@digitaldefiance/node-ecies-lib 4.4.9 → 4.4.12

package/src/services/encryption-stream.js

@@ -0,0 +1,207 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptionStream = void 0;
+const ecies_i18n_factory_1 = require("../i18n/ecies-i18n-factory");
+const node_ecies_i18n_setup_1 = require("../i18n/node-ecies-i18n-setup");
+const stream_config_1 = require("../interfaces/stream-config");
+const chunk_processor_1 = require("./chunk-processor");
+const multi_recipient_processor_1 = require("./multi-recipient-processor");
+const progress_tracker_1 = require("./progress-tracker");
+class EncryptionStream {
+    ecies;
+    config;
+    processor;
+    multiRecipientProcessor;
+    engine = (0, node_ecies_i18n_setup_1.getNodeEciesI18nEngine)();
+    constructor(ecies, config = stream_config_1.DEFAULT_STREAM_CONFIG, processor, multiRecipientProcessor) {
+        this.ecies = ecies;
+        this.config = config;
+        // Use injected dependencies or create defaults
+        this.processor = processor ?? new chunk_processor_1.ChunkProcessor(ecies);
+        this.multiRecipientProcessor =
+            multiRecipientProcessor ??
+                new multi_recipient_processor_1.MultiRecipientProcessor(ecies.core, ecies.core.consts);
+    }
+    async *encryptStream(source, publicKey, options = {}) {
+        if (!publicKey || (publicKey.length !== 65 && publicKey.length !== 33)) {
+            throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_InvalidPublicKeyLength));
+        }
+        const chunkSize = options.chunkSize ?? this.config.chunkSize;
+        const includeChecksums = options.includeChecksums ?? this.config.includeChecksums;
+        const signal = options.signal;
+        const onProgress = options.onProgress;
+        let buffer = Buffer.alloc(0);
+        let chunkIndex = 0;
+        let lastYieldedChunk = null;
+        let tracker;
+        const maxSingleChunk = 100 * 1024 * 1024;
+        for await (const data of source) {
+            if (signal?.aborted) {
+                throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_EncryptionCancelled));
+            }
+            if (data.length > maxSingleChunk) {
+                throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_BufferOverflow));
+            }
+            buffer = Buffer.concat([buffer, data]);
+            if (!tracker && onProgress) {
+                tracker = new progress_tracker_1.ProgressTracker();
+            }
+            while (buffer.length >= chunkSize) {
+                if (signal?.aborted) {
+                    throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_EncryptionCancelled));
+                }
+                const chunkData = buffer.subarray(0, chunkSize);
+                buffer = buffer.subarray(chunkSize);
+                const encryptedChunk = await this.processor.encryptChunk(chunkData, publicKey, chunkIndex++, false, includeChecksums);
+                lastYieldedChunk = encryptedChunk;
+                yield encryptedChunk;
+                if (tracker && onProgress) {
+                    onProgress(tracker.update(chunkSize));
+                }
+            }
+        }
+        if (buffer.length > 0) {
+            if (signal?.aborted) {
+                throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_EncryptionCancelled));
+            }
+            const encryptedChunk = await this.processor.encryptChunk(buffer, publicKey, chunkIndex, true, includeChecksums);
+            yield encryptedChunk;
+            if (tracker && onProgress) {
+                onProgress(tracker.update(buffer.length));
+            }
+        }
+        else if (chunkIndex === 0) {
+            return;
+        }
+        else if (lastYieldedChunk) {
+            lastYieldedChunk.isLast = true;
+        }
+    }
+    async *encryptStreamMultiple(source, recipients, options = {}) {
+        if (recipients.length === 0) {
+            throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_AtLeastOneRecipientRequired));
+        }
+        if (recipients.length > 65535) {
+            throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_MaxRecipientsExceeded));
+        }
+        for (const recipient of recipients) {
+            if (!recipient.publicKey ||
+                (recipient.publicKey.length !== 65 && recipient.publicKey.length !== 33)) {
+                throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_InvalidRecipientPublicKeyLength));
+            }
+            if (!recipient.id ||
+                recipient.id.length !==
+                    this.ecies.core.consts.MULTIPLE.RECIPIENT_ID_SIZE) {
+                throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_InvalidRecipientIdLength));
+            }
+        }
+        const chunkSize = options.chunkSize ?? this.config.chunkSize;
+        const signal = options.signal;
+        const onProgress = options.onProgress;
+        const symmetricKey = Buffer.from(require('crypto').randomBytes(32));
+        let buffer = Buffer.alloc(0);
+        let chunkIndex = 0;
+        let tracker;
+        const maxSingleChunk = 100 * 1024 * 1024;
+        for await (const data of source) {
+            if (signal?.aborted) {
+                throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_EncryptionCancelled));
+            }
+            if (data.length > maxSingleChunk) {
+                throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_BufferOverflow));
+            }
+            buffer = Buffer.concat([buffer, data]);
+            if (!tracker && onProgress) {
+                tracker = new progress_tracker_1.ProgressTracker();
+            }
+            while (buffer.length >= chunkSize) {
+                if (signal?.aborted) {
+                    throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_EncryptionCancelled));
+                }
+                const chunkData = buffer.subarray(0, chunkSize);
+                buffer = buffer.subarray(chunkSize);
+                const encryptedChunk = await this.multiRecipientProcessor.encryptChunk(chunkData, recipients, chunkIndex++, false, symmetricKey);
+                yield encryptedChunk;
+                if (tracker && onProgress) {
+                    onProgress(tracker.update(chunkSize));
+                }
+            }
+        }
+        if (buffer.length > 0) {
+            if (signal?.aborted) {
+                throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_EncryptionCancelled));
+            }
+            const encryptedChunk = await this.multiRecipientProcessor.encryptChunk(buffer, recipients, chunkIndex, true, symmetricKey);
+            yield encryptedChunk;
+            if (tracker && onProgress) {
+                onProgress(tracker.update(buffer.length));
+            }
+        }
+    }
+    async *decryptStream(source, privateKey, options = {}) {
+        if (!privateKey || privateKey.length !== 32) {
+            throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_InvalidPrivateKeyLength));
+        }
+        const signal = options.signal;
+        const onProgress = options.onProgress;
+        let expectedIndex = 0;
+        let tracker;
+        if (onProgress) {
+            tracker = new progress_tracker_1.ProgressTracker();
+        }
+        for await (const chunkData of source) {
+            if (signal?.aborted) {
+                throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_DecryptionCancelled));
+            }
+            const { data, header } = await this.processor.decryptChunk(chunkData, privateKey);
+            if (header.index !== expectedIndex) {
+                throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_ChunkSequenceError));
+            }
+            expectedIndex++;
+            yield data;
+            if (tracker && onProgress) {
+                onProgress(tracker.update(data.length));
+            }
+            const isLast = (header.flags & 0x01) !== 0;
+            if (isLast) {
+                break;
+            }
+        }
+    }
+    async *decryptStreamMultiple(source, recipientId, privateKey, options = {}) {
+        if (!recipientId ||
+            recipientId.length !== this.ecies.core.consts.MULTIPLE.RECIPIENT_ID_SIZE) {
+            throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_InvalidRecipientIdLength));
+        }
+        if (!privateKey || privateKey.length !== 32) {
+            throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_InvalidPrivateKeyLength));
+        }
+        const signal = options.signal;
+        const onProgress = options.onProgress;
+        let expectedIndex = 0;
+        let tracker;
+        if (onProgress) {
+            tracker = new progress_tracker_1.ProgressTracker();
+        }
+        for await (const chunkData of source) {
+            if (signal?.aborted) {
+                throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_DecryptionCancelled));
+            }
+            const { data, header } = await this.multiRecipientProcessor.decryptChunk(chunkData, recipientId, privateKey);
+            if (header.chunkIndex !== expectedIndex) {
+                throw new Error(this.engine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_Stream_ChunkSequenceError));
+            }
+            expectedIndex++;
+            yield data;
+            if (tracker && onProgress) {
+                onProgress(tracker.update(data.length));
+            }
+            const isLast = (header.flags & 0x01) !== 0;
+            if (isLast) {
+                break;
+            }
+        }
+    }
+}
+exports.EncryptionStream = EncryptionStream;
+//# sourceMappingURL=encryption-stream.js.map

package/src/services/encryption-stream.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption-stream.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-ecies-lib/src/services/encryption-stream.ts"],"names":[],"mappings":";;;AAAA,mEAGoC;AACpC,yEAAuE;AAGvE,+DAGqC;AAErC,uDAAmD;AAEnD,2EAAsE;AACtE,yDAAqD;AAcrD,MAAa,gBAAgB;IAMR;IACA;IANF,SAAS,CAAiB;IAC1B,uBAAuB,CAA0B;IACjD,MAAM,GAAG,IAAA,8CAAsB,GAAE,CAAC;IAEnD,YACmB,KAAmB,EACnB,SAAwB,qCAAqB,EAC9D,SAA0B,EAC1B,uBAAiD;QAHhC,UAAK,GAAL,KAAK,CAAc;QACnB,WAAM,GAAN,MAAM,CAAuC;QAI9D,+CAA+C;QAC/C,IAAI,CAAC,SAAS,GAAG,SAAS,IAAI,IAAI,gCAAc,CAAC,KAAK,CAAC,CAAC;QACxD,IAAI,CAAC,uBAAuB;YAC1B,uBAAuB;gBACvB,IAAI,mDAAuB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC/D,CAAC;IAEM,KAAK,CAAC,CAAC,aAAa,CACzB,MAA6B,EAC7B,SAAiB,EACjB,UAAiC,EAAE;QAEnC,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,EAAE,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,CAAC,EAAE,CAAC;YACvE,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,mCAAmC,CACvD,CACF,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;QAC7D,MAAM,gBAAgB,GACpB,OAAO,CAAC,gBAAgB,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;QAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QAEtC,IAAI,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,IAAI,gBAAgB,GAA2B,IAAI,CAAC;QACpD,IAAI,OAAoC,CAAC;QACzC,MAAM,cAAc,GAAG,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC;QAEzC,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;YAChC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,gCAAgC,CACpD,CACF,CAAC;YACJ,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,2BAA2B,CAC/C,CACF,CAAC;YACJ,CAAC;YAED,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;YAEvC,IAAI,CAAC,OAAO,IAAI,UAAU,EAAE,CAAC;gBAC3B,OAAO,GAAG,IAAI,kCAAe,EAAE,CAAC;YAClC,CAAC;YAED,OAAO,MAAM,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;gBAClC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;oBACpB,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,gCAAgC,CACpD,CACF,CAAC;gBACJ,CAAC;gBAED,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;gBAChD,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;gBAEpC,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CACtD,SAAS,EACT,SAAS,EACT,UAAU,EAAE,EACZ,KAAK,EACL,gBAAgB,CACjB,CAAC;gBAEF,gBAAgB,GAAG,cAAc,CAAC;gBAClC,MAAM,cAAc,CAAC;gBAErB,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;oBAC1B,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,gCAAgC,CACpD,CACF,CAAC;YACJ,CAAC;YAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CACtD,MAAM,EACN,SAAS,EACT,UAAU,EACV,IAAI,EACJ,gBAAgB,CACjB,CAAC;YAEF,MAAM,cAAc,CAAC;YAErB,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;gBAC1B,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;aAAM,IAAI,UAAU,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO;QACT,CAAC;aAAM,IAAI,gBAAgB,EAAE,CAAC;YAC5B,gBAAgB,CAAC,MAAM,GAAG,IAAI,CAAC;QACjC,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,CAAC,qBAAqB,CACjC,MAA6B,EAC7B,UAAoD,EACpD,UAAiC,EAAE;QAEnC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,wCAAwC,CAC5D,CACF,CAAC;QACJ,CAAC;QACD,IAAI,UAAU,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,kCAAkC,CACtD,CACF,CAAC;QACJ,CAAC;QAED,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,IACE,CAAC,SAAS,CAAC,SAAS;gBACpB,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,KAAK,EAAE,IAAI,SAAS,CAAC,SAAS,CAAC,MAAM,KAAK,EAAE,CAAC,EACxE,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,4CAA4C,CAChE,CACF,CAAC;YACJ,CAAC;YACD,IACE,CAAC,SAAS,CAAC,EAAE;gBACb,SAAS,CAAC,EAAE,CAAC,MAAM;oBACjB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,EACnD,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,qCAAqC,CACzD,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;QAC7D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QAEtC,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;QAEpE,IAAI,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,IAAI,OAAoC,CAAC;QACzC,MAAM,cAAc,GAAG,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC;QAEzC,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;YAChC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,gCAAgC,CACpD,CACF,CAAC;YACJ,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,2BAA2B,CAC/C,CACF,CAAC;YACJ,CAAC;YAED,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;YAEvC,IAAI,CAAC,OAAO,IAAI,UAAU,EAAE,CAAC;gBAC3B,OAAO,GAAG,IAAI,kCAAe,EAAE,CAAC;YAClC,CAAC;YAED,OAAO,MAAM,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;gBAClC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;oBACpB,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,gCAAgC,CACpD,CACF,CAAC;gBACJ,CAAC;gBAED,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;gBAChD,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;gBAEpC,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,YAAY,CACpE,SAAS,EACT,UAAU,EACV,UAAU,EAAE,EACZ,KAAK,EACL,YAAY,CACb,CAAC;gBAEF,MAAM,cAAc,CAAC;gBAErB,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;oBAC1B,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,gCAAgC,CACpD,CACF,CAAC;YACJ,CAAC;YAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,YAAY,CACpE,MAAM,EACN,UAAU,EACV,UAAU,EACV,IAAI,EACJ,YAAY,CACb,CAAC;YAEF,MAAM,cAAc,CAAC;YAErB,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;gBAC1B,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,CAAC,aAAa,CACzB,MAA6B,EAC7B,UAAkB,EAClB,UAAiC,EAAE;QAEnC,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,oCAAoC,CACxD,CACF,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACtC,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,OAAoC,CAAC;QAEzC,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,GAAG,IAAI,kCAAe,EAAE,CAAC;QAClC,CAAC;QAED,IAAI,KAAK,EAAE,MAAM,SAAS,IAAI,MAAM,EAAE,CAAC;YACrC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,gCAAgC,CACpD,CACF,CAAC;YACJ,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CACxD,SAAS,EACT,UAAU,CACX,CAAC;YAEF,IAAI,MAAM,CAAC,KAAK,KAAK,aAAa,EAAE,CAAC;gBACnC,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,+BAA+B,CACnD,CACF,CAAC;YACJ,CAAC;YAED,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC;YAEX,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;gBAC1B,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3C,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,CAAC,qBAAqB,CACjC,MAA6B,EAC7B,WAAmB,EACnB,UAAkB,EAClB,UAAiC,EAAE;QAEnC,IACE,CAAC,WAAW;YACZ,WAAW,CAAC,MAAM,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,EACxE,CAAC;YACD,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,qCAAqC,CACzD,CACF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,oCAAoC,CACxD,CACF,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACtC,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,OAAoC,CAAC;QAEzC,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,GAAG,IAAI,kCAAe,EAAE,CAAC;QAClC,CAAC;QAED,IAAI,KAAK,EAAE,MAAM,SAAS,IAAI,MAAM,EAAE,CAAC;YACrC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,gCAAgC,CACpD,CACF,CAAC;YACJ,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,YAAY,CACtE,SAAS,EACT,WAAW,EACX,UAAU,CACX,CAAC;YAEF,IAAI,MAAM,CAAC,UAAU,KAAK,aAAa,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,CACnB,yCAAoB,EACpB,uCAAkB,CAAC,+BAA+B,CACnD,CACF,CAAC;YACJ,CAAC;YAED,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC;YAEX,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;gBAC1B,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3C,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAlZD,4CAkZC"}

package/src/services/{index.ts → index.d.ts}

@@ -5,3 +5,4 @@ export * from './chunk-processor';
 export * from './encryption-stream';
 export * from './multi-recipient-processor';
 export * from './progress-tracker';
+//# sourceMappingURL=index.d.ts.map

package/src/services/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-ecies-lib/src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAC;AAC1B,cAAc,SAAS,CAAC;AACxB,cAAc,UAAU,CAAC;AACzB,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,oBAAoB,CAAC"}

package/src/services/index.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./aes-gcm"), exports);
+tslib_1.__exportStar(require("./ecies"), exports);
+tslib_1.__exportStar(require("./pbkdf2"), exports);
+tslib_1.__exportStar(require("./chunk-processor"), exports);
+tslib_1.__exportStar(require("./encryption-stream"), exports);
+tslib_1.__exportStar(require("./multi-recipient-processor"), exports);
+tslib_1.__exportStar(require("./progress-tracker"), exports);
+//# sourceMappingURL=index.js.map

package/src/services/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-ecies-lib/src/services/index.ts"],"names":[],"mappings":";;;AAAA,oDAA0B;AAC1B,kDAAwB;AACxB,mDAAyB;AACzB,4DAAkC;AAClC,8DAAoC;AACpC,sEAA4C;AAC5C,6DAAmC"}

package/src/services/multi-recipient-processor.d.ts

@@ -0,0 +1,72 @@
+import { IECIESConstants } from '@digitaldefiance/ecies-lib';
+import { IMultiRecipientChunk, IMultiRecipientChunkHeader } from '../interfaces/multi-recipient-chunk';
+import { AESGCMService } from './aes-gcm';
+import { EciesCryptoCore } from './ecies/crypto-core';
+import { EciesMultiRecipient } from './ecies/multi-recipient';
+export interface IMultiRecipient {
+    id: Buffer;
+    publicKey: Buffer;
+}
+export interface IMultiEncryptedMessage {
+    dataLength: number;
+    recipientCount: number;
+    recipientIds: Buffer[];
+    recipientKeys: Buffer[];
+    encryptedMessage: Buffer;
+    headerSize: number;
+    ephemeralPublicKey?: Buffer;
+}
+export declare class MultiRecipientProcessor {
+    private readonly aesGcm;
+    private readonly cryptoCore;
+    private readonly consts;
+    private readonly eciesMultiRecipient;
+    private readonly constants;
+    private readonly recipientIdSize;
+    constructor(cryptoCore: EciesCryptoCore, consts?: IECIESConstants, aesGcm?: AESGCMService, eciesMultiRecipient?: EciesMultiRecipient);
+    /**
+     * Encrypts a message for multiple recipients.
+     * Wrapper around EciesMultiRecipient.encryptMultiple for backward compatibility.
+     */
+    encryptMultiple(recipients: IMultiRecipient[], message: Buffer, preamble?: Buffer): Promise<IMultiEncryptedMessage>;
+    /**
+     * Builds the header for a message encrypted for multiple recipients.
+     * Wrapper around EciesMultiRecipient.buildECIESMultipleRecipientHeader for backward compatibility.
+     */
+    buildHeader(data: IMultiEncryptedMessage): Buffer;
+    encryptChunk(data: Buffer, recipients: IMultiRecipient[], chunkIndex: number, isLast: boolean, symmetricKey: Buffer, senderPrivateKey?: Buffer): Promise<IMultiRecipientChunk>;
+    decryptChunk(chunkData: Buffer, recipientId: Buffer, privateKey: Buffer, senderPublicKey?: Buffer): Promise<{
+        data: Buffer;
+        header: IMultiRecipientChunkHeader;
+    }>;
+    /**
+     * Decrypts a message encrypted with multiple ECIE for a recipient.
+     * Wrapper around EciesMultiRecipient.decryptMultipleECIEForRecipient for backward compatibility.
+     */
+    decryptMultipleForRecipient(encryptedData: IMultiEncryptedMessage, recipientId: Buffer, privateKey: Buffer, senderPublicKey?: Buffer): Promise<Buffer>;
+    /**
+     * Parses a multi-encrypted header.
+     * Wrapper around EciesMultiRecipient.parseMultiEncryptedHeader for backward compatibility.
+     */
+    parseHeader(data: Buffer): Omit<IMultiEncryptedMessage, 'encryptedMessage'> & {
+        headerSize: number;
+    };
+    /**
+     * Parses a multi-encrypted buffer into its components.
+     * Wrapper around EciesMultiRecipient.parseMultiEncryptedBuffer for backward compatibility.
+     */
+    parseMessage(data: Buffer): IMultiEncryptedMessage;
+    /**
+     * Encrypts a symmetric key for a recipient.
+     * Generates a new ephemeral key pair.
+     * Returns [EphemeralPublicKey][EncryptedKey]
+     */
+    encryptKey(recipientPublicKey: Buffer, symmetricKey: Buffer): Promise<Buffer>;
+    /**
+     * Decrypts a symmetric key.
+     * Expects [EphemeralPublicKey][EncryptedKey]
+     */
+    decryptKey(privateKey: Buffer, encryptedData: Buffer): Promise<Buffer>;
+    getHeaderSize(recipientCount: number): number;
+}
+//# sourceMappingURL=multi-recipient-processor.d.ts.map

package/src/services/multi-recipient-processor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"multi-recipient-processor.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-ecies-lib/src/services/multi-recipient-processor.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,eAAe,EAEhB,MAAM,4BAA4B,CAAC;AAWpC,OAAO,EAEL,oBAAoB,EACpB,0BAA0B,EAE3B,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAE9D,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,sBAAsB;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,qBAAa,uBAAuB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;IACvC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAkB;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IACzC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAsB;IAC1D,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA2B;IACrD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;gBAGvC,UAAU,EAAE,eAAe,EAC3B,MAAM,GAAE,eAAiC,EACzC,MAAM,CAAC,EAAE,aAAa,EACtB,mBAAmB,CAAC,EAAE,mBAAmB;IAY3C;;;OAGG;IACU,eAAe,CAC1B,UAAU,EAAE,eAAe,EAAE,EAC7B,OAAO,EAAE,MAAM,EACf,QAAQ,GAAE,MAAwB,GACjC,OAAO,CAAC,sBAAsB,CAAC;IAelC;;;OAGG;IACI,WAAW,CAAC,IAAI,EAAE,sBAAsB,GAAG,MAAM;IAI3C,YAAY,CACvB,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,eAAe,EAAE,EAC7B,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,OAAO,EACf,YAAY,EAAE,MAAM,EACpB,gBAAgB,CAAC,EAAE,MAAM,GACxB,OAAO,CAAC,oBAAoB,CAAC;IA0JnB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,EAClB,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,0BAA0B,CAAA;KAAE,CAAC;IA4IhE;;;OAGG;IACU,2BAA2B,CACtC,aAAa,EAAE,sBAAsB,EACrC,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,EAClB,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,MAAM,CAAC;IAclB;;;OAGG;IACI,WAAW,CAChB,IAAI,EAAE,MAAM,GACX,IAAI,CAAC,sBAAsB,EAAE,kBAAkB,CAAC,GAAG;QAAE,UAAU,EAAE,MAAM,CAAA;KAAE;IAK5E;;;OAGG;IACI,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,sBAAsB;IAKzD;;;;OAIG;IACU,UAAU,CACrB,kBAAkB,EAAE,MAAM,EAC1B,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC;IA2BlB;;;OAGG;IACU,UAAU,CACrB,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,MAAM,CAAC;IAeX,aAAa,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM;CAGrD"}

package/src/services/multi-recipient-processor.js

@@ -0,0 +1,322 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MultiRecipientProcessor = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const crypto_1 = require("crypto");
+const constants_1 = require("../constants");
+const multi_recipient_chunk_1 = require("../interfaces/multi-recipient-chunk");
+const aes_gcm_1 = require("./aes-gcm");
+const multi_recipient_1 = require("./ecies/multi-recipient");
+class MultiRecipientProcessor {
+    aesGcm;
+    cryptoCore;
+    consts;
+    eciesMultiRecipient;
+    constants;
+    recipientIdSize;
+    constructor(cryptoCore, consts = constants_1.Constants.ECIES, aesGcm, eciesMultiRecipient) {
+        this.cryptoCore = cryptoCore;
+        this.consts = consts;
+        // Use injected dependencies or create defaults
+        this.aesGcm = aesGcm ?? new aes_gcm_1.AESGCMService();
+        this.eciesMultiRecipient =
+            eciesMultiRecipient ?? new multi_recipient_1.EciesMultiRecipient(cryptoCore);
+        this.recipientIdSize = consts.MULTIPLE.RECIPIENT_ID_SIZE;
+        this.constants = (0, multi_recipient_chunk_1.getMultiRecipientConstants)(this.recipientIdSize);
+    }
+    /**
+     * Encrypts a message for multiple recipients.
+     * Wrapper around EciesMultiRecipient.encryptMultiple for backward compatibility.
+     */
+    async encryptMultiple(recipients, message, preamble = Buffer.alloc(0)) {
+        // Convert IMultiRecipient to IMember-like objects
+        // EciesMultiRecipient expects IMember[] which has id: Buffer and publicKey: Buffer
+        // IMultiRecipient already matches this structure, so we can safely cast
+        const members = recipients;
+        const result = this.eciesMultiRecipient.encryptMultiple(members, message, preamble);
+        return result;
+    }
+    /**
+     * Builds the header for a message encrypted for multiple recipients.
+     * Wrapper around EciesMultiRecipient.buildECIESMultipleRecipientHeader for backward compatibility.
+     */
+    buildHeader(data) {
+        return this.eciesMultiRecipient.buildECIESMultipleRecipientHeader(data);
+    }
+    async encryptChunk(data, recipients, chunkIndex, isLast, symmetricKey, senderPrivateKey) {
+        if (chunkIndex < 0 || chunkIndex > 0xffffffff) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidDataLength);
+        }
+        // Sign-then-Encrypt
+        let dataToEncrypt = data;
+        if (senderPrivateKey) {
+            const signature = this.cryptoCore.sign(senderPrivateKey, data);
+            dataToEncrypt = Buffer.concat([signature, data]);
+        }
+        if (dataToEncrypt.length > this.consts.MAX_RAW_DATA_SIZE) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.FileSizeTooLarge);
+        }
+        // Generate ONE ephemeral key pair for all recipients
+        const ecdh = (0, crypto_1.createECDH)(this.cryptoCore.config.curveName);
+        ecdh.generateKeys();
+        const ephemeralPrivateKey = ecdh.getPrivateKey();
+        let ephemeralPublicKey = ecdh.getPublicKey(null, 'compressed');
+        // Ensure public key has 0x04 prefix
+        if (ephemeralPublicKey.length === this.cryptoCore.consts.RAW_PUBLIC_KEY_LENGTH) {
+            ephemeralPublicKey = Buffer.concat([
+                Buffer.from([this.cryptoCore.consts.PUBLIC_KEY_MAGIC]),
+                ephemeralPublicKey,
+            ]);
+        }
+        // Build recipient headers
+        const recipientHeaders = [];
+        for (const recipient of recipients) {
+            // Use Recipient ID as AAD for key encryption
+            const encryptedKey = this.eciesMultiRecipient.encryptKey(recipient.publicKey, symmetricKey, ephemeralPrivateKey, recipient.id);
+            recipientHeaders.push({
+                id: recipient.id,
+                keySize: encryptedKey.length,
+                encryptedKey,
+            });
+        }
+        // Calculate encrypted size (Data + Tag)
+        // AES-GCM tag is 16 bytes
+        const encryptedSize = dataToEncrypt.length + 16;
+        // Calculate total size
+        let recipientHeadersSize = 0;
+        for (const h of recipientHeaders) {
+            recipientHeadersSize +=
+                this.recipientIdSize + this.constants.KEY_SIZE_BYTES + h.keySize;
+        }
+        const totalSize = this.constants.HEADER_SIZE +
+            recipientHeadersSize +
+            12 + // IV
+            encryptedSize;
+        // Build chunk buffer
+        const chunk = Buffer.alloc(totalSize);
+        let offset = 0;
+        // Write header
+        chunk.writeUInt32BE(this.constants.MAGIC, offset);
+        offset += 4;
+        chunk.writeUInt16BE(this.constants.VERSION, offset);
+        offset += 2;
+        chunk.writeUInt16BE(recipients.length, offset);
+        offset += 2;
+        chunk.writeUInt32BE(chunkIndex, offset);
+        offset += 4;
+        chunk.writeUInt32BE(dataToEncrypt.length, offset); // Original Size
+        offset += 4;
+        chunk.writeUInt32BE(encryptedSize, offset);
+        offset += 4;
+        chunk.writeUInt8(isLast ? this.constants.FLAG_IS_LAST : 0, offset);
+        offset += 1;
+        // Write Ephemeral Public Key (33 bytes)
+        ephemeralPublicKey.copy(chunk, offset);
+        offset += 33;
+        // Padding to HEADER_SIZE (64 bytes)
+        offset = this.constants.HEADER_SIZE;
+        // Write recipient headers
+        for (const header of recipientHeaders) {
+            header.id.copy(chunk, offset);
+            offset += this.recipientIdSize;
+            chunk.writeUInt16BE(header.keySize, offset);
+            offset += this.constants.KEY_SIZE_BYTES;
+            header.encryptedKey.copy(chunk, offset);
+            offset += header.keySize;
+        }
+        // Extract the full header (including recipient headers) to use as AAD
+        const headerBytes = chunk.subarray(0, offset);
+        // Encrypt data with AES-256-GCM using Header as AAD
+        const iv = (0, crypto_1.randomBytes)(this.consts.IV_SIZE);
+        const cipher = (0, crypto_1.createCipheriv)(this.consts.SYMMETRIC_ALGORITHM_CONFIGURATION, symmetricKey, iv);
+        cipher.setAAD(headerBytes);
+        const encrypted = cipher.update(dataToEncrypt);
+        const final = cipher.final();
+        const authTag = cipher.getAuthTag();
+        // Write IV
+        iv.copy(chunk, offset);
+        offset += 12;
+        // Write encrypted data
+        encrypted.copy(chunk, offset);
+        offset += encrypted.length;
+        final.copy(chunk, offset); // Should be empty usually
+        offset += final.length;
+        // Write auth tag
+        authTag.copy(chunk, offset);
+        const header = {
+            chunkIndex,
+            flags: isLast ? 1 : 0,
+            recipientCount: recipients.length,
+            magic: this.constants.MAGIC,
+            version: this.constants.VERSION,
+            originalSize: dataToEncrypt.length,
+            encryptedSize,
+        };
+        return {
+            header,
+            data: chunk,
+        };
+    }
+    async decryptChunk(chunkData, recipientId, privateKey, senderPublicKey) {
+        if (chunkData.length < this.constants.HEADER_SIZE) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidDataLength);
+        }
+        let offset = 0;
+        // Parse header
+        const magic = chunkData.readUInt32BE(offset);
+        offset += 4;
+        if (magic !== this.constants.MAGIC) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidDataLength); // Invalid Magic
+        }
+        const version = chunkData.readUInt16BE(offset);
+        offset += 2;
+        if (version !== this.constants.VERSION) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidVersion);
+        }
+        const recipientCount = chunkData.readUInt16BE(offset);
+        offset += 2;
+        const chunkIndex = chunkData.readUInt32BE(offset);
+        offset += 4;
+        const originalSize = chunkData.readUInt32BE(offset);
+        offset += 4;
+        const encryptedSize = chunkData.readUInt32BE(offset);
+        offset += 4;
+        const flags = chunkData.readUInt8(offset);
+        offset += 1;
+        // Read Ephemeral Public Key (33 bytes)
+        const ephemeralPublicKey = chunkData.subarray(offset, offset + 33);
+        offset += 33;
+        offset = this.constants.HEADER_SIZE;
+        // Find recipient header and decrypt symmetric key
+        let symmetricKey = null;
+        let tempOffset = offset;
+        for (let i = 0; i < recipientCount; i++) {
+            const id = chunkData.subarray(tempOffset, tempOffset + this.recipientIdSize);
+            tempOffset += this.recipientIdSize;
+            const keySize = chunkData.readUInt16BE(tempOffset);
+            tempOffset += this.constants.KEY_SIZE_BYTES;
+            const encryptedKey = chunkData.subarray(tempOffset, tempOffset + keySize);
+            tempOffset += keySize;
+            // Check if this is our recipient
+            if (id.equals(recipientId)) {
+                // Use Recipient ID as AAD for key decryption
+                symmetricKey = this.eciesMultiRecipient.decryptKey(privateKey, encryptedKey, ephemeralPublicKey, id);
+            }
+        }
+        if (!symmetricKey) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.RecipientNotFound);
+        }
+        // Update offset to after all recipient headers
+        offset = tempOffset;
+        // Extract header bytes for AAD
+        const headerBytes = chunkData.subarray(0, offset);
+        // Read IV
+        const iv = chunkData.subarray(offset, offset + 12);
+        offset += 12;
+        // Read encrypted data (includes tag)
+        const encryptedWithTag = chunkData.subarray(offset, offset + encryptedSize);
+        offset += encryptedSize;
+        // Extract tag from end of encrypted data
+        const authTag = encryptedWithTag.subarray(encryptedWithTag.length - 16);
+        const encrypted = encryptedWithTag.subarray(0, encryptedWithTag.length - 16);
+        // Decrypt with AAD
+        const decipher = (0, crypto_1.createDecipheriv)(this.consts.SYMMETRIC_ALGORITHM_CONFIGURATION, symmetricKey, iv);
+        decipher.setAuthTag(authTag);
+        decipher.setAAD(headerBytes);
+        const decrypted = decipher.update(encrypted);
+        const final = decipher.final();
+        const decryptedMessage = Buffer.concat([decrypted, final]);
+        // Verify signature if sender public key provided
+        let finalData = decryptedMessage;
+        if (senderPublicKey) {
+            if (decryptedMessage.length < 64) {
+                throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidSignature);
+            }
+            const signature = decryptedMessage.subarray(0, 64);
+            const message = decryptedMessage.subarray(64);
+            const isValid = this.cryptoCore.verify(senderPublicKey, message, signature);
+            if (!isValid) {
+                throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidSignature);
+            }
+            finalData = message;
+        }
+        return {
+            data: finalData,
+            header: {
+                chunkIndex,
+                flags,
+                recipientCount,
+                magic,
+                version,
+                originalSize,
+                encryptedSize,
+            },
+        };
+    }
+    /**
+     * Decrypts a message encrypted with multiple ECIE for a recipient.
+     * Wrapper around EciesMultiRecipient.decryptMultipleECIEForRecipient for backward compatibility.
+     */
+    async decryptMultipleForRecipient(encryptedData, recipientId, privateKey, senderPublicKey) {
+        // Create a partial IMember with only the properties needed for decryption
+        const member = {
+            id: recipientId,
+            privateKey: new ecies_lib_1.SecureBuffer(privateKey),
+        };
+        return this.eciesMultiRecipient.decryptMultipleECIEForRecipient(encryptedData, member, senderPublicKey);
+    }
+    /**
+     * Parses a multi-encrypted header.
+     * Wrapper around EciesMultiRecipient.parseMultiEncryptedHeader for backward compatibility.
+     */
+    parseHeader(data) {
+        const result = this.eciesMultiRecipient.parseMultiEncryptedHeader(data);
+        return result;
+    }
+    /**
+     * Parses a multi-encrypted buffer into its components.
+     * Wrapper around EciesMultiRecipient.parseMultiEncryptedBuffer for backward compatibility.
+     */
+    parseMessage(data) {
+        const result = this.eciesMultiRecipient.parseMultiEncryptedBuffer(data);
+        return result;
+    }
+    /**
+     * Encrypts a symmetric key for a recipient.
+     * Generates a new ephemeral key pair.
+     * Returns [EphemeralPublicKey][EncryptedKey]
+     */
+    async encryptKey(recipientPublicKey, symmetricKey) {
+        // Generate ephemeral key pair
+        const ecdh = (0, crypto_1.createECDH)(this.cryptoCore.config.curveName);
+        ecdh.generateKeys();
+        const ephemeralPrivateKey = ecdh.getPrivateKey();
+        let ephemeralPublicKey = ecdh.getPublicKey(null, 'compressed');
+        // Ensure public key has 0x04 prefix
+        if (ephemeralPublicKey.length === this.cryptoCore.consts.RAW_PUBLIC_KEY_LENGTH) {
+            ephemeralPublicKey = Buffer.concat([
+                Buffer.from([this.cryptoCore.consts.PUBLIC_KEY_MAGIC]),
+                ephemeralPublicKey,
+            ]);
+        }
+        const encryptedKey = this.eciesMultiRecipient.encryptKey(recipientPublicKey, symmetricKey, ephemeralPrivateKey, Buffer.alloc(0) // No AAD for simple key encryption? Or use recipient ID?
+        );
+        return Buffer.concat([ephemeralPublicKey, encryptedKey]);
+    }
+    /**
+     * Decrypts a symmetric key.
+     * Expects [EphemeralPublicKey][EncryptedKey]
+     */
+    async decryptKey(privateKey, encryptedData) {
+        // Extract ephemeral public key
+        const pubKeyLength = this.cryptoCore.consts.PUBLIC_KEY_LENGTH; // 33
+        const ephemeralPublicKey = encryptedData.subarray(0, 33);
+        const encryptedKey = encryptedData.subarray(33);
+        return this.eciesMultiRecipient.decryptKey(privateKey, encryptedKey, ephemeralPublicKey, Buffer.alloc(0));
+    }
+    getHeaderSize(recipientCount) {
+        return this.eciesMultiRecipient.getHeaderSize(recipientCount);
+    }
+}
+exports.MultiRecipientProcessor = MultiRecipientProcessor;
+//# sourceMappingURL=multi-recipient-processor.js.map