@enbox/crypto 0.0.1

package/dist/types/types/key-wrapper.d.ts

@@ -0,0 +1,38 @@
+import type { Jwk } from '../jose/jwk.js';
+/**
+ * The `KeyWrapper` interface provides methods for wrapping and unwrapping cryptographic keys.
+ * It includes `wrapKey()` for securely encapsulating a key within another key, and `unwrapKey()`
+ * for extracting the original key from its wrapped state.
+ *
+ * This interface is crucial in scenarios where secure key management and exchange are required,
+ * ensuring that keys remain protected during transit or storage.
+ */
+export interface KeyWrapper<WrapKeyInput, UnwrapKeyInput> {
+    /**
+     * Wraps a cryptographic key using another key, typically for secure key transmission or storage.
+     *
+     * @remarks
+     * The `wrapKey()` method of the {@link KeyWrapper | `KeyWrapper`} interface secures a
+     * cryptographic key by encapsulating it within another key, producing a wrapped key represented
+     * as a `Uint8Array`.
+     *
+     * @param params - The parameters for the key wrapping operation.
+     *
+     * @returns A Promise resolving to the wrapped key as a `Uint8Array`.
+     */
+    wrapKey(params: WrapKeyInput): Promise<Uint8Array>;
+    /**
+     * Unwraps a previously wrapped cryptographic key, restoring it to its original form.
+     *
+     * @remarks
+     * The `unwrapKey()` method of the {@link KeyWrapper | `KeyWrapper`} interface reverses the
+     * wrapping process, extracting the original key from its wrapped state, typically for use in
+     * cryptographic operations.
+     *
+     * @param params - The parameters for the key unwrapping operation.
+     *
+     * @returns A Promise resolving to the unwrapped key in a cryptographic format, usually JWK.
+     */
+    unwrapKey(params: UnwrapKeyInput): Promise<Jwk>;
+}
+//# sourceMappingURL=key-wrapper.d.ts.map

package/dist/types/types/key-wrapper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-wrapper.d.ts","sourceRoot":"","sources":["../../../src/types/key-wrapper.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAE1C;;;;;;;GAOG;AACH,MAAM,WAAW,UAAU,CACzB,YAAY,EACZ,cAAc;IAEd;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAEnD;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;CACjD"}

package/dist/types/types/params-direct.d.ts

@@ -0,0 +1,90 @@
+import type { Jwk } from '../jose/jwk.js';
+import type { AlgorithmIdentifier } from './identifier.js';
+/**
+ * Parameters for computing a public key.
+ */
+export interface ComputePublicKeyParams extends GetPublicKeyParams {
+}
+/**
+ * Parameters for decrypting data.
+ */
+export interface DecryptParams {
+    /** A {@link Jwk} containing the key to be used for decryption. */
+    key: Jwk;
+    /** Data to be decrypted. */
+    data: Uint8Array;
+}
+/**
+ * Parameters for deriving bits.
+ */
+export interface DeriveBitsParams {
+    /** A {@link Jwk} containing the base key to be used for derivation. */
+    key: Jwk;
+    /**
+     * The number of bits to derive. To be compatible with all browsers, the number should be a
+     * multiple of 8.
+     */
+    length: number;
+}
+/**
+ * Parameters for deriving a key.
+ */
+export interface DeriveKeyParams {
+    /** A {@link Jwk} containing the base key to be used for derivation. */
+    key: Jwk;
+    /** An object defining the algorithm-specific parameters for the derived key. */
+    derivedKeyParams: unknown;
+}
+/**
+ * Parameters for computing a hash digest.
+ */
+export interface DigestParams {
+    /** The algorithm identifier. */
+    algorithm: AlgorithmIdentifier;
+    /** Data to be digested. */
+    data: Uint8Array;
+}
+/**
+ * Parameters for encrypting data.
+ */
+export interface EncryptParams {
+    /** A {@link Jwk} containing the key to be used for encryption. */
+    key: Jwk;
+    /** Data to be encrypted. */
+    data: Uint8Array;
+}
+/**
+ * Parameters for generating a key.
+ */
+export interface GenerateKeyParams {
+    /** The algorithm identifier. */
+    algorithm: AlgorithmIdentifier;
+}
+/**
+ * Parameters for retrieving a public key.
+ */
+export interface GetPublicKeyParams {
+    /** A {@link Jwk} containing the key from which to derive the public key. */
+    key: Jwk;
+}
+/**
+ * Parameters for signing data.
+ */
+export interface SignParams {
+    /** A {@link Jwk} containing the key used for signing. */
+    key: Jwk;
+    /** Data to be signed. */
+    data: Uint8Array;
+}
+/**
+ * Parameters for verifying a signature.
+ */
+export interface VerifyParams {
+    /** A {@link Jwk} containing the key used for verification. */
+    key: Jwk;
+    /** The signature to verify. */
+    signature: Uint8Array;
+    /** The data associated with the signature. */
+    data: Uint8Array;
+}
+//# sourceMappingURL=params-direct.d.ts.map

package/dist/types/types/params-direct.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"params-direct.d.ts","sourceRoot":"","sources":["../../../src/types/params-direct.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAC1C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB;CAAI;AAEtE;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,GAAG,EAAE,GAAG,CAAC;IAET,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,uEAAuE;IACvE,GAAG,EAAE,GAAG,CAAC;IAET;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uEAAuE;IACvE,GAAG,EAAE,GAAG,CAAC;IAET,gFAAgF;IAChF,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;IAE/B,2BAA2B;IAC3B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,GAAG,EAAE,GAAG,CAAC;IAET,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,4EAA4E;IAC5E,GAAG,EAAE,GAAG,CAAC;CACV;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yDAAyD;IACzD,GAAG,EAAE,GAAG,CAAC;IAET,yBAAyB;IACzB,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,8DAA8D;IAC9D,GAAG,EAAE,GAAG,CAAC;IAET,+BAA+B;IAC/B,SAAS,EAAE,UAAU,CAAC;IAEtB,8CAA8C;IAC9C,IAAI,EAAE,UAAU,CAAC;CAClB"}

package/dist/types/types/params-enclosed.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Parameters for enclosed decryption operations.
+ *
+ * Note: This interface is intended to be used with a closure that captures the key and
+ * algorithm-specific parameters so that arbitrary data can be decrypted without exposing the key or
+ * parameters to the caller.
+ */
+export interface EnclosedDecryptParams {
+    /** Data to be decrypted. */
+    data: Uint8Array;
+}
+/**
+ * Parameters for enclosed encryption operations.
+ *
+ * Note: This interface is intended to be used with a closure that captures the key and
+ * algorithm-specific parameters so that arbitrary data can be encrypted without exposing the key or
+ * parameters to the caller.
+ */
+export interface EnclosedEncryptParams {
+    /** Data to be encrypted. */
+    data: Uint8Array;
+}
+/**
+ * Parameters for enclosed signing operations.
+ *
+ * Note: This interface is intended to be used with a closure that captures the key and
+ * algorithm-specific parameters so that arbitrary data can be signed without exposing the key or
+ * parameters to the caller.
+ */
+export interface EnclosedSignParams {
+    /** Data to be signed. */
+    data: Uint8Array;
+}
+/**
+ * Parameters for enclosed verification operations.
+ *
+ * Note: This interface is intended to be used with a closure that captures the key and
+ * algorithm-specific parameters so that signatures of arbitrary data can be verified without
+ * exposing the key or parameters to the caller.
+ */
+export interface EnclosedVerifyParams {
+    /** Signature to be verified. */
+    signature: Uint8Array;
+    /** Data associated with the signature. */
+    data: Uint8Array;
+}
+//# sourceMappingURL=params-enclosed.d.ts.map

package/dist/types/types/params-enclosed.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"params-enclosed.d.ts","sourceRoot":"","sources":["../../../src/types/params-enclosed.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,WAAW,qBAAqB;IACpC,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,qBAAqB;IACpC,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,kBAAkB;IACjC,yBAAyB;IACzB,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,oBAAoB;IACnC,gCAAgC;IAChC,SAAS,EAAE,UAAU,CAAC;IAEtB,0CAA0C;IAC1C,IAAI,EAAE,UAAU,CAAC;CAClB"}

package/dist/types/types/params-kms.d.ts

@@ -0,0 +1,131 @@
+import type { Jwk } from '../jose/jwk.js';
+import type { AlgorithmIdentifier, KeyIdentifier } from './identifier.js';
+/**
+ * Parameters for KMS-based decryption operations. Intended for use with a Key Management System.
+ */
+export interface KmsDecryptParams {
+    /** Identifier for the private key in the KMS. */
+    keyUri: KeyIdentifier;
+    /** Data to be decrypted. */
+    data: Uint8Array;
+}
+/**
+ * Parameters for KMS-based derivation of bits. Intended for use with a Key Management System.
+ */
+export interface KmsDeriveBitsParams {
+    /** Identifier for the key used in derivation in the KMS. */
+    keyUri: KeyIdentifier;
+    /**
+     * The number of bits to derive. To be compatible with all browsers, the number should be a
+     * multiple of 8.
+     */
+    length: number;
+}
+/**
+ * Parameters for KMS-based key derivation. Intended for use with a Key Management System.
+ */
+export interface KmsDeriveKeyParams {
+    /** Identifier for the base key used in derivation in the KMS. */
+    keyUri: KeyIdentifier;
+    /** An object defining the algorithm-specific parameters for the derived key. */
+    derivedKeyParams: unknown;
+}
+/**
+ * Parameters for KMS-based digest computation. Intended for use with a Key Management System.
+ */
+export interface KmsDigestParams {
+    /** The algorithm identifier. */
+    algorithm: AlgorithmIdentifier;
+    /** Data to be digested. */
+    data: Uint8Array;
+}
+/**
+ * Parameters for KMS-based encryption operations. Intended for use with a Key Management System.
+ */
+export interface KmsEncryptParams {
+    /** Identifier for the private key in the KMS. */
+    keyUri: KeyIdentifier;
+    /** Data to be encrypted. */
+    data: Uint8Array;
+}
+/**
+ * Parameters for exporting a key from a KMS. Intended for use with a Key Management System.
+ */
+export interface KmsExportKeyParams {
+    /** Identifier for the private key to be exported from the KMS. */
+    keyUri: KeyIdentifier;
+}
+/**
+ * Parameters for generating a key in a KMS. Intended for use with a Key Management System.
+ */
+export interface KmsGenerateKeyParams {
+    /** The algorithm identifier. */
+    algorithm: AlgorithmIdentifier;
+}
+/**
+ * Parameters for computing the Key URI of a public key. Intended for use with a Key Management
+ * System.
+ */
+export interface KmsGetKeyUriParams {
+    /** A {@link Jwk} containing the public key for which the Key URI will be computed. */
+    key: Jwk;
+}
+/**
+ * Parameters for retrieving a public key from a KMS using the private key's URI. Intended for use
+ * with a Key Management System.
+ */
+export interface KmsGetPublicKeyParams {
+    /** Identifier for the private key in the KMS. */
+    keyUri: KeyIdentifier;
+}
+/**
+ * Parameters for importing a private key into a KMS. Intended for use with a Key Management System.
+ */
+export interface KmsImportKeyParams {
+    /** A {@link Jwk} containing the key to be imported into the KMS. */
+    key: Jwk;
+}
+/**
+ * Parameters for KMS-based signing operations. Intended for use with a Key Management System.
+ */
+export interface KmsSignParams {
+    /** Identifier for the signing private key in the KMS. */
+    keyUri: KeyIdentifier;
+    /** Data to be signed. */
+    data: Uint8Array;
+}
+/**
+ * Parameters for verifying a signature using a key from a KMS. Intended for use with a Key
+ * Management System.
+ */
+export interface KmsVerifyParams {
+    /** A {@link Jwk} containing the public key to be used for verification. */
+    key: Jwk;
+    /** The signature to verify. */
+    signature: Uint8Array;
+    /** The data associated with the signature. */
+    data: Uint8Array;
+}
+/**
+ * Parameters for wrapping a key using a KMS. Intended for use with a Key Management System.
+ */
+export interface KmsWrapKeyParams {
+    /** A {@link Jwk} containing the private key to be wrapped. */
+    key: Jwk;
+    /** Identifier for the private key in the KMS to be used for the wrapping operation. */
+    wrappingKeyId: KeyIdentifier;
+    /** Algorithm to be used for wrapping. */
+    wrapAlgorithm: AlgorithmIdentifier;
+}
+/**
+ * Parameters for unwrapping a key using a KMS. Intended for use with a Key Management System.
+ */
+export interface KmsUnwrapKeyParams {
+    /** The wrapped key in a byte array. */
+    wrappedKey: Uint8Array;
+    /** Identifier for the private key in the KMS to be used for the unwrapping operation. */
+    unwrappingKeyId: KeyIdentifier;
+    /** Algorithm to be used for unwrapping. */
+    unwrapAlgorithm: AlgorithmIdentifier;
+}
+//# sourceMappingURL=params-kms.d.ts.map

package/dist/types/types/params-kms.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"params-kms.d.ts","sourceRoot":"","sources":["../../../src/types/params-kms.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAC1C,OAAO,KAAK,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAE1E;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iDAAiD;IACjD,MAAM,EAAE,aAAa,CAAC;IAEtB,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,4DAA4D;IAC5D,MAAM,EAAE,aAAa,CAAC;IAEtB;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iEAAiE;IACjE,MAAM,EAAE,aAAa,CAAC;IAEtB,gFAAgF;IAChF,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;IAE/B,2BAA2B;IAC3B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iDAAiD;IACjD,MAAM,EAAE,aAAa,CAAC;IAEtB,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,kEAAkE;IAClE,MAAM,EAAE,aAAa,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;CAChC;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,sFAAsF;IACtF,GAAG,EAAE,GAAG,CAAC;CACV;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,iDAAiD;IACjD,MAAM,EAAE,aAAa,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,oEAAoE;IACpE,GAAG,EAAE,GAAG,CAAC;CACV;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,yDAAyD;IACzD,MAAM,EAAE,aAAa,CAAC;IAEtB,yBAAyB;IACzB,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,2EAA2E;IAC3E,GAAG,EAAE,GAAG,CAAC;IAET,+BAA+B;IAC/B,SAAS,EAAE,UAAU,CAAC;IAEtB,8CAA8C;IAC9C,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8DAA8D;IAC9D,GAAG,EAAE,GAAG,CAAC;IAET,uFAAuF;IACvF,aAAa,EAAE,aAAa,CAAC;IAE7B,yCAAyC;IACzC,aAAa,EAAE,mBAAmB,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,uCAAuC;IACvC,UAAU,EAAE,UAAU,CAAC;IAEvB,yFAAyF;IACzF,eAAe,EAAE,aAAa,CAAC;IAE/B,2CAA2C;IAC3C,eAAe,EAAE,mBAAmB,CAAC;CACtC"}

package/dist/types/types/signer.d.ts

@@ -0,0 +1,46 @@
+import type { EnclosedSignParams, EnclosedVerifyParams } from './params-enclosed.js';
+/**
+ * The `Signer` interface provides methods for signing data and verifying signatures.
+ *
+ * It includes `sign()` for creating signatures and `verify()` for confirming the validity of
+ * signatures. The interface is designed to be flexible, accommodating various signing algorithms
+ * and their unique parameters.
+ *
+ * It defaults to using {@link EnclosedSignParams | `EnclosedSignParams`} and
+ * {@link EnclosedVerifyParams | `EnclosedVerifyParams`}, which are intended to be used with a
+ * closure that captures the key and algorithm-specific parameters so that arbitrary data can be
+ * signed and verified without exposing the key or parameters to the caller. However, the
+ * interface can be extended to support other parameter types, such as {@link SignParams |
+* `SignParams`} and {@link VerifyParams | `VerifyParams`}, which are intended to be used when
+* the key and algorithm-specific parameters are known to the caller.
+ */
+export interface Signer<SignInput = EnclosedSignParams, VerifyInput = EnclosedVerifyParams> {
+    /**
+     * Signs the provided data.
+     *
+     * @remarks
+     * The `sign()` method of the {@link Signer | `Signer`} interface generates a digital signature
+     * for the given data using a cryptographic key. This signature can be used to verify the data's
+     * authenticity and integrity.
+     *
+     * @param params - The parameters for the signing operation.
+     *
+     * @returns A Promise resolving to the digital signature as a `Uint8Array`.
+     */
+    sign(params: SignInput): Promise<Uint8Array>;
+    /**
+     * Verifies a digital signature associated the provided data.
+     *
+     * @remarks
+     * The `verify()` method of the {@link Signer | `Signer`} interface checks the validity of a
+     * digital signature against the original data and a cryptographic key. It confirms whether the
+     * signature was created by the holder of the corresponding private key and that the data has not
+     * been tampered with.
+     *
+     * @param params - The parameters for the verification operation.
+     *
+     * @returns A Promise resolving to a boolean indicating whether the signature is valid.
+     */
+    verify(params: VerifyInput): Promise<boolean>;
+}
+//# sourceMappingURL=signer.d.ts.map

package/dist/types/types/signer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../../src/types/signer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAErF;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,MAAM,CACrB,SAAS,GAAG,kBAAkB,EAC9B,WAAW,GAAG,oBAAoB;IAElC;;;;;;;;;;;OAWG;IACH,IAAI,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAE7C;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC/C"}

package/dist/types/utils.d.ts

@@ -0,0 +1,112 @@
+import type { Jwk } from './jose/jwk.js';
+/**
+ * A collection of cryptographic utility methods.
+ */
+export declare class CryptoUtils {
+    /**
+     * Determines the JOSE algorithm identifier of the digital signature algorithm based on the `alg` or
+     * `crv` property of a {@link Jwk | JWK}.
+     *
+     * If the `alg` property is present, its value takes precedence and is returned. Otherwise, the
+     * `crv` property is used to determine the algorithm.
+     *
+     * @memberof CryptoUtils
+     * @see {@link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms | JOSE Algorithms}
+     * @see {@link https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/ | Fully-Specified Algorithms for JOSE and COSE}
+     *
+     * @example
+     * ```ts
+     * const publicKey: Jwk = {
+     *   "kty": "OKP",
+     *   "crv": "Ed25519",
+     *   "x": "FEJG7OakZi500EydXxuE8uMc8uaAzEJkmQeG8khXANw"
+     * }
+     * const algorithm = getJoseSignatureAlgorithmFromPublicKey(publicKey);
+     * console.log(algorithm); // Output: "EdDSA"
+     * ```
+     * @param publicKey - A JWK containing the `alg` and/or `crv` properties.
+     * @returns The name of the algorithm associated with the key.
+     * @throws Error if the algorithm cannot be determined from the provided input.
+     */
+    static getJoseSignatureAlgorithmFromPublicKey(publicKey: Jwk): string;
+    /**
+     * Generates secure pseudorandom values of the specified length using
+     * `crypto.getRandomValues`, which defers to the operating system.
+     *
+     * @memberof CryptoUtils
+     * @remarks
+     * This function is a wrapper around `randomBytes` from the '@noble/hashes'
+     * package. It's designed to be cryptographically strong, suitable for
+     * generating initialization vectors, nonces, and other random values.
+     *
+     * @see {@link https://www.npmjs.com/package/@noble/hashes | @noble/hashes on NPM} for more
+     * information about the underlying implementation.
+     *
+     * @example
+     * ```ts
+     * const bytes = randomBytes(32); // Generates 32 random bytes
+     * ```
+     *
+     * @param bytesLength - The number of bytes to generate.
+     * @returns A Uint8Array containing the generated random bytes.
+     */
+    static randomBytes(bytesLength: number): Uint8Array;
+    /**
+     * Generates a UUID (Universally Unique Identifier) using a
+     * cryptographically strong random number generator following
+     * the version 4 format, as specified in RFC 4122.
+     *
+     * A version 4 UUID is a randomly generated UUID. The 13th character
+     * is set to '4' to denote version 4, and the 17th character is one
+     * of '8', '9', 'A', or 'B' to comply with the variant 1 format of
+     * UUIDs (the high bits are set to '10').
+     *
+     * The UUID is a 36 character string, including hyphens, and looks like this:
+     * xxxxxxxx-xxxx-4xxx-axxx-xxxxxxxxxxxx
+     *
+     * Note that while UUIDs are not guaranteed to be unique, they are
+     * practically unique" given the large number of possible UUIDs and
+     * the randomness of generation.
+     * @memberof CryptoUtils
+     * @example
+     * ```ts
+     * const uuid = randomUuid();
+     * console.log(uuid); // Outputs a version 4 UUID, e.g., '123e4567-e89b-12d3-a456-426655440000'
+     * ```
+     *
+     * @returns A string containing a randomly generated, 36 character long v4 UUID.
+     */
+    static randomUuid(): string;
+    /**
+     * Generates a secure random PIN (Personal Identification Number) of a
+     * specified length.
+     *
+     * This function ensures that the generated PIN is cryptographically secure and
+     * uniformly distributed by using rejection sampling. It repeatedly generates
+     * random numbers until it gets one in the desired range [0, max]. This avoids
+     * bias introduced by simply taking the modulus or truncating the number.
+     *
+     * Note: The function can generate PINs of 3 to 10 digits in length.
+     * Any request for a PIN outside this range will result in an error.
+     *
+     * Example usage:
+     *
+     * ```ts
+     * const pin = randomPin({ length: 4 });
+     * console.log(pin); // Outputs a 4-digit PIN, e.g., "0231"
+     * ```
+     * @memberof CryptoUtils
+     * @param options - The options object containing the desired length of the generated PIN.
+     * @param options.length - The desired length of the generated PIN. The value should be
+     *                         an integer between 3 and 8 inclusive.
+     *
+     * @returns A string representing the generated PIN. The PIN will be zero-padded
+     *          to match the specified length, if necessary.
+     *
+     * @throws Will throw an error if the requested PIN length is less than 3 or greater than 8.
+     */
+    static randomPin({ length }: {
+        length: number;
+    }): string;
+}
+//# sourceMappingURL=utils.d.ts.map

package/dist/types/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAKzC;;GAEG;AACH,qBAAa,WAAW;IAEtB;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,MAAM,CAAC,sCAAsC,CAAC,SAAS,EAAE,GAAG,GAAG,MAAM;IA2BrE;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,UAAU;IAInD;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,MAAM,CAAC,UAAU,IAAI,MAAM;IAO3B;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,GAAG,MAAM;CAiCzD"}

package/dist/utils.js

@@ -0,0 +1,7 @@
+var n=typeof globalThis=="object"&&"crypto"in globalThis?globalThis.crypto:void 0;var d=new Uint8Array(new Uint32Array([287454020]).buffer)[0]===68;var l={}.toString;function s(r=32){if(n&&typeof n.getRandomValues=="function")return n.getRandomValues(new Uint8Array(r));throw new Error("crypto.getRandomValues must be defined")}var f=class r{static getJoseSignatureAlgorithmFromPublicKey(t){let e={Ed25519:"EdDSA","P-256":"ES256","P-384":"ES384","P-521":"ES512",secp256k1:"ES256K"};if(t.alg&&Object.values(e).includes(t.alg))return t.alg;if(t.crv&&Object.keys(e).includes(t.crv))return e[t.crv];throw new Error(`Unable to determine algorithm based on provided input: alg=${t.alg}, crv=${t.crv}. Supported 'alg' values: ${Object.values(e).join(", ")}. Supported 'crv' values: ${Object.keys(e).join(", ")}.`)}static randomBytes(t){return s(t)}static randomUuid(){return n.randomUUID()}static randomPin({length:t}){if(3>t||t>10)throw new Error("randomPin() can securely generate a PIN between 3 to 10 digits.");let e=Math.pow(10,t)-1,o;if(t<=6){let i=Math.pow(10,t);do{let c=r.randomBytes(Math.ceil(t/2));o=new DataView(c.buffer).getUint16(0,!1)%i}while(o>e)}else{let i=Math.pow(10,10);do{let c=r.randomBytes(4);o=new DataView(c.buffer).getUint32(0,!1)%i}while(o>e)}return o.toString().padStart(t,"0")}};export{f as CryptoUtils};
+/*! Bundled license information:
+
+@noble/hashes/esm/utils.js:
+  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+*/
+//# sourceMappingURL=utils.js.map

package/dist/utils.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../node_modules/.pnpm/@noble+hashes@1.4.0/node_modules/@noble/hashes/src/crypto.ts", "../../../node_modules/.pnpm/@noble+hashes@1.4.0/node_modules/@noble/hashes/src/utils.ts", "../src/utils.ts"],
+  "sourcesContent": ["// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// See utils.ts for details.\ndeclare const globalThis: Record<string, any> | undefined;\nexport const crypto =\n  typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;\n", "/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n\n// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// node.js versions earlier than v19 don't declare it in global scope.\n// For node.js, package.json#exports field mapping rewrites import\n// from `crypto` to `cryptoNode`, which imports native module.\n// Makes the utils un-importable in browsers without a bundler.\n// Once node.js 18 is deprecated (2025-04-30), we can just drop the import.\nimport { crypto } from '@noble/hashes/crypto';\nimport { bytes as abytes } from './_assert.js';\n// export { isBytes } from './_assert.js';\n// We can't reuse isBytes from _assert, because somehow this causes huge perf issues\nexport function isBytes(a: unknown): a is Uint8Array {\n  return (\n    a instanceof Uint8Array ||\n    (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')\n  );\n}\n\n// prettier-ignore\nexport type TypedArray = Int8Array | Uint8ClampedArray | Uint8Array |\n  Uint16Array | Int16Array | Uint32Array | Int32Array;\n\n// Cast array to different type\nexport const u8 = (arr: TypedArray) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u32 = (arr: TypedArray) =>\n  new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n\n// Cast array to view\nexport const createView = (arr: TypedArray) =>\n  new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n\n// The rotate right (circular right shift) operation for uint32\nexport const rotr = (word: number, shift: number) => (word << (32 - shift)) | (word >>> shift);\n// The rotate left (circular left shift) operation for uint32\nexport const rotl = (word: number, shift: number) =>\n  (word << shift) | ((word >>> (32 - shift)) >>> 0);\n\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\n// The byte swap operation for uint32\nexport const byteSwap = (word: number) =>\n  ((word << 24) & 0xff000000) |\n  ((word << 8) & 0xff0000) |\n  ((word >>> 8) & 0xff00) |\n  ((word >>> 24) & 0xff);\n// Conditionally byte swap if on a big-endian platform\nexport const byteSwapIfBE = isLE ? (n: number) => n : (n: number) => byteSwap(n);\n\n// In place byte swap for Uint32Array\nexport function byteSwap32(arr: Uint32Array) {\n  for (let i = 0; i < arr.length; i++) {\n    arr[i] = byteSwap(arr[i]);\n  }\n}\n\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) =>\n  i.toString(16).padStart(2, '0')\n);\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes: Uint8Array): string {\n  abytes(bytes);\n  // pre-caching improves the speed 6x\n  let hex = '';\n  for (let i = 0; i < bytes.length; i++) {\n    hex += hexes[bytes[i]];\n  }\n  return hex;\n}\n\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 } as const;\nfunction asciiToBase16(char: number): number | undefined {\n  if (char >= asciis._0 && char <= asciis._9) return char - asciis._0;\n  if (char >= asciis._A && char <= asciis._F) return char - (asciis._A - 10);\n  if (char >= asciis._a && char <= asciis._f) return char - (asciis._a - 10);\n  return;\n}\n\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex: string): Uint8Array {\n  if (typeof hex !== 'string') throw new Error('hex string expected, got ' + typeof hex);\n  const hl = hex.length;\n  const al = hl / 2;\n  if (hl % 2) throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n  const array = new Uint8Array(al);\n  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n    const n1 = asciiToBase16(hex.charCodeAt(hi));\n    const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n    if (n1 === undefined || n2 === undefined) {\n      const char = hex[hi] + hex[hi + 1];\n      throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n    }\n    array[ai] = n1 * 16 + n2;\n  }\n  return array;\n}\n\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => {};\n\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters: number, tick: number, cb: (i: number) => void) {\n  let ts = Date.now();\n  for (let i = 0; i < iters; i++) {\n    cb(i);\n    // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n    const diff = Date.now() - ts;\n    if (diff >= 0 && diff < tick) continue;\n    await nextTick();\n    ts += diff;\n  }\n}\n\n// Global symbols in both browsers and Node.js since v11\n// See https://github.com/microsoft/TypeScript/issues/31535\ndeclare const TextEncoder: any;\n\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str: string): Uint8Array {\n  if (typeof str !== 'string') throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n  return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n\nexport type Input = Uint8Array | string;\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data: Input): Uint8Array {\n  if (typeof data === 'string') data = utf8ToBytes(data);\n  abytes(data);\n  return data;\n}\n\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays: Uint8Array[]): Uint8Array {\n  let sum = 0;\n  for (let i = 0; i < arrays.length; i++) {\n    const a = arrays[i];\n    abytes(a);\n    sum += a.length;\n  }\n  const res = new Uint8Array(sum);\n  for (let i = 0, pad = 0; i < arrays.length; i++) {\n    const a = arrays[i];\n    res.set(a, pad);\n    pad += a.length;\n  }\n  return res;\n}\n\n// For runtime check if class implements interface\nexport abstract class Hash<T extends Hash<T>> {\n  abstract blockLen: number; // Bytes per block\n  abstract outputLen: number; // Bytes in output\n  abstract update(buf: Input): this;\n  // Writes digest into buf\n  abstract digestInto(buf: Uint8Array): void;\n  abstract digest(): Uint8Array;\n  /**\n   * Resets internal state. Makes Hash instance unusable.\n   * Reset is impossible for keyed hashes if key is consumed into state. If digest is not consumed\n   * by user, they will need to manually call `destroy()` when zeroing is necessary.\n   */\n  abstract destroy(): void;\n  /**\n   * Clones hash instance. Unsafe: doesn't check whether `to` is valid. Can be used as `clone()`\n   * when no options are passed.\n   * Reasons to use `_cloneInto` instead of clone: 1) performance 2) reuse instance => all internal\n   * buffers are overwritten => causes buffer overwrite which is used for digest in some cases.\n   * There are no guarantees for clean-up because it's impossible in JS.\n   */\n  abstract _cloneInto(to?: T): T;\n  // Safe version that clones internal state\n  clone(): T {\n    return this._cloneInto();\n  }\n}\n\n/**\n * XOF: streaming API to read digest in chunks.\n * Same as 'squeeze' in keccak/k12 and 'seek' in blake3, but more generic name.\n * When hash used in XOF mode it is up to user to call '.destroy' afterwards, since we cannot\n * destroy state, next call can require more bytes.\n */\nexport type HashXOF<T extends Hash<T>> = Hash<T> & {\n  xof(bytes: number): Uint8Array; // Read 'bytes' bytes from digest stream\n  xofInto(buf: Uint8Array): Uint8Array; // read buf.length bytes from digest stream into buf\n};\n\nconst toStr = {}.toString;\ntype EmptyObj = {};\nexport function checkOpts<T1 extends EmptyObj, T2 extends EmptyObj>(\n  defaults: T1,\n  opts?: T2\n): T1 & T2 {\n  if (opts !== undefined && toStr.call(opts) !== '[object Object]')\n    throw new Error('Options should be object or undefined');\n  const merged = Object.assign(defaults, opts);\n  return merged as T1 & T2;\n}\n\nexport type CHash = ReturnType<typeof wrapConstructor>;\n\nexport function wrapConstructor<T extends Hash<T>>(hashCons: () => Hash<T>) {\n  const hashC = (msg: Input): Uint8Array => hashCons().update(toBytes(msg)).digest();\n  const tmp = hashCons();\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = () => hashCons();\n  return hashC;\n}\n\nexport function wrapConstructorWithOpts<H extends Hash<H>, T extends Object>(\n  hashCons: (opts?: T) => Hash<H>\n) {\n  const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n  const tmp = hashCons({} as T);\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = (opts: T) => hashCons(opts);\n  return hashC;\n}\n\nexport function wrapXOFConstructorWithOpts<H extends HashXOF<H>, T extends Object>(\n  hashCons: (opts?: T) => HashXOF<H>\n) {\n  const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n  const tmp = hashCons({} as T);\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = (opts: T) => hashCons(opts);\n  return hashC;\n}\n\n/**\n * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.\n */\nexport function randomBytes(bytesLength = 32): Uint8Array {\n  if (crypto && typeof crypto.getRandomValues === 'function') {\n    return crypto.getRandomValues(new Uint8Array(bytesLength));\n  }\n  throw new Error('crypto.getRandomValues must be defined');\n}\n", "import type { Jwk } from './jose/jwk.js';\n\nimport { crypto } from '@noble/hashes/crypto';\nimport { randomBytes as nobleRandomBytes } from '@noble/hashes/utils';\n\n/**\n * A collection of cryptographic utility methods.\n */\nexport class CryptoUtils {\n\n  /**\n   * Determines the JOSE algorithm identifier of the digital signature algorithm based on the `alg` or\n   * `crv` property of a {@link Jwk | JWK}.\n   *\n   * If the `alg` property is present, its value takes precedence and is returned. Otherwise, the\n   * `crv` property is used to determine the algorithm.\n   *\n   * @memberof CryptoUtils\n   * @see {@link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms | JOSE Algorithms}\n   * @see {@link https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/ | Fully-Specified Algorithms for JOSE and COSE}\n   *\n   * @example\n   * ```ts\n   * const publicKey: Jwk = {\n   *   \"kty\": \"OKP\",\n   *   \"crv\": \"Ed25519\",\n   *   \"x\": \"FEJG7OakZi500EydXxuE8uMc8uaAzEJkmQeG8khXANw\"\n   * }\n   * const algorithm = getJoseSignatureAlgorithmFromPublicKey(publicKey);\n   * console.log(algorithm); // Output: \"EdDSA\"\n   * ```\n   * @param publicKey - A JWK containing the `alg` and/or `crv` properties.\n   * @returns The name of the algorithm associated with the key.\n   * @throws Error if the algorithm cannot be determined from the provided input.\n   */\n  static getJoseSignatureAlgorithmFromPublicKey(publicKey: Jwk): string {\n    const curveToJoseAlgorithm: Record<string, string> = {\n      'Ed25519'   : 'EdDSA',\n      'P-256'     : 'ES256',\n      'P-384'     : 'ES384',\n      'P-521'     : 'ES512',\n      'secp256k1' : 'ES256K',\n    };\n\n    // If the key contains an `alg` property that matches a JOSE registered algorithm identifier,\n    // return its value.\n    if (publicKey.alg && Object.values(curveToJoseAlgorithm).includes(publicKey.alg)) {\n      return publicKey.alg;\n    }\n\n    // If the key contains a `crv` property, return the corresponding algorithm.\n    if (publicKey.crv && Object.keys(curveToJoseAlgorithm).includes(publicKey.crv)) {\n      return curveToJoseAlgorithm[publicKey.crv];\n    }\n\n    throw new Error(\n      `Unable to determine algorithm based on provided input: alg=${publicKey.alg}, crv=${publicKey.crv}. ` +\n      `Supported 'alg' values: ${Object.values(curveToJoseAlgorithm).join(', ')}. ` +\n      `Supported 'crv' values: ${Object.keys(curveToJoseAlgorithm).join(', ')}.`\n    );\n  }\n\n  /**\n   * Generates secure pseudorandom values of the specified length using\n   * `crypto.getRandomValues`, which defers to the operating system.\n   *\n   * @memberof CryptoUtils\n   * @remarks\n   * This function is a wrapper around `randomBytes` from the '@noble/hashes'\n   * package. It's designed to be cryptographically strong, suitable for\n   * generating initialization vectors, nonces, and other random values.\n   *\n   * @see {@link https://www.npmjs.com/package/@noble/hashes | @noble/hashes on NPM} for more\n   * information about the underlying implementation.\n   *\n   * @example\n   * ```ts\n   * const bytes = randomBytes(32); // Generates 32 random bytes\n   * ```\n   *\n   * @param bytesLength - The number of bytes to generate.\n   * @returns A Uint8Array containing the generated random bytes.\n   */\n  static randomBytes(bytesLength: number): Uint8Array {\n    return nobleRandomBytes(bytesLength);\n  }\n\n  /**\n   * Generates a UUID (Universally Unique Identifier) using a\n   * cryptographically strong random number generator following\n   * the version 4 format, as specified in RFC 4122.\n   *\n   * A version 4 UUID is a randomly generated UUID. The 13th character\n   * is set to '4' to denote version 4, and the 17th character is one\n   * of '8', '9', 'A', or 'B' to comply with the variant 1 format of\n   * UUIDs (the high bits are set to '10').\n   *\n   * The UUID is a 36 character string, including hyphens, and looks like this:\n   * xxxxxxxx-xxxx-4xxx-axxx-xxxxxxxxxxxx\n   *\n   * Note that while UUIDs are not guaranteed to be unique, they are\n   * practically unique\" given the large number of possible UUIDs and\n   * the randomness of generation.\n   * @memberof CryptoUtils\n   * @example\n   * ```ts\n   * const uuid = randomUuid();\n   * console.log(uuid); // Outputs a version 4 UUID, e.g., '123e4567-e89b-12d3-a456-426655440000'\n   * ```\n   *\n   * @returns A string containing a randomly generated, 36 character long v4 UUID.\n   */\n  static randomUuid(): string {\n    const uuid = crypto.randomUUID();\n\n    return uuid;\n  }\n\n\n  /**\n   * Generates a secure random PIN (Personal Identification Number) of a\n   * specified length.\n   *\n   * This function ensures that the generated PIN is cryptographically secure and\n   * uniformly distributed by using rejection sampling. It repeatedly generates\n   * random numbers until it gets one in the desired range [0, max]. This avoids\n   * bias introduced by simply taking the modulus or truncating the number.\n   *\n   * Note: The function can generate PINs of 3 to 10 digits in length.\n   * Any request for a PIN outside this range will result in an error.\n   *\n   * Example usage:\n   *\n   * ```ts\n   * const pin = randomPin({ length: 4 });\n   * console.log(pin); // Outputs a 4-digit PIN, e.g., \"0231\"\n   * ```\n   * @memberof CryptoUtils\n   * @param options - The options object containing the desired length of the generated PIN.\n   * @param options.length - The desired length of the generated PIN. The value should be\n   *                         an integer between 3 and 8 inclusive.\n   *\n   * @returns A string representing the generated PIN. The PIN will be zero-padded\n   *          to match the specified length, if necessary.\n   *\n   * @throws Will throw an error if the requested PIN length is less than 3 or greater than 8.\n   */\n  static randomPin({ length }: { length: number }): string {\n    if (3 > length || length > 10) {\n      throw new Error('randomPin() can securely generate a PIN between 3 to 10 digits.');\n    }\n\n    const max = Math.pow(10, length) - 1;\n\n    let pin;\n\n    if (length <= 6) {\n      const rejectionRange = Math.pow(10, length);\n      do {\n        // Adjust the byte generation based on length.\n        const randomBuffer = CryptoUtils.randomBytes(Math.ceil(length / 2) );  // 2 digits per byte.\n        const view = new DataView(randomBuffer.buffer);\n        // Convert the buffer to integer and take modulus based on length.\n        pin = view.getUint16(0, false) % rejectionRange;\n      } while (pin > max);\n    } else {\n      const rejectionRange = Math.pow(10, 10); // For max 10 digit number.\n      do {\n      // Generates 4 random bytes.\n        const randomBuffer = CryptoUtils.randomBytes(4);\n        // Create a DataView to read from the randomBuffer.\n        const view = new DataView(randomBuffer.buffer);\n        // Transform bytes to number (big endian).\n        pin = view.getUint32(0, false) % rejectionRange;\n      } while (pin > max);  // Reject if the number is outside the desired range.\n    }\n\n    // Pad the PIN with leading zeros to the desired length.\n    return pin.toString().padStart(length, '0');\n  }\n}\n"],
+  "mappings": "AAGO,IAAMA,EACX,OAAO,YAAe,UAAY,WAAY,WAAa,WAAW,OAAS,OCkC1E,IAAMC,EAAO,IAAI,WAAW,IAAI,YAAY,CAAC,SAAU,CAAC,EAAE,MAAM,EAAE,CAAC,IAAM,GAoKhF,IAAMC,EAAQ,CAAA,EAAG,SAgDX,SAAUC,EAAYC,EAAc,GAAE,CAC1C,GAAIC,GAAU,OAAOA,EAAO,iBAAoB,WAC9C,OAAOA,EAAO,gBAAgB,IAAI,WAAWD,CAAW,CAAC,EAE3D,MAAM,IAAI,MAAM,wCAAwC,CAC1D,CCvPO,IAAME,EAAN,MAAMC,CAAY,CA2BvB,OAAO,uCAAuCC,EAAwB,CACpE,IAAMC,EAA+C,CACnD,QAAc,QACd,QAAc,QACd,QAAc,QACd,QAAc,QACd,UAAc,QAChB,EAIA,GAAID,EAAU,KAAO,OAAO,OAAOC,CAAoB,EAAE,SAASD,EAAU,GAAG,EAC7E,OAAOA,EAAU,IAInB,GAAIA,EAAU,KAAO,OAAO,KAAKC,CAAoB,EAAE,SAASD,EAAU,GAAG,EAC3E,OAAOC,EAAqBD,EAAU,GAAG,EAG3C,MAAM,IAAI,MACR,8DAA8DA,EAAU,GAAG,SAASA,EAAU,GAAG,6BACtE,OAAO,OAAOC,CAAoB,EAAE,KAAK,IAAI,CAAC,6BAC9C,OAAO,KAAKA,CAAoB,EAAE,KAAK,IAAI,CAAC,GACzE,CACF,CAuBA,OAAO,YAAYC,EAAiC,CAClD,OAAOC,EAAiBD,CAAW,CACrC,CA2BA,OAAO,YAAqB,CAG1B,OAFaE,EAAO,WAAW,CAGjC,CA+BA,OAAO,UAAU,CAAE,OAAAC,CAAO,EAA+B,CACvD,GAAI,EAAIA,GAAUA,EAAS,GACzB,MAAM,IAAI,MAAM,iEAAiE,EAGnF,IAAMC,EAAM,KAAK,IAAI,GAAID,CAAM,EAAI,EAE/BE,EAEJ,GAAIF,GAAU,EAAG,CACf,IAAMG,EAAiB,KAAK,IAAI,GAAIH,CAAM,EAC1C,EAAG,CAED,IAAMI,EAAeV,EAAY,YAAY,KAAK,KAAKM,EAAS,CAAC,CAAE,EAGnEE,EAFa,IAAI,SAASE,EAAa,MAAM,EAElC,UAAU,EAAG,EAAK,EAAID,CACnC,OAASD,EAAMD,EACjB,KAAO,CACL,IAAME,EAAiB,KAAK,IAAI,GAAI,EAAE,EACtC,EAAG,CAED,IAAMC,EAAeV,EAAY,YAAY,CAAC,EAI9CQ,EAFa,IAAI,SAASE,EAAa,MAAM,EAElC,UAAU,EAAG,EAAK,EAAID,CACnC,OAASD,EAAMD,EACjB,CAGA,OAAOC,EAAI,SAAS,EAAE,SAASF,EAAQ,GAAG,CAC5C,CACF",
+  "names": ["crypto", "isLE", "toStr", "randomBytes", "bytesLength", "crypto", "CryptoUtils", "_CryptoUtils", "publicKey", "curveToJoseAlgorithm", "bytesLength", "randomBytes", "crypto", "length", "max", "pin", "rejectionRange", "randomBuffer"]
+}

package/package.json

@@ -0,0 +1,103 @@
+{
+  "name": "@enbox/crypto",
+  "version": "0.0.1",
+  "description": "Web5 cryptographic library",
+  "type": "module",
+  "main": "./dist/cjs/index.js",
+  "module": "./dist/esm/index.js",
+  "types": "./dist/types/index.d.ts",
+  "scripts": {
+    "clean": "rimraf dist tests/compiled",
+    "build:esm": "rimraf dist/esm dist/types && pnpm tsc -p tsconfig.json",
+    "build:cjs": "rimraf dist/cjs && pnpm tsc -p tsconfig.cjs.json && echo '{\"type\": \"commonjs\"}' > ./dist/cjs/package.json",
+    "build:browser": "rimraf dist/browser.mjs dist/browser.js && node build/bundles.js",
+    "build:tests:node": "rimraf tests/compiled && pnpm tsc -p tests/tsconfig.json",
+    "build:tests:browser": "rimraf tests/compiled && node build/esbuild-tests.cjs",
+    "build": "pnpm clean && pnpm build:esm && pnpm build:cjs && pnpm build:browser",
+    "lint": "eslint . --max-warnings 0",
+    "lint:fix": "eslint . --fix",
+    "test:node": "pnpm build:tests:node && pnpm c8 mocha",
+    "test:browser": "pnpm build:tests:browser && web-test-runner"
+  },
+  "homepage": "https://github.com/enboxorg/enbox/tree/main/packages/crypto#readme",
+  "bugs": "https://github.com/enboxorg/enbox/issues",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/enboxorg/enbox.git",
+    "directory": "packages/crypto"
+  },
+  "license": "Apache-2.0",
+  "contributors": [
+    {
+      "name": "Daniel Buchner",
+      "url": "https://github.com/csuwildcat"
+    },
+    {
+      "name": "Frank Hinek",
+      "url": "https://github.com/frankhinek"
+    },
+    {
+      "name": "Moe Jangda",
+      "url": "https://github.com/mistermoe"
+    }
+  ],
+  "files": [
+    "dist",
+    "src"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/types/index.d.ts",
+      "import": "./dist/esm/index.js",
+      "require": "./dist/cjs/index.js"
+    }
+  },
+  "browser": {
+    "node:crypto": false
+  },
+  "react-native": "./dist/esm/index.js",
+  "keywords": [
+    "cryptography",
+    "ed25519",
+    "secp256k1",
+    "web5"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "@noble/ciphers": "0.5.3",
+    "@noble/curves": "1.3.0",
+    "@noble/hashes": "1.4.0",
+    "@enbox/common": "workspace:*"
+  },
+  "devDependencies": {
+    "@playwright/test": "1.45.3",
+    "@types/chai": "4.3.16",
+    "@types/chai-as-promised": "7.1.8",
+    "@types/eslint": "8.56.10",
+    "@types/mocha": "10.0.6",
+    "@types/node": "20.14.8",
+    "@types/sinon": "17.0.3",
+    "@typescript-eslint/eslint-plugin": "7.14.1",
+    "@typescript-eslint/parser": "7.14.1",
+    "@web/test-runner": "0.18.2",
+    "@web/test-runner-playwright": "0.11.0",
+    "c8": "10.1.2",
+    "chai": "5.1.1",
+    "chai-as-promised": "8.0.0",
+    "esbuild": "0.23.0",
+    "eslint": "9.5.0",
+    "eslint-plugin-mocha": "10.4.3",
+    "mocha": "10.4.0",
+    "mocha-junit-reporter": "2.2.1",
+    "playwright": "1.45.3",
+    "rimraf": "5.0.7",
+    "sinon": "18.0.0",
+    "source-map-loader": "5.0.0",
+    "typescript": "5.4.5"
+  }
+}