@enbox/dwn-sdk-js 0.0.4 → 0.0.5

package/dist/esm/src/utils/encryption.js

@@ -7,113 +7,256 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
-import * as crypto from 'crypto';
-import * as eciesjs from 'eciesjs';
-// compress publicKey for message encryption
-eciesjs.ECIES_CONFIG.isEphemeralKeyCompressed = true;
+import { concatBytes } from '@noble/ciphers/utils';
+import { Encoder } from './encoder.js';
+import { KeyDerivationScheme } from './hd-key.js';
+import { AesGcm, AesKw, ConcatKdf, X25519, XChaCha20Poly1305 } from '@enbox/crypto';
 /**
- * Utility class for performing common, non-DWN specific encryption operations.
+ * Content encryption algorithms supported by the DWN.
+ * Both are AEAD (Authenticated Encryption with Associated Data) ciphers.
+ */
+export var ContentEncryptionAlgorithm;
+(function (ContentEncryptionAlgorithm) {
+    /** AES-256 in Galois/Counter Mode. NIST-approved, hardware-accelerated. 96-bit nonce. */
+    ContentEncryptionAlgorithm["A256GCM"] = "A256GCM";
+    /** XChaCha20-Poly1305. 192-bit nonce (safe to randomize). Constant-time. */
+    ContentEncryptionAlgorithm["XC20P"] = "XC20P";
+})(ContentEncryptionAlgorithm || (ContentEncryptionAlgorithm = {}));
+/**
+ * Key agreement algorithm used by the DWN.
+ * ECDH-ES with X25519 key agreement and AES-256 Key Wrap.
+ */
+export var KeyAgreementAlgorithm;
+(function (KeyAgreementAlgorithm) {
+    KeyAgreementAlgorithm["EcdhEsA256kw"] = "ECDH-ES+A256KW";
+})(KeyAgreementAlgorithm || (KeyAgreementAlgorithm = {}));
+/** Size of the AES-GCM authentication tag in bytes. */
+const AES_GCM_TAG_LENGTH_BYTES = 16;
+/** Size of the Poly1305 authentication tag in bytes. */
+const POLY1305_TAG_LENGTH_BYTES = 16;
+/**
+ * Utility class for DWN encryption operations using JWE (RFC 7516).
+ * Uses ECDH-ES+A256KW key agreement with X25519 and either AES-256-GCM or XChaCha20-Poly1305
+ * for authenticated content encryption.
  */
 export class Encryption {
     /**
-     * Encrypts the given plaintext stream using AES-256-CTR algorithm.
+     * Encrypts data using an AEAD cipher (A256GCM or XC20P).
+     * Returns ciphertext with the authentication tag appended.
      */
-    static aes256CtrEncrypt(key, initializationVector, plaintextStream) {
+    static aeadEncrypt(algorithm, keyBytes, iv, plaintext) {
         return __awaiter(this, void 0, void 0, function* () {
-            const cipher = crypto.createCipheriv('aes-256-ctr', key, initializationVector);
-            const transform = new TransformStream({
-                transform(chunk, controller) {
-                    controller.enqueue(new Uint8Array(cipher.update(chunk)));
-                },
-                flush(controller) {
-                    const finalChunk = cipher.final();
-                    if (finalChunk.length > 0) {
-                        controller.enqueue(new Uint8Array(finalChunk));
-                    }
+            if (algorithm === ContentEncryptionAlgorithm.A256GCM) {
+                const keyJwk = { kty: 'oct', k: Encoder.bytesToBase64Url(keyBytes), alg: 'A256GCM' };
+                // Web Crypto AES-GCM returns ciphertext || tag
+                const combined = yield AesGcm.encrypt({ data: plaintext, iv, key: keyJwk });
+                const ciphertext = combined.slice(0, combined.length - AES_GCM_TAG_LENGTH_BYTES);
+                const tag = combined.slice(combined.length - AES_GCM_TAG_LENGTH_BYTES);
+                return { ciphertext, tag };
+            }
+            else if (algorithm === ContentEncryptionAlgorithm.XC20P) {
+                // @noble/ciphers XChaCha20-Poly1305 returns ciphertext || tag
+                const combined = yield XChaCha20Poly1305.encryptRaw({ data: plaintext, keyBytes, nonce: iv });
+                const ciphertext = combined.slice(0, combined.length - POLY1305_TAG_LENGTH_BYTES);
+                const tag = combined.slice(combined.length - POLY1305_TAG_LENGTH_BYTES);
+                return { ciphertext, tag };
+            }
+            else {
+                throw new Error(`Unsupported content encryption algorithm: ${algorithm}`);
+            }
+        });
+    }
+    /**
+     * Decrypts data using an AEAD cipher (A256GCM or XC20P).
+     * Expects ciphertext and tag as separate inputs.
+     */
+    static aeadDecrypt(algorithm, keyBytes, iv, ciphertext, tag) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Both Web Crypto (AES-GCM) and @noble/ciphers (XChaCha20-Poly1305) expect ciphertext || tag
+            const combined = concatBytes(ciphertext, tag);
+            if (algorithm === ContentEncryptionAlgorithm.A256GCM) {
+                const keyJwk = { kty: 'oct', k: Encoder.bytesToBase64Url(keyBytes), alg: 'A256GCM' };
+                return AesGcm.decrypt({ data: combined, iv, key: keyJwk });
+            }
+            else if (algorithm === ContentEncryptionAlgorithm.XC20P) {
+                return XChaCha20Poly1305.decryptRaw({ data: combined, keyBytes, nonce: iv });
+            }
+            else {
+                throw new Error(`Unsupported content encryption algorithm: ${algorithm}`);
+            }
+        });
+    }
+    /**
+     * Encrypts data as a ReadableStream using an AEAD cipher.
+     * Collects all chunks, encrypts, and returns a new stream of ciphertext || tag.
+     * The iv and tag are NOT embedded in the stream — they are stored in the JWE structure.
+     */
+    static aeadEncryptStream(algorithm, keyBytes, iv, plaintextStream) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const plaintext = yield Encryption.readStream(plaintextStream);
+            const { ciphertext, tag } = yield Encryption.aeadEncrypt(algorithm, keyBytes, iv, plaintext);
+            const ciphertextStream = new ReadableStream({
+                start(controller) {
+                    controller.enqueue(ciphertext);
+                    controller.close();
                 }
             });
-            return plaintextStream.pipeThrough(transform);
+            return { ciphertextStream, tag };
         });
     }
     /**
-     * Decrypts the given cipher stream using AES-256-CTR algorithm.
+     * Decrypts a ciphertext stream using an AEAD cipher.
+     * Returns a ReadableStream of plaintext.
      */
-    static aes256CtrDecrypt(key, initializationVector, cipherStream) {
+    static aeadDecryptStream(algorithm, keyBytes, iv, ciphertextStream, tag) {
         return __awaiter(this, void 0, void 0, function* () {
-            const decipher = crypto.createDecipheriv('aes-256-ctr', key, initializationVector);
-            const transform = new TransformStream({
-                transform(chunk, controller) {
-                    controller.enqueue(new Uint8Array(decipher.update(chunk)));
-                },
-                flush(controller) {
-                    const finalChunk = decipher.final();
-                    if (finalChunk.length > 0) {
-                        controller.enqueue(new Uint8Array(finalChunk));
-                    }
+            const ciphertext = yield Encryption.readStream(ciphertextStream);
+            const plaintext = yield Encryption.aeadDecrypt(algorithm, keyBytes, iv, ciphertext, tag);
+            return new ReadableStream({
+                start(controller) {
+                    controller.enqueue(plaintext);
+                    controller.close();
                 }
             });
-            return cipherStream.pipeThrough(transform);
         });
     }
     /**
-     * Encrypts the given plaintext using ECIES (Elliptic Curve Integrated Encryption Scheme)
-     * with SECP256K1 for the asymmetric calculations, HKDF as the key-derivation function,
-     * and AES-GCM for the symmetric encryption and MAC algorithms.
+     * Performs ECDH-ES key agreement with X25519 and wraps the CEK using AES-256 Key Wrap.
+     *
+     * @param ephemeralPrivateKey - Ephemeral X25519 private key (JWK).
+     * @param recipientPublicKey - Recipient's X25519 public key (JWK).
+     * @param cek - The Content Encryption Key to wrap.
+     * @returns The wrapped CEK bytes.
      */
-    static eciesSecp256k1Encrypt(publicKeyBytes, plaintext) {
+    static ecdhEsWrapKey(ephemeralPrivateKey, recipientPublicKey, cek) {
         return __awaiter(this, void 0, void 0, function* () {
-            // underlying library requires Buffer as input
-            const publicKey = Buffer.from(publicKeyBytes);
-            const plaintextBuffer = Buffer.from(plaintext);
-            const cryptogram = eciesjs.encrypt(publicKey, plaintextBuffer);
-            // split cryptogram returned into constituent parts
-            let start = 0;
-            let end = Encryption.isEphemeralKeyCompressed ? 33 : 65;
-            const ephemeralPublicKey = cryptogram.subarray(start, end);
-            start = end;
-            end += eciesjs.ECIES_CONFIG.symmetricNonceLength;
-            const initializationVector = cryptogram.subarray(start, end);
-            start = end;
-            end += 16; // eciesjs.consts.AEAD_TAG_LENGTH
-            const messageAuthenticationCode = cryptogram.subarray(start, end);
-            const ciphertext = cryptogram.subarray(end);
-            return {
-                ciphertext,
-                ephemeralPublicKey,
-                initializationVector,
-                messageAuthenticationCode
-            };
+            // 1. ECDH shared secret
+            const sharedSecret = yield X25519.sharedSecret({
+                privateKeyA: ephemeralPrivateKey,
+                publicKeyB: recipientPublicKey,
+            });
+            // 2. Derive KEK via Concat KDF (RFC 7518 Section 4.6.2)
+            const kek = yield ConcatKdf.deriveKey({
+                sharedSecret,
+                keyDataLen: 256,
+                fixedInfo: {
+                    algorithmId: 'A256KW',
+                    partyUInfo: '',
+                    partyVInfo: '',
+                    suppPubInfo: 256,
+                },
+            });
+            // 3. AES-256 Key Wrap
+            const cekJwk = { kty: 'oct', k: Encoder.bytesToBase64Url(cek), alg: 'A256GCM' };
+            const kekJwk = { kty: 'oct', k: Encoder.bytesToBase64Url(kek), alg: 'A256KW' };
+            const wrappedKey = yield AesKw.wrapKey({ unwrappedKey: cekJwk, encryptionKey: kekJwk });
+            return wrappedKey;
+        });
+    }
+    /**
+     * Performs ECDH-ES key agreement with X25519 and unwraps the CEK using AES-256 Key Unwrap.
+     *
+     * @param recipientPrivateKey - Recipient's X25519 private key (JWK).
+     * @param ephemeralPublicKey - Ephemeral X25519 public key from the JWE recipient header (JWK).
+     * @param wrappedKey - The wrapped CEK bytes.
+     * @returns The unwrapped CEK bytes.
+     */
+    static ecdhEsUnwrapKey(recipientPrivateKey, ephemeralPublicKey, wrappedKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // 1. ECDH shared secret
+            const sharedSecret = yield X25519.sharedSecret({
+                privateKeyA: recipientPrivateKey,
+                publicKeyB: ephemeralPublicKey,
+            });
+            // 2. Derive KEK via Concat KDF
+            const kek = yield ConcatKdf.deriveKey({
+                sharedSecret,
+                keyDataLen: 256,
+                fixedInfo: {
+                    algorithmId: 'A256KW',
+                    partyUInfo: '',
+                    partyVInfo: '',
+                    suppPubInfo: 256,
+                },
+            });
+            // 3. AES-256 Key Unwrap
+            const kekJwk = { kty: 'oct', k: Encoder.bytesToBase64Url(kek), alg: 'A256KW' };
+            const unwrappedJwk = yield AesKw.unwrapKey({
+                wrappedKeyBytes: wrappedKey,
+                wrappedKeyAlgorithm: 'A256GCM',
+                decryptionKey: kekJwk,
+            });
+            return Encoder.base64UrlToBytes(unwrappedJwk.k);
         });
     }
     /**
-     * Decrypt the given plaintext using ECIES (Elliptic Curve Integrated Encryption Scheme)
-     * with SECP256K1 for the asymmetric calculations, HKDF as the key-derivation function,
-     * and AES-GCM for the symmetric encryption and MAC algorithms.
+     * Builds a JWE encryption property structure from encryption input.
+     * The ciphertext (encrypted record data) is stored separately in the DataStore,
+     * so only the key wrapping metadata, IV, and authentication tag are included here.
+     *
+     * @param encryptionInput - Describes the CEK, IV, and recipient key encryption inputs.
+     * @param tag - The authentication tag produced by the AEAD cipher during data encryption.
      */
-    static eciesSecp256k1Decrypt(input) {
+    static buildJwe(encryptionInput, tag) {
         return __awaiter(this, void 0, void 0, function* () {
-            // underlying library requires Buffer as input
-            const privateKeyBuffer = Buffer.from(input.privateKey);
-            const eciesEncryptionOutput = Buffer.concat([
-                input.ephemeralPublicKey,
-                input.initializationVector,
-                input.messageAuthenticationCode,
-                input.ciphertext
-            ]);
-            const plaintext = eciesjs.decrypt(privateKeyBuffer, eciesEncryptionOutput);
-            return plaintext;
+            var _a;
+            const enc = (_a = encryptionInput.algorithm) !== null && _a !== void 0 ? _a : ContentEncryptionAlgorithm.A256GCM;
+            const protectedHeader = {
+                alg: KeyAgreementAlgorithm.EcdhEsA256kw,
+                enc,
+            };
+            const protectedHeaderBase64url = Encoder.stringToBase64Url(JSON.stringify(protectedHeader));
+            const recipients = [];
+            for (const keyInput of encryptionInput.keyEncryptionInputs) {
+                // Generate ephemeral X25519 key pair for each recipient
+                const ephemeralPrivateKey = yield X25519.generateKey();
+                const ephemeralPublicKey = yield X25519.getPublicKey({ key: ephemeralPrivateKey });
+                // Wrap the CEK
+                const wrappedKey = yield Encryption.ecdhEsWrapKey(ephemeralPrivateKey, keyInput.publicKey, encryptionInput.key);
+                const recipientHeader = {
+                    kid: keyInput.publicKeyId,
+                    epk: ephemeralPublicKey,
+                    derivationScheme: keyInput.derivationScheme,
+                };
+                // Attach derived public key for protocolContext scheme
+                if (keyInput.derivationScheme === KeyDerivationScheme.ProtocolContext) {
+                    recipientHeader.derivedPublicKey = keyInput.publicKey;
+                }
+                recipients.push({
+                    header: recipientHeader,
+                    encrypted_key: Encoder.bytesToBase64Url(wrappedKey),
+                });
+            }
+            return {
+                protected: protectedHeaderBase64url,
+                iv: Encoder.bytesToBase64Url(encryptionInput.initializationVector),
+                tag: Encoder.bytesToBase64Url(tag),
+                recipients,
+            };
         });
     }
     /**
-     * Expose eciesjs library configuration
+     * Parses the JWE protected header from its base64url encoding.
+     */
+    static parseProtectedHeader(protectedBase64url) {
+        return Encoder.base64UrlToObject(protectedBase64url);
+    }
+    /**
+     * Reads a ReadableStream to completion and returns all bytes concatenated.
      */
-    static get isEphemeralKeyCompressed() {
-        return eciesjs.ECIES_CONFIG.isEphemeralKeyCompressed;
+    static readStream(stream) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const reader = stream.getReader();
+            const chunks = [];
+            for (;;) {
+                const { done, value } = yield reader.read();
+                if (done) {
+                    break;
+                }
+                chunks.push(value);
+            }
+            return concatBytes(...chunks);
+        });
     }
 }
-export var EncryptionAlgorithm;
-(function (EncryptionAlgorithm) {
-    EncryptionAlgorithm["Aes256Ctr"] = "A256CTR";
-    EncryptionAlgorithm["EciesSecp256k1"] = "ECIES-ES256K";
-})(EncryptionAlgorithm || (EncryptionAlgorithm = {}));
 //# sourceMappingURL=encryption.js.map

package/dist/esm/src/utils/encryption.js.map

@@ -1 +1 @@
-{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../../../src/utils/encryption.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,KAAK,OAAO,MAAM,SAAS,CAAC;AAEnC,4CAA4C;AAC5C,OAAO,CAAC,YAAY,CAAC,wBAAwB,GAAG,IAAI,CAAC;AAErD;;GAEG;AACH,MAAM,OAAO,UAAU;IACrB;;OAEG;IACI,MAAM,CAAO,gBAAgB,CAClC,GAAe,EAAE,oBAAgC,EAAE,eAA2C;;YAE9F,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC;YAE/E,MAAM,SAAS,GAAG,IAAI,eAAe,CAAyB;gBAC5D,SAAS,CAAC,KAAK,EAAE,UAAU;oBACzB,UAAU,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3D,CAAC;gBACD,KAAK,CAAC,UAAU;oBACd,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;oBAClC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAAC,UAAU,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;oBAAC,CAAC;gBAChF,CAAC;aACF,CAAC,CAAC;YAEH,OAAO,eAAe,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAChD,CAAC;KAAA;IAED;;OAEG;IACI,MAAM,CAAO,gBAAgB,CAClC,GAAe,EAAE,oBAAgC,EAAE,YAAwC;;YAE3F,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC;YAEnF,MAAM,SAAS,GAAG,IAAI,eAAe,CAAyB;gBAC5D,SAAS,CAAC,KAAK,EAAE,UAAU;oBACzB,UAAU,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC7D,CAAC;gBACD,KAAK,CAAC,UAAU;oBACd,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC;oBACpC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAAC,UAAU,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;oBAAC,CAAC;gBAChF,CAAC;aACF,CAAC,CAAC;YAEH,OAAO,YAAY,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC7C,CAAC;KAAA;IAED;;;;OAIG;IACI,MAAM,CAAO,qBAAqB,CAAC,cAA0B,EAAE,SAAqB;;YACzF,8CAA8C;YAC9C,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC9C,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAE/C,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;YAE/D,mDAAmD;YACnD,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,IAAI,GAAG,GAAG,UAAU,CAAC,wBAAwB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACxD,MAAM,kBAAkB,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAE3D,KAAK,GAAG,GAAG,CAAC;YACZ,GAAG,IAAI,OAAO,CAAC,YAAY,CAAC,oBAAoB,CAAC;YACjD,MAAM,oBAAoB,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAE7D,KAAK,GAAG,GAAG,CAAC;YACZ,GAAG,IAAI,EAAE,CAAC,CAAC,iCAAiC;YAC5C,MAAM,yBAAyB,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAElE,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAE5C,OAAO;gBACL,UAAU;gBACV,kBAAkB;gBAClB,oBAAoB;gBACpB,yBAAyB;aAC1B,CAAC;QACJ,CAAC;KAAA;IAED;;;;OAIG;IACI,MAAM,CAAO,qBAAqB,CAAC,KAA2B;;YACnE,8CAA8C;YAC9C,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACvD,MAAM,qBAAqB,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC1C,KAAK,CAAC,kBAAkB;gBACxB,KAAK,CAAC,oBAAoB;gBAC1B,KAAK,CAAC,yBAAyB;gBAC/B,KAAK,CAAC,UAAU;aACjB,CAAC,CAAC;YAEH,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,gBAAgB,EAAE,qBAAqB,CAAC,CAAC;YAE3E,OAAO,SAAS,CAAC;QACnB,CAAC;KAAA;IAED;;OAEG;IACH,MAAM,KAAK,wBAAwB;QACjC,OAAO,OAAO,CAAC,YAAY,CAAC,wBAAwB,CAAC;IACvD,CAAC;CACF;AAaD,MAAM,CAAN,IAAY,mBAGX;AAHD,WAAY,mBAAmB;IAC7B,4CAAqB,CAAA;IACrB,sDAA+B,CAAA;AACjC,CAAC,EAHW,mBAAmB,KAAnB,mBAAmB,QAG9B"}
+{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../../../src/utils/encryption.ts"],"names":[],"mappings":";;;;;;;;;AAGA,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAEpF;;;GAGG;AACH,MAAM,CAAN,IAAY,0BAKX;AALD,WAAY,0BAA0B;IACpC,yFAAyF;IACzF,iDAAmB,CAAA;IACnB,4EAA4E;IAC5E,6CAAe,CAAA;AACjB,CAAC,EALW,0BAA0B,KAA1B,0BAA0B,QAKrC;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,qBAEX;AAFD,WAAY,qBAAqB;IAC/B,wDAA+B,CAAA;AACjC,CAAC,EAFW,qBAAqB,KAArB,qBAAqB,QAEhC;AAED,uDAAuD;AACvD,MAAM,wBAAwB,GAAG,EAAE,CAAC;AAEpC,wDAAwD;AACxD,MAAM,yBAAyB,GAAG,EAAE,CAAC;AA2FrC;;;;GAIG;AACH,MAAM,OAAO,UAAU;IAErB;;;OAGG;IACI,MAAM,CAAO,WAAW,CAC7B,SAAqC,EACrC,QAAoB,EACpB,EAAc,EACd,SAAqB;;YAErB,IAAI,SAAS,KAAK,0BAA0B,CAAC,OAAO,EAAE,CAAC;gBACrD,MAAM,MAAM,GAAQ,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;gBAC1F,+CAA+C;gBAC/C,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC5E,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,MAAM,GAAG,wBAAwB,CAAC,CAAC;gBACjF,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,wBAAwB,CAAC,CAAC;gBACvE,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;YAE7B,CAAC;iBAAM,IAAI,SAAS,KAAK,0BAA0B,CAAC,KAAK,EAAE,CAAC;gBAC1D,8DAA8D;gBAC9D,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;gBAC9F,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,MAAM,GAAG,yBAAyB,CAAC,CAAC;gBAClF,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,yBAAyB,CAAC,CAAC;gBACxE,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;YAE7B,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,6CAA6C,SAAmB,EAAE,CAAC,CAAC;YACtF,CAAC;QACH,CAAC;KAAA;IAED;;;OAGG;IACI,MAAM,CAAO,WAAW,CAC7B,SAAqC,EACrC,QAAoB,EACpB,EAAc,EACd,UAAsB,EACtB,GAAe;;YAEf,6FAA6F;YAC7F,MAAM,QAAQ,GAAG,WAAW,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;YAE9C,IAAI,SAAS,KAAK,0BAA0B,CAAC,OAAO,EAAE,CAAC;gBACrD,MAAM,MAAM,GAAQ,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;gBAC1F,OAAO,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC;YAE7D,CAAC;iBAAM,IAAI,SAAS,KAAK,0BAA0B,CAAC,KAAK,EAAE,CAAC;gBAC1D,OAAO,iBAAiB,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;YAE/E,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,6CAA6C,SAAmB,EAAE,CAAC,CAAC;YACtF,CAAC;QACH,CAAC;KAAA;IAED;;;;OAIG;IACI,MAAM,CAAO,iBAAiB,CACnC,SAAqC,EACrC,QAAoB,EACpB,EAAc,EACd,eAA2C;;YAE3C,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YAC/D,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,MAAM,UAAU,CAAC,WAAW,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,CAAC,CAAC;YAC7F,MAAM,gBAAgB,GAAG,IAAI,cAAc,CAAa;gBACtD,KAAK,CAAC,UAAU;oBACd,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;oBAC/B,UAAU,CAAC,KAAK,EAAE,CAAC;gBACrB,CAAC;aACF,CAAC,CAAC;YACH,OAAO,EAAE,gBAAgB,EAAE,GAAG,EAAE,CAAC;QACnC,CAAC;KAAA;IAED;;;OAGG;IACI,MAAM,CAAO,iBAAiB,CACnC,SAAqC,EACrC,QAAoB,EACpB,EAAc,EACd,gBAA4C,EAC5C,GAAe;;YAEf,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;YACjE,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,WAAW,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;YACzF,OAAO,IAAI,cAAc,CAAa;gBACpC,KAAK,CAAC,UAAU;oBACd,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;oBAC9B,UAAU,CAAC,KAAK,EAAE,CAAC;gBACrB,CAAC;aACF,CAAC,CAAC;QACL,CAAC;KAAA;IAED;;;;;;;OAOG;IACI,MAAM,CAAO,aAAa,CAC/B,mBAAwB,EACxB,kBAAuB,EACvB,GAAe;;YAEf,wBAAwB;YACxB,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC;gBAC7C,WAAW,EAAG,mBAAmB;gBACjC,UAAU,EAAI,kBAAkB;aACjC,CAAC,CAAC;YAEH,wDAAwD;YACxD,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC;gBACpC,YAAY;gBACZ,UAAU,EAAG,GAAG;gBAChB,SAAS,EAAI;oBACX,WAAW,EAAG,QAAQ;oBACtB,UAAU,EAAI,EAAE;oBAChB,UAAU,EAAI,EAAE;oBAChB,WAAW,EAAG,GAAG;iBAClB;aACF,CAAC,CAAC;YAEH,sBAAsB;YACtB,MAAM,MAAM,GAAQ,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;YACrF,MAAM,MAAM,GAAQ,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC;YACpF,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAC;YAExF,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;OAOG;IACI,MAAM,CAAO,eAAe,CACjC,mBAAwB,EACxB,kBAAuB,EACvB,UAAsB;;YAEtB,wBAAwB;YACxB,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC;gBAC7C,WAAW,EAAG,mBAAmB;gBACjC,UAAU,EAAI,kBAAkB;aACjC,CAAC,CAAC;YAEH,+BAA+B;YAC/B,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC;gBACpC,YAAY;gBACZ,UAAU,EAAG,GAAG;gBAChB,SAAS,EAAI;oBACX,WAAW,EAAG,QAAQ;oBACtB,UAAU,EAAI,EAAE;oBAChB,UAAU,EAAI,EAAE;oBAChB,WAAW,EAAG,GAAG;iBAClB;aACF,CAAC,CAAC;YAEH,wBAAwB;YACxB,MAAM,MAAM,GAAQ,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC;YACpF,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC;gBACzC,eAAe,EAAO,UAAU;gBAChC,mBAAmB,EAAG,SAAS;gBAC/B,aAAa,EAAS,MAAM;aAC7B,CAAC,CAAC;YAEH,OAAO,OAAO,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAE,CAAC,CAAC;QACnD,CAAC;KAAA;IAED;;;;;;;OAOG;IACI,MAAM,CAAO,QAAQ,CAC1B,eAAgC,EAChC,GAAe;;;YAEf,MAAM,GAAG,GAAG,MAAA,eAAe,CAAC,SAAS,mCAAI,0BAA0B,CAAC,OAAO,CAAC;YAC5E,MAAM,eAAe,GAAuB;gBAC1C,GAAG,EAAE,qBAAqB,CAAC,YAAY;gBACvC,GAAG;aACJ,CAAC;YAEF,MAAM,wBAAwB,GAAG,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,CAAC;YAE5F,MAAM,UAAU,GAAmB,EAAE,CAAC;YACtC,KAAK,MAAM,QAAQ,IAAI,eAAe,CAAC,mBAAmB,EAAE,CAAC;gBAC3D,wDAAwD;gBACxD,MAAM,mBAAmB,GAAG,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvD,MAAM,kBAAkB,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAEnF,eAAe;gBACf,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,aAAa,CAC/C,mBAAmB,EACnB,QAAQ,CAAC,SAAgB,EACzB,eAAe,CAAC,GAAG,CACpB,CAAC;gBAEF,MAAM,eAAe,GAAuB;oBAC1C,GAAG,EAAgB,QAAQ,CAAC,WAAW;oBACvC,GAAG,EAAgB,kBAAkC;oBACrD,gBAAgB,EAAG,QAAQ,CAAC,gBAAgB;iBAC7C,CAAC;gBAEF,uDAAuD;gBACvD,IAAI,QAAQ,CAAC,gBAAgB,KAAM,mBAAmB,CAAC,eAAuC,EAAE,CAAC;oBAC/F,eAAe,CAAC,gBAAgB,GAAG,QAAQ,CAAC,SAAS,CAAC;gBACxD,CAAC;gBAED,UAAU,CAAC,IAAI,CAAC;oBACd,MAAM,EAAU,eAAe;oBAC/B,aAAa,EAAG,OAAO,CAAC,gBAAgB,CAAC,UAAU,CAAC;iBACrD,CAAC,CAAC;YACL,CAAC;YAED,OAAO;gBACL,SAAS,EAAG,wBAAwB;gBACpC,EAAE,EAAU,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,oBAAoB,CAAC;gBAC1E,GAAG,EAAS,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC;gBACzC,UAAU;aACX,CAAC;QACJ,CAAC;KAAA;IAED;;OAEG;IACI,MAAM,CAAC,oBAAoB,CAAC,kBAA0B;QAC3D,OAAO,OAAO,CAAC,iBAAiB,CAAC,kBAAkB,CAAuB,CAAC;IAC7E,CAAC;IAED;;OAEG;IACK,MAAM,CAAO,UAAU,CAAC,MAAkC;;YAChE,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YAClC,MAAM,MAAM,GAAiB,EAAE,CAAC;YAChC,SAAS,CAAC;gBACR,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;gBAC5C,IAAI,IAAI,EAAE,CAAC;oBAAC,MAAM;gBAAC,CAAC;gBACpB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,CAAC;YACD,OAAO,WAAW,CAAC,GAAG,MAAM,CAAC,CAAC;QAChC,CAAC;KAAA;CACF"}

package/dist/esm/src/utils/hd-key.js

@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 import { Encoder } from './encoder.js';
 import { getWebcryptoSubtle } from '@noble/ciphers/webcrypto';
-import { Secp256k1 } from './secp256k1.js';
+import { X25519 } from '@enbox/crypto';
 import { DwnError, DwnErrorCode } from '../core/dwn-error.js';
 export var KeyDerivationScheme;
 (function (KeyDerivationScheme) {
@@ -30,15 +30,15 @@ export var KeyDerivationScheme;
 export class HdKey {
     /**
      * Derives a descendant private key.
-     * NOTE: currently only supports SECP256K1 keys.
+     * Uses X25519 keys for encryption key derivation.
      */
     static derivePrivateKey(ancestorKey, subDerivationPath) {
         return __awaiter(this, void 0, void 0, function* () {
             var _a;
-            const ancestorPrivateKey = Secp256k1.privateJwkToBytes(ancestorKey.derivedPrivateKey);
+            const ancestorPrivateKey = yield X25519.privateKeyToBytes({ privateKey: ancestorKey.derivedPrivateKey });
             const ancestorPrivateKeyDerivationPath = (_a = ancestorKey.derivationPath) !== null && _a !== void 0 ? _a : [];
             const derivedPrivateKeyBytes = yield HdKey.derivePrivateKeyBytes(ancestorPrivateKey, subDerivationPath);
-            const derivedPrivateKeyJwk = yield Secp256k1.privateKeyToJwk(derivedPrivateKeyBytes);
+            const derivedPrivateKeyJwk = yield X25519.bytesToPrivateKey({ privateKeyBytes: derivedPrivateKeyBytes });
             const derivedDescendantPrivateKey = {
                 rootKeyId: ancestorKey.rootKeyId,
                 derivationScheme: ancestorKey.derivationScheme,
@@ -50,12 +50,12 @@ export class HdKey {
     }
     /**
      * Derives a descendant public key from an ancestor private key.
-     * NOTE: currently only supports SECP256K1 keys.
+     * Uses X25519 keys for encryption key derivation.
      */
     static derivePublicKey(ancestorKey, subDerivationPath) {
         return __awaiter(this, void 0, void 0, function* () {
             const derivedDescendantPrivateKey = yield HdKey.derivePrivateKey(ancestorKey, subDerivationPath);
-            const derivedDescendantPublicKey = yield Secp256k1.getPublicJwk(derivedDescendantPrivateKey.derivedPrivateKey);
+            const derivedDescendantPublicKey = yield X25519.getPublicKey({ key: derivedDescendantPrivateKey.derivedPrivateKey });
             return derivedDescendantPublicKey;
         });
     }
@@ -80,7 +80,6 @@ export class HdKey {
     }
     /**
      * Derives a key using  HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869.
-     * TODO: Consolidate HKDF implementation and usage with web5-js - https://github.com/enboxorg/enbox/issues/742
      */
     static deriveKeyUsingHkdf(params) {
         return __awaiter(this, void 0, void 0, function* () {

package/dist/esm/src/utils/hd-key.js.map

@@ -1 +1 @@
-{"version":3,"file":"hd-key.js","sourceRoot":"","sources":["../../../../src/utils/hd-key.ts"],"names":[],"mappings":";;;;;;;;;AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAE9D,MAAM,CAAN,IAAY,mBAYX;AAZD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,kDAA2B,CAAA;IAC3B,0DAAmC,CAAA;IACnC,oDAA6B,CAAA;IAE7B;;OAEG;IACH,0CAAmB,CAAA;AACrB,CAAC,EAZW,mBAAmB,KAAnB,mBAAmB,QAY9B;AASD;;GAEG;AACH,MAAM,OAAO,KAAK;IAChB;;;OAGG;IACI,MAAM,CAAO,gBAAgB,CAAC,WAA8B,EAAE,iBAA2B;;;YAC9F,MAAM,kBAAkB,GAAG,SAAS,CAAC,iBAAiB,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;YACtF,MAAM,gCAAgC,GAAG,MAAA,WAAW,CAAC,cAAc,mCAAI,EAAE,CAAC;YAC1E,MAAM,sBAAsB,GAAG,MAAM,KAAK,CAAC,qBAAqB,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,CAAC;YACxG,MAAM,oBAAoB,GAAG,MAAM,SAAS,CAAC,eAAe,CAAC,sBAAsB,CAAC,CAAC;YACrF,MAAM,2BAA2B,GAAsB;gBACrD,SAAS,EAAW,WAAW,CAAC,SAAS;gBACzC,gBAAgB,EAAI,WAAW,CAAC,gBAAgB;gBAChD,cAAc,EAAM,CAAC,GAAG,gCAAgC,EAAE,GAAG,iBAAiB,CAAC;gBAC/E,iBAAiB,EAAG,oBAAoB;aACzC,CAAC;YAEF,OAAO,2BAA2B,CAAC;QACrC,CAAC;KAAA;IAED;;;OAGG;IACI,MAAM,CAAO,eAAe,CAAC,WAA8B,EAAE,iBAA2B;;YAC7F,MAAM,2BAA2B,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;YACjG,MAAM,0BAA0B,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,2BAA2B,CAAC,iBAAiB,CAAC,CAAC;YAE/G,OAAO,0BAA0B,CAAC;QACpC,CAAC;KAAA;IAED;;OAEG;IACI,MAAM,CAAO,qBAAqB,CAAC,UAAsB,EAAE,YAAsB;;YACtF,KAAK,CAAC,yBAAyB,CAAC,YAAY,CAAC,CAAC;YAE9C,IAAI,iBAAiB,GAAG,UAAU,CAAC;YACnC,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;gBACnC,MAAM,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;gBACpD,iBAAiB,GAAG,MAAM,KAAK,CAAC,kBAAkB,CAAC;oBACjD,aAAa,EAAQ,SAAS;oBAC9B,kBAAkB,EAAG,iBAAiB;oBACtC,IAAI,EAAiB,YAAY,EAAE,sEAAsE;oBACzG,gBAAgB,EAAK,EAAE,CAAC,sBAAsB;iBAC/C,CAAC,CAAC;YACL,CAAC;YAED,OAAO,iBAAiB,CAAC;QAC3B,CAAC;KAAA;IAED;;;OAGG;IACI,MAAM,CAAO,kBAAkB,CAAC,MAKtC;;YACC,MAAM,EAAE,aAAa,EAAE,kBAAkB,EAAE,IAAI,EAAE,gBAAgB,EAAE,GAAG,MAAM,CAAC;YAE7E,MAAM,SAAS,GAAG,kBAAkB,EAAkB,CAAC;YAEvD,mGAAmG;YACnG,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,kBAAkB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC;YAEnH,6CAA6C;YAC7C,MAAM,gBAAgB,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CACrD;gBACE,IAAI,EAAG,MAAM;gBACb,IAAI,EAAG,aAAa;gBACpB,IAAI,EAAG,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,8CAA8C;gBACxE,IAAI;aACL,EACD,YAAY,EACZ,gBAAgB,GAAG,CAAC,CAAC,6BAA6B;aACnD,CAAC;YAEF,0CAA0C;YAC1C,MAAM,eAAe,GAAG,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAC;YACzD,OAAO,eAAe,CAAC;QACzB,CAAC;KAAA;IAED;;;OAGG;IACK,MAAM,CAAC,yBAAyB,CAAC,YAAsB;QAC7D,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,0BAA0B,EAAE,gCAAgC,YAAY,EAAE,CAAC,CAAC;QAC9G,CAAC;IACH,CAAC;CACF"}
+{"version":3,"file":"hd-key.js","sourceRoot":"","sources":["../../../../src/utils/hd-key.ts"],"names":[],"mappings":";;;;;;;;;AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAE9D,MAAM,CAAN,IAAY,mBAYX;AAZD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,kDAA2B,CAAA;IAC3B,0DAAmC,CAAA;IACnC,oDAA6B,CAAA;IAE7B;;OAEG;IACH,0CAAmB,CAAA;AACrB,CAAC,EAZW,mBAAmB,KAAnB,mBAAmB,QAY9B;AASD;;GAEG;AACH,MAAM,OAAO,KAAK;IAChB;;;OAGG;IACI,MAAM,CAAO,gBAAgB,CAAC,WAA8B,EAAE,iBAA2B;;;YAC9F,MAAM,kBAAkB,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,EAAE,UAAU,EAAE,WAAW,CAAC,iBAAiB,EAAE,CAAC,CAAC;YACzG,MAAM,gCAAgC,GAAG,MAAA,WAAW,CAAC,cAAc,mCAAI,EAAE,CAAC;YAC1E,MAAM,sBAAsB,GAAG,MAAM,KAAK,CAAC,qBAAqB,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,CAAC;YACxG,MAAM,oBAAoB,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,EAAE,eAAe,EAAE,sBAAsB,EAAE,CAAC,CAAC;YACzG,MAAM,2BAA2B,GAAsB;gBACrD,SAAS,EAAW,WAAW,CAAC,SAAS;gBACzC,gBAAgB,EAAI,WAAW,CAAC,gBAAgB;gBAChD,cAAc,EAAM,CAAC,GAAG,gCAAgC,EAAE,GAAG,iBAAiB,CAAC;gBAC/E,iBAAiB,EAAG,oBAAqC;aAC1D,CAAC;YAEF,OAAO,2BAA2B,CAAC;QACrC,CAAC;KAAA;IAED;;;OAGG;IACI,MAAM,CAAO,eAAe,CAAC,WAA8B,EAAE,iBAA2B;;YAC7F,MAAM,2BAA2B,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;YACjG,MAAM,0BAA0B,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,2BAA2B,CAAC,iBAAiB,EAAE,CAAC,CAAC;YAErH,OAAO,0BAA0C,CAAC;QACpD,CAAC;KAAA;IAED;;OAEG;IACI,MAAM,CAAO,qBAAqB,CAAC,UAAsB,EAAE,YAAsB;;YACtF,KAAK,CAAC,yBAAyB,CAAC,YAAY,CAAC,CAAC;YAE9C,IAAI,iBAAiB,GAAG,UAAU,CAAC;YACnC,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;gBACnC,MAAM,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;gBACpD,iBAAiB,GAAG,MAAM,KAAK,CAAC,kBAAkB,CAAC;oBACjD,aAAa,EAAQ,SAAS;oBAC9B,kBAAkB,EAAG,iBAAiB;oBACtC,IAAI,EAAiB,YAAY,EAAE,sEAAsE;oBACzG,gBAAgB,EAAK,EAAE,CAAC,sBAAsB;iBAC/C,CAAC,CAAC;YACL,CAAC;YAED,OAAO,iBAAiB,CAAC;QAC3B,CAAC;KAAA;IAED;;OAEG;IACI,MAAM,CAAO,kBAAkB,CAAC,MAKtC;;YACC,MAAM,EAAE,aAAa,EAAE,kBAAkB,EAAE,IAAI,EAAE,gBAAgB,EAAE,GAAG,MAAM,CAAC;YAE7E,MAAM,SAAS,GAAG,kBAAkB,EAAkB,CAAC;YAEvD,mGAAmG;YACnG,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,kBAAkB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC;YAEnH,6CAA6C;YAC7C,MAAM,gBAAgB,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CACrD;gBACE,IAAI,EAAG,MAAM;gBACb,IAAI,EAAG,aAAa;gBACpB,IAAI,EAAG,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,8CAA8C;gBACxE,IAAI;aACL,EACD,YAAY,EACZ,gBAAgB,GAAG,CAAC,CAAC,6BAA6B;aACnD,CAAC;YAEF,0CAA0C;YAC1C,MAAM,eAAe,GAAG,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAC;YACzD,OAAO,eAAe,CAAC;QACzB,CAAC;KAAA;IAED;;;OAGG;IACK,MAAM,CAAC,yBAAyB,CAAC,YAAsB;QAC7D,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,0BAA0B,EAAE,gCAAgC,YAAY,EAAE,CAAC,CAAC;QAC9G,CAAC;IACH,CAAC;CACF"}

package/dist/esm/src/utils/protocols.js

@@ -7,7 +7,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
-import { Secp256k1 } from './secp256k1.js';
+import { X25519 } from '@enbox/crypto';
 import { HdKey, KeyDerivationScheme } from '../utils/hd-key.js';
 /**
  * Parses a string that may be a cross-protocol reference in `alias:path` format.
@@ -68,18 +68,19 @@ export class Protocols {
                         for (const key in ruleSet) {
                             if (!key.startsWith('$')) {
                                 const currentPath = [...parentPath, key];
+                                const childRuleSet = ruleSet[key];
                                 // Skip $ref nodes — they are governed by the referenced protocol's encryption keys.
                                 // Still recurse into children, which belong to the composing protocol.
-                                if (ruleSet[key].$ref !== undefined) {
-                                    yield injectKeysViaCallback(ruleSet[key], currentPath);
+                                if (childRuleSet.$ref !== undefined) {
+                                    yield injectKeysViaCallback(childRuleSet, currentPath);
                                     continue;
                                 }
                                 const publicKeyJwk = yield keyDeriver.derivePublicKey(currentPath);
-                                ruleSet[key].$encryption = {
+                                childRuleSet.$encryption = {
                                     rootKeyId: keyDeriver.rootKeyId,
                                     publicKeyJwk,
                                 };
-                                yield injectKeysViaCallback(ruleSet[key], currentPath);
+                                yield injectKeysViaCallback(childRuleSet, currentPath);
                             }
                         }
                     });
@@ -96,15 +97,16 @@ export class Protocols {
                         // if we encounter a nested rule set (a property name that doesn't begin with '$'), recursively inject the `$encryption` property
                         if (!key.startsWith('$')) {
                             const derivedPrivateKey = yield HdKey.derivePrivateKey(parentKey, [key]);
+                            const childRuleSet = ruleSet[key];
                             // Skip $ref nodes — they are governed by the referenced protocol's encryption keys.
                             // Still recurse into children, which belong to the composing protocol.
-                            if (ruleSet[key].$ref !== undefined) {
-                                yield addEncryptionProperty(ruleSet[key], derivedPrivateKey);
+                            if (childRuleSet.$ref !== undefined) {
+                                yield addEncryptionProperty(childRuleSet, derivedPrivateKey);
                                 continue;
                             }
-                            const publicKeyJwk = yield Secp256k1.getPublicJwk(derivedPrivateKey.derivedPrivateKey);
-                            ruleSet[key].$encryption = { rootKeyId, publicKeyJwk };
-                            yield addEncryptionProperty(ruleSet[key], derivedPrivateKey);
+                            const publicKeyJwk = yield X25519.getPublicKey({ key: derivedPrivateKey.derivedPrivateKey });
+                            childRuleSet.$encryption = { rootKeyId, publicKeyJwk };
+                            yield addEncryptionProperty(childRuleSet, derivedPrivateKey);
                         }
                     }
                 });

package/dist/esm/src/utils/protocols.js.map

@@ -1 +1 @@
-{"version":3,"file":"protocols.js","sourceRoot":"","sources":["../../../../src/utils/protocols.ts"],"names":[],"mappings":";;;;;;;;;AAKA,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAYhE;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CAAC,GAAW;IAC/C,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,UAAU,KAAK,CAAC,CAAC,EAAE,CAAC;QACtB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IAEnD,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,YAAoB,EAAE,SAA6C;IAClG,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzC,IAAI,OAAoC,CAAC;IACzC,IAAI,YAAY,GAAuC,SAAS,CAAC;IAEjE,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,YAAY,GAAG,OAA6C,CAAC;IAC/D,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,SAAS;IA4BpB,mDAAmD;IAC5C,MAAM,CAAO,mCAAmC,CACrD,kBAAsC,EACtC,qBAAoD,EACpD,UAA0B;;YAE1B,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAuB,CAAC;YAEnF,IAAI,OAAO,qBAAqB,KAAK,QAAQ,EAAE,CAAC;gBAC9C,sBAAsB;gBACtB,MAAM,UAAU,GAAG,qBAAqB,CAAC;gBACzC,MAAM,QAAQ,GAAG,CAAC,mBAAmB,CAAC,YAAY,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;gBAEjF,SAAe,qBAAqB,CAClC,OAAwB,EAAE,UAAoB;;wBAE9C,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;4BAC1B,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gCACzB,MAAM,WAAW,GAAG,CAAC,GAAG,UAAU,EAAE,GAAG,CAAC,CAAC;gCAEzC,oFAAoF;gCACpF,uEAAuE;gCACvE,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;oCACpC,MAAM,qBAAqB,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;oCACvD,SAAS;gCACX,CAAC;gCAED,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;gCACnE,OAAO,CAAC,GAAG,CAAC,CAAC,WAAW,GAAG;oCACzB,SAAS,EAAE,UAAU,CAAC,SAAS;oCAC/B,YAAY;iCACb,CAAC;gCACF,MAAM,qBAAqB,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;4BACzD,CAAC;wBACH,CAAC;oBACH,CAAC;iBAAA;gBAED,MAAM,qBAAqB,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBACvD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,2CAA2C;YAC3C,MAAM,SAAS,GAAG,qBAAqB,CAAC;YAExC,wFAAwF;YACxF,SAAe,qBAAqB,CAAC,OAAwB,EAAE,SAA4B;;oBACzF,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;wBAC1B,iIAAiI;wBACjI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;4BACzB,MAAM,iBAAiB,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;4BAEzE,oFAAoF;4BACpF,uEAAuE;4BACvE,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gCACpC,MAAM,qBAAqB,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,iBAAiB,CAAC,CAAC;gCAC7D,SAAS;4BACX,CAAC;4BAED,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,CAAC;4BAEvF,OAAO,CAAC,GAAG,CAAC,CAAC,WAAW,GAAG,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC;4BACvD,MAAM,qBAAqB,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,iBAAiB,CAAC,CAAC;wBAC/D,CAAC;oBACH,CAAC;gBACH,CAAC;aAAA;YAED,uEAAuE;YACvE,MAAM,OAAO,GAAsB;gBACjC,gBAAgB,EAAI,mBAAmB,CAAC,YAAY;gBACpD,iBAAiB,EAAG,UAAW;gBAC/B,SAAS;aACV,CAAC;YACF,MAAM,uBAAuB,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC,mBAAmB,CAAC,YAAY,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvI,MAAM,qBAAqB,CAAC,KAAK,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC;YAEtE,OAAO,KAAK,CAAC;QACf,CAAC;KAAA;CACF"}
+{"version":3,"file":"protocols.js","sourceRoot":"","sources":["../../../../src/utils/protocols.ts"],"names":[],"mappings":";;;;;;;;;AAKA,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAYhE;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CAAC,GAAW;IAC/C,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,UAAU,KAAK,CAAC,CAAC,EAAE,CAAC;QACtB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IAEnD,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,YAAoB,EAAE,SAA6C;IAClG,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzC,IAAI,OAAoC,CAAC;IACzC,IAAI,YAAY,GAAuC,SAAS,CAAC;IAEjE,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,YAAY,GAAG,OAA6C,CAAC;IAC/D,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,SAAS;IA4BpB,mDAAmD;IAC5C,MAAM,CAAO,mCAAmC,CACrD,kBAAsC,EACtC,qBAAoD,EACpD,UAA0B;;YAE1B,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAuB,CAAC;YAEnF,IAAI,OAAO,qBAAqB,KAAK,QAAQ,EAAE,CAAC;gBAC9C,sBAAsB;gBACtB,MAAM,UAAU,GAAG,qBAAqB,CAAC;gBACzC,MAAM,QAAQ,GAAG,CAAC,mBAAmB,CAAC,YAAY,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;gBAEjF,SAAe,qBAAqB,CAClC,OAAwB,EAAE,UAAoB;;wBAE9C,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;4BAC1B,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gCACzB,MAAM,WAAW,GAAG,CAAC,GAAG,UAAU,EAAE,GAAG,CAAC,CAAC;gCACzC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAoB,CAAC;gCAErD,oFAAoF;gCACpF,uEAAuE;gCACvE,IAAI,YAAY,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;oCACpC,MAAM,qBAAqB,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;oCACvD,SAAS;gCACX,CAAC;gCAED,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;gCACnE,YAAY,CAAC,WAAW,GAAG;oCACzB,SAAS,EAAE,UAAU,CAAC,SAAS;oCAC/B,YAAY;iCACb,CAAC;gCACF,MAAM,qBAAqB,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;4BACzD,CAAC;wBACH,CAAC;oBACH,CAAC;iBAAA;gBAED,MAAM,qBAAqB,CAAC,KAAK,CAAC,SAA4B,EAAE,QAAQ,CAAC,CAAC;gBAC1E,OAAO,KAAK,CAAC;YACf,CAAC;YAED,2CAA2C;YAC3C,MAAM,SAAS,GAAG,qBAAqB,CAAC;YAExC,wFAAwF;YACxF,SAAe,qBAAqB,CAAC,OAAwB,EAAE,SAA4B;;oBACzF,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;wBAC1B,iIAAiI;wBACjI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;4BACzB,MAAM,iBAAiB,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;4BACzE,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAoB,CAAC;4BAErD,oFAAoF;4BACpF,uEAAuE;4BACvE,IAAI,YAAY,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gCACpC,MAAM,qBAAqB,CAAC,YAAY,EAAE,iBAAiB,CAAC,CAAC;gCAC7D,SAAS;4BACX,CAAC;4BAED,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,iBAAiB,CAAC,iBAAiB,EAAE,CAAiB,CAAC;4BAE7G,YAAY,CAAC,WAAW,GAAG,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC;4BACvD,MAAM,qBAAqB,CAAC,YAAY,EAAE,iBAAiB,CAAC,CAAC;wBAC/D,CAAC;oBACH,CAAC;gBACH,CAAC;aAAA;YAED,uEAAuE;YACvE,MAAM,OAAO,GAAsB;gBACjC,gBAAgB,EAAI,mBAAmB,CAAC,YAAY;gBACpD,iBAAiB,EAAG,UAAW;gBAC/B,SAAS;aACV,CAAC;YACF,MAAM,uBAAuB,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC,mBAAmB,CAAC,YAAY,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvI,MAAM,qBAAqB,CAAC,KAAK,CAAC,SAA4B,EAAE,uBAAuB,CAAC,CAAC;YAEzF,OAAO,KAAK,CAAC;QACf,CAAC;KAAA;CACF"}