@enbox/crypto 0.0.2 → 0.0.4

package/dist/types/types/key-io.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"key-io.d.ts","sourceRoot":"","sources":["../../../src/types/key-io.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAE1C;;;;;;;GAOG;AACH,MAAM,WAAW,mBAAmB,CAClC,cAAc,EACd,eAAe,EACf,cAAc;IAEd;;;;;;;;;;OAUG;IACH,SAAS,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAEhD;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;CAC7D"}
+{"version":3,"file":"key-io.d.ts","sourceRoot":"","sources":["../../../src/types/key-io.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAE1C;;;;;;;GAOG;AACH,MAAM,WAAW,mBAAmB,CAClC,cAAc,EACd,eAAe,EACf,cAAc;IAEd;;;;;;;;;;OAUG;IACH,SAAS,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAEhD;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;CAC7D;AAED;;GAEG;AACH,MAAM,WAAW,WAAW,CAAC,cAAc,EAAE,eAAe,GAAG,GAAG;IAChE;;;;;;OAMG;IACH,SAAS,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;CAC7D;AAED;;GAEG;AACH,MAAM,WAAW,WAAW,CAAC,cAAc,EAAE,eAAe,GAAG,IAAI;IACjE;;;;;;OAMG;IACH,SAAS,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;CAC7D;AAED;;GAEG;AACH,MAAM,WAAW,UAAU,CAAC,cAAc;IACxC;;;;OAIG;IACH,SAAS,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAClD"}

package/dist/types/types/params-direct.d.ts

@@ -1,10 +1,41 @@
-import type { Jwk } from '../jose/jwk.js';
 import type { AlgorithmIdentifier } from './identifier.js';
+import type { Jwk } from '../jose/jwk.js';
+/**
+ * Parameters for converting raw private key bytes to a JWK.
+ */
+export interface BytesToPrivateKeyParams {
+    /** The algorithm identifier. */
+    algorithm: AlgorithmIdentifier;
+    /** The raw private key bytes. */
+    privateKeyBytes: Uint8Array;
+}
+/**
+ * Parameters for converting raw public key bytes to a JWK.
+ */
+export interface BytesToPublicKeyParams {
+    /** The algorithm identifier. */
+    algorithm: AlgorithmIdentifier;
+    /** The raw public key bytes. */
+    publicKeyBytes: Uint8Array;
+}
 /**
  * Parameters for computing a public key.
  */
 export interface ComputePublicKeyParams extends GetPublicKeyParams {
 }
+/**
+ * Parameters for encryption and decryption operations.
+ *
+ * Intended for use with a Key Management System.
+ */
+export interface CipherParams {
+    /** A {@link Jwk} containing the key to be used for encryption or decryption. */
+    key: Jwk;
+    /** Data to be encrypted or decrypted. */
+    data: Uint8Array;
+    /** Additional algorithm-specific parameters for encryption or decryption. */
+    [key: string]: unknown;
+}
 /**
  * Parameters for decrypting data.
  */
@@ -35,6 +66,32 @@ export interface DeriveKeyParams {
     /** An object defining the algorithm-specific parameters for the derived key. */
     derivedKeyParams: unknown;
 }
+/**
+ * Parameters for deriving a key from raw byte-based key material.
+ *
+ * Unlike {@link DeriveKeyParams} which operates on JWK keys, this interface works with raw
+ * byte arrays as the base key input, making it suitable for agent-level key derivation where
+ * keys originate from passphrases, seed phrases, or other byte-oriented sources.
+ */
+export interface DeriveKeyFromBytesParams {
+    /** The algorithm identifier. */
+    algorithm: string;
+    /** The base key to be used for derivation as a byte array. */
+    baseKeyBytes: Uint8Array;
+    /** The algorithm identifier for the derived key. */
+    derivedKeyAlgorithm?: string;
+    /** Additional algorithm-specific parameters for key derivation. */
+    [key: string]: unknown;
+}
+/**
+ * Parameters for derivation of cryptographic byte arrays.
+ */
+export interface DeriveKeyBytesParams {
+    /** The base key to be used for derivation as a byte array. */
+    baseKeyBytes: Uint8Array;
+    /** The desired length of the derived key in bits. */
+    length: number;
+}
 /**
  * Parameters for computing a hash digest.
  */
@@ -76,6 +133,33 @@ export interface SignParams {
     /** Data to be signed. */
     data: Uint8Array;
 }
+/**
+ * Parameters for converting a private key JWK to raw bytes.
+ */
+export interface PrivateKeyToBytesParams {
+    /** The private key in JWK format. */
+    privateKey: Jwk;
+}
+/**
+ * Parameters for converting a public key JWK to raw bytes.
+ */
+export interface PublicKeyToBytesParams {
+    /** The public key in JWK format. */
+    publicKey: Jwk;
+}
+/**
+ * Parameters for unwrapping a key.
+ */
+export interface UnwrapKeyParams {
+    /** A {@link Jwk} containing the key used to decrypt the unwrapped key. */
+    decryptionKey: Jwk;
+    /** The wrapped private key as a byte array. */
+    wrappedKeyBytes: Uint8Array;
+    /** The algorithm identifier of the key encrypted in `wrappedKeyBytes`. */
+    wrappedKeyAlgorithm: string;
+    /** An object defining the algorithm-specific parameters for decrypting the `wrappedKeyBytes`. */
+    decryptParams?: unknown;
+}
 /**
  * Parameters for verifying a signature.
  */
@@ -87,4 +171,15 @@ export interface VerifyParams {
     /** The data associated with the signature. */
     data: Uint8Array;
 }
+/**
+ * Parameters for wrapping a key.
+ */
+export interface WrapKeyParams {
+    /** A {@link Jwk} containing the key used to encrypt the unwrapped key. */
+    encryptionKey: Jwk;
+    /** A {@link Jwk} containing the private key to be wrapped. */
+    unwrappedKey: Jwk;
+    /** An object defining the algorithm-specific parameters for encrypting the `unwrappedKey`. */
+    encryptParams?: unknown;
+}
 //# sourceMappingURL=params-direct.d.ts.map

package/dist/types/types/params-direct.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"params-direct.d.ts","sourceRoot":"","sources":["../../../src/types/params-direct.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAC1C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB;CAAI;AAEtE;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,GAAG,EAAE,GAAG,CAAC;IAET,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,uEAAuE;IACvE,GAAG,EAAE,GAAG,CAAC;IAET;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uEAAuE;IACvE,GAAG,EAAE,GAAG,CAAC;IAET,gFAAgF;IAChF,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;IAE/B,2BAA2B;IAC3B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,GAAG,EAAE,GAAG,CAAC;IAET,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,4EAA4E;IAC5E,GAAG,EAAE,GAAG,CAAC;CACV;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yDAAyD;IACzD,GAAG,EAAE,GAAG,CAAC;IAET,yBAAyB;IACzB,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,8DAA8D;IAC9D,GAAG,EAAE,GAAG,CAAC;IAET,+BAA+B;IAC/B,SAAS,EAAE,UAAU,CAAC;IAEtB,8CAA8C;IAC9C,IAAI,EAAE,UAAU,CAAC;CAClB"}
+{"version":3,"file":"params-direct.d.ts","sourceRoot":"","sources":["../../../src/types/params-direct.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAC3D,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAE1C;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;IAE/B,iCAAiC;IACjC,eAAe,EAAE,UAAU,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;IAE/B,gCAAgC;IAChC,cAAc,EAAE,UAAU,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB;CAAI;AAEtE;;;;GAIG;AACH,MAAM,WAAW,YAAY;IAC3B,gFAAgF;IAChF,GAAG,EAAE,GAAG,CAAC;IAET,yCAAyC;IACzC,IAAI,EAAE,UAAU,CAAC;IAEjB,6EAA6E;IAC7E,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,GAAG,EAAE,GAAG,CAAC;IAET,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,uEAAuE;IACvE,GAAG,EAAE,GAAG,CAAC;IAET;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uEAAuE;IACvE,GAAG,EAAE,GAAG,CAAC;IAET,gFAAgF;IAChF,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAED;;;;;;GAMG;AACH,MAAM,WAAW,wBAAwB;IACvC,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAC;IAElB,8DAA8D;IAC9D,YAAY,EAAE,UAAU,CAAC;IAEzB,oDAAoD;IACpD,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B,mEAAmE;IACnE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,8DAA8D;IAC9D,YAAY,EAAE,UAAU,CAAC;IAEzB,qDAAqD;IACrD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;IAE/B,2BAA2B;IAC3B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,GAAG,EAAE,GAAG,CAAC;IAET,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,4EAA4E;IAC5E,GAAG,EAAE,GAAG,CAAC;CACV;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yDAAyD;IACzD,GAAG,EAAE,GAAG,CAAC;IAET,yBAAyB;IACzB,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,qCAAqC;IACrC,UAAU,EAAE,GAAG,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,oCAAoC;IACpC,SAAS,EAAE,GAAG,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,0EAA0E;IAC1E,aAAa,EAAE,GAAG,CAAC;IAEnB,+CAA+C;IAC/C,eAAe,EAAE,UAAU,CAAC;IAE5B,0EAA0E;IAC1E,mBAAmB,EAAE,MAAM,CAAC;IAE5B,iGAAiG;IACjG,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,8DAA8D;IAC9D,GAAG,EAAE,GAAG,CAAC;IAET,+BAA+B;IAC/B,SAAS,EAAE,UAAU,CAAC;IAEtB,8CAA8C;IAC9C,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,0EAA0E;IAC1E,aAAa,EAAE,GAAG,CAAC;IAEnB,8DAA8D;IAC9D,YAAY,EAAE,GAAG,CAAC;IAElB,8FAA8F;IAC9F,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB"}

package/dist/types/types/params-kms.d.ts

@@ -128,4 +128,59 @@ export interface KmsUnwrapKeyParams {
     /** Algorithm to be used for unwrapping. */
     unwrapAlgorithm: AlgorithmIdentifier;
 }
+/**
+ * Parameters for KMS-based encryption and decryption operations.
+ *
+ * Intended for use with a Key Management System where the key is referenced by URI.
+ */
+export interface KmsCipherParams {
+    /** Identifier for the private key in the KMS. */
+    keyUri: KeyIdentifier;
+    /** Data to be encrypted or decrypted. */
+    data: Uint8Array;
+}
+/**
+ * Parameters for KMS-based derivation of a byte array from a given base key.
+ *
+ * Intended for use with a Key Management System.
+ */
+export interface KmsDeriveKeyBytesParams {
+    /** Identifier for the base key used in derivation in the KMS. */
+    baseKeyUri: KeyIdentifier;
+    /** The desired length of the derived key in bits. */
+    length: number;
+}
+/**
+ * Parameters for KMS-based key unwrapping. Intended for use with a Key Management System where
+ * the decryption key is referenced by URI.
+ */
+export interface KmsUriUnwrapKeyParams {
+    /** Identifier for the private key in the KMS used for decrypting the wrapped key. */
+    decryptionKeyUri: KeyIdentifier;
+    /** The wrapped private key as a byte array. */
+    wrappedKeyBytes: Uint8Array;
+    /** The algorithm identifier of the key encrypted in `wrappedKeyBytes`. */
+    wrappedKeyAlgorithm: string;
+    /** An object defining the algorithm-specific parameters for decrypting the `wrappedKeyBytes`. */
+    decryptParams?: unknown;
+}
+/**
+ * Parameters for KMS-based key wrapping. Intended for use with a Key Management System where
+ * the encryption key is referenced by URI.
+ */
+export interface KmsUriWrapKeyParams {
+    /** Identifier for the private key in the KMS used for encrypting the unwrapped key. */
+    encryptionKeyUri: KeyIdentifier;
+    /** A {@link Jwk} containing the private key to be wrapped. */
+    unwrappedKey: Jwk;
+    /** An object defining the algorithm-specific parameters for encrypting the `unwrappedKey`. */
+    encryptParams?: unknown;
+}
+/**
+ * Parameters for KMS-based key deletion. Intended for use with a Key Management System.
+ */
+export interface KmsDeleteKeyParams {
+    /** Identifier for the key to be deleted in the KMS. */
+    keyUri: KeyIdentifier;
+}
 //# sourceMappingURL=params-kms.d.ts.map

package/dist/types/types/params-kms.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"params-kms.d.ts","sourceRoot":"","sources":["../../../src/types/params-kms.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAC1C,OAAO,KAAK,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAE1E;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iDAAiD;IACjD,MAAM,EAAE,aAAa,CAAC;IAEtB,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,4DAA4D;IAC5D,MAAM,EAAE,aAAa,CAAC;IAEtB;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iEAAiE;IACjE,MAAM,EAAE,aAAa,CAAC;IAEtB,gFAAgF;IAChF,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;IAE/B,2BAA2B;IAC3B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iDAAiD;IACjD,MAAM,EAAE,aAAa,CAAC;IAEtB,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,kEAAkE;IAClE,MAAM,EAAE,aAAa,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;CAChC;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,sFAAsF;IACtF,GAAG,EAAE,GAAG,CAAC;CACV;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,iDAAiD;IACjD,MAAM,EAAE,aAAa,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,oEAAoE;IACpE,GAAG,EAAE,GAAG,CAAC;CACV;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,yDAAyD;IACzD,MAAM,EAAE,aAAa,CAAC;IAEtB,yBAAyB;IACzB,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,2EAA2E;IAC3E,GAAG,EAAE,GAAG,CAAC;IAET,+BAA+B;IAC/B,SAAS,EAAE,UAAU,CAAC;IAEtB,8CAA8C;IAC9C,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8DAA8D;IAC9D,GAAG,EAAE,GAAG,CAAC;IAET,uFAAuF;IACvF,aAAa,EAAE,aAAa,CAAC;IAE7B,yCAAyC;IACzC,aAAa,EAAE,mBAAmB,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,uCAAuC;IACvC,UAAU,EAAE,UAAU,CAAC;IAEvB,yFAAyF;IACzF,eAAe,EAAE,aAAa,CAAC;IAE/B,2CAA2C;IAC3C,eAAe,EAAE,mBAAmB,CAAC;CACtC"}
+{"version":3,"file":"params-kms.d.ts","sourceRoot":"","sources":["../../../src/types/params-kms.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAC1C,OAAO,KAAK,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAE1E;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iDAAiD;IACjD,MAAM,EAAE,aAAa,CAAC;IAEtB,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,4DAA4D;IAC5D,MAAM,EAAE,aAAa,CAAC;IAEtB;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iEAAiE;IACjE,MAAM,EAAE,aAAa,CAAC;IAEtB,gFAAgF;IAChF,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;IAE/B,2BAA2B;IAC3B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iDAAiD;IACjD,MAAM,EAAE,aAAa,CAAC;IAEtB,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,kEAAkE;IAClE,MAAM,EAAE,aAAa,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;CAChC;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,sFAAsF;IACtF,GAAG,EAAE,GAAG,CAAC;CACV;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,iDAAiD;IACjD,MAAM,EAAE,aAAa,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,oEAAoE;IACpE,GAAG,EAAE,GAAG,CAAC;CACV;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,yDAAyD;IACzD,MAAM,EAAE,aAAa,CAAC;IAEtB,yBAAyB;IACzB,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,2EAA2E;IAC3E,GAAG,EAAE,GAAG,CAAC;IAET,+BAA+B;IAC/B,SAAS,EAAE,UAAU,CAAC;IAEtB,8CAA8C;IAC9C,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8DAA8D;IAC9D,GAAG,EAAE,GAAG,CAAC;IAET,uFAAuF;IACvF,aAAa,EAAE,aAAa,CAAC;IAE7B,yCAAyC;IACzC,aAAa,EAAE,mBAAmB,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,uCAAuC;IACvC,UAAU,EAAE,UAAU,CAAC;IAEvB,yFAAyF;IACzF,eAAe,EAAE,aAAa,CAAC;IAE/B,2CAA2C;IAC3C,eAAe,EAAE,mBAAmB,CAAC;CACtC;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC9B,iDAAiD;IACjD,MAAM,EAAE,aAAa,CAAC;IAEtB,yCAAyC;IACzC,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;;;GAIG;AACH,MAAM,WAAW,uBAAuB;IACtC,iEAAiE;IACjE,UAAU,EAAE,aAAa,CAAC;IAE1B,qDAAqD;IACrD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,qFAAqF;IACrF,gBAAgB,EAAE,aAAa,CAAC;IAEhC,+CAA+C;IAC/C,eAAe,EAAE,UAAU,CAAC;IAE5B,0EAA0E;IAC1E,mBAAmB,EAAE,MAAM,CAAC;IAE5B,iGAAiG;IACjG,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,uFAAuF;IACvF,gBAAgB,EAAE,aAAa,CAAC;IAEhC,8DAA8D;IAC9D,YAAY,EAAE,GAAG,CAAC;IAElB,8FAA8F;IAC9F,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,uDAAuD;IACvD,MAAM,EAAE,aAAa,CAAC;CACvB"}

package/dist/types/utils.d.ts

@@ -1,4 +1,7 @@
+import type { Cipher } from './types/cipher.js';
 import type { Jwk } from './jose/jwk.js';
+import type { KeyWrapper } from './types/key-wrapper.js';
+import type { KeyExporter, KeyImporter } from './types/key-io.js';
 /**
  * A collection of cryptographic utility methods.
  */
@@ -109,4 +112,20 @@ export declare class CryptoUtils {
         length: number;
     }): string;
 }
+/**
+ * Type guard that checks whether the given object implements the {@link Cipher} interface.
+ */
+export declare function isCipher<EncryptInput, DecryptInput>(obj: unknown): obj is Cipher<EncryptInput, DecryptInput>;
+/**
+ * Type guard that checks whether the given object implements the {@link KeyExporter} interface.
+ */
+export declare function isKeyExporter<ExportKeyInput, ExportKeyOutput>(obj: unknown): obj is KeyExporter<ExportKeyInput, ExportKeyOutput>;
+/**
+ * Type guard that checks whether the given object implements the {@link KeyImporter} interface.
+ */
+export declare function isKeyImporter<ImportKeyInput, ImportKeyOutput>(obj: unknown): obj is KeyImporter<ImportKeyInput, ImportKeyOutput>;
+/**
+ * Type guard that checks whether the given object implements the {@link KeyWrapper} interface.
+ */
+export declare function isKeyWrapper<WrapKeyInput, UnwrapKeyInput>(obj: unknown): obj is KeyWrapper<WrapKeyInput, UnwrapKeyInput>;
 //# sourceMappingURL=utils.d.ts.map

package/dist/types/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAKzC;;GAEG;AACH,qBAAa,WAAW;IAEtB;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,MAAM,CAAC,sCAAsC,CAAC,SAAS,EAAE,GAAG,GAAG,MAAM;IA2BrE;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,UAAU;IAInD;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,MAAM,CAAC,UAAU,IAAI,MAAM;IAO3B;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,GAAG,MAAM;CAiCzD"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAKlE;;GAEG;AACH,qBAAa,WAAW;IAEtB;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,MAAM,CAAC,sCAAsC,CAAC,SAAS,EAAE,GAAG,GAAG,MAAM;IA2BrE;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,UAAU;IAInD;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,MAAM,CAAC,UAAU,IAAI,MAAM;IAO3B;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,GAAG,MAAM;CAiCzD;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,YAAY,EAAE,YAAY,EACjD,GAAG,EAAE,OAAO,GACX,GAAG,IAAI,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,CAM3C;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,cAAc,EAAE,eAAe,EAC3D,GAAG,EAAE,OAAO,GACX,GAAG,IAAI,WAAW,CAAC,cAAc,EAAE,eAAe,CAAC,CAKrD;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,cAAc,EAAE,eAAe,EAC3D,GAAG,EAAE,OAAO,GACX,GAAG,IAAI,WAAW,CAAC,cAAc,EAAE,eAAe,CAAC,CAKrD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,YAAY,EAAE,cAAc,EACvD,GAAG,EAAE,OAAO,GACX,GAAG,IAAI,UAAU,CAAC,YAAY,EAAE,cAAc,CAAC,CAMjD"}

package/dist/utils.js

@@ -1,4 +1,4 @@
-var n=typeof globalThis=="object"&&"crypto"in globalThis?globalThis.crypto:void 0;var d=new Uint8Array(new Uint32Array([287454020]).buffer)[0]===68;var l={}.toString;function s(r=32){if(n&&typeof n.getRandomValues=="function")return n.getRandomValues(new Uint8Array(r));throw new Error("crypto.getRandomValues must be defined")}var f=class r{static getJoseSignatureAlgorithmFromPublicKey(t){let e={Ed25519:"EdDSA","P-256":"ES256","P-384":"ES384","P-521":"ES512",secp256k1:"ES256K"};if(t.alg&&Object.values(e).includes(t.alg))return t.alg;if(t.crv&&Object.keys(e).includes(t.crv))return e[t.crv];throw new Error(`Unable to determine algorithm based on provided input: alg=${t.alg}, crv=${t.crv}. Supported 'alg' values: ${Object.values(e).join(", ")}. Supported 'crv' values: ${Object.keys(e).join(", ")}.`)}static randomBytes(t){return s(t)}static randomUuid(){return n.randomUUID()}static randomPin({length:t}){if(3>t||t>10)throw new Error("randomPin() can securely generate a PIN between 3 to 10 digits.");let e=Math.pow(10,t)-1,o;if(t<=6){let i=Math.pow(10,t);do{let c=r.randomBytes(Math.ceil(t/2));o=new DataView(c.buffer).getUint16(0,!1)%i}while(o>e)}else{let i=Math.pow(10,10);do{let c=r.randomBytes(4);o=new DataView(c.buffer).getUint32(0,!1)%i}while(o>e)}return o.toString().padStart(t,"0")}};export{f as CryptoUtils};
+var r=typeof globalThis=="object"&&"crypto"in globalThis?globalThis.crypto:void 0;var a=new Uint8Array(new Uint32Array([287454020]).buffer)[0]===68;var l={}.toString;function c(t=32){if(r&&typeof r.getRandomValues=="function")return r.getRandomValues(new Uint8Array(t));throw new Error("crypto.getRandomValues must be defined")}var u=class t{static getJoseSignatureAlgorithmFromPublicKey(e){let n={Ed25519:"EdDSA","P-256":"ES256","P-384":"ES384","P-521":"ES512",secp256k1:"ES256K"};if(e.alg&&Object.values(n).includes(e.alg))return e.alg;if(e.crv&&Object.keys(n).includes(e.crv))return n[e.crv];throw new Error(`Unable to determine algorithm based on provided input: alg=${e.alg}, crv=${e.crv}. Supported 'alg' values: ${Object.values(n).join(", ")}. Supported 'crv' values: ${Object.keys(n).join(", ")}.`)}static randomBytes(e){return c(e)}static randomUuid(){return r.randomUUID()}static randomPin({length:e}){if(3>e||e>10)throw new Error("randomPin() can securely generate a PIN between 3 to 10 digits.");let n=Math.pow(10,e)-1,o;if(e<=6){let p=Math.pow(10,e);do{let i=t.randomBytes(Math.ceil(e/2));o=new DataView(i.buffer).getUint16(0,!1)%p}while(o>n)}else{let p=Math.pow(10,10);do{let i=t.randomBytes(4);o=new DataView(i.buffer).getUint32(0,!1)%p}while(o>n)}return o.toString().padStart(e,"0")}};function g(t){return t!==null&&typeof t=="object"&&"encrypt"in t&&typeof t.encrypt=="function"&&"decrypt"in t&&typeof t.decrypt=="function"}function x(t){return t!==null&&typeof t=="object"&&"exportKey"in t&&typeof t.exportKey=="function"}function b(t){return t!==null&&typeof t=="object"&&"importKey"in t&&typeof t.importKey=="function"}function h(t){return t!==null&&typeof t=="object"&&"wrapKey"in t&&typeof t.wrapKey=="function"&&"unwrapKey"in t&&typeof t.unwrapKey=="function"}export{u as CryptoUtils,g as isCipher,x as isKeyExporter,b as isKeyImporter,h as isKeyWrapper};
 /*! Bundled license information:
 
 @noble/hashes/esm/utils.js:

package/dist/utils.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
-  "sources": ["../../../node_modules/.pnpm/@noble+hashes@1.4.0/node_modules/@noble/hashes/src/crypto.ts", "../../../node_modules/.pnpm/@noble+hashes@1.4.0/node_modules/@noble/hashes/src/utils.ts", "../src/utils.ts"],
-  "sourcesContent": ["// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// See utils.ts for details.\ndeclare const globalThis: Record<string, any> | undefined;\nexport const crypto =\n  typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;\n", "/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n\n// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// node.js versions earlier than v19 don't declare it in global scope.\n// For node.js, package.json#exports field mapping rewrites import\n// from `crypto` to `cryptoNode`, which imports native module.\n// Makes the utils un-importable in browsers without a bundler.\n// Once node.js 18 is deprecated (2025-04-30), we can just drop the import.\nimport { crypto } from '@noble/hashes/crypto';\nimport { bytes as abytes } from './_assert.js';\n// export { isBytes } from './_assert.js';\n// We can't reuse isBytes from _assert, because somehow this causes huge perf issues\nexport function isBytes(a: unknown): a is Uint8Array {\n  return (\n    a instanceof Uint8Array ||\n    (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')\n  );\n}\n\n// prettier-ignore\nexport type TypedArray = Int8Array | Uint8ClampedArray | Uint8Array |\n  Uint16Array | Int16Array | Uint32Array | Int32Array;\n\n// Cast array to different type\nexport const u8 = (arr: TypedArray) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u32 = (arr: TypedArray) =>\n  new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n\n// Cast array to view\nexport const createView = (arr: TypedArray) =>\n  new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n\n// The rotate right (circular right shift) operation for uint32\nexport const rotr = (word: number, shift: number) => (word << (32 - shift)) | (word >>> shift);\n// The rotate left (circular left shift) operation for uint32\nexport const rotl = (word: number, shift: number) =>\n  (word << shift) | ((word >>> (32 - shift)) >>> 0);\n\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\n// The byte swap operation for uint32\nexport const byteSwap = (word: number) =>\n  ((word << 24) & 0xff000000) |\n  ((word << 8) & 0xff0000) |\n  ((word >>> 8) & 0xff00) |\n  ((word >>> 24) & 0xff);\n// Conditionally byte swap if on a big-endian platform\nexport const byteSwapIfBE = isLE ? (n: number) => n : (n: number) => byteSwap(n);\n\n// In place byte swap for Uint32Array\nexport function byteSwap32(arr: Uint32Array) {\n  for (let i = 0; i < arr.length; i++) {\n    arr[i] = byteSwap(arr[i]);\n  }\n}\n\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) =>\n  i.toString(16).padStart(2, '0')\n);\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes: Uint8Array): string {\n  abytes(bytes);\n  // pre-caching improves the speed 6x\n  let hex = '';\n  for (let i = 0; i < bytes.length; i++) {\n    hex += hexes[bytes[i]];\n  }\n  return hex;\n}\n\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 } as const;\nfunction asciiToBase16(char: number): number | undefined {\n  if (char >= asciis._0 && char <= asciis._9) return char - asciis._0;\n  if (char >= asciis._A && char <= asciis._F) return char - (asciis._A - 10);\n  if (char >= asciis._a && char <= asciis._f) return char - (asciis._a - 10);\n  return;\n}\n\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex: string): Uint8Array {\n  if (typeof hex !== 'string') throw new Error('hex string expected, got ' + typeof hex);\n  const hl = hex.length;\n  const al = hl / 2;\n  if (hl % 2) throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n  const array = new Uint8Array(al);\n  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n    const n1 = asciiToBase16(hex.charCodeAt(hi));\n    const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n    if (n1 === undefined || n2 === undefined) {\n      const char = hex[hi] + hex[hi + 1];\n      throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n    }\n    array[ai] = n1 * 16 + n2;\n  }\n  return array;\n}\n\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => {};\n\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters: number, tick: number, cb: (i: number) => void) {\n  let ts = Date.now();\n  for (let i = 0; i < iters; i++) {\n    cb(i);\n    // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n    const diff = Date.now() - ts;\n    if (diff >= 0 && diff < tick) continue;\n    await nextTick();\n    ts += diff;\n  }\n}\n\n// Global symbols in both browsers and Node.js since v11\n// See https://github.com/microsoft/TypeScript/issues/31535\ndeclare const TextEncoder: any;\n\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str: string): Uint8Array {\n  if (typeof str !== 'string') throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n  return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n\nexport type Input = Uint8Array | string;\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data: Input): Uint8Array {\n  if (typeof data === 'string') data = utf8ToBytes(data);\n  abytes(data);\n  return data;\n}\n\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays: Uint8Array[]): Uint8Array {\n  let sum = 0;\n  for (let i = 0; i < arrays.length; i++) {\n    const a = arrays[i];\n    abytes(a);\n    sum += a.length;\n  }\n  const res = new Uint8Array(sum);\n  for (let i = 0, pad = 0; i < arrays.length; i++) {\n    const a = arrays[i];\n    res.set(a, pad);\n    pad += a.length;\n  }\n  return res;\n}\n\n// For runtime check if class implements interface\nexport abstract class Hash<T extends Hash<T>> {\n  abstract blockLen: number; // Bytes per block\n  abstract outputLen: number; // Bytes in output\n  abstract update(buf: Input): this;\n  // Writes digest into buf\n  abstract digestInto(buf: Uint8Array): void;\n  abstract digest(): Uint8Array;\n  /**\n   * Resets internal state. Makes Hash instance unusable.\n   * Reset is impossible for keyed hashes if key is consumed into state. If digest is not consumed\n   * by user, they will need to manually call `destroy()` when zeroing is necessary.\n   */\n  abstract destroy(): void;\n  /**\n   * Clones hash instance. Unsafe: doesn't check whether `to` is valid. Can be used as `clone()`\n   * when no options are passed.\n   * Reasons to use `_cloneInto` instead of clone: 1) performance 2) reuse instance => all internal\n   * buffers are overwritten => causes buffer overwrite which is used for digest in some cases.\n   * There are no guarantees for clean-up because it's impossible in JS.\n   */\n  abstract _cloneInto(to?: T): T;\n  // Safe version that clones internal state\n  clone(): T {\n    return this._cloneInto();\n  }\n}\n\n/**\n * XOF: streaming API to read digest in chunks.\n * Same as 'squeeze' in keccak/k12 and 'seek' in blake3, but more generic name.\n * When hash used in XOF mode it is up to user to call '.destroy' afterwards, since we cannot\n * destroy state, next call can require more bytes.\n */\nexport type HashXOF<T extends Hash<T>> = Hash<T> & {\n  xof(bytes: number): Uint8Array; // Read 'bytes' bytes from digest stream\n  xofInto(buf: Uint8Array): Uint8Array; // read buf.length bytes from digest stream into buf\n};\n\nconst toStr = {}.toString;\ntype EmptyObj = {};\nexport function checkOpts<T1 extends EmptyObj, T2 extends EmptyObj>(\n  defaults: T1,\n  opts?: T2\n): T1 & T2 {\n  if (opts !== undefined && toStr.call(opts) !== '[object Object]')\n    throw new Error('Options should be object or undefined');\n  const merged = Object.assign(defaults, opts);\n  return merged as T1 & T2;\n}\n\nexport type CHash = ReturnType<typeof wrapConstructor>;\n\nexport function wrapConstructor<T extends Hash<T>>(hashCons: () => Hash<T>) {\n  const hashC = (msg: Input): Uint8Array => hashCons().update(toBytes(msg)).digest();\n  const tmp = hashCons();\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = () => hashCons();\n  return hashC;\n}\n\nexport function wrapConstructorWithOpts<H extends Hash<H>, T extends Object>(\n  hashCons: (opts?: T) => Hash<H>\n) {\n  const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n  const tmp = hashCons({} as T);\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = (opts: T) => hashCons(opts);\n  return hashC;\n}\n\nexport function wrapXOFConstructorWithOpts<H extends HashXOF<H>, T extends Object>(\n  hashCons: (opts?: T) => HashXOF<H>\n) {\n  const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n  const tmp = hashCons({} as T);\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = (opts: T) => hashCons(opts);\n  return hashC;\n}\n\n/**\n * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.\n */\nexport function randomBytes(bytesLength = 32): Uint8Array {\n  if (crypto && typeof crypto.getRandomValues === 'function') {\n    return crypto.getRandomValues(new Uint8Array(bytesLength));\n  }\n  throw new Error('crypto.getRandomValues must be defined');\n}\n", "import type { Jwk } from './jose/jwk.js';\n\nimport { crypto } from '@noble/hashes/crypto';\nimport { randomBytes as nobleRandomBytes } from '@noble/hashes/utils';\n\n/**\n * A collection of cryptographic utility methods.\n */\nexport class CryptoUtils {\n\n  /**\n   * Determines the JOSE algorithm identifier of the digital signature algorithm based on the `alg` or\n   * `crv` property of a {@link Jwk | JWK}.\n   *\n   * If the `alg` property is present, its value takes precedence and is returned. Otherwise, the\n   * `crv` property is used to determine the algorithm.\n   *\n   * @memberof CryptoUtils\n   * @see {@link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms | JOSE Algorithms}\n   * @see {@link https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/ | Fully-Specified Algorithms for JOSE and COSE}\n   *\n   * @example\n   * ```ts\n   * const publicKey: Jwk = {\n   *   \"kty\": \"OKP\",\n   *   \"crv\": \"Ed25519\",\n   *   \"x\": \"FEJG7OakZi500EydXxuE8uMc8uaAzEJkmQeG8khXANw\"\n   * }\n   * const algorithm = getJoseSignatureAlgorithmFromPublicKey(publicKey);\n   * console.log(algorithm); // Output: \"EdDSA\"\n   * ```\n   * @param publicKey - A JWK containing the `alg` and/or `crv` properties.\n   * @returns The name of the algorithm associated with the key.\n   * @throws Error if the algorithm cannot be determined from the provided input.\n   */\n  static getJoseSignatureAlgorithmFromPublicKey(publicKey: Jwk): string {\n    const curveToJoseAlgorithm: Record<string, string> = {\n      'Ed25519'   : 'EdDSA',\n      'P-256'     : 'ES256',\n      'P-384'     : 'ES384',\n      'P-521'     : 'ES512',\n      'secp256k1' : 'ES256K',\n    };\n\n    // If the key contains an `alg` property that matches a JOSE registered algorithm identifier,\n    // return its value.\n    if (publicKey.alg && Object.values(curveToJoseAlgorithm).includes(publicKey.alg)) {\n      return publicKey.alg;\n    }\n\n    // If the key contains a `crv` property, return the corresponding algorithm.\n    if (publicKey.crv && Object.keys(curveToJoseAlgorithm).includes(publicKey.crv)) {\n      return curveToJoseAlgorithm[publicKey.crv];\n    }\n\n    throw new Error(\n      `Unable to determine algorithm based on provided input: alg=${publicKey.alg}, crv=${publicKey.crv}. ` +\n      `Supported 'alg' values: ${Object.values(curveToJoseAlgorithm).join(', ')}. ` +\n      `Supported 'crv' values: ${Object.keys(curveToJoseAlgorithm).join(', ')}.`\n    );\n  }\n\n  /**\n   * Generates secure pseudorandom values of the specified length using\n   * `crypto.getRandomValues`, which defers to the operating system.\n   *\n   * @memberof CryptoUtils\n   * @remarks\n   * This function is a wrapper around `randomBytes` from the '@noble/hashes'\n   * package. It's designed to be cryptographically strong, suitable for\n   * generating initialization vectors, nonces, and other random values.\n   *\n   * @see {@link https://www.npmjs.com/package/@noble/hashes | @noble/hashes on NPM} for more\n   * information about the underlying implementation.\n   *\n   * @example\n   * ```ts\n   * const bytes = randomBytes(32); // Generates 32 random bytes\n   * ```\n   *\n   * @param bytesLength - The number of bytes to generate.\n   * @returns A Uint8Array containing the generated random bytes.\n   */\n  static randomBytes(bytesLength: number): Uint8Array {\n    return nobleRandomBytes(bytesLength);\n  }\n\n  /**\n   * Generates a UUID (Universally Unique Identifier) using a\n   * cryptographically strong random number generator following\n   * the version 4 format, as specified in RFC 4122.\n   *\n   * A version 4 UUID is a randomly generated UUID. The 13th character\n   * is set to '4' to denote version 4, and the 17th character is one\n   * of '8', '9', 'A', or 'B' to comply with the variant 1 format of\n   * UUIDs (the high bits are set to '10').\n   *\n   * The UUID is a 36 character string, including hyphens, and looks like this:\n   * xxxxxxxx-xxxx-4xxx-axxx-xxxxxxxxxxxx\n   *\n   * Note that while UUIDs are not guaranteed to be unique, they are\n   * practically unique\" given the large number of possible UUIDs and\n   * the randomness of generation.\n   * @memberof CryptoUtils\n   * @example\n   * ```ts\n   * const uuid = randomUuid();\n   * console.log(uuid); // Outputs a version 4 UUID, e.g., '123e4567-e89b-12d3-a456-426655440000'\n   * ```\n   *\n   * @returns A string containing a randomly generated, 36 character long v4 UUID.\n   */\n  static randomUuid(): string {\n    const uuid = crypto.randomUUID();\n\n    return uuid;\n  }\n\n\n  /**\n   * Generates a secure random PIN (Personal Identification Number) of a\n   * specified length.\n   *\n   * This function ensures that the generated PIN is cryptographically secure and\n   * uniformly distributed by using rejection sampling. It repeatedly generates\n   * random numbers until it gets one in the desired range [0, max]. This avoids\n   * bias introduced by simply taking the modulus or truncating the number.\n   *\n   * Note: The function can generate PINs of 3 to 10 digits in length.\n   * Any request for a PIN outside this range will result in an error.\n   *\n   * Example usage:\n   *\n   * ```ts\n   * const pin = randomPin({ length: 4 });\n   * console.log(pin); // Outputs a 4-digit PIN, e.g., \"0231\"\n   * ```\n   * @memberof CryptoUtils\n   * @param options - The options object containing the desired length of the generated PIN.\n   * @param options.length - The desired length of the generated PIN. The value should be\n   *                         an integer between 3 and 8 inclusive.\n   *\n   * @returns A string representing the generated PIN. The PIN will be zero-padded\n   *          to match the specified length, if necessary.\n   *\n   * @throws Will throw an error if the requested PIN length is less than 3 or greater than 8.\n   */\n  static randomPin({ length }: { length: number }): string {\n    if (3 > length || length > 10) {\n      throw new Error('randomPin() can securely generate a PIN between 3 to 10 digits.');\n    }\n\n    const max = Math.pow(10, length) - 1;\n\n    let pin;\n\n    if (length <= 6) {\n      const rejectionRange = Math.pow(10, length);\n      do {\n        // Adjust the byte generation based on length.\n        const randomBuffer = CryptoUtils.randomBytes(Math.ceil(length / 2) );  // 2 digits per byte.\n        const view = new DataView(randomBuffer.buffer);\n        // Convert the buffer to integer and take modulus based on length.\n        pin = view.getUint16(0, false) % rejectionRange;\n      } while (pin > max);\n    } else {\n      const rejectionRange = Math.pow(10, 10); // For max 10 digit number.\n      do {\n      // Generates 4 random bytes.\n        const randomBuffer = CryptoUtils.randomBytes(4);\n        // Create a DataView to read from the randomBuffer.\n        const view = new DataView(randomBuffer.buffer);\n        // Transform bytes to number (big endian).\n        pin = view.getUint32(0, false) % rejectionRange;\n      } while (pin > max);  // Reject if the number is outside the desired range.\n    }\n\n    // Pad the PIN with leading zeros to the desired length.\n    return pin.toString().padStart(length, '0');\n  }\n}\n"],
-  "mappings": "AAGO,IAAMA,EACX,OAAO,YAAe,UAAY,WAAY,WAAa,WAAW,OAAS,OCkC1E,IAAMC,EAAO,IAAI,WAAW,IAAI,YAAY,CAAC,SAAU,CAAC,EAAE,MAAM,EAAE,CAAC,IAAM,GAoKhF,IAAMC,EAAQ,CAAA,EAAG,SAgDX,SAAUC,EAAYC,EAAc,GAAE,CAC1C,GAAIC,GAAU,OAAOA,EAAO,iBAAoB,WAC9C,OAAOA,EAAO,gBAAgB,IAAI,WAAWD,CAAW,CAAC,EAE3D,MAAM,IAAI,MAAM,wCAAwC,CAC1D,CCvPO,IAAME,EAAN,MAAMC,CAAY,CA2BvB,OAAO,uCAAuCC,EAAwB,CACpE,IAAMC,EAA+C,CACnD,QAAc,QACd,QAAc,QACd,QAAc,QACd,QAAc,QACd,UAAc,QAChB,EAIA,GAAID,EAAU,KAAO,OAAO,OAAOC,CAAoB,EAAE,SAASD,EAAU,GAAG,EAC7E,OAAOA,EAAU,IAInB,GAAIA,EAAU,KAAO,OAAO,KAAKC,CAAoB,EAAE,SAASD,EAAU,GAAG,EAC3E,OAAOC,EAAqBD,EAAU,GAAG,EAG3C,MAAM,IAAI,MACR,8DAA8DA,EAAU,GAAG,SAASA,EAAU,GAAG,6BACtE,OAAO,OAAOC,CAAoB,EAAE,KAAK,IAAI,CAAC,6BAC9C,OAAO,KAAKA,CAAoB,EAAE,KAAK,IAAI,CAAC,GACzE,CACF,CAuBA,OAAO,YAAYC,EAAiC,CAClD,OAAOC,EAAiBD,CAAW,CACrC,CA2BA,OAAO,YAAqB,CAG1B,OAFaE,EAAO,WAAW,CAGjC,CA+BA,OAAO,UAAU,CAAE,OAAAC,CAAO,EAA+B,CACvD,GAAI,EAAIA,GAAUA,EAAS,GACzB,MAAM,IAAI,MAAM,iEAAiE,EAGnF,IAAMC,EAAM,KAAK,IAAI,GAAID,CAAM,EAAI,EAE/BE,EAEJ,GAAIF,GAAU,EAAG,CACf,IAAMG,EAAiB,KAAK,IAAI,GAAIH,CAAM,EAC1C,EAAG,CAED,IAAMI,EAAeV,EAAY,YAAY,KAAK,KAAKM,EAAS,CAAC,CAAE,EAGnEE,EAFa,IAAI,SAASE,EAAa,MAAM,EAElC,UAAU,EAAG,EAAK,EAAID,CACnC,OAASD,EAAMD,EACjB,KAAO,CACL,IAAME,EAAiB,KAAK,IAAI,GAAI,EAAE,EACtC,EAAG,CAED,IAAMC,EAAeV,EAAY,YAAY,CAAC,EAI9CQ,EAFa,IAAI,SAASE,EAAa,MAAM,EAElC,UAAU,EAAG,EAAK,EAAID,CACnC,OAASD,EAAMD,EACjB,CAGA,OAAOC,EAAI,SAAS,EAAE,SAASF,EAAQ,GAAG,CAC5C,CACF",
-  "names": ["crypto", "isLE", "toStr", "randomBytes", "bytesLength", "crypto", "CryptoUtils", "_CryptoUtils", "publicKey", "curveToJoseAlgorithm", "bytesLength", "randomBytes", "crypto", "length", "max", "pin", "rejectionRange", "randomBuffer"]
+  "sources": ["../../../node_modules/.bun/@noble+hashes@1.4.0/node_modules/@noble/hashes/src/crypto.ts", "../../../node_modules/.bun/@noble+hashes@1.4.0/node_modules/@noble/hashes/src/utils.ts", "../src/utils.ts"],
+  "sourcesContent": ["// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// See utils.ts for details.\ndeclare const globalThis: Record<string, any> | undefined;\nexport const crypto =\n  typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;\n", "/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n\n// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// node.js versions earlier than v19 don't declare it in global scope.\n// For node.js, package.json#exports field mapping rewrites import\n// from `crypto` to `cryptoNode`, which imports native module.\n// Makes the utils un-importable in browsers without a bundler.\n// Once node.js 18 is deprecated (2025-04-30), we can just drop the import.\nimport { crypto } from '@noble/hashes/crypto';\nimport { bytes as abytes } from './_assert.js';\n// export { isBytes } from './_assert.js';\n// We can't reuse isBytes from _assert, because somehow this causes huge perf issues\nexport function isBytes(a: unknown): a is Uint8Array {\n  return (\n    a instanceof Uint8Array ||\n    (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')\n  );\n}\n\n// prettier-ignore\nexport type TypedArray = Int8Array | Uint8ClampedArray | Uint8Array |\n  Uint16Array | Int16Array | Uint32Array | Int32Array;\n\n// Cast array to different type\nexport const u8 = (arr: TypedArray) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u32 = (arr: TypedArray) =>\n  new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n\n// Cast array to view\nexport const createView = (arr: TypedArray) =>\n  new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n\n// The rotate right (circular right shift) operation for uint32\nexport const rotr = (word: number, shift: number) => (word << (32 - shift)) | (word >>> shift);\n// The rotate left (circular left shift) operation for uint32\nexport const rotl = (word: number, shift: number) =>\n  (word << shift) | ((word >>> (32 - shift)) >>> 0);\n\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\n// The byte swap operation for uint32\nexport const byteSwap = (word: number) =>\n  ((word << 24) & 0xff000000) |\n  ((word << 8) & 0xff0000) |\n  ((word >>> 8) & 0xff00) |\n  ((word >>> 24) & 0xff);\n// Conditionally byte swap if on a big-endian platform\nexport const byteSwapIfBE = isLE ? (n: number) => n : (n: number) => byteSwap(n);\n\n// In place byte swap for Uint32Array\nexport function byteSwap32(arr: Uint32Array) {\n  for (let i = 0; i < arr.length; i++) {\n    arr[i] = byteSwap(arr[i]);\n  }\n}\n\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) =>\n  i.toString(16).padStart(2, '0')\n);\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes: Uint8Array): string {\n  abytes(bytes);\n  // pre-caching improves the speed 6x\n  let hex = '';\n  for (let i = 0; i < bytes.length; i++) {\n    hex += hexes[bytes[i]];\n  }\n  return hex;\n}\n\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 } as const;\nfunction asciiToBase16(char: number): number | undefined {\n  if (char >= asciis._0 && char <= asciis._9) return char - asciis._0;\n  if (char >= asciis._A && char <= asciis._F) return char - (asciis._A - 10);\n  if (char >= asciis._a && char <= asciis._f) return char - (asciis._a - 10);\n  return;\n}\n\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex: string): Uint8Array {\n  if (typeof hex !== 'string') throw new Error('hex string expected, got ' + typeof hex);\n  const hl = hex.length;\n  const al = hl / 2;\n  if (hl % 2) throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n  const array = new Uint8Array(al);\n  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n    const n1 = asciiToBase16(hex.charCodeAt(hi));\n    const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n    if (n1 === undefined || n2 === undefined) {\n      const char = hex[hi] + hex[hi + 1];\n      throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n    }\n    array[ai] = n1 * 16 + n2;\n  }\n  return array;\n}\n\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => {};\n\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters: number, tick: number, cb: (i: number) => void) {\n  let ts = Date.now();\n  for (let i = 0; i < iters; i++) {\n    cb(i);\n    // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n    const diff = Date.now() - ts;\n    if (diff >= 0 && diff < tick) continue;\n    await nextTick();\n    ts += diff;\n  }\n}\n\n// Global symbols in both browsers and Node.js since v11\n// See https://github.com/microsoft/TypeScript/issues/31535\ndeclare const TextEncoder: any;\n\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str: string): Uint8Array {\n  if (typeof str !== 'string') throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n  return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n\nexport type Input = Uint8Array | string;\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data: Input): Uint8Array {\n  if (typeof data === 'string') data = utf8ToBytes(data);\n  abytes(data);\n  return data;\n}\n\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays: Uint8Array[]): Uint8Array {\n  let sum = 0;\n  for (let i = 0; i < arrays.length; i++) {\n    const a = arrays[i];\n    abytes(a);\n    sum += a.length;\n  }\n  const res = new Uint8Array(sum);\n  for (let i = 0, pad = 0; i < arrays.length; i++) {\n    const a = arrays[i];\n    res.set(a, pad);\n    pad += a.length;\n  }\n  return res;\n}\n\n// For runtime check if class implements interface\nexport abstract class Hash<T extends Hash<T>> {\n  abstract blockLen: number; // Bytes per block\n  abstract outputLen: number; // Bytes in output\n  abstract update(buf: Input): this;\n  // Writes digest into buf\n  abstract digestInto(buf: Uint8Array): void;\n  abstract digest(): Uint8Array;\n  /**\n   * Resets internal state. Makes Hash instance unusable.\n   * Reset is impossible for keyed hashes if key is consumed into state. If digest is not consumed\n   * by user, they will need to manually call `destroy()` when zeroing is necessary.\n   */\n  abstract destroy(): void;\n  /**\n   * Clones hash instance. Unsafe: doesn't check whether `to` is valid. Can be used as `clone()`\n   * when no options are passed.\n   * Reasons to use `_cloneInto` instead of clone: 1) performance 2) reuse instance => all internal\n   * buffers are overwritten => causes buffer overwrite which is used for digest in some cases.\n   * There are no guarantees for clean-up because it's impossible in JS.\n   */\n  abstract _cloneInto(to?: T): T;\n  // Safe version that clones internal state\n  clone(): T {\n    return this._cloneInto();\n  }\n}\n\n/**\n * XOF: streaming API to read digest in chunks.\n * Same as 'squeeze' in keccak/k12 and 'seek' in blake3, but more generic name.\n * When hash used in XOF mode it is up to user to call '.destroy' afterwards, since we cannot\n * destroy state, next call can require more bytes.\n */\nexport type HashXOF<T extends Hash<T>> = Hash<T> & {\n  xof(bytes: number): Uint8Array; // Read 'bytes' bytes from digest stream\n  xofInto(buf: Uint8Array): Uint8Array; // read buf.length bytes from digest stream into buf\n};\n\nconst toStr = {}.toString;\ntype EmptyObj = {};\nexport function checkOpts<T1 extends EmptyObj, T2 extends EmptyObj>(\n  defaults: T1,\n  opts?: T2\n): T1 & T2 {\n  if (opts !== undefined && toStr.call(opts) !== '[object Object]')\n    throw new Error('Options should be object or undefined');\n  const merged = Object.assign(defaults, opts);\n  return merged as T1 & T2;\n}\n\nexport type CHash = ReturnType<typeof wrapConstructor>;\n\nexport function wrapConstructor<T extends Hash<T>>(hashCons: () => Hash<T>) {\n  const hashC = (msg: Input): Uint8Array => hashCons().update(toBytes(msg)).digest();\n  const tmp = hashCons();\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = () => hashCons();\n  return hashC;\n}\n\nexport function wrapConstructorWithOpts<H extends Hash<H>, T extends Object>(\n  hashCons: (opts?: T) => Hash<H>\n) {\n  const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n  const tmp = hashCons({} as T);\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = (opts: T) => hashCons(opts);\n  return hashC;\n}\n\nexport function wrapXOFConstructorWithOpts<H extends HashXOF<H>, T extends Object>(\n  hashCons: (opts?: T) => HashXOF<H>\n) {\n  const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n  const tmp = hashCons({} as T);\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = (opts: T) => hashCons(opts);\n  return hashC;\n}\n\n/**\n * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.\n */\nexport function randomBytes(bytesLength = 32): Uint8Array {\n  if (crypto && typeof crypto.getRandomValues === 'function') {\n    return crypto.getRandomValues(new Uint8Array(bytesLength));\n  }\n  throw new Error('crypto.getRandomValues must be defined');\n}\n", "import type { Cipher } from './types/cipher.js';\nimport type { Jwk } from './jose/jwk.js';\nimport type { KeyWrapper } from './types/key-wrapper.js';\nimport type { KeyExporter, KeyImporter } from './types/key-io.js';\n\nimport { crypto } from '@noble/hashes/crypto';\nimport { randomBytes as nobleRandomBytes } from '@noble/hashes/utils';\n\n/**\n * A collection of cryptographic utility methods.\n */\nexport class CryptoUtils {\n\n  /**\n   * Determines the JOSE algorithm identifier of the digital signature algorithm based on the `alg` or\n   * `crv` property of a {@link Jwk | JWK}.\n   *\n   * If the `alg` property is present, its value takes precedence and is returned. Otherwise, the\n   * `crv` property is used to determine the algorithm.\n   *\n   * @memberof CryptoUtils\n   * @see {@link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms | JOSE Algorithms}\n   * @see {@link https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/ | Fully-Specified Algorithms for JOSE and COSE}\n   *\n   * @example\n   * ```ts\n   * const publicKey: Jwk = {\n   *   \"kty\": \"OKP\",\n   *   \"crv\": \"Ed25519\",\n   *   \"x\": \"FEJG7OakZi500EydXxuE8uMc8uaAzEJkmQeG8khXANw\"\n   * }\n   * const algorithm = getJoseSignatureAlgorithmFromPublicKey(publicKey);\n   * console.log(algorithm); // Output: \"EdDSA\"\n   * ```\n   * @param publicKey - A JWK containing the `alg` and/or `crv` properties.\n   * @returns The name of the algorithm associated with the key.\n   * @throws Error if the algorithm cannot be determined from the provided input.\n   */\n  static getJoseSignatureAlgorithmFromPublicKey(publicKey: Jwk): string {\n    const curveToJoseAlgorithm: Record<string, string> = {\n      'Ed25519'   : 'EdDSA',\n      'P-256'     : 'ES256',\n      'P-384'     : 'ES384',\n      'P-521'     : 'ES512',\n      'secp256k1' : 'ES256K',\n    };\n\n    // If the key contains an `alg` property that matches a JOSE registered algorithm identifier,\n    // return its value.\n    if (publicKey.alg && Object.values(curveToJoseAlgorithm).includes(publicKey.alg)) {\n      return publicKey.alg;\n    }\n\n    // If the key contains a `crv` property, return the corresponding algorithm.\n    if (publicKey.crv && Object.keys(curveToJoseAlgorithm).includes(publicKey.crv)) {\n      return curveToJoseAlgorithm[publicKey.crv];\n    }\n\n    throw new Error(\n      `Unable to determine algorithm based on provided input: alg=${publicKey.alg}, crv=${publicKey.crv}. ` +\n      `Supported 'alg' values: ${Object.values(curveToJoseAlgorithm).join(', ')}. ` +\n      `Supported 'crv' values: ${Object.keys(curveToJoseAlgorithm).join(', ')}.`\n    );\n  }\n\n  /**\n   * Generates secure pseudorandom values of the specified length using\n   * `crypto.getRandomValues`, which defers to the operating system.\n   *\n   * @memberof CryptoUtils\n   * @remarks\n   * This function is a wrapper around `randomBytes` from the '@noble/hashes'\n   * package. It's designed to be cryptographically strong, suitable for\n   * generating initialization vectors, nonces, and other random values.\n   *\n   * @see {@link https://www.npmjs.com/package/@noble/hashes | @noble/hashes on NPM} for more\n   * information about the underlying implementation.\n   *\n   * @example\n   * ```ts\n   * const bytes = randomBytes(32); // Generates 32 random bytes\n   * ```\n   *\n   * @param bytesLength - The number of bytes to generate.\n   * @returns A Uint8Array containing the generated random bytes.\n   */\n  static randomBytes(bytesLength: number): Uint8Array {\n    return nobleRandomBytes(bytesLength);\n  }\n\n  /**\n   * Generates a UUID (Universally Unique Identifier) using a\n   * cryptographically strong random number generator following\n   * the version 4 format, as specified in RFC 4122.\n   *\n   * A version 4 UUID is a randomly generated UUID. The 13th character\n   * is set to '4' to denote version 4, and the 17th character is one\n   * of '8', '9', 'A', or 'B' to comply with the variant 1 format of\n   * UUIDs (the high bits are set to '10').\n   *\n   * The UUID is a 36 character string, including hyphens, and looks like this:\n   * xxxxxxxx-xxxx-4xxx-axxx-xxxxxxxxxxxx\n   *\n   * Note that while UUIDs are not guaranteed to be unique, they are\n   * practically unique\" given the large number of possible UUIDs and\n   * the randomness of generation.\n   * @memberof CryptoUtils\n   * @example\n   * ```ts\n   * const uuid = randomUuid();\n   * console.log(uuid); // Outputs a version 4 UUID, e.g., '123e4567-e89b-12d3-a456-426655440000'\n   * ```\n   *\n   * @returns A string containing a randomly generated, 36 character long v4 UUID.\n   */\n  static randomUuid(): string {\n    const uuid = crypto.randomUUID();\n\n    return uuid;\n  }\n\n\n  /**\n   * Generates a secure random PIN (Personal Identification Number) of a\n   * specified length.\n   *\n   * This function ensures that the generated PIN is cryptographically secure and\n   * uniformly distributed by using rejection sampling. It repeatedly generates\n   * random numbers until it gets one in the desired range [0, max]. This avoids\n   * bias introduced by simply taking the modulus or truncating the number.\n   *\n   * Note: The function can generate PINs of 3 to 10 digits in length.\n   * Any request for a PIN outside this range will result in an error.\n   *\n   * Example usage:\n   *\n   * ```ts\n   * const pin = randomPin({ length: 4 });\n   * console.log(pin); // Outputs a 4-digit PIN, e.g., \"0231\"\n   * ```\n   * @memberof CryptoUtils\n   * @param options - The options object containing the desired length of the generated PIN.\n   * @param options.length - The desired length of the generated PIN. The value should be\n   *                         an integer between 3 and 8 inclusive.\n   *\n   * @returns A string representing the generated PIN. The PIN will be zero-padded\n   *          to match the specified length, if necessary.\n   *\n   * @throws Will throw an error if the requested PIN length is less than 3 or greater than 8.\n   */\n  static randomPin({ length }: { length: number }): string {\n    if (3 > length || length > 10) {\n      throw new Error('randomPin() can securely generate a PIN between 3 to 10 digits.');\n    }\n\n    const max = Math.pow(10, length) - 1;\n\n    let pin;\n\n    if (length <= 6) {\n      const rejectionRange = Math.pow(10, length);\n      do {\n        // Adjust the byte generation based on length.\n        const randomBuffer = CryptoUtils.randomBytes(Math.ceil(length / 2) ); // 2 digits per byte.\n        const view = new DataView(randomBuffer.buffer);\n        // Convert the buffer to integer and take modulus based on length.\n        pin = view.getUint16(0, false) % rejectionRange;\n      } while (pin > max);\n    } else {\n      const rejectionRange = Math.pow(10, 10); // For max 10 digit number.\n      do {\n      // Generates 4 random bytes.\n        const randomBuffer = CryptoUtils.randomBytes(4);\n        // Create a DataView to read from the randomBuffer.\n        const view = new DataView(randomBuffer.buffer);\n        // Transform bytes to number (big endian).\n        pin = view.getUint32(0, false) % rejectionRange;\n      } while (pin > max); // Reject if the number is outside the desired range.\n    }\n\n    // Pad the PIN with leading zeros to the desired length.\n    return pin.toString().padStart(length, '0');\n  }\n}\n\n/**\n * Type guard that checks whether the given object implements the {@link Cipher} interface.\n */\nexport function isCipher<EncryptInput, DecryptInput>(\n  obj: unknown\n): obj is Cipher<EncryptInput, DecryptInput> {\n  return (\n    obj !== null && typeof obj === 'object'\n    && 'encrypt' in obj && typeof obj.encrypt === 'function'\n    && 'decrypt' in obj && typeof obj.decrypt === 'function'\n  );\n}\n\n/**\n * Type guard that checks whether the given object implements the {@link KeyExporter} interface.\n */\nexport function isKeyExporter<ExportKeyInput, ExportKeyOutput>(\n  obj: unknown\n): obj is KeyExporter<ExportKeyInput, ExportKeyOutput> {\n  return (\n    obj !== null && typeof obj === 'object'\n    && 'exportKey' in obj && typeof obj.exportKey === 'function'\n  );\n}\n\n/**\n * Type guard that checks whether the given object implements the {@link KeyImporter} interface.\n */\nexport function isKeyImporter<ImportKeyInput, ImportKeyOutput>(\n  obj: unknown\n): obj is KeyImporter<ImportKeyInput, ImportKeyOutput> {\n  return (\n    obj !== null && typeof obj === 'object'\n    && 'importKey' in obj && typeof obj.importKey === 'function'\n  );\n}\n\n/**\n * Type guard that checks whether the given object implements the {@link KeyWrapper} interface.\n */\nexport function isKeyWrapper<WrapKeyInput, UnwrapKeyInput>(\n  obj: unknown\n): obj is KeyWrapper<WrapKeyInput, UnwrapKeyInput> {\n  return (\n    obj !== null && typeof obj === 'object'\n    && 'wrapKey' in obj && typeof obj.wrapKey === 'function'\n    && 'unwrapKey' in obj && typeof obj.unwrapKey === 'function'\n  );\n}\n"],
+  "mappings": "AAGO,IAAMA,EACX,OAAO,YAAe,UAAY,WAAY,WAAa,WAAW,OAAS,OCkC1E,IAAMC,EAAO,IAAI,WAAW,IAAI,YAAY,CAAC,SAAU,CAAC,EAAE,MAAM,EAAE,CAAC,IAAM,GAoKhF,IAAMC,EAAQ,CAAA,EAAG,SAgDX,SAAUC,EAAYC,EAAc,GAAE,CAC1C,GAAIC,GAAU,OAAOA,EAAO,iBAAoB,WAC9C,OAAOA,EAAO,gBAAgB,IAAI,WAAWD,CAAW,CAAC,EAE3D,MAAM,IAAI,MAAM,wCAAwC,CAC1D,CCpPO,IAAME,EAAN,MAAMC,CAAY,CA2BvB,OAAO,uCAAuCC,EAAwB,CACpE,IAAMC,EAA+C,CACnD,QAAc,QACd,QAAc,QACd,QAAc,QACd,QAAc,QACd,UAAc,QAChB,EAIA,GAAID,EAAU,KAAO,OAAO,OAAOC,CAAoB,EAAE,SAASD,EAAU,GAAG,EAC7E,OAAOA,EAAU,IAInB,GAAIA,EAAU,KAAO,OAAO,KAAKC,CAAoB,EAAE,SAASD,EAAU,GAAG,EAC3E,OAAOC,EAAqBD,EAAU,GAAG,EAG3C,MAAM,IAAI,MACR,8DAA8DA,EAAU,GAAG,SAASA,EAAU,GAAG,6BACtE,OAAO,OAAOC,CAAoB,EAAE,KAAK,IAAI,CAAC,6BAC9C,OAAO,KAAKA,CAAoB,EAAE,KAAK,IAAI,CAAC,GACzE,CACF,CAuBA,OAAO,YAAYC,EAAiC,CAClD,OAAOC,EAAiBD,CAAW,CACrC,CA2BA,OAAO,YAAqB,CAG1B,OAFaE,EAAO,WAAW,CAGjC,CA+BA,OAAO,UAAU,CAAE,OAAAC,CAAO,EAA+B,CACvD,GAAI,EAAIA,GAAUA,EAAS,GACzB,MAAM,IAAI,MAAM,iEAAiE,EAGnF,IAAMC,EAAM,KAAK,IAAI,GAAID,CAAM,EAAI,EAE/BE,EAEJ,GAAIF,GAAU,EAAG,CACf,IAAMG,EAAiB,KAAK,IAAI,GAAIH,CAAM,EAC1C,EAAG,CAED,IAAMI,EAAeV,EAAY,YAAY,KAAK,KAAKM,EAAS,CAAC,CAAE,EAGnEE,EAFa,IAAI,SAASE,EAAa,MAAM,EAElC,UAAU,EAAG,EAAK,EAAID,CACnC,OAASD,EAAMD,EACjB,KAAO,CACL,IAAME,EAAiB,KAAK,IAAI,GAAI,EAAE,EACtC,EAAG,CAED,IAAMC,EAAeV,EAAY,YAAY,CAAC,EAI9CQ,EAFa,IAAI,SAASE,EAAa,MAAM,EAElC,UAAU,EAAG,EAAK,EAAID,CACnC,OAASD,EAAMD,EACjB,CAGA,OAAOC,EAAI,SAAS,EAAE,SAASF,EAAQ,GAAG,CAC5C,CACF,EAKO,SAASK,EACdC,EAC2C,CAC3C,OACEA,IAAQ,MAAQ,OAAOA,GAAQ,UAC5B,YAAaA,GAAO,OAAOA,EAAI,SAAY,YAC3C,YAAaA,GAAO,OAAOA,EAAI,SAAY,UAElD,CAKO,SAASC,EACdD,EACqD,CACrD,OACEA,IAAQ,MAAQ,OAAOA,GAAQ,UAC5B,cAAeA,GAAO,OAAOA,EAAI,WAAc,UAEtD,CAKO,SAASE,EACdF,EACqD,CACrD,OACEA,IAAQ,MAAQ,OAAOA,GAAQ,UAC5B,cAAeA,GAAO,OAAOA,EAAI,WAAc,UAEtD,CAKO,SAASG,EACdH,EACiD,CACjD,OACEA,IAAQ,MAAQ,OAAOA,GAAQ,UAC5B,YAAaA,GAAO,OAAOA,EAAI,SAAY,YAC3C,cAAeA,GAAO,OAAOA,EAAI,WAAc,UAEtD",
+  "names": ["crypto", "isLE", "toStr", "randomBytes", "bytesLength", "crypto", "CryptoUtils", "_CryptoUtils", "publicKey", "curveToJoseAlgorithm", "bytesLength", "randomBytes", "crypto", "length", "max", "pin", "rejectionRange", "randomBuffer", "isCipher", "obj", "isKeyExporter", "isKeyImporter", "isKeyWrapper"]
 }

package/package.json

@@ -1,11 +1,23 @@
 {
   "name": "@enbox/crypto",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "description": "Web5 cryptographic library",
   "type": "module",
-  "main": "./dist/cjs/index.js",
+  "main": "./dist/esm/index.js",
   "module": "./dist/esm/index.js",
   "types": "./dist/types/index.d.ts",
+  "scripts": {
+    "clean": "rimraf dist",
+    "build:esm": "rimraf dist/esm dist/types && bun tsc -p tsconfig.json",
+    "build:browser": "rimraf dist/browser.mjs && bun ../../build/browser-bundle.js --extra-entry src/utils.ts:dist/utils.js",
+    "build": "bun run clean && bun run build:esm && bun run build:browser",
+    "lint": "eslint . --max-warnings 0",
+    "lint:fix": "eslint . --fix",
+    "test:node": "bun test .test.ts",
+    "test:node:coverage": "bun test --coverage --coverage-reporter=text --coverage-reporter=lcov --coverage-dir=coverage .test.ts",
+    "test:browser": "bunx --bun vitest --config vitest.browser.config.ts --run",
+    "test:browser:coverage": "bunx --bun vitest --config vitest.browser.config.ts --run --coverage --coverage.provider=istanbul --coverage.reportsDirectory=./coverage-browser"
+  },
   "homepage": "https://github.com/enboxorg/enbox/tree/main/packages/crypto#readme",
   "bugs": "https://github.com/enboxorg/enbox/issues",
   "repository": {
@@ -15,6 +27,10 @@
   },
   "license": "Apache-2.0",
   "contributors": [
+    {
+      "name": "Liran Cohen",
+      "url": "https://github.com/LiranCohen"
+    },
     {
       "name": "Daniel Buchner",
       "url": "https://github.com/csuwildcat"
@@ -35,13 +51,9 @@
   "exports": {
     ".": {
       "types": "./dist/types/index.d.ts",
-      "import": "./dist/esm/index.js",
-      "require": "./dist/cjs/index.js"
+      "import": "./dist/esm/index.js"
     }
   },
-  "browser": {
-    "node:crypto": false
-  },
   "react-native": "./dist/esm/index.js",
   "keywords": [
     "cryptography",
@@ -53,51 +65,23 @@
     "access": "public"
   },
   "engines": {
-    "node": ">=18.0.0"
+    "bun": ">=1.0.0"
   },
   "dependencies": {
     "@noble/ciphers": "0.5.3",
     "@noble/curves": "1.3.0",
     "@noble/hashes": "1.4.0",
-    "@enbox/common": "0.0.2"
+    "@enbox/common": "0.0.3"
   },
   "devDependencies": {
-    "@playwright/test": "1.45.3",
-    "@types/chai": "4.3.16",
-    "@types/chai-as-promised": "7.1.8",
-    "@types/eslint": "8.56.10",
-    "@types/mocha": "10.0.6",
     "@types/node": "20.14.8",
-    "@types/sinon": "17.0.3",
-    "@typescript-eslint/eslint-plugin": "7.14.1",
-    "@typescript-eslint/parser": "7.14.1",
-    "@web/test-runner": "0.18.2",
-    "@web/test-runner-playwright": "0.11.0",
-    "c8": "10.1.2",
-    "chai": "5.1.1",
-    "chai-as-promised": "8.0.0",
-    "esbuild": "0.23.0",
-    "eslint": "9.5.0",
-    "eslint-plugin-mocha": "10.4.3",
-    "mocha": "10.4.0",
-    "mocha-junit-reporter": "2.2.1",
-    "playwright": "1.45.3",
+    "@typescript-eslint/eslint-plugin": "8.32.1",
+    "@typescript-eslint/parser": "8.32.1",
+    "@vitest/browser-playwright": "4.0.18",
+    "@vitest/coverage-istanbul": "4.0.18",
+    "eslint": "9.7.0",
     "rimraf": "5.0.7",
-    "sinon": "18.0.0",
-    "source-map-loader": "5.0.0",
-    "typescript": "5.4.5"
-  },
-  "scripts": {
-    "clean": "rimraf dist tests/compiled",
-    "build:esm": "rimraf dist/esm dist/types && pnpm tsc -p tsconfig.json",
-    "build:cjs": "rimraf dist/cjs && pnpm tsc -p tsconfig.cjs.json && echo '{\"type\": \"commonjs\"}' > ./dist/cjs/package.json",
-    "build:browser": "rimraf dist/browser.mjs dist/browser.js && node build/bundles.js",
-    "build:tests:node": "rimraf tests/compiled && pnpm tsc -p tests/tsconfig.json",
-    "build:tests:browser": "rimraf tests/compiled && node build/esbuild-tests.cjs",
-    "build": "pnpm clean && pnpm build:esm && pnpm build:cjs && pnpm build:browser",
-    "lint": "eslint . --max-warnings 0",
-    "lint:fix": "eslint . --fix",
-    "test:node": "pnpm build:tests:node && pnpm c8 mocha",
-    "test:browser": "pnpm build:tests:browser && web-test-runner"
+    "typescript": "5.5.4",
+    "vitest": "4.0.18"
   }
-}
+}

package/src/algorithms/aes-ctr.ts

@@ -1,5 +1,5 @@
-import type { Jwk } from '../jose/jwk.js';
 import type { Cipher } from '../types/cipher.js';
+import type { Jwk } from '../jose/jwk.js';
 import type { KeyGenerator } from '../types/key-generator.js';
 import type { DecryptParams, EncryptParams, GenerateKeyParams } from '../types/params-direct.js';
 
@@ -39,7 +39,7 @@ export interface AesCtrParams {
  * decryption features.
  *
  * This class is typically accessed through implementations that extend the
- * {@link CryptoApi | `CryptoApi`} interface.
+ * {@link DsaApi | `DsaApi`} interface.
  */
 export class AesCtrAlgorithm extends CryptoAlgorithm
   implements Cipher<EncryptParams & AesCtrParams, DecryptParams & AesCtrParams>,

package/src/algorithms/aes-gcm.ts

@@ -1,10 +1,12 @@
-import type { Jwk } from '../jose/jwk.js';
+import type { AES_GCM_TAG_LENGTHS } from '../primitives/aes-gcm.js';
 import type { Cipher } from '../types/cipher.js';
+import type { Jwk } from '../jose/jwk.js';
+import type { KeyConverter } from '../types/key-converter.js';
 import type { KeyGenerator } from '../types/key-generator.js';
-import type { DecryptParams, EncryptParams, GenerateKeyParams } from '../types/params-direct.js';
+import type { BytesToPrivateKeyParams, DecryptParams, EncryptParams, GenerateKeyParams, PrivateKeyToBytesParams } from '../types/params-direct.js';
 
+import { AesGcm } from '../primitives/aes-gcm.js';
 import { CryptoAlgorithm } from './crypto-algorithm.js';
-import { AesGcm, AES_GCM_TAG_LENGTHS } from '../primitives/aes-gcm.js';
 
 /**
  * The `AesGcmGenerateKeyParams` interface defines the algorithm-specific parameters that should be
@@ -62,12 +64,32 @@ export interface AesGcmParams {
  * key generation, encryption, and decryption features.
  *
  * This class is typically accessed through implementations that extend the
- * {@link CryptoApi | `CryptoApi`} interface.
+ * {@link DsaApi | `DsaApi`} interface.
  */
 export class AesGcmAlgorithm extends CryptoAlgorithm
   implements Cipher<AesGcmParams, AesGcmParams>,
+             KeyConverter,
              KeyGenerator<AesGcmGenerateKeyParams, Jwk> {
 
+  /**
+   * Converts a private key from a byte array to JWK format, setting the `alg` property based on
+   * the key length.
+   *
+   * @param params - The parameters for the private key conversion.
+   * @param params.privateKeyBytes - The raw private key as a Uint8Array.
+   *
+   * @returns A Promise that resolves to the private key in JWK format.
+   */
+  public async bytesToPrivateKey({ privateKeyBytes }: BytesToPrivateKeyParams): Promise<Jwk> {
+    // Convert the byte array to a JWK.
+    const privateKey = await AesGcm.bytesToPrivateKey({ privateKeyBytes });
+
+    // Set the `alg` property based on the key length.
+    privateKey.alg = { 16: 'A128GCM', 24: 'A192GCM', 32: 'A256GCM' }[privateKeyBytes.length];
+
+    return privateKey;
+  }
+
   /**
    * Decrypts the provided data using AES-GCM.
    *
@@ -184,4 +206,19 @@ export class AesGcmAlgorithm extends CryptoAlgorithm
 
     return privateKey;
   }
+
+  /**
+   * Converts a private key from JWK format to a byte array.
+   *
+   * @param params - The parameters for the private key conversion.
+   * @param params.privateKey - The private key in JWK format.
+   *
+   * @returns A Promise that resolves to the private key as a Uint8Array.
+   */
+  public async privateKeyToBytes({ privateKey }: PrivateKeyToBytesParams): Promise<Uint8Array> {
+    // Convert the JWK to a byte array.
+    const privateKeyBytes = await AesGcm.privateKeyToBytes({ privateKey });
+
+    return privateKeyBytes;
+  }
 }