@enbox/agent 0.1.2 → 0.1.4

package/src/dwn-api.ts

@@ -3,10 +3,8 @@ import type {
   DwnConfig,
   EncryptionInput,
   EncryptionKeyDeriver,
-  EventStream,
   GenericMessage,
   KeyDecrypter,
-  MessageStore,
   ProtocolDefinition,
   ProtocolRuleSet,
   ProtocolsQueryReply,
@@ -14,14 +12,13 @@ import type {
   RecordsQueryReplyEntry,
   RecordsReadReply,
   RecordsWrite,
-  RecordsWriteMessage,
-  StateIndex } from '@enbox/dwn-sdk-js';
+  RecordsWriteMessage } from '@enbox/dwn-sdk-js';
 import type { KeyIdentifier, PrivateKeyJwk, PublicKeyJwk } from '@enbox/crypto';
 
-import { CryptoUtils } from '@enbox/crypto';
 import { TtlCache } from '@enbox/common';
 import {
   Cid,
+  ContentEncryptionAlgorithm,
   DataStoreLevel,
   DataStream,
   Dwn,
@@ -37,9 +34,9 @@ import {
   Protocols,
   Records,
   ResumableTaskStoreLevel,
-  Secp256k1,
   StateIndexLevel
 } from '@enbox/dwn-sdk-js';
+import { CryptoUtils, X25519 } from '@enbox/crypto';
 import { DidDht, DidJwk, DidResolverCacheLevel, UniversalResolver } from '@enbox/dids';
 
 import type { Web5PlatformAgent } from './types/agent.js';
@@ -253,7 +250,7 @@ export class AgentDwnApi {
 
             // Reactive root-record upgrade (PR E): if this is an externally-authored
             // root record with only ProtocolPath encryption, the owner upgrades it by
-            // appending a ProtocolContext keyEncryption entry so that context key
+            // appending a ProtocolContext recipient entry so that context key
             // holders (including the external author) can also decrypt.
             const authorDid = Jws.getSignerDid(
               recordsWriteMessage.authorization.signature.signatures[0]
@@ -299,7 +296,7 @@ export class AgentDwnApi {
                   derivationPath: contextDerivationPath,
                 });
               const contextDerivedPrivateJwk =
-                await Secp256k1.privateKeyToJwk(contextDerivedPrivateKeyBytes);
+                await X25519.bytesToPrivateKey({ privateKeyBytes: contextDerivedPrivateKeyBytes });
               const contextKeyPayload: DerivedPrivateJwk = {
                 rootKeyId         : keyId,
                 derivationScheme  : KeyDerivationScheme.ProtocolContext,
@@ -556,7 +553,7 @@ export class AgentDwnApi {
     // For cross-DWN writes (target !== author), the external author cannot
     // derive the target's context key. Root records use the target's ProtocolPath
     // public key. The target's agent reactively upgrades the record to include a
-    // ProtocolContext keyEncryption entry. Non-root records extract the context
+    // ProtocolContext recipient entry. Non-root records extract the context
     // public key (derivedPublicKey) from existing ProtocolContext-encrypted records
     // in the same context on the target's DWN.
 
@@ -578,6 +575,7 @@ export class AgentDwnApi {
       dataEncryptionKey: Uint8Array;
       dataEncryptionIV: Uint8Array;
       encryptedBytes: Uint8Array;
+      authenticationTag: Uint8Array;
     } | undefined;
 
     if (isDwnRequest(request, DwnInterface.RecordsWrite) && request.encryption && !rawMessage) {
@@ -651,12 +649,12 @@ export class AgentDwnApi {
 
         // 5. Generate random DEK and IV
         const dataEncryptionKey = crypto.getRandomValues(new Uint8Array(32));
-        const dataEncryptionIV = crypto.getRandomValues(new Uint8Array(16));
+        const dataEncryptionIV = crypto.getRandomValues(new Uint8Array(12));
 
-        // 6. Build EncryptionInput based on the encryption scheme decision
-        let encryptionInput: EncryptionInput | undefined;
+        // 6. Build partial EncryptionInput (authenticationTag added after AEAD encryption)
+        let encryptionInput: (Omit<EncryptionInput, 'authenticationTag'> & { authenticationTag?: Uint8Array }) | undefined;
 
-        const buildProtocolPathInput = (): EncryptionInput => this.buildEncryptionInput(
+        const buildProtocolPathInput = (): Omit<EncryptionInput, 'authenticationTag'> => this.buildEncryptionInput(
           dataEncryptionKey, dataEncryptionIV,
           ruleSet.$encryption.rootKeyId, ruleSet.$encryption.publicKeyJwk,
           KeyDerivationScheme.ProtocolPath,
@@ -667,7 +665,7 @@ export class AgentDwnApi {
           // External authors cannot derive the target's context key (HKDF requires
           // the private key). Use the target's ProtocolPath public key from their
           // protocol definition. The target's agent will reactively upgrade the record
-          // to include a ProtocolContext keyEncryption entry.
+          // to include a ProtocolContext recipient entry.
           encryptionInput = buildProtocolPathInput();
 
         } else if (isCrossDwn && isMultiPartyContext && !isRootRecord) {
@@ -733,8 +731,8 @@ export class AgentDwnApi {
           encryptionInput = buildProtocolPathInput();
         }
 
-        // 7. Encrypt data with AES-256-CTR and compute CID
-        const { encryptedBytes, dataCid, dataSize } =
+        // 7. Encrypt data with AEAD (AES-256-GCM) and compute CID
+        const { encryptedBytes, dataCid, dataSize, authenticationTag } =
           await this.encryptAndComputeCid(plaintextBytes, dataEncryptionKey, dataEncryptionIV);
 
         // 8. Replace plaintext with encrypted data
@@ -745,10 +743,11 @@ export class AgentDwnApi {
         request.dataStream = undefined;
 
         if (encryptionInput) {
-          messageParams.encryptionInput = encryptionInput;
+          encryptionInput.authenticationTag = authenticationTag;
+          messageParams.encryptionInput = encryptionInput as EncryptionInput;
         } else {
           // Deferred — store info for post-creation encryption
-          deferredContextEncryption = { dataEncryptionKey, dataEncryptionIV, encryptedBytes };
+          deferredContextEncryption = { dataEncryptionKey, dataEncryptionIV, encryptedBytes, authenticationTag };
         }
 
         // 9. For cross-DWN writes in multi-party contexts, attach the author's
@@ -806,7 +805,8 @@ export class AgentDwnApi {
             deferredContextEncryption.dataEncryptionIV,
           );
 
-        await recordsWriteInstance.encryptSymmetricEncryptionKey(contextEncryptionInput);
+        const fullContextInput = { ...contextEncryptionInput, authenticationTag: deferredContextEncryption.authenticationTag };
+        await recordsWriteInstance.encryptSymmetricEncryptionKey(fullContextInput as EncryptionInput);
         await recordsWriteInstance.sign({ signer });
 
         // Cache context key info for subsequent writes in this context
@@ -893,7 +893,7 @@ export class AgentDwnApi {
    * @param didUri - The DID URI to resolve encryption key info for
    * @returns keyId (fully qualified verification method ID), keyUri (KMS reference),
    *          and publicKeyJwk. No private key material is returned.
-   * @throws If the DID has no keyAgreement verification method or it's not secp256k1.
+   * @throws If the DID has no keyAgreement verification method or it's not X25519.
    */
   private async getEncryptionKeyInfo(didUri: string): Promise<{
     keyId: string;
@@ -914,7 +914,7 @@ export class AgentDwnApi {
     if (!keyAgreementRefs || keyAgreementRefs.length === 0) {
       throw new Error(
         `AgentDwnApi: DID '${didUri}' does not have a keyAgreement ` +
-        `verification method. Create the identity with a secp256k1 key ` +
+        `verification method. Create the identity with an X25519 key ` +
         `with keyAgreement purpose to use protocol encryption.`
       );
     }
@@ -940,12 +940,12 @@ export class AgentDwnApi {
       );
     }
 
-    // 4. Verify it's a secp256k1 key
+    // 4. Verify it's an X25519 key
     const publicKeyJwk = verificationMethod.publicKeyJwk;
-    if (publicKeyJwk.crv !== 'secp256k1') {
+    if (publicKeyJwk.crv !== 'X25519') {
       throw new Error(
         `AgentDwnApi: keyAgreement key for '${didUri}' uses curve ` +
-        `'${publicKeyJwk.crv}', but DWN encryption requires 'secp256k1'.`
+        `'${publicKeyJwk.crv}', but DWN encryption requires 'X25519'.`
       );
     }
 
@@ -960,9 +960,9 @@ export class AgentDwnApi {
   }
 
   /**
-   * Builds an EncryptionInput object for a single key-encryption entry.
-   * Consolidates the repeated pattern of assembling DEK, IV, and a single
-   * keyEncryptionInputs entry into one place.
+   * Builds a partial EncryptionInput object for a single key-encryption entry.
+   * The `authenticationTag` is NOT set here — the caller must set it after
+   * AEAD encryption produces the tag.
    */
   private buildEncryptionInput(
     dek: Uint8Array,
@@ -970,7 +970,7 @@ export class AgentDwnApi {
     publicKeyId: string,
     publicKey: PublicKeyJwk,
     derivationScheme: typeof KeyDerivationScheme.ProtocolPath | typeof KeyDerivationScheme.ProtocolContext,
-  ): EncryptionInput {
+  ): Omit<EncryptionInput, 'authenticationTag'> {
     return {
       initializationVector : iv,
       key                  : dek,
@@ -983,21 +983,22 @@ export class AgentDwnApi {
   }
 
   /**
-   * Encrypts plaintext bytes with AES-256-CTR and computes the CID of the
-   * resulting ciphertext. Returns everything needed to attach the encrypted
-   * data to a DWN message.
+   * Encrypts plaintext bytes with AEAD (AES-256-GCM by default) and computes
+   * the CID of the resulting ciphertext. Returns everything needed to attach
+   * the encrypted data to a DWN message, including the authentication tag.
    */
   private async encryptAndComputeCid(
     plaintextBytes: Uint8Array,
     dek: Uint8Array,
     iv: Uint8Array,
-  ): Promise<{ encryptedBytes: Uint8Array; dataCid: string; dataSize: number }> {
-    const plaintextStream = DataStream.fromBytes(plaintextBytes);
-    const encryptedStream = await Encryption.aes256CtrEncrypt(dek, iv, plaintextStream);
-    const encryptedBytes = await DataStream.toBytes(encryptedStream);
+  ): Promise<{ encryptedBytes: Uint8Array; dataCid: string; dataSize: number; authenticationTag: Uint8Array }> {
+    const { ciphertextStream, tag: authenticationTag } = await Encryption.aeadEncryptStream(
+      ContentEncryptionAlgorithm.A256GCM, dek, iv, DataStream.fromBytes(plaintextBytes),
+    );
+    const encryptedBytes = await DataStream.toBytes(ciphertextStream);
     const cidStream = DataStream.fromBytes(encryptedBytes);
     const dataCid = await Cid.computeDagPbCidFromStream(cidStream);
-    return { encryptedBytes, dataCid, dataSize: encryptedBytes.length };
+    return { encryptedBytes, dataCid, dataSize: encryptedBytes.length, authenticationTag };
   }
 
   /**
@@ -1011,7 +1012,7 @@ export class AgentDwnApi {
     contextId: string,
     dek: Uint8Array,
     iv: Uint8Array,
-  ): Promise<{ encryptionInput: EncryptionInput; keyId: string; keyUri: KeyIdentifier; contextDerivationPath: string[] }> {
+  ): Promise<{ encryptionInput: Omit<EncryptionInput, 'authenticationTag'>; keyId: string; keyUri: KeyIdentifier; contextDerivationPath: string[] }> {
     const { keyId, keyUri } = await this.getEncryptionKeyInfo(didUri);
     const contextDerivationPath =
       Records.constructKeyDerivationPathUsingProtocolContextScheme(contextId);
@@ -1028,7 +1029,7 @@ export class AgentDwnApi {
   }
 
   /**
-   * Builds a KMS-backed ECIES decrypt callback. Used for both ProtocolPath
+   * Builds a KMS-backed JWE key unwrap callback. Used for both ProtocolPath
    * and ProtocolContext decryption where the KMS holds the root private key.
    */
   private buildKmsDecryptCallback(
@@ -1040,14 +1041,12 @@ export class AgentDwnApi {
     return {
       rootKeyId : keyId,
       derivationScheme,
-      decrypt   : async (fullDerivationPath, eciesPayload): Promise<Uint8Array> => {
-        return keyManager.eciesSecp256k1Decrypt({
+      decrypt   : async (fullDerivationPath, jwePayload): Promise<Uint8Array> => {
+        return keyManager.jweKeyUnwrap({
           keyUri,
-          derivationPath            : fullDerivationPath,
-          ciphertext                : eciesPayload.ciphertext,
-          ephemeralPublicKey        : eciesPayload.ephemeralPublicKey,
-          initializationVector      : eciesPayload.initializationVector,
-          messageAuthenticationCode : eciesPayload.messageAuthenticationCode,
+          derivationPath     : fullDerivationPath,
+          encryptedKey       : jwePayload.encryptedKey,
+          ephemeralPublicKey : jwePayload.ephemeralPublicKey,
         });
       },
     };
@@ -1384,18 +1383,18 @@ export class AgentDwnApi {
       return undefined;
     }
 
-    // Search entries for one with a ProtocolContext keyEncryption entry
+    // Search entries for one with a ProtocolContext recipient entry
     // that includes derivedPublicKey
     for (const entry of queryReply.entries) {
-      if (entry.encryption?.keyEncryption) {
-        const contextEntry = entry.encryption.keyEncryption.find(
-          (k: { derivationScheme: string; derivedPublicKey?: PublicKeyJwk }) =>
-            k.derivationScheme === KeyDerivationScheme.ProtocolContext && k.derivedPublicKey
+      if (entry.encryption?.recipients) {
+        const contextEntry = entry.encryption.recipients.find(
+          (r: { header: { derivationScheme: string; derivedPublicKey?: PublicKeyJwk } }) =>
+            r.header.derivationScheme === KeyDerivationScheme.ProtocolContext && r.header.derivedPublicKey
         );
-        if (contextEntry?.derivedPublicKey) {
+        if (contextEntry?.header.derivedPublicKey) {
           return {
-            rootKeyId        : contextEntry.rootKeyId,
-            derivedPublicKey : contextEntry.derivedPublicKey,
+            rootKeyId        : contextEntry.header.kid,
+            derivedPublicKey : contextEntry.header.derivedPublicKey,
           };
         }
       }
@@ -1406,7 +1405,7 @@ export class AgentDwnApi {
 
   /**
    * Reactively upgrades an externally-authored root record that has only
-   * ProtocolPath encryption by appending a ProtocolContext keyEncryption entry.
+   * ProtocolPath encryption by appending a ProtocolContext recipient entry.
    *
    * After the upgrade, both the owner (ProtocolPath) and context key holders —
    * including the external author (ProtocolContext) — can decrypt the record.
@@ -1415,7 +1414,7 @@ export class AgentDwnApi {
    *   1. Decrypt the DEK using the owner's ProtocolPath-derived private key
    *   2. Derive the context public key from the owner's #enc key
    *   3. ECIES-encrypt the same DEK to the context public key
-   *   4. Append the ProtocolContext keyEncryption entry (using PR 0b append mode)
+   *   4. Append the ProtocolContext recipient entry (using PR 0b append mode)
    *   5. Re-sign the record as owner
    *
    * The author's signature payload includes an `encryptionCid` that becomes
@@ -1441,20 +1440,20 @@ export class AgentDwnApi {
     if (!encryption) { return; }
 
     // Verify: has ProtocolPath but NOT ProtocolContext
-    const hasProtocolPath = encryption.keyEncryption.some(
-      (k: { derivationScheme: string }) => k.derivationScheme === KeyDerivationScheme.ProtocolPath
+    const hasProtocolPath = encryption.recipients.some(
+      (r: { header: { derivationScheme: string } }) => r.header.derivationScheme === KeyDerivationScheme.ProtocolPath
     );
-    const hasProtocolContext = encryption.keyEncryption.some(
-      (k: { derivationScheme: string }) => k.derivationScheme === KeyDerivationScheme.ProtocolContext
+    const hasProtocolContext = encryption.recipients.some(
+      (r: { header: { derivationScheme: string } }) => r.header.derivationScheme === KeyDerivationScheme.ProtocolContext
     );
     if (!hasProtocolPath || hasProtocolContext) { return; }
 
     // 1. Decrypt the DEK using the owner's ProtocolPath key
     const keyDecrypter = await this.getKeyDecrypter(tenantDid);
 
-    // Find the ProtocolPath keyEncryption entry
-    const pathEntry = encryption.keyEncryption.find(
-      (k: { derivationScheme: string }) => k.derivationScheme === KeyDerivationScheme.ProtocolPath
+    // Find the ProtocolPath recipient entry
+    const pathRecipient = encryption.recipients.find(
+      (r: { header: { derivationScheme: string } }) => r.header.derivationScheme === KeyDerivationScheme.ProtocolPath
     )!;
 
     const fullDerivationPath = Records.constructKeyDerivationPathUsingProtocolPathScheme(
@@ -1464,30 +1463,31 @@ export class AgentDwnApi {
     const dataEncryptionKey = await keyDecrypter.decrypt(
       fullDerivationPath,
       {
-        ciphertext                : Encoder.base64UrlToBytes(pathEntry.encryptedKey),
-        ephemeralPublicKey        : Secp256k1.publicJwkToBytes(pathEntry.ephemeralPublicKey),
-        initializationVector      : Encoder.base64UrlToBytes(pathEntry.initializationVector),
-        messageAuthenticationCode : Encoder.base64UrlToBytes(pathEntry.messageAuthenticationCode),
+        encryptedKey       : Encoder.base64UrlToBytes(pathRecipient.encrypted_key),
+        ephemeralPublicKey : pathRecipient.header.epk,
       },
     );
 
     // 2. Derive the context public key — contextId = recordId for root records
     const contextId = recordsWrite.recordId;
-    const encryptionIV = Encoder.base64UrlToBytes(encryption.initializationVector);
+    const encryptionIV = Encoder.base64UrlToBytes(encryption.iv);
 
-    // 3 & 4. Append the ProtocolContext keyEncryption entry using append mode.
+    // 3 & 4. Append the ProtocolContext recipient entry using append mode.
     // Append mode preserves the author's identity and authorization so that
     // signAsOwner() can be called in step 5.
     const { encryptionInput: contextEncryptionInput, keyId, keyUri, contextDerivationPath } =
       await this.deriveContextEncryptionInput(tenantDid, contextId, dataEncryptionKey, encryptionIV);
 
+    // Set the authentication tag from the existing JWE encryption property
+    const fullContextInput = { ...contextEncryptionInput, authenticationTag: Encoder.base64UrlToBytes(encryption.tag) };
+
     // Parse the message to get a RecordsWrite instance we can mutate
     const recordsWriteInstance = await dwnMessageConstructors[DwnInterface.RecordsWrite].parse(
       recordsWrite,
     ) as unknown as RecordsWrite;
 
     await recordsWriteInstance.encryptSymmetricEncryptionKey(
-      contextEncryptionInput,
+      fullContextInput as EncryptionInput,
       { append: true },
     );
 
@@ -1505,35 +1505,44 @@ export class AgentDwnApi {
     // We must also update the state index and event stream to keep sync and
     // real-time subscribers consistent — without this, the upgraded record
     // would never propagate to remote DWNs or notify subscribers.
-    const dwnInternal = this._dwn as any;
-    const messageStore = dwnInternal.messageStore as MessageStore;
-    const stateIndex = dwnInternal.stateIndex as StateIndex;
-    const eventStream = dwnInternal.eventStream as EventStream | undefined;
+    const { messageStore, stateIndex, eventStream } = this._dwn.storage;
+
+    // Validate the upgrade only changed encryption and authorization fields.
+    // The descriptor, recordId, contextId, and data must remain identical.
+    // Note: parse() may produce a new descriptor object, so we compare by value.
+    const upgradedMessage = recordsWriteInstance.message as RecordsQueryReplyEntry;
+    if (JSON.stringify(upgradedMessage.descriptor) !== JSON.stringify(recordsWrite.descriptor)) {
+      throw new Error('AgentDwnApi: upgradeExternalRootRecord() must not modify the descriptor.');
+    }
+    if (upgradedMessage.recordId !== recordsWrite.recordId) {
+      throw new Error('AgentDwnApi: upgradeExternalRootRecord() must not modify the recordId.');
+    }
 
     // Fetch the stored original (which carries encodedData for small payloads)
     const originalCid = await Message.getCid(recordsWrite);
     const storedOriginal = await messageStore.get(tenantDid, originalCid) as RecordsQueryReplyEntry | undefined;
 
-    // Remove the original message and its state index entry
-    await messageStore.delete(tenantDid, originalCid);
-    await stateIndex.delete(tenantDid, [originalCid]);
-
     // Build indexes for the upgraded message (mark as latest base state)
     const isLatestBaseState = true;
     const upgradedIndexes = await recordsWriteInstance.constructIndexes(isLatestBaseState);
 
     // Carry over the encoded data from the stored original (the handler
     // base64url-encodes small payloads into encodedData during processMessage)
-    const upgradedMessage = recordsWriteInstance.message as RecordsQueryReplyEntry;
     if (storedOriginal?.encodedData) {
       upgradedMessage.encodedData = storedOriginal.encodedData;
     }
 
-    // Store the upgraded message and insert into state index
-    await messageStore.put(tenantDid, upgradedMessage, upgradedIndexes);
+    // Use put-before-delete ordering: if a crash occurs after the put but
+    // before the delete, we end up with a duplicate (recoverable via the
+    // isLatestBaseState index) rather than data loss (unrecoverable).
     const upgradedCid = await Message.getCid(upgradedMessage);
+    await messageStore.put(tenantDid, upgradedMessage, upgradedIndexes);
     await stateIndex.insert(tenantDid, upgradedCid, upgradedIndexes);
 
+    // Now remove the original message and its state index entry.
+    await messageStore.delete(tenantDid, originalCid);
+    await stateIndex.delete(tenantDid, [originalCid]);
+
     // Notify real-time subscribers (mirrors handler behavior)
     if (eventStream !== undefined) {
       eventStream.emit(tenantDid, { message: upgradedMessage }, upgradedIndexes);
@@ -1559,8 +1568,8 @@ export class AgentDwnApi {
     const { encryption } = recordsWrite;
 
     // Check if the record uses context-derived encryption
-    const hasContextKey = encryption?.keyEncryption.some(
-      (k: { derivationScheme: string }) => k.derivationScheme === KeyDerivationScheme.ProtocolContext
+    const hasContextKey = encryption?.recipients.some(
+      (r: { header: { derivationScheme: string } }) => r.header.derivationScheme === KeyDerivationScheme.ProtocolContext
     );
 
     if (!hasContextKey || !recordsWrite.contextId) {
@@ -1569,15 +1578,15 @@ export class AgentDwnApi {
     }
 
     // --- Multi-party context encryption ---
-    const contextKeyEntry = encryption!.keyEncryption.find(
-      (k: { derivationScheme: string }) => k.derivationScheme === KeyDerivationScheme.ProtocolContext
+    const contextKeyEntry = encryption!.recipients.find(
+      (r: { header: { derivationScheme: string } }) => r.header.derivationScheme === KeyDerivationScheme.ProtocolContext
     )!;
 
     const rootContextId = recordsWrite.contextId.split('/')[0];
 
     // Case 1: I am the context creator — rootKeyId matches my encryption key
     const { keyId, keyUri } = await this.getEncryptionKeyInfo(authorDid);
-    if (contextKeyEntry.rootKeyId === keyId) {
+    if (contextKeyEntry.header.kid === keyId) {
       return this.buildKmsDecryptCallback(keyId, keyUri, KeyDerivationScheme.ProtocolContext);
     }
 
@@ -1638,17 +1647,12 @@ export class AgentDwnApi {
     return {
       rootKeyId        : contextKey.rootKeyId,
       derivationScheme : contextKey.derivationScheme,
-      decrypt          : async (fullDerivationPath, eciesPayload): Promise<Uint8Array> => {
-        const leafPrivateKey = await Records.derivePrivateKey(
+      decrypt          : async (fullDerivationPath, jwePayload): Promise<Uint8Array> => {
+        const leafPrivateKeyBytes = await Records.derivePrivateKey(
           contextKey, fullDerivationPath,
         );
-        return Encryption.eciesSecp256k1Decrypt({
-          privateKey                : leafPrivateKey,
-          ciphertext                : eciesPayload.ciphertext,
-          ephemeralPublicKey        : eciesPayload.ephemeralPublicKey,
-          initializationVector      : eciesPayload.initializationVector,
-          messageAuthenticationCode : eciesPayload.messageAuthenticationCode,
-        });
+        const leafPrivateKeyJwk = await X25519.bytesToPrivateKey({ privateKeyBytes: leafPrivateKeyBytes });
+        return Encryption.ecdhEsUnwrapKey(leafPrivateKeyJwk, jwePayload.ephemeralPublicKey, jwePayload.encryptedKey);
       },
     };
   }
@@ -1870,17 +1874,20 @@ export class AgentDwnApi {
       // Manually build encryption input targeting the recipient's key so the
       // record is decryptable only by the recipient.
       const dataEncryptionKey = crypto.getRandomValues(new Uint8Array(32));
-      const dataEncryptionIV = crypto.getRandomValues(new Uint8Array(16));
+      const dataEncryptionIV = crypto.getRandomValues(new Uint8Array(12));
 
-      const { encryptedBytes, dataCid, dataSize } =
+      const { encryptedBytes, dataCid, dataSize, authenticationTag } =
         await this.encryptAndComputeCid(plaintextBytes, dataEncryptionKey, dataEncryptionIV);
 
-      const encryptionInput = this.buildEncryptionInput(
-        dataEncryptionKey, dataEncryptionIV,
-        recipientKeyDeliveryPublicKey.rootKeyId,
-        recipientKeyDeliveryPublicKey.publicKeyJwk,
-        KeyDerivationScheme.ProtocolPath,
-      );
+      const encryptionInput = {
+        ...this.buildEncryptionInput(
+          dataEncryptionKey, dataEncryptionIV,
+          recipientKeyDeliveryPublicKey.rootKeyId,
+          recipientKeyDeliveryPublicKey.publicKeyJwk,
+          KeyDerivationScheme.ProtocolPath,
+        ),
+        authenticationTag,
+      } as EncryptionInput;
 
       ({ message, reply: { status } } = await this.processRequest({
         author        : tenantDid,

package/src/hd-identity-vault.ts

@@ -4,7 +4,7 @@ import type { KeyValueStore } from '@enbox/common';
 
 import { HDKey } from 'ed25519-keygen/hdkey';
 import { wordlist } from '@scure/bip39/wordlists/english';
-import { BearerDid, DidDht } from '@enbox/dids';
+import { BearerDid, DidDht, isPortableDid } from '@enbox/dids';
 import { Convert, MemoryStore } from '@enbox/common';
 import { generateMnemonic, mnemonicToSeed, validateMnemonic } from '@scure/bip39';
 
@@ -14,7 +14,6 @@ import type { IdentityVault, IdentityVaultBackup, IdentityVaultBackupData, Ident
 import { AgentCryptoApi } from './crypto-api.js';
 import { CompactJwe } from './prototyping/crypto/jose/jwe-compact.js';
 import { DeterministicKeyGenerator } from './utils-internal.js';
-import { isPortableDid } from './prototyping/dids/utils.js';
 import { LocalKeyManager } from './local-key-manager.js';
 
 /**
@@ -495,10 +494,10 @@ export class HdIdentityVault implements IdentityVault<{ InitializeResult: string
       privateKeyBytes : signingHdKey.privateKey
     });
 
-    // Derive the encryption key using index 2 (secp256k1 for ECIES encryption).
+    // Derive the encryption key using index 2 (X25519 for ECDH-ES JWE encryption).
     const encryptionHdKey = rootHdKey.derive(`m/44'/0'/1708523827'/0'/2'`);
     const encryptionPrivateKey = await this.crypto.bytesToPrivateKey({
-      algorithm       : 'secp256k1',
+      algorithm       : 'X25519',
       privateKeyBytes : encryptionHdKey.privateKey
     });
 
@@ -518,7 +517,7 @@ export class HdIdentityVault implements IdentityVault<{ InitializeResult: string
           purposes  : ['assertionMethod', 'authentication']
         },
         {
-          algorithm : 'secp256k1',
+          algorithm : 'X25519',
           id        : 'enc',
           purposes  : ['keyAgreement']
         }

package/src/identity-api.ts

@@ -6,10 +6,11 @@ import type { DidMethodCreateOptions } from './did-api.js';
 import type { Web5PlatformAgent } from './types/agent.js';
 import type { IdentityMetadata, PortableIdentity } from './types/identity.js';
 
+import { isPortableDid } from '@enbox/dids';
+
 import { BearerIdentity } from './bearer-identity.js';
 import { getDwnServiceEndpointUrls } from './utils.js';
 import { InMemoryIdentityStore } from './store-identity.js';
-import { isPortableDid } from './prototyping/dids/utils.js';
 
 export interface IdentityApiParams<TKeyManager extends AgentKeyManager> {
   agent?: Web5PlatformAgent<TKeyManager>;

package/src/index.ts

@@ -12,12 +12,10 @@ export * from './bearer-identity.js';
 export * from './crypto-api.js';
 export * from './did-api.js';
 export * from './dwn-api.js';
-export * from './dwn-registrar.js';
 export * from './hd-identity-vault.js';
 export * from './identity-api.js';
 export * from './local-key-manager.js';
 export * from './permissions-api.js';
-export * from './rpc-client.js';
 export * from './store-data.js';
 export * from './store-did.js';
 export * from './store-identity.js';