@enbox/crypto 0.0.1

package/dist/types/jose/utils.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Canonicalizes a given object according to RFC 8785 (https://tools.ietf.org/html/rfc8785),
+ * which describes JSON Canonicalization Scheme (JCS). This function sorts the keys of the
+ * object and its nested objects alphabetically and then returns a stringified version of it.
+ * This method handles nested objects, array values, and null values appropriately.
+ *
+ * @param obj - The object to canonicalize.
+ * @returns The stringified version of the input object with its keys sorted alphabetically
+ * per RFC 8785.
+ */
+export declare function canonicalize(obj: {
+    [key: string]: any;
+}): string;
+//# sourceMappingURL=utils.d.ts.map

package/dist/types/jose/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/jose/utils.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CAAE,GAAG,MAAM,CAuBhE"}

package/dist/types/local-key-manager.d.ts

@@ -0,0 +1,307 @@
+import { KeyValueStore } from '@enbox/common';
+import type { Jwk } from './jose/jwk.js';
+import type { CryptoApi } from './types/crypto-api.js';
+import type { KeyIdentifier } from './types/identifier.js';
+import type { KeyImporterExporter } from './types/key-io.js';
+import type { KmsSignParams, KmsDigestParams, KmsVerifyParams, KmsExportKeyParams, KmsGetKeyUriParams, KmsImportKeyParams, KmsGenerateKeyParams, KmsGetPublicKeyParams } from './types/params-kms.js';
+/**
+ * The `LocalKeyManagerParams` interface specifies the parameters for initializing an instance of
+ * `LocalKeyManager`. It allows the optional inclusion of a `KeyValueStore` instance for key
+ * management. If not provided, a default `MemoryStore` instance will be used for storing keys in
+ * memory. Note that the `MemoryStore` is not persistent and will be cleared when the application
+ * exits.
+ */
+export type LocalKeyManagerParams = {
+    /**
+     * An optional property to specify a custom `KeyValueStore` instance for key management. If not
+     * provided, {@link LocalKeyManager | `LocalKeyManager`} uses a default `MemoryStore` instance.
+     * This store is responsible for managing cryptographic keys, allowing them to be retrieved,
+     * stored, and managed during cryptographic operations.
+     */
+    keyStore?: KeyValueStore<KeyIdentifier, Jwk>;
+};
+/**
+ * The `LocalKeyManagerDigestParams` interface defines the algorithm-specific parameters that should
+ * be passed into the {@link LocalKeyManager.digest | `LocalKeyManager.digest()`} method.
+ */
+export interface LocalKeyManagerDigestParams extends KmsDigestParams {
+    /**
+     * A string defining the name of hash function to use. The value must be one of the following:
+     * - `"SHA-256"`: Generates a 256-bit digest.
+     */
+    algorithm: 'SHA-256';
+}
+/**
+ * The `LocalKeyManagerGenerateKeyParams` interface defines the algorithm-specific parameters that
+ * should be passed into the {@link LocalKeyManager.generateKey | `LocalKeyManager.generateKey()`}
+ * method when generating a key in the local KMS.
+ */
+export interface LocalKeyManagerGenerateKeyParams extends KmsGenerateKeyParams {
+    /**
+     * A string defining the type of key to generate. The value must be one of the following:
+     * - `"Ed25519"`
+     * - `"secp256k1"`
+     */
+    algorithm: 'Ed25519' | 'secp256k1' | 'secp256r1';
+}
+export declare class LocalKeyManager implements CryptoApi, KeyImporterExporter<KmsImportKeyParams, KeyIdentifier, KmsExportKeyParams> {
+    /**
+     * A private map that stores instances of cryptographic algorithm implementations. Each key in
+     * this map is an `AlgorithmConstructor`, and its corresponding value is an instance of a class
+     * that implements a specific cryptographic algorithm. This map is used to cache and reuse
+     * instances for performance optimization, ensuring that each algorithm is instantiated only once.
+     */
+    private _algorithmInstances;
+    /**
+     * The `_keyStore` private variable in `LocalKeyManager` is a `KeyValueStore` instance used for
+     * storing and managing cryptographic keys. It allows the `LocalKeyManager` class to save,
+     * retrieve, and handle keys efficiently within the local Key Management System (KMS) context.
+     * This variable can be configured to use different storage backends, like in-memory storage or
+     * persistent storage, providing flexibility in key management according to the application's
+     * requirements.
+     */
+    private _keyStore;
+    constructor(params?: LocalKeyManagerParams);
+    /**
+     * Generates a hash digest of the provided data.
+     *
+     * @remarks
+     * A digest is the output of the hash function. It's a fixed-size string of bytes
+     * that uniquely represents the data input into the hash function. The digest is often used for
+     * data integrity checks, as any alteration in the input data results in a significantly
+     * different digest.
+     *
+     * It takes the algorithm identifier of the hash function and data to digest as input and returns
+     * the digest of the data.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const data = new Uint8Array([...]);
+     * const digest = await keyManager.digest({ algorithm: 'SHA-256', data });
+     * ```
+     *
+     * @param params - The parameters for the digest operation.
+     * @param params.algorithm - The name of hash function to use.
+     * @param params.data - The data to digest.
+     *
+     * @returns A Promise which will be fulfilled with the hash digest.
+     */
+    digest({ algorithm, data }: LocalKeyManagerDigestParams): Promise<Uint8Array>;
+    /**
+     * Exports a private key identified by the provided key URI from the local KMS.
+     *
+     * @remarks
+     * This method retrieves the key from the key store and returns it. It is primarily used
+     * for extracting keys for backup or transfer purposes.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const keyUri = await keyManager.generateKey({ algorithm: 'Ed25519' });
+     * const privateKey = await keyManager.exportKey({ keyUri });
+     * ```
+     *
+     * @param params - Parameters for exporting the key.
+     * @param params.keyUri - The key URI identifying the key to export.
+     *
+     * @returns A Promise resolving to the JWK representation of the exported key.
+     */
+    exportKey({ keyUri }: KmsExportKeyParams): Promise<Jwk>;
+    /**
+     * Generates a new cryptographic key in the local KMS with the specified algorithm and returns a
+     * unique key URI which can be used to reference the key in subsequent operations.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const keyUri = await keyManager.generateKey({ algorithm: 'Ed25519' });
+     * console.log(keyUri); // Outputs the key URI
+     * ```
+     *
+     * @param params - The parameters for key generation.
+     * @param params.algorithm - The algorithm to use for key generation, defined in `SupportedAlgorithm`.
+     *
+     * @returns A Promise that resolves to the key URI, a unique identifier for the generated key.
+     */
+    generateKey({ algorithm }: LocalKeyManagerGenerateKeyParams): Promise<KeyIdentifier>;
+    /**
+     * Computes the Key URI for a given public JWK (JSON Web Key).
+     *
+     * @remarks
+     * This method generates a {@link https://datatracker.ietf.org/doc/html/rfc3986 | URI}
+     * (Uniform Resource Identifier) for the given JWK, which uniquely identifies the key across all
+     * `CryptoApi` implementations. The key URI is constructed by appending the
+     * {@link https://datatracker.ietf.org/doc/html/rfc7638 | JWK thumbprint} to the prefix
+     * `urn:jwk:`. The JWK thumbprint is deterministically computed from the JWK and is consistent
+     * regardless of property order or optional property inclusion in the JWK. This ensures that the
+     * same key material represented as a JWK will always yield the same thumbprint, and therefore,
+     * the same key URI.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const keyUri = await keyManager.generateKey({ algorithm: 'Ed25519' });
+     * const publicKey = await keyManager.getPublicKey({ keyUri });
+     * const keyUriFromPublicKey = await keyManager.getKeyUri({ key: publicKey });
+     * console.log(keyUri === keyUriFromPublicKey); // Outputs `true`
+     * ```
+     *
+     * @param params - The parameters for getting the key URI.
+     * @param params.key - The JWK for which to compute the key URI.
+     *
+     * @returns A Promise that resolves to the key URI as a string.
+     */
+    getKeyUri({ key }: KmsGetKeyUriParams): Promise<KeyIdentifier>;
+    /**
+     * Retrieves the public key associated with a previously generated private key, identified by
+     * the provided key URI.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const keyUri = await keyManager.generateKey({ algorithm: 'Ed25519' });
+     * const publicKey = await keyManager.getPublicKey({ keyUri });
+     * ```
+     *
+     * @param params - The parameters for retrieving the public key.
+     * @param params.keyUri - The key URI of the private key to retrieve the public key for.
+     *
+     * @returns A Promise that resolves to the public key in JWK format.
+     */
+    getPublicKey({ keyUri }: KmsGetPublicKeyParams): Promise<Jwk>;
+    /**
+     * Imports a private key into the local KMS.
+     *
+     * @remarks
+     * This method stores the provided JWK in the key store, making it available for subsequent
+     * cryptographic operations. It is particularly useful for initializing the KMS with pre-existing
+     * keys or for restoring keys from backups.
+     *
+     * Note that, if defined, the `kid` (key ID) property of the JWK is used as the key URI for the
+     * imported key. If the `kid` property is not provided, the key URI is computed from the JWK
+     * thumbprint of the key.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const privateKey = { ... } // A private key in JWK format
+     * const keyUri = await keyManager.importKey({ key: privateKey });
+     * ```
+     *
+     * @param params - Parameters for importing the key.
+     * @param params.key - The private key to import to in JWK format.
+     *
+     * @returns A Promise resolving to the key URI, uniquely identifying the imported key.
+     */
+    importKey({ key }: KmsImportKeyParams): Promise<KeyIdentifier>;
+    /**
+     * Signs the provided data using the private key identified by the provided key URI.
+     *
+     * @remarks
+     * This method uses the signature algorithm determined by the `alg` and/or `crv` properties of the
+     * private key identified by the provided key URI to sign the provided data. The signature can
+     * later be verified by parties with access to the corresponding public key, ensuring that the
+     * data has not been tampered with and was indeed signed by the holder of the private key.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const keyUri = await keyManager.generateKey({ algorithm: 'Ed25519' });
+     * const data = new TextEncoder().encode('Message to sign');
+     * const signature = await keyManager.sign({ keyUri, data });
+     * ```
+     *
+     * @param params - The parameters for the signing operation.
+     * @param params.keyUri - The key URI of the private key to use for signing.
+     * @param params.data - The data to sign.
+     *
+     * @returns A Promise resolving to the digital signature as a `Uint8Array`.
+     */
+    sign({ keyUri, data }: KmsSignParams): Promise<Uint8Array>;
+    /**
+     * Verifies a digital signature associated the provided data using the provided key.
+     *
+     * @remarks
+     * This method uses the signature algorithm determined by the `alg` and/or `crv` properties of the
+     * provided key to check the validity of a digital signature against the original data. It
+     * confirms whether the signature was created by the holder of the corresponding private key and
+     * that the data has not been tampered with.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const keyUri = await keyManager.generateKey({ algorithm: 'Ed25519' });
+     * const data = new TextEncoder().encode('Message to sign');
+     * const signature = await keyManager.sign({ keyUri, data });
+     * const isSignatureValid = await keyManager.verify({ keyUri, data, signature });
+     * ```
+     *
+     * @param params - The parameters for the verification operation.
+     * @param params.key - The key to use for verification.
+     * @param params.signature - The signature to verify.
+     * @param params.data - The data to verify.
+     *
+     * @returns A Promise resolving to a boolean indicating whether the signature is valid.
+     */
+    verify({ key, signature, data }: KmsVerifyParams): Promise<boolean>;
+    /**
+     * Retrieves an algorithm implementation instance based on the provided algorithm name.
+     *
+     * @remarks
+     * This method checks if the requested algorithm is supported and returns a cached instance
+     * if available. If an instance does not exist, it creates and caches a new one. This approach
+     * optimizes performance by reusing algorithm instances across cryptographic operations.
+     *
+     * @example
+     * ```ts
+     * const signer = this.getAlgorithm({ algorithm: 'Ed25519' });
+     * ```
+     *
+     * @param params - The parameters for retrieving the algorithm implementation.
+     * @param params.algorithm - The name of the algorithm to retrieve.
+     *
+     * @returns An instance of the requested algorithm implementation.
+     *
+     * @throws Error if the requested algorithm is not supported.
+     */
+    private getAlgorithm;
+    /**
+     * Determines the name of the algorithm based on the key's properties.
+     *
+     * @remarks
+     * This method facilitates the identification of the correct algorithm for cryptographic
+     * operations based on the `alg` or `crv` properties of a {@link Jwk | JWK}.
+     *
+     * @example
+     * ```ts
+     * const publicKey = { ... }; // Public key in JWK format
+     * const algorithm = this.getAlgorithmName({ key: publicKey });
+     * ```
+     *
+     * @param params - The parameters for determining the algorithm name.
+     * @param params.key - A JWK containing the `alg` or `crv` properties.
+     *
+     * @returns The name of the algorithm associated with the key.
+     *
+     * @throws Error if the algorithm cannot be determined from the provided input.
+     */
+    private getAlgorithmName;
+    /**
+     * Retrieves a private key from the key store based on the provided key URI.
+     *
+     * @example
+     * ```ts
+     * const privateKey = this.getPrivateKey({ keyUri: 'urn:jwk:...' });
+     * ```
+     *
+     * @param params - Parameters for retrieving the private key.
+     * @param params.keyUri - The key URI identifying the private key to retrieve.
+     *
+     * @returns A Promise resolving to the JWK representation of the private key.
+     *
+     * @throws Error if the key is not found in the key store.
+     */
+    private getPrivateKey;
+}
+//# sourceMappingURL=local-key-manager.d.ts.map

package/dist/types/local-key-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"local-key-manager.d.ts","sourceRoot":"","sources":["../../src/local-key-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAe,MAAM,eAAe,CAAC;AAE3D,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAGzC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAG7D,OAAO,KAAK,EACV,aAAa,EACb,eAAe,EACf,eAAe,EACf,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,EACtB,MAAM,uBAAuB,CAAC;AA8C/B;;;;;;GAMG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,aAAa,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;CAC9C,CAAC;AAEF;;;GAGG;AACH,MAAM,WAAW,2BAA4B,SAAQ,eAAe;IAClE;;;OAGG;IACH,SAAS,EAAE,SAAS,CAAC;CACtB;AAED;;;;GAIG;AACH,MAAM,WAAW,gCAAiC,SAAQ,oBAAoB;IAC5E;;;;OAIG;IACH,SAAS,EAAE,SAAS,GAAG,WAAW,GAAG,WAAW,CAAC;CAClD;AAED,qBAAa,eAAgB,YACzB,SAAS,EACT,mBAAmB,CAAC,kBAAkB,EAAE,aAAa,EAAE,kBAAkB,CAAC;IAE5E;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB,CAA8E;IAEzG;;;;;;;OAOG;IACH,OAAO,CAAC,SAAS,CAAoC;gBAEzC,MAAM,CAAC,EAAE,qBAAqB;IAI1C;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACU,MAAM,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,EACrC,2BAA2B,GAC1B,OAAO,CAAC,UAAU,CAAC;IAUtB;;;;;;;;;;;;;;;;;;OAkBG;IACU,SAAS,CAAC,EAAE,MAAM,EAAE,EAC/B,kBAAkB,GACjB,OAAO,CAAC,GAAG,CAAC;IAOf;;;;;;;;;;;;;;;OAeG;IACU,WAAW,CAAC,EAAE,SAAS,EAAE,EACpC,gCAAgC,GAC/B,OAAO,CAAC,aAAa,CAAC;IAoBzB;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACU,SAAS,CAAC,EAAE,GAAG,EAAE,EAC5B,kBAAkB,GACjB,OAAO,CAAC,aAAa,CAAC;IAUzB;;;;;;;;;;;;;;;OAeG;IACU,YAAY,CAAC,EAAE,MAAM,EAAE,EAClC,qBAAqB,GACpB,OAAO,CAAC,GAAG,CAAC;IAgBf;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACU,SAAS,CAAC,EAAE,GAAG,EAAE,EAC5B,kBAAkB,GACjB,OAAO,CAAC,aAAa,CAAC;IAkBzB;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACU,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,EAChC,aAAa,GACZ,OAAO,CAAC,UAAU,CAAC;IAgBtB;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACU,MAAM,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,EAC1C,eAAe,GACd,OAAO,CAAC,OAAO,CAAC;IAanB;;;;;;;;;;;;;;;;;;;OAmBG;IACH,OAAO,CAAC,YAAY;IAmBpB;;;;;;;;;;;;;;;;;;;OAmBG;IACH,OAAO,CAAC,gBAAgB;IAkBxB;;;;;;;;;;;;;;OAcG;YACW,aAAa;CAY5B"}

package/dist/types/primitives/aes-ctr.d.ts

@@ -0,0 +1,219 @@
+import type { Jwk } from '../jose/jwk.js';
+/**
+ * Constant defining the AES key length values in bits.
+ *
+ * @remarks
+ * NIST publication FIPS 197 states:
+ * > The AES algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt
+ * > and decrypt data in blocks of 128 bits.
+ *
+ * This implementation does not support key lengths that are different from the three values
+ * defined by this constant.
+ *
+ * @see {@link https://doi.org/10.6028/NIST.FIPS.197-upd1 | NIST FIPS 197}
+ */
+declare const AES_KEY_LENGTHS: readonly [128, 192, 256];
+/**
+ * The `AesCtr` class provides a comprehensive set of utilities for cryptographic operations
+ * using the Advanced Encryption Standard (AES) in Counter (CTR) mode. This class includes
+ * methods for key generation, encryption, decryption, and conversions between raw byte arrays
+ * and JSON Web Key (JWK) formats. It is designed to support AES-CTR, a symmetric key algorithm
+ * that is widely used in various cryptographic applications for its efficiency and security.
+ *
+ * AES-CTR mode operates as a stream cipher using a block cipher (AES) and is well-suited for
+ * scenarios where parallel processing is beneficial or where the same key is required to
+ * encrypt multiple data blocks. The class adheres to standard cryptographic practices, ensuring
+ * compatibility and security in its implementations.
+ *
+ * Key Features:
+ * - Key Generation: Generate AES symmetric keys in JWK format.
+ * - Key Conversion: Transform keys between raw byte arrays and JWK formats.
+ * - Encryption: Encrypt data using AES-CTR with the provided symmetric key.
+ * - Decryption: Decrypt data encrypted with AES-CTR using the corresponding symmetric key.
+ *
+ * The methods in this class are asynchronous, returning Promises to accommodate various
+ * JavaScript environments.
+ *
+ * @example
+ * ```ts
+ * // Key Generation
+ * const length = 256; // Length of the key in bits (e.g., 128, 192, 256)
+ * const privateKey = await AesCtr.generateKey({ length });
+ *
+ * // Encryption
+ * const data = new TextEncoder().encode('Messsage');
+ * const counter = new Uint8Array(16); // 16-byte (128-bit) counter block
+ * const encryptedData = await AesCtr.encrypt({
+ *   data,
+ *   counter,
+ *   key: privateKey,
+ *   length: 64 // Length of the counter in bits
+ * });
+ *
+ * // Decryption
+ * const decryptedData = await AesCtr.decrypt({
+ *   data: encryptedData,
+ *   counter,
+ *   key: privateKey,
+ *   length: 64 // Length of the counter in bits
+ * });
+ *
+ * // Key Conversion
+ * const privateKeyBytes = await AesCtr.privateKeyToBytes({ privateKey });
+ * ```
+ */
+export declare class AesCtr {
+    /**
+     * Converts a raw private key in bytes to its corresponding JSON Web Key (JWK) format.
+     *
+     * @remarks
+     * This method takes a symmetric key represented as a byte array (Uint8Array) and
+     * converts it into a JWK object for use with AES (Advanced Encryption Standard)
+     * in Counter (CTR) mode. The conversion process involves encoding the key into
+     * base64url format and setting the appropriate JWK parameters.
+     *
+     * The resulting JWK object includes the following properties:
+     * - `kty`: Key Type, set to 'oct' for Octet Sequence (representing a symmetric key).
+     * - `k`: The symmetric key, base64url-encoded.
+     * - `kid`: Key ID, generated based on the JWK thumbprint.
+     *
+     * @example
+     * ```ts
+     * const privateKeyBytes = new Uint8Array([...]); // Replace with actual symmetric key bytes
+     * const privateKey = await AesCtr.bytesToPrivateKey({ privateKeyBytes });
+     * ```
+     *
+     * @param params - The parameters for the symmetric key conversion.
+     * @param params.privateKeyBytes - The raw symmetric key as a Uint8Array.
+     *
+     * @returns A Promise that resolves to the symmetric key in JWK format.
+     */
+    static bytesToPrivateKey({ privateKeyBytes }: {
+        privateKeyBytes: Uint8Array;
+    }): Promise<Jwk>;
+    /**
+     * Decrypts the provided data using AES in Counter (CTR) mode.
+     *
+     * @remarks
+     * This method performs AES-CTR decryption on the given encrypted data using the specified key.
+     * Similar to the encryption process, it requires an initial counter block and the length
+     * of the counter block, along with the encrypted data and the decryption key. The method
+     * returns the decrypted data as a Uint8Array.
+     *
+     * @example
+     * ```ts
+     * const encryptedData = new Uint8Array([...]); // Encrypted data
+     * const counter = new Uint8Array(16); // 16-byte (128-bit) counter block used during encryption
+     * const key = { ... }; // A Jwk object representing the same AES key used for encryption
+     * const decryptedData = await AesCtr.decrypt({
+     *   data: encryptedData,
+     *   counter,
+     *   key,
+     *   length: 64 // Length of the counter in bits
+     * });
+     * ```
+     *
+     * @param params - The parameters for the decryption operation.
+     * @param params.key - The key to use for decryption, represented in JWK format.
+     * @param params.data - The encrypted data to decrypt, as a Uint8Array.
+     * @param params.counter - The initial value of the counter block.
+     * @param params.length - The number of bits in the counter block that are used for the actual counter.
+     *
+     * @returns A Promise that resolves to the decrypted data as a Uint8Array.
+     */
+    static decrypt({ key, data, counter, length }: {
+        key: Jwk;
+        data: Uint8Array;
+        counter: Uint8Array;
+        length: number;
+    }): Promise<Uint8Array>;
+    /**
+     * Encrypts the provided data using AES in Counter (CTR) mode.
+     *
+     * @remarks
+     * This method performs AES-CTR encryption on the given data using the specified key.
+     * It requires the initial counter block and the length of the counter block, alongside
+     * the data and key. The method is designed to work asynchronously and returns the
+     * encrypted data as a Uint8Array.
+     *
+     * @example
+     * ```ts
+     * const data = new TextEncoder().encode('Messsage');
+     * const counter = new Uint8Array(16); // 16-byte (128-bit) counter block
+     * const key = { ... }; // A Jwk object representing an AES key
+     * const encryptedData = await AesCtr.encrypt({
+     *   data,
+     *   counter,
+     *   key,
+     *   length: 64 // Length of the counter in bits
+     * });
+     * ```
+     *
+     * @param params - The parameters for the encryption operation.
+     * @param params.key - The key to use for encryption, represented in JWK format.
+     * @param params.data - The data to encrypt, represented as a Uint8Array.
+     * @param params.counter - The initial value of the counter block.
+     * @param params.length - The number of bits in the counter block that are used for the actual counter.
+     *
+     * @returns A Promise that resolves to the encrypted data as a Uint8Array.
+     */
+    static encrypt({ key, data, counter, length }: {
+        key: Jwk;
+        data: Uint8Array;
+        counter: Uint8Array;
+        length: number;
+    }): Promise<Uint8Array>;
+    /**
+     * Generates a symmetric key for AES in Counter (CTR) mode in JSON Web Key (JWK) format.
+     *
+     * @remarks
+     * This method creates a new symmetric key of a specified length suitable for use with
+     * AES-CTR encryption. It uses cryptographically secure random number generation to
+     * ensure the uniqueness and security of the key. The generated key adheres to the JWK
+     * format, making it compatible with common cryptographic standards and easy to use in
+     * various cryptographic processes.
+     *
+     * The generated key includes the following components:
+     * - `kty`: Key Type, set to 'oct' for Octet Sequence.
+     * - `k`: The symmetric key component, base64url-encoded.
+     * - `kid`: Key ID, generated based on the JWK thumbprint.
+     *
+     * @example
+     * ```ts
+     * const length = 256; // Length of the key in bits (e.g., 128, 192, 256)
+     * const privateKey = await AesCtr.generateKey({ length });
+     * ```
+     *
+     * @param params - The parameters for the key generation.
+     * @param params.length - The length of the key in bits. Common lengths are 128, 192, and 256 bits.
+     *
+     * @returns A Promise that resolves to the generated symmetric key in JWK format.
+     */
+    static generateKey({ length }: {
+        length: typeof AES_KEY_LENGTHS[number];
+    }): Promise<Jwk>;
+    /**
+     * Converts a private key from JSON Web Key (JWK) format to a raw byte array (Uint8Array).
+     *
+     * @remarks
+     * This method takes a symmetric key in JWK format and extracts its raw byte representation.
+     * It decodes the 'k' parameter of the JWK value, which represents the symmetric key in base64url
+     * encoding, into a byte array.
+     *
+     * @example
+     * ```ts
+     * const privateKey = { ... }; // A symmetric key in JWK format
+     * const privateKeyBytes = await AesCtr.privateKeyToBytes({ privateKey });
+     * ```
+     *
+     * @param params - The parameters for the symmetric key conversion.
+     * @param params.privateKey - The symmetric key in JWK format.
+     *
+     * @returns A Promise that resolves to the symmetric key as a Uint8Array.
+     */
+    static privateKeyToBytes({ privateKey }: {
+        privateKey: Jwk;
+    }): Promise<Uint8Array>;
+}
+export {};
+//# sourceMappingURL=aes-ctr.d.ts.map

package/dist/types/primitives/aes-ctr.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-ctr.d.ts","sourceRoot":"","sources":["../../../src/primitives/aes-ctr.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAoB1C;;;;;;;;;;;;GAYG;AACH,QAAA,MAAM,eAAe,0BAA2B,CAAC;AAYjD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AACH,qBAAa,MAAM;IACjB;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;WACiB,iBAAiB,CAAC,EAAE,eAAe,EAAE,EAAE;QACzD,eAAe,EAAE,UAAU,CAAC;KAC7B,GAAG,OAAO,CAAC,GAAG,CAAC;IAahB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;WACiB,OAAO,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1D,GAAG,EAAE,GAAG,CAAC;QACT,IAAI,EAAE,UAAU,CAAC;QACjB,OAAO,EAAE,UAAU,CAAC;QACpB,MAAM,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC,UAAU,CAAC;IA8BvB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;WACiB,OAAO,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1D,GAAG,EAAE,GAAG,CAAC;QACT,IAAI,EAAE,UAAU,CAAC;QACjB,OAAO,EAAE,UAAU,CAAC;QACpB,MAAM,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC,UAAU,CAAC;IA8BvB;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;WACiB,WAAW,CAAC,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,EAAE,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC;KACxC,GAAG,OAAO,CAAC,GAAG,CAAC;IAuBhB;;;;;;;;;;;;;;;;;;OAkBG;WACiB,iBAAiB,CAAC,EAAE,UAAU,EAAE,EAAE;QACpD,UAAU,EAAE,GAAG,CAAC;KACjB,GAAG,OAAO,CAAC,UAAU,CAAC;CAWxB"}