptionDataTooLarge,
+      );
+    }
+    // Create buffer from data
+    const bufferData = Buffer.isBuffer(data) ? data : Buffer.from(data);
+    // Use recipient public key or self public key
+    const targetPublicKey = recipientPublicKey || this._publicKey;
+    return this._eciesService.encryptSimpleOrSingle(
+      false,
+      targetPublicKey,
+      bufferData,
+    );
+  }
+  public decryptData(encryptedData: Buffer): Buffer {
+    if (!this._privateKey) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(
+          NodeEciesStringKey.Error_Member_MissingPrivateKey,
+        ),
+        MemberErrorType.MissingPrivateKey,
+      );
+    }
+    // decryptSingleWithHeader now returns the Buffer directly
+    return this._eciesService.decryptSimpleOrSingleWithHeader(
+      false,
+      Buffer.from(this._privateKey.value),
+      encryptedData,
+    );
+  }
+  public toJson(): string {
+    const storage: IMemberStorageData = {
+      id: this._id.toString(),
+      type: this._type,
+      name: this._name,
+      email: this._email.toString(),
+      publicKey: this._publicKey.toString('base64'),
+      creatorId: this._creatorId.toString(),
+      dateCreated: this._dateCreated.toISOString(),
+      dateUpdated: this._dateUpdated.toISOString(),
+    };
+    return JSON.stringify(storage);
+  }
+  public dispose(): void {
+    // Ensure secret material is zeroized when disposing
+    try {
+      this._privateKey?.dispose();
+    } finally {
+      this.unloadWalletAndPrivateKey();
+    }
+  }
+  public static fromJson(
+    json: string,
+    // Add injected services as parameters
+    eciesService: ECIESService,
+  ): Member {
+    const storage: IMemberStorageData = JSON.parse(json);
+    const email = new EmailString(storage.email);
+    // Pass injected services to constructor
+    const dateCreated = new Date(storage.dateCreated);
+    return new Member(
+      eciesService,
+      storage.type,
+      storage.name,
+      email,
+      Buffer.from(storage.publicKey, 'base64'),
+      undefined,
+      undefined,
+      new ObjectId(storage.id),
+      dateCreated,
+      new Date(storage.dateUpdated),
+      new ObjectId(storage.creatorId),
+    );
+  }
+  public static fromMnemonic(
+    mnemonic: SecureString,
+    eciesService: ECIESService,
+    memberType = MemberType.User,
+    name = 'Test User',
+    email = new EmailString('test@example.com'),
+  ): Member {
+    const { wallet } = eciesService.walletAndSeedFromMnemonic(mnemonic);
+    const privateKey = wallet.getPrivateKey();
+    const publicKeyWithPrefix = Buffer.concat([
+      Buffer.from([ECIES.PUBLIC_KEY_MAGIC]),
+      wallet.getPublicKey(),
+    ]);
+    return new Member(
+      eciesService,
+      memberType,
+      name,
+      email,
+      publicKeyWithPrefix,
+      new SecureBuffer(privateKey),
+      wallet,
+    );
+  }
+  public static newMember(
+    // Add injected services as parameters
+    eciesService: ECIESService,
+    // Original parameters
+    type: MemberType,
+    name: string,
+    email: EmailString,
+    forceMnemonic?: SecureString,
+    createdBy?: Types.ObjectId,
+  ): { member: Member; mnemonic: SecureString } {
+    // Validate inputs first
+    if (!name || name.length == 0) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(
+          NodeEciesStringKey.Error_Member_MissingMemberName,
+        ),
+        MemberErrorType.MissingMemberName,
+      );
+    }
+    if (name.trim() != name) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(
+          NodeEciesStringKey.Error_Member_InvalidMemberNameWhitespace,
+        ),
+        MemberErrorType.InvalidMemberNameWhitespace,
+      );
+    }
+    if (!email || email.toString().length == 0) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(NodeEciesStringKey.Error_Member_MissingEmail),
+        MemberErrorType.MissingEmail,
+      );
+    }
+    if (email.toString().trim() != email.toString()) {
+      throw new NodeMemberError(
+        getNodeEciesTranslation(
+          NodeEciesStringKey.Error_Member_InvalidEmailWhitespace,
+        ),
+        MemberErrorType.InvalidEmailWhitespace,
+      );
+    }
+    // Use injected services
+    const mnemonic = forceMnemonic ?? eciesService.generateNewMnemonic();
+    const { wallet } = eciesService.walletAndSeedFromMnemonic(mnemonic);
+    // Get private key from wallet
+    const privateKey = wallet.getPrivateKey();
+    // Get public key with 0x04 prefix
+    const publicKeyWithPrefix = Buffer.concat([
+      Buffer.from([ECIES.PUBLIC_KEY_MAGIC]),
+      wallet.getPublicKey(),
+    ]);
+    const newId = new ObjectId();
+    const dateCreated = new Date();
+    return {
+      // Pass injected services to constructor
+      member: new Member(
+        eciesService,
+        type,
+        name,
+        email,
+        publicKeyWithPrefix,
+        new SecureBuffer(privateKey),
+        wallet,
+        newId,
+        dateCreated,
+        dateCreated,
+        createdBy ?? newId,
+      ),
+      mnemonic,
+    };
+  }
+}