@enbox/crypto 0.0.1

package/dist/esm/primitives/xchacha20-poly1305.js

@@ -0,0 +1,270 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+import { Convert } from '@enbox/common';
+import { xchacha20poly1305 } from '@noble/ciphers/chacha';
+import { getWebcryptoSubtle } from '@noble/ciphers/webcrypto';
+import { computeJwkThumbprint, isOctPrivateJwk } from '../jose/jwk.js';
+/**
+ * Constant defining the length of the authentication tag in bytes for XChaCha20-Poly1305.
+ *
+ * @remarks
+ * The `POLY1305_TAG_LENGTH` is set to 16 bytes (128 bits), which is the standard size for the
+ * Poly1305 authentication tag in XChaCha20-Poly1305 encryption. This tag length ensures
+ * a strong level of security for message authentication, verifying the integrity and
+ * authenticity of the data during decryption.
+ */
+export const POLY1305_TAG_LENGTH = 16;
+/**
+ * The `XChaCha20Poly1305` class provides a suite of utilities for cryptographic operations
+ * using the XChaCha20-Poly1305 algorithm, a combination of the XChaCha20 stream cipher and the
+ * Poly1305 message authentication code (MAC). This class encompasses methods for key generation,
+ * encryption, decryption, and conversions between raw byte arrays and JSON Web Key (JWK) formats.
+ *
+ * XChaCha20-Poly1305 is renowned for its high security and efficiency, especially in scenarios
+ * involving large data volumes or where data integrity and confidentiality are paramount. The
+ * extended nonce size of XChaCha20 reduces the risks of nonce reuse, while Poly1305 provides
+ * a strong MAC ensuring data integrity.
+ *
+ * Key Features:
+ * - Key Generation: Generate XChaCha20-Poly1305 symmetric keys in JWK format.
+ * - Key Conversion: Transform keys between raw byte arrays and JWK formats.
+ * - Encryption: Encrypt data using XChaCha20-Poly1305, returning both ciphertext and MAC tag.
+ * - Decryption: Decrypt data and verify integrity using the XChaCha20-Poly1305 algorithm.
+ *
+ * The methods in this class are asynchronous, returning Promises to accommodate various
+ * JavaScript environments.
+ *
+ * @example
+ * ```ts
+ * // Key Generation
+ * const privateKey = await XChaCha20Poly1305.generateKey();
+ *
+ * // Encryption
+ * const data = new TextEncoder().encode('Messsage');
+ * const nonce = utils.randomBytes(24); // 24-byte nonce
+ * const additionalData = new TextEncoder().encode('Associated data');
+ * const { ciphertext, tag } = await XChaCha20Poly1305.encrypt({
+ *   data,
+ *   nonce,
+ *   additionalData,
+ *   key: privateKey
+ * });
+ *
+ * // Decryption
+ * const decryptedData = await XChaCha20Poly1305.decrypt({
+ *   data: ciphertext,
+ *   nonce,
+ *   tag,
+ *   additionalData,
+ *   key: privateKey
+ * });
+ *
+ * // Key Conversion
+ * const privateKeyBytes = await XChaCha20Poly1305.privateKeyToBytes({ privateKey });
+ * ```
+ */
+export class XChaCha20Poly1305 {
+    /**
+     * Converts a raw private key in bytes to its corresponding JSON Web Key (JWK) format.
+     *
+     * @remarks
+     * This method takes a symmetric key represented as a byte array (Uint8Array) and converts it into
+     * a JWK object for use with the XChaCha20-Poly1305 algorithm. The process involves encoding the
+     * key into base64url format and setting the appropriate JWK parameters.
+     *
+     * The resulting JWK object includes the following properties:
+     * - `kty`: Key Type, set to 'oct' for Octet Sequence (representing a symmetric key).
+     * - `k`: The symmetric key, base64url-encoded.
+     * - `kid`: Key ID, generated based on the JWK thumbprint.
+     *
+     * @example
+     * ```ts
+     * const privateKeyBytes = new Uint8Array([...]); // Replace with actual symmetric key bytes
+     * const privateKey = await XChaCha20Poly1305.bytesToPrivateKey({ privateKeyBytes });
+     * ```
+     *
+     * @param params - The parameters for the symmetric key conversion.
+     * @param params.privateKeyBytes - The raw symmetric key as a Uint8Array.
+     *
+     * @returns A Promise that resolves to the symmetric key in JWK format.
+     */
+    static bytesToPrivateKey(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ privateKeyBytes }) {
+            // Construct the private key in JWK format.
+            const privateKey = {
+                k: Convert.uint8Array(privateKeyBytes).toBase64Url(),
+                kty: 'oct'
+            };
+            // Compute the JWK thumbprint and set as the key ID.
+            privateKey.kid = yield computeJwkThumbprint({ jwk: privateKey });
+            return privateKey;
+        });
+    }
+    /**
+     * Decrypts the provided data using XChaCha20-Poly1305.
+     *
+     * @remarks
+     * This method performs XChaCha20-Poly1305 decryption on the given encrypted data using the
+     * specified key, nonce, and authentication tag. It supports optional additional authenticated
+     * data (AAD) for enhanced security. The nonce must be 24 bytes long, consistent with XChaCha20's
+     * specifications.
+     *
+     * @example
+     * ```ts
+     * const encryptedData = new Uint8Array([...]); // Encrypted data
+     * const nonce = new Uint8Array(24); // 24-byte nonce
+     * const additionalData = new Uint8Array([...]); // Optional AAD
+     * const key = { ... }; // A Jwk object representing the XChaCha20-Poly1305 key
+     * const decryptedData = await XChaCha20Poly1305.decrypt({
+     *   data: encryptedData,
+     *   nonce,
+     *   additionalData,
+     *   key
+     * });
+     * ```
+     *
+     * @param params - The parameters for the decryption operation.
+     * @param params.data - The encrypted data to decrypt including the authentication tag,
+     *                      represented as a Uint8Array.
+     * @param params.key - The key to use for decryption, represented in JWK format.
+     * @param params.nonce - The nonce used during the encryption process.
+     * @param params.additionalData - Optional additional authenticated data.
+     *
+     * @returns A Promise that resolves to the decrypted data as a Uint8Array.
+     */
+    static decrypt(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ data, key, nonce, additionalData }) {
+            // Convert the private key from JWK format to bytes.
+            const privateKeyBytes = yield XChaCha20Poly1305.privateKeyToBytes({ privateKey: key });
+            const xc20p = xchacha20poly1305(privateKeyBytes, nonce, additionalData);
+            const plaintext = xc20p.decrypt(data);
+            return plaintext;
+        });
+    }
+    /**
+     * Encrypts the provided data using XChaCha20-Poly1305.
+     *
+     * @remarks
+     * This method performs XChaCha20-Poly1305 encryption on the given data using the specified key
+     * and nonce. It supports optional additional authenticated data (AAD) for enhanced security. The
+     * nonce must be 24 bytes long, as per XChaCha20's specifications. The method returns the
+     * encrypted data along with an authentication tag as a Uint8Array, ensuring both confidentiality
+     * and integrity of the data.
+     *
+     * @example
+     * ```ts
+     * const data = new TextEncoder().encode('Messsage');
+     * const nonce = utils.randomBytes(24); // 24-byte nonce
+     * const additionalData = new TextEncoder().encode('Associated data'); // Optional AAD
+     * const key = { ... }; // A Jwk object representing an XChaCha20-Poly1305 key
+     * const encryptedData = await XChaCha20Poly1305.encrypt({
+     *   data,
+     *   nonce,
+     *   additionalData,
+     *   key
+     * });
+     * ```
+     *
+     * @param params - The parameters for the encryption operation.
+     * @param params.data - The data to encrypt, represented as a Uint8Array.
+     * @param params.key - The key to use for encryption, represented in JWK format.
+     * @param params.nonce - A 24-byte nonce for the encryption process.
+     * @param params.additionalData - Optional additional authenticated data.
+     *
+     * @returns A Promise that resolves to a byte array containing the encrypted data and the
+     *          authentication tag.
+     */
+    static encrypt(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ data, key, nonce, additionalData }) {
+            // Convert the private key from JWK format to bytes.
+            const privateKeyBytes = yield XChaCha20Poly1305.privateKeyToBytes({ privateKey: key });
+            const xc20p = xchacha20poly1305(privateKeyBytes, nonce, additionalData);
+            const ciphertext = xc20p.encrypt(data);
+            return ciphertext;
+        });
+    }
+    /**
+     * Generates a symmetric key for XChaCha20-Poly1305 in JSON Web Key (JWK) format.
+     *
+     * @remarks
+     * This method creates a new symmetric key suitable for use with the XChaCha20-Poly1305 algorithm.
+     * The key is generated using cryptographically secure random number generation to ensure its
+     * uniqueness and security. The XChaCha20-Poly1305 algorithm requires a 256-bit key (32 bytes),
+     * and this method adheres to that specification.
+     *
+     * Key components included in the JWK:
+     * - `kty`: Key Type, set to 'oct' for Octet Sequence.
+     * - `k`: The symmetric key component, base64url-encoded.
+     * - `kid`: Key ID, generated based on the JWK thumbprint.
+     *
+     * @example
+     * ```ts
+     * const privateKey = await XChaCha20Poly1305.generateKey();
+     * ```
+     *
+     * @returns A Promise that resolves to the generated symmetric key in JWK format.
+     */
+    static generateKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Get the Web Crypto API interface.
+            const webCrypto = getWebcryptoSubtle();
+            // Generate a random private key.
+            // See https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues#usage_notes for
+            // an explanation for why Web Crypto generateKey() is used instead of getRandomValues().
+            const webCryptoKey = yield webCrypto.generateKey({ name: 'AES-CTR', length: 256 }, true, ['encrypt']);
+            // Export the private key in JWK format.
+            const _a = yield webCrypto.exportKey('jwk', webCryptoKey), { alg, ext, key_ops } = _a, privateKey = __rest(_a, ["alg", "ext", "key_ops"]);
+            // Compute the JWK thumbprint and set as the key ID.
+            privateKey.kid = yield computeJwkThumbprint({ jwk: privateKey });
+            return privateKey;
+        });
+    }
+    /**
+     * Converts a private key from JSON Web Key (JWK) format to a raw byte array (Uint8Array).
+     *
+     * This method takes a symmetric key in JWK format and extracts its raw byte representation.
+     * It decodes the 'k' parameter of the JWK value, which represents the symmetric key in base64url
+     * encoding, into a byte array.
+     *
+     * @example
+     * ```ts
+     * const privateKey = { ... }; // A symmetric key in JWK format
+     * const privateKeyBytes = await XChaCha20Poly1305.privateKeyToBytes({ privateKey });
+     * ```
+     *
+     * @param params - The parameters for the symmetric key conversion.
+     * @param params.privateKey - The symmetric key in JWK format.
+     *
+     * @returns A Promise that resolves to the symmetric key as a Uint8Array.
+     */
+    static privateKeyToBytes(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ privateKey }) {
+            // Verify the provided JWK represents a valid oct private key.
+            if (!isOctPrivateJwk(privateKey)) {
+                throw new Error(`XChaCha20Poly1305: The provided key is not a valid oct private key.`);
+            }
+            // Decode the provided private key to bytes.
+            const privateKeyBytes = Convert.base64Url(privateKey.k).toUint8Array();
+            return privateKeyBytes;
+        });
+    }
+}
+//# sourceMappingURL=xchacha20-poly1305.js.map

package/dist/esm/primitives/xchacha20-poly1305.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"xchacha20-poly1305.js","sourceRoot":"","sources":["../../../src/primitives/xchacha20-poly1305.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAI9D,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEvE;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,EAAE,CAAC;AAEtC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AACH,MAAM,OAAO,iBAAiB;IAC5B;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACI,MAAM,CAAO,iBAAiB;6DAAC,EAAE,eAAe,EAEtD;YACC,2CAA2C;YAC3C,MAAM,UAAU,GAAQ;gBACtB,CAAC,EAAK,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE;gBACvD,GAAG,EAAG,KAAK;aACZ,CAAC;YAEF,oDAAoD;YACpD,UAAU,CAAC,GAAG,GAAG,MAAM,oBAAoB,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC;YAEjE,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACI,MAAM,CAAO,OAAO;6DAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAK7D;YACC,oDAAoD;YACpD,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,iBAAiB,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;YAEvF,MAAM,KAAK,GAAG,iBAAiB,CAAC,eAAe,EAAE,KAAK,EAAE,cAAc,CAAC,CAAC;YACxE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAEtC,OAAO,SAAS,CAAC;QACnB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACI,MAAM,CAAO,OAAO;6DAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAK7D;YACC,oDAAoD;YACpD,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,iBAAiB,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;YAEvF,MAAM,KAAK,GAAG,iBAAiB,CAAC,eAAe,EAAE,KAAK,EAAE,cAAc,CAAC,CAAC;YACxE,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAEvC,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACI,MAAM,CAAO,WAAW;;YAC7B,oCAAoC;YACpC,MAAM,SAAS,GAAG,kBAAkB,EAAE,CAAC;YAEvC,iCAAiC;YACjC,8FAA8F;YAC9F,wFAAwF;YACxF,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,WAAW,CAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;YAEvG,wCAAwC;YACxC,MAAM,KAAuC,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC,EAArF,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,OAAkE,EAA7D,UAAU,cAAlC,yBAAoC,CAAiD,CAAC;YAE5F,oDAAoD;YACpD,UAAU,CAAC,GAAG,GAAG,MAAM,oBAAoB,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC;YAEjE,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;OAiBG;IACI,MAAM,CAAO,iBAAiB;6DAAC,EAAE,UAAU,EAEjD;YACC,8DAA8D;YAC9D,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;YACzF,CAAC;YAED,4CAA4C;YAC5C,MAAM,eAAe,GAAG,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;YAEvE,OAAO,eAAe,CAAC;QACzB,CAAC;KAAA;CACF"}

package/dist/esm/primitives/xchacha20.js

@@ -0,0 +1,246 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+import { Convert } from '@enbox/common';
+import { xchacha20 } from '@noble/ciphers/chacha';
+import { getWebcryptoSubtle } from '@noble/ciphers/webcrypto';
+import { computeJwkThumbprint, isOctPrivateJwk } from '../jose/jwk.js';
+/**
+ * The `XChaCha20` class provides a comprehensive suite of utilities for cryptographic operations
+ * using the XChaCha20 symmetric encryption algorithm. This class includes methods for key
+ * generation, encryption, decryption, and conversions between raw byte arrays and JSON Web Key
+ * (JWK) formats. XChaCha20 is an extended nonce variant of ChaCha20, a stream cipher designed for
+ * high-speed encryption with substantial security margins.
+ *
+ * The XChaCha20 algorithm is particularly well-suited for encrypting large volumes of data or
+ * data streams, especially where random access is required. The class adheres to standard
+ * cryptographic practices, ensuring robustness and security in its implementations.
+ *
+ * Key Features:
+ * - Key Generation: Generate XChaCha20 symmetric keys in JWK format.
+ * - Key Conversion: Transform keys between raw byte arrays and JWK formats.
+ * - Encryption: Encrypt data using XChaCha20 with the provided symmetric key.
+ * - Decryption: Decrypt data encrypted with XChaCha20 using the corresponding symmetric key.
+ *
+ * The methods in this class are asynchronous, returning Promises to accommodate various
+ * JavaScript environments.
+ *
+ * @example
+ * ```ts
+ * // Key Generation
+ * const privateKey = await XChaCha20.generateKey();
+ *
+ * // Encryption
+ * const data = new TextEncoder().encode('Messsage');
+ * const nonce = utils.randomBytes(24); // 24-byte nonce for XChaCha20
+ * const encryptedData = await XChaCha20.encrypt({
+ *   data,
+ *   nonce,
+ *   key: privateKey
+ * });
+ *
+ * // Decryption
+ * const decryptedData = await XChaCha20.decrypt({
+ *   data: encryptedData,
+ *   nonce,
+ *   key: privateKey
+ * });
+ *
+ * // Key Conversion
+ * const privateKeyBytes = await XChaCha20.privateKeyToBytes({ privateKey });
+ * ```
+ */
+export class XChaCha20 {
+    /**
+     * Converts a raw private key in bytes to its corresponding JSON Web Key (JWK) format.
+     *
+     * @remarks
+     * This method takes a symmetric key represented as a byte array (Uint8Array) and
+     * converts it into a JWK object for use with the XChaCha20 symmetric encryption algorithm. The
+     * conversion process involves encoding the key into base64url format and setting the appropriate
+     * JWK parameters.
+     *
+     * The resulting JWK object includes the following properties:
+     * - `kty`: Key Type, set to 'oct' for Octet Sequence (representing a symmetric key).
+     * - `k`: The symmetric key, base64url-encoded.
+     * - `kid`: Key ID, generated based on the JWK thumbprint.
+     *
+     * @example
+     * ```ts
+     * const privateKeyBytes = new Uint8Array([...]); // Replace with actual symmetric key bytes
+     * const privateKey = await XChaCha20.bytesToPrivateKey({ privateKeyBytes });
+     * ```
+     *
+     * @param params - The parameters for the symmetric key conversion.
+     * @param params.privateKeyBytes - The raw symmetric key as a Uint8Array.
+     *
+     * @returns A Promise that resolves to the symmetric key in JWK format.
+     */
+    static bytesToPrivateKey(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ privateKeyBytes }) {
+            // Construct the private key in JWK format.
+            const privateKey = {
+                k: Convert.uint8Array(privateKeyBytes).toBase64Url(),
+                kty: 'oct'
+            };
+            // Compute the JWK thumbprint and set as the key ID.
+            privateKey.kid = yield computeJwkThumbprint({ jwk: privateKey });
+            return privateKey;
+        });
+    }
+    /**
+     * Decrypts the provided data using XChaCha20.
+     *
+     * @remarks
+     * This method performs XChaCha20 decryption on the given encrypted data using the specified key
+     * and nonce. The nonce should be the same as used in the encryption process and must be 24 bytes
+     * long. The method returns the decrypted data as a Uint8Array.
+     *
+     * @example
+     * ```ts
+     * const encryptedData = new Uint8Array([...]); // Encrypted data
+     * const nonce = new Uint8Array(24); // 24-byte nonce used during encryption
+     * const key = { ... }; // A Jwk object representing the XChaCha20 key
+     * const decryptedData = await XChaCha20.decrypt({
+     *   data: encryptedData,
+     *   nonce,
+     *   key
+     * });
+     * ```
+     *
+     * @param params - The parameters for the decryption operation.
+     * @param params.data - The encrypted data to decrypt, represented as a Uint8Array.
+     * @param params.key - The key to use for decryption, represented in JWK format.
+     * @param params.nonce - The nonce used during the encryption process.
+     *
+     * @returns A Promise that resolves to the decrypted data as a Uint8Array.
+     */
+    static decrypt(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ data, key, nonce }) {
+            // Convert the private key from JWK format to bytes.
+            const privateKeyBytes = yield XChaCha20.privateKeyToBytes({ privateKey: key });
+            const ciphertext = xchacha20(privateKeyBytes, nonce, data);
+            return ciphertext;
+        });
+    }
+    /**
+     * Encrypts the provided data using XChaCha20.
+     *
+     * @remarks
+     * This method performs XChaCha20 encryption on the given data using the specified key and nonce.
+     * The nonce must be 24 bytes long, ensuring a high level of security through a vast nonce space,
+     * reducing the risks associated with nonce reuse. The method returns the encrypted data as a
+     * Uint8Array.
+     *
+     * @example
+     * ```ts
+     * const data = new TextEncoder().encode('Messsage');
+     * const nonce = utils.randomBytes(24); // 24-byte nonce for XChaCha20
+     * const key = { ... }; // A Jwk object representing an XChaCha20 key
+     * const encryptedData = await XChaCha20.encrypt({
+     *   data,
+     *   nonce,
+     *   key
+     * });
+     * ```
+     *
+     * @param params - The parameters for the encryption operation.
+     * @param params.data - The data to encrypt, represented as a Uint8Array.
+     * @param params.key - The key to use for encryption, represented in JWK format.
+     * @param params.nonce - A 24-byte nonce for the encryption process.
+     *
+     * @returns A Promise that resolves to the encrypted data as a Uint8Array.
+     */
+    static encrypt(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ data, key, nonce }) {
+            // Convert the private key from JWK format to bytes.
+            const privateKeyBytes = yield XChaCha20.privateKeyToBytes({ privateKey: key });
+            const plaintext = xchacha20(privateKeyBytes, nonce, data);
+            return plaintext;
+        });
+    }
+    /**
+     * Generates a symmetric key for XChaCha20 in JSON Web Key (JWK) format.
+     *
+     * @remarks
+     * This method creates a new symmetric key suitable for use with the XChaCha20 encryption
+     * algorithm. The key is generated using cryptographically secure random number generation
+     * to ensure its uniqueness and security. The XChaCha20 algorithm requires a 256-bit key
+     * (32 bytes), and this method adheres to that specification.
+     *
+     * Key components included in the JWK:
+     * - `kty`: Key Type, set to 'oct' for Octet Sequence.
+     * - `k`: The symmetric key component, base64url-encoded.
+     * - `kid`: Key ID, generated based on the JWK thumbprint.
+     *
+     * @example
+     * ```ts
+     * const privateKey = await XChaCha20.generateKey();
+     * ```
+     *
+     * @returns A Promise that resolves to the generated symmetric key in JWK format.
+     */
+    static generateKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Get the Web Crypto API interface.
+            const webCrypto = getWebcryptoSubtle();
+            // Generate a random private key.
+            // See https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues#usage_notes for
+            // an explanation for why Web Crypto generateKey() is used instead of getRandomValues().
+            const webCryptoKey = yield webCrypto.generateKey({ name: 'AES-CTR', length: 256 }, true, ['encrypt']);
+            // Export the private key in JWK format.
+            const _a = yield webCrypto.exportKey('jwk', webCryptoKey), { alg, ext, key_ops } = _a, privateKey = __rest(_a, ["alg", "ext", "key_ops"]);
+            // Compute the JWK thumbprint and set as the key ID.
+            privateKey.kid = yield computeJwkThumbprint({ jwk: privateKey });
+            return privateKey;
+        });
+    }
+    /**
+     * Converts a private key from JSON Web Key (JWK) format to a raw byte array (Uint8Array).
+     *
+     * @remarks
+     * This method takes a symmetric key in JWK format and extracts its raw byte representation.
+     * It decodes the 'k' parameter of the JWK value, which represents the symmetric key in base64url
+     * encoding, into a byte array.
+     *
+     * @example
+     * ```ts
+     * const privateKey = { ... }; // A symmetric key in JWK format
+     * const privateKeyBytes = await XChaCha20.privateKeyToBytes({ privateKey });
+     * ```
+     *
+     * @param params - The parameters for the symmetric key conversion.
+     * @param params.privateKey - The symmetric key in JWK format.
+     *
+     * @returns A Promise that resolves to the symmetric key as a Uint8Array.
+     */
+    static privateKeyToBytes(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ privateKey }) {
+            // Verify the provided JWK represents a valid oct private key.
+            if (!isOctPrivateJwk(privateKey)) {
+                throw new Error(`XChaCha20: The provided key is not a valid oct private key.`);
+            }
+            // Decode the provided private key to bytes.
+            const privateKeyBytes = Convert.base64Url(privateKey.k).toUint8Array();
+            return privateKeyBytes;
+        });
+    }
+}
+//# sourceMappingURL=xchacha20.js.map

package/dist/esm/primitives/xchacha20.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"xchacha20.js","sourceRoot":"","sources":["../../../src/primitives/xchacha20.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAI9D,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEvE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AACH,MAAM,OAAO,SAAS;IACpB;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,MAAM,CAAO,iBAAiB;6DAAC,EAAE,eAAe,EAEtD;YACC,2CAA2C;YAC3C,MAAM,UAAU,GAAQ;gBACtB,CAAC,EAAK,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE;gBACvD,GAAG,EAAG,KAAK;aACZ,CAAC;YAEF,oDAAoD;YACpD,UAAU,CAAC,GAAG,GAAG,MAAM,oBAAoB,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC;YAEjE,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACI,MAAM,CAAO,OAAO;6DAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAI7C;YACC,oDAAoD;YACpD,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,iBAAiB,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;YAE/E,MAAM,UAAU,GAAG,SAAS,CAAC,eAAe,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;YAE3D,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACI,MAAM,CAAO,OAAO;6DAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAI7C;YACC,oDAAoD;YACpD,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,iBAAiB,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;YAE/E,MAAM,SAAS,GAAG,SAAS,CAAC,eAAe,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;YAE1D,OAAO,SAAS,CAAC;QACnB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACI,MAAM,CAAO,WAAW;;YAC7B,oCAAoC;YACpC,MAAM,SAAS,GAAG,kBAAkB,EAAE,CAAC;YAEvC,iCAAiC;YACjC,8FAA8F;YAC9F,wFAAwF;YACxF,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,WAAW,CAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;YAEvG,wCAAwC;YACxC,MAAM,KAAuC,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC,EAArF,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,OAAkE,EAA7D,UAAU,cAAlC,yBAAoC,CAAiD,CAAC;YAE5F,oDAAoD;YACpD,UAAU,CAAC,GAAG,GAAG,MAAM,oBAAoB,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC;YAEjE,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,MAAM,CAAO,iBAAiB;6DAAC,EAAE,UAAU,EAEjD;YACC,8DAA8D;YAC9D,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;YACjF,CAAC;YAED,4CAA4C;YAC5C,MAAM,eAAe,GAAG,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;YAEvE,OAAO,eAAe,CAAC;QACzB,CAAC;KAAA;CACF"}

package/dist/esm/types/cipher.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=cipher.js.map

package/dist/esm/types/cipher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cipher.js","sourceRoot":"","sources":["../../../src/types/cipher.ts"],"names":[],"mappings":""}

package/dist/esm/types/crypto-api.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=crypto-api.js.map

package/dist/esm/types/crypto-api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto-api.js","sourceRoot":"","sources":["../../../src/types/crypto-api.ts"],"names":[],"mappings":""}

package/dist/esm/types/hasher.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=hasher.js.map

package/dist/esm/types/hasher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hasher.js","sourceRoot":"","sources":["../../../src/types/hasher.ts"],"names":[],"mappings":""}

package/dist/esm/types/identifier.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=identifier.js.map

package/dist/esm/types/identifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identifier.js","sourceRoot":"","sources":["../../../src/types/identifier.ts"],"names":[],"mappings":""}

package/dist/esm/types/key-compressor.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=key-compressor.js.map

package/dist/esm/types/key-compressor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-compressor.js","sourceRoot":"","sources":["../../../src/types/key-compressor.ts"],"names":[],"mappings":""}

package/dist/esm/types/key-converter.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=key-converter.js.map

package/dist/esm/types/key-converter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-converter.js","sourceRoot":"","sources":["../../../src/types/key-converter.ts"],"names":[],"mappings":""}

package/dist/esm/types/key-deriver.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=key-deriver.js.map

package/dist/esm/types/key-deriver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-deriver.js","sourceRoot":"","sources":["../../../src/types/key-deriver.ts"],"names":[],"mappings":""}

package/dist/esm/types/key-generator.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=key-generator.js.map

package/dist/esm/types/key-generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-generator.js","sourceRoot":"","sources":["../../../src/types/key-generator.ts"],"names":[],"mappings":""}

package/dist/esm/types/key-io.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=key-io.js.map

package/dist/esm/types/key-io.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-io.js","sourceRoot":"","sources":["../../../src/types/key-io.ts"],"names":[],"mappings":""}

package/dist/esm/types/key-wrapper.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=key-wrapper.js.map

package/dist/esm/types/key-wrapper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-wrapper.js","sourceRoot":"","sources":["../../../src/types/key-wrapper.ts"],"names":[],"mappings":""}

package/dist/esm/types/params-direct.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=params-direct.js.map

package/dist/esm/types/params-direct.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"params-direct.js","sourceRoot":"","sources":["../../../src/types/params-direct.ts"],"names":[],"mappings":""}

package/dist/esm/types/params-enclosed.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=params-enclosed.js.map

package/dist/esm/types/params-enclosed.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"params-enclosed.js","sourceRoot":"","sources":["../../../src/types/params-enclosed.ts"],"names":[],"mappings":""}

package/dist/esm/types/params-kms.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=params-kms.js.map

package/dist/esm/types/params-kms.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"params-kms.js","sourceRoot":"","sources":["../../../src/types/params-kms.ts"],"names":[],"mappings":""}

package/dist/esm/types/signer.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=signer.js.map

package/dist/esm/types/signer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../../src/types/signer.ts"],"names":[],"mappings":""}