@fedify/vocab-runtime 2.0.0-dev.12 → 2.0.0-dev.158

package/dist/key.test.cjs

@@ -0,0 +1,272 @@
+const require_chunk = require('./chunk-DWy1uDak.cjs');
+const require_multibase = require('./multibase-BFbBiaPE.cjs');
+const node_assert = require_chunk.__toESM(require("node:assert"));
+const node_test = require_chunk.__toESM(require("node:test"));
+const asn1js = require_chunk.__toESM(require("asn1js"));
+const byte_encodings_base64 = require_chunk.__toESM(require("byte-encodings/base64"));
+const byte_encodings_base64url = require_chunk.__toESM(require("byte-encodings/base64url"));
+const byte_encodings_hex = require_chunk.__toESM(require("byte-encodings/hex"));
+const multicodec = require_chunk.__toESM(require("multicodec"));
+const node_crypto = require_chunk.__toESM(require("node:crypto"));
+const pkijs = require_chunk.__toESM(require("pkijs"));
+
+//#region src/jwk.ts
+function validateCryptoKey(key, type) {
+	if (type != null && key.type !== type) throw new TypeError(`The key is not a ${type} key.`);
+	if (!key.extractable) throw new TypeError("The key is not extractable.");
+	if (key.algorithm.name !== "RSASSA-PKCS1-v1_5" && key.algorithm.name !== "Ed25519") throw new TypeError("Currently only RSASSA-PKCS1-v1_5 and Ed25519 keys are supported.  More algorithms will be added in the future!");
+	if (key.algorithm.name === "RSASSA-PKCS1-v1_5") {
+		const algorithm = key.algorithm;
+		if (algorithm.hash.name !== "SHA-256") throw new TypeError("For compatibility with the existing Fediverse software (e.g., Mastodon), hash algorithm for RSASSA-PKCS1-v1_5 keys must be SHA-256.");
+	}
+}
+async function exportJwk(key) {
+	validateCryptoKey(key);
+	const jwk = await crypto.subtle.exportKey("jwk", key);
+	if (jwk.crv === "Ed25519") jwk.alg = "Ed25519";
+	return jwk;
+}
+async function importJwk(jwk, type) {
+	let key;
+	if (jwk.kty === "RSA" && jwk.alg === "RS256") key = await crypto.subtle.importKey("jwk", jwk, {
+		name: "RSASSA-PKCS1-v1_5",
+		hash: "SHA-256"
+	}, true, type === "public" ? ["verify"] : ["sign"]);
+	else if (jwk.kty === "OKP" && jwk.crv === "Ed25519") {
+		if (navigator?.userAgent === "Cloudflare-Workers") {
+			jwk = { ...jwk };
+			delete jwk.alg;
+		}
+		key = await crypto.subtle.importKey("jwk", jwk, "Ed25519", true, type === "public" ? ["verify"] : ["sign"]);
+	} else throw new TypeError("Unsupported JWK format.");
+	validateCryptoKey(key, type);
+	return key;
+}
+
+//#endregion
+//#region src/key.ts
+const algorithms = {
+	"1.2.840.113549.1.1.1": {
+		name: "RSASSA-PKCS1-v1_5",
+		hash: "SHA-256"
+	},
+	"1.3.101.112": "Ed25519"
+};
+/**
+* Imports a PEM-SPKI formatted public key.
+* @param pem The PEM-SPKI formatted public key.
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.5.0
+*/
+async function importSpki(pem) {
+	pem = pem.replace(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "");
+	let spki;
+	try {
+		spki = (0, byte_encodings_base64.decodeBase64)(pem);
+	} catch (_) {
+		throw new TypeError("Invalid PEM-SPKI format.");
+	}
+	const pki = pkijs.PublicKeyInfo.fromBER(spki);
+	const oid = pki.algorithm.algorithmId;
+	const algorithm = algorithms[oid];
+	if (algorithm == null) throw new TypeError("Unsupported algorithm: " + oid);
+	return await crypto.subtle.importKey("spki", spki, algorithm, true, ["verify"]);
+}
+/**
+* Exports a public key in PEM-SPKI format.
+* @param key The public key to export.
+* @returns The exported public key in PEM-SPKI format.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.5.0
+*/
+async function exportSpki(key) {
+	validateCryptoKey(key);
+	const spki = await crypto.subtle.exportKey("spki", key);
+	let pem = (0, byte_encodings_base64.encodeBase64)(spki);
+	pem = (pem.match(/.{1,64}/g) || []).join("\n");
+	return `-----BEGIN PUBLIC KEY-----\n${pem}\n-----END PUBLIC KEY-----\n`;
+}
+/**
+* Imports a PEM-PKCS#1 formatted public key.
+* @param pem The PEM-PKCS#1 formatted public key.
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 1.5.0
+*/
+function importPkcs1(pem) {
+	const key = (0, node_crypto.createPublicKey)({
+		key: pem,
+		format: "pem",
+		type: "pkcs1"
+	});
+	const spki = key.export({
+		type: "spki",
+		format: "pem"
+	});
+	return importSpki(spki);
+}
+const PKCS1_HEADER = /^\s*-----BEGIN\s+RSA\s+PUBLIC\s+KEY-----\s*\n/;
+/**
+* Imports a PEM formatted public key (SPKI or PKCS#1).
+* @param pem The PEM formatted public key to import (SPKI or PKCS#1).
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 1.5.0
+*/
+function importPem(pem) {
+	return PKCS1_HEADER.test(pem) ? importPkcs1(pem) : importSpki(pem);
+}
+/**
+* Imports a [Multibase]-encoded public key.
+*
+* [Multibase]: https://www.w3.org/TR/vc-data-integrity/#multibase-0
+* @param key The Multibase-encoded public key.
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.10.0
+*/
+async function importMultibaseKey(key) {
+	const decoded = require_multibase.decodeMultibase(key);
+	const code = (0, multicodec.getCodeFromData)(decoded);
+	const content = (0, multicodec.rmPrefix)(decoded);
+	if (code === 4613) {
+		const keyObject = (0, node_crypto.createPublicKey)({
+			key: content,
+			format: "der",
+			type: "pkcs1"
+		});
+		const exported = keyObject.export({
+			type: "spki",
+			format: "der"
+		});
+		const spki = exported instanceof Uint8Array ? exported : new Uint8Array(exported);
+		return await crypto.subtle.importKey("spki", new Uint8Array(spki), {
+			name: "RSASSA-PKCS1-v1_5",
+			hash: "SHA-256"
+		}, true, ["verify"]);
+	} else if (code === 237) return await crypto.subtle.importKey("raw", content.slice(), "Ed25519", true, ["verify"]);
+	else throw new TypeError("Unsupported key type: 0x" + code.toString(16));
+}
+/**
+* Exports a public key in [Multibase] format.
+*
+* [Multibase]: https://www.w3.org/TR/vc-data-integrity/#multibase-0
+* @param key The public key to export.
+* @returns The exported public key in Multibase format.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.10.0
+*/
+async function exportMultibaseKey(key) {
+	let content;
+	let code;
+	if (key.algorithm.name === "Ed25519") {
+		content = await crypto.subtle.exportKey("raw", key);
+		code = 237;
+	} else if (key.algorithm.name === "RSASSA-PKCS1-v1_5" && key.algorithm.hash.name === "SHA-256") {
+		const jwk = await crypto.subtle.exportKey("jwk", key);
+		const decodedN = (0, byte_encodings_base64url.decodeBase64Url)(jwk.n);
+		const n = new Uint8Array(decodedN.length + 1);
+		n.set(decodedN, 1);
+		const sequence = new asn1js.Sequence({ value: [new asn1js.Integer({
+			isHexOnly: true,
+			valueHex: n
+		}), new asn1js.Integer({
+			isHexOnly: true,
+			valueHex: (0, byte_encodings_base64url.decodeBase64Url)(jwk.e)
+		})] });
+		content = sequence.toBER(false);
+		code = 4613;
+	} else throw new TypeError("Unsupported key type: " + JSON.stringify(key.algorithm));
+	const codeHex = code.toString(16);
+	const codeBytes = (0, byte_encodings_hex.decodeHex)(codeHex.length % 2 < 1 ? codeHex : "0" + codeHex);
+	const prefixed = (0, multicodec.addPrefix)(codeBytes, new Uint8Array(content));
+	const encoded = require_multibase.encodeMultibase("base58btc", prefixed);
+	return new TextDecoder().decode(encoded);
+}
+
+//#endregion
+//#region src/key.test.ts
+const rsaSpki = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsRuvCkgJtflBTl4OVsm\nnt/J1mQfZasfJtN33dcZ3d1lJroxmgmMu69zjGEAwkNbMQaWNLqC4eogkJaeJ4RR\n5MHYXkL9nNilVoTkjX5BVit3puzs7XJ7WQnKQgQMI+ezn24GHsZ/v1JIo77lerX5\nk4HNwTNVt+yaZVQWaOMR3+6FwziQR6kd0VuG9/a9dgAnz2cEoORRC1i4W7IZaB1s\nZnh1WbHbevlGd72HSXll5rocPIHn8gq6xpBgpHwRphlRsgn4KHaJ6brXDIJjrnQh\nIe/YUBOGj/ImSEXhRwlFerKsoAVnZ0Hwbfa46qk44TAt8CyoPMWmpK6pt0ng4pQ2\nuwIDAQAB\n-----END PUBLIC KEY-----\n";
+const rsaPkcs1 = "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAxsRuvCkgJtflBTl4OVsmnt/J1mQfZasfJtN33dcZ3d1lJroxmgmM\nu69zjGEAwkNbMQaWNLqC4eogkJaeJ4RR5MHYXkL9nNilVoTkjX5BVit3puzs7XJ7\nWQnKQgQMI+ezn24GHsZ/v1JIo77lerX5k4HNwTNVt+yaZVQWaOMR3+6FwziQR6kd\n0VuG9/a9dgAnz2cEoORRC1i4W7IZaB1sZnh1WbHbevlGd72HSXll5rocPIHn8gq6\nxpBgpHwRphlRsgn4KHaJ6brXDIJjrnQhIe/YUBOGj/ImSEXhRwlFerKsoAVnZ0Hw\nbfa46qk44TAt8CyoPMWmpK6pt0ng4pQ2uwIDAQAB\n-----END RSA PUBLIC KEY-----\n";
+const rsaJwk = {
+	alg: "RS256",
+	e: "AQAB",
+	ext: true,
+	key_ops: ["verify"],
+	kty: "RSA",
+	n: "xsRuvCkgJtflBTl4OVsmnt_J1mQfZasfJtN33dcZ3d1lJroxmgmMu69zjGEAwkNbMQaWNLqC4eogkJaeJ4RR5MHYXkL9nNilVoTkjX5BVit3puzs7XJ7WQnKQgQMI-ezn24GHsZ_v1JIo77lerX5k4HNwTNVt-yaZVQWaOMR3-6FwziQR6kd0VuG9_a9dgAnz2cEoORRC1i4W7IZaB1sZnh1WbHbevlGd72HSXll5rocPIHn8gq6xpBgpHwRphlRsgn4KHaJ6brXDIJjrnQhIe_YUBOGj_ImSEXhRwlFerKsoAVnZ0Hwbfa46qk44TAt8CyoPMWmpK6pt0ng4pQ2uw"
+};
+const rsaMultibase = "z4MXj1wBzi9jUstyPqYMn6Gum79JtbKFiHTibtPRoPeufjdimA24Kg8Q5N7E2eMpgVUtD61kUvmy4FaT5D5G8XU3ktxeduwEw5FHTtiLCzaruadf6rit1AUPL34UtcPuHh6GxBzTxgFKMMuzcHiUzG9wvbxn7toS4H2gbmUn1r91836ET2EVgmSdzju614Wu67ukyBGivcboncdfxPSR5JXwURBaL8K2P6yhKn3NyprFV8s6QpN4zgQMAD3Q6fjAsEvGNwXaQTZmEN2yd1NQ7uBE3RJ2XywZnehmfLQTEqD7Ad5XM3qfLLd9CtdzJGBkRfunHhkH1kz8dHL7hXwtk5EMXktY4QF5gZ1uisUV5mpPjEgqz7uDz";
+const ed25519Pem = "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAvrabdlLgVI5jWl7GpF+fLFJVF4ccI8D7h+v5ulBCYwo=\n-----END PUBLIC KEY-----\n";
+const ed25519Jwk = {
+	alg: "Ed25519",
+	kty: "OKP",
+	crv: "Ed25519",
+	x: "vrabdlLgVI5jWl7GpF-fLFJVF4ccI8D7h-v5ulBCYwo",
+	key_ops: ["verify"],
+	ext: true
+};
+const ed25519Multibase = "z6MksHj1MJnidCtDiyYW9ugNFftoX9fLK4bornTxmMZ6X7vq";
+(0, node_test.test)("importSpki()", async () => {
+	const rsaKey = await importSpki(rsaSpki);
+	(0, node_assert.deepStrictEqual)(await exportJwk(rsaKey), rsaJwk);
+	const ed25519Key = await importSpki(ed25519Pem);
+	(0, node_assert.deepStrictEqual)(await exportJwk(ed25519Key), ed25519Jwk);
+});
+(0, node_test.test)("exportSpki()", async () => {
+	const rsaKey = await importJwk(rsaJwk, "public");
+	const rsaSpki$1 = await exportSpki(rsaKey);
+	(0, node_assert.deepStrictEqual)(rsaSpki$1, rsaSpki$1);
+	const ed25519Key = await importJwk(ed25519Jwk, "public");
+	const ed25519Spki = await exportSpki(ed25519Key);
+	(0, node_assert.deepStrictEqual)(ed25519Spki, ed25519Pem);
+});
+(0, node_test.test)("importPkcs1()", async () => {
+	const rsaKey = await importPkcs1(rsaPkcs1);
+	(0, node_assert.deepStrictEqual)(await exportJwk(rsaKey), rsaJwk);
+});
+(0, node_test.test)("importPem()", async () => {
+	const rsaPkcs1Key = await importPem(rsaPkcs1);
+	(0, node_assert.deepStrictEqual)(await exportJwk(rsaPkcs1Key), rsaJwk);
+	const rsaSpkiKey = await importPem(rsaSpki);
+	(0, node_assert.deepStrictEqual)(await exportJwk(rsaSpkiKey), rsaJwk);
+	const ed25519Key = await importPem(ed25519Pem);
+	(0, node_assert.deepStrictEqual)(await exportJwk(ed25519Key), ed25519Jwk);
+});
+(0, node_test.test)("importMultibase()", async () => {
+	const rsaKey = await importMultibaseKey(rsaMultibase);
+	(0, node_assert.deepStrictEqual)(await exportJwk(rsaKey), rsaJwk);
+	const ed25519Key = await importMultibaseKey(ed25519Multibase);
+	(0, node_assert.deepStrictEqual)(await exportJwk(ed25519Key), ed25519Jwk);
+});
+(0, node_test.test)("exportMultibaseKey()", async () => {
+	const rsaKey = await importJwk(rsaJwk, "public");
+	const rsaMb = await exportMultibaseKey(rsaKey);
+	(0, node_assert.deepStrictEqual)(rsaMb, rsaMultibase);
+	const ed25519Key = await importJwk(ed25519Jwk, "public");
+	const ed25519Mb = await exportMultibaseKey(ed25519Key);
+	(0, node_assert.deepStrictEqual)(ed25519Mb, ed25519Multibase);
+	const rsaKey2 = await importJwk({
+		alg: "RS256",
+		ext: true,
+		key_ops: ["verify"],
+		e: "AQAB",
+		kty: "RSA",
+		n: "sbX82NTV6IylxCh7MfV4hlyvaniCajuP97GyOqSvTmoEdBOflFvZ06kR_9D6ctt45Fk6hskfnag2GG69NALVH2o4RCR6tQiLRpKcMRtDYE_thEmfBvDzm_VVkOIYfxu-Ipuo9J_S5XDNDjczx2v-3oDh5-CIHkU46hvFeCvpUS-L8TJSbgX0kjVk_m4eIb9wh63rtmD6Uz_KBtCo5mmR4TEtcLZKYdqMp3wCjN-TlgHiz_4oVXWbHUefCEe8rFnX1iQnpDHU49_SaXQoud1jCaexFn25n-Aa8f8bc5Vm-5SeRwidHa6ErvEhTvf1dz6GoNPp2iRvm-wJ1gxwWJEYPQ"
+	}, "public");
+	const rsaMb2 = await exportMultibaseKey(rsaKey2);
+	(0, node_assert.deepStrictEqual)(rsaMb2, "z4MXj1wBzi9jUstyPMS4jQqB6KdJaiatPkAtVtGc6bQEQEEsKTic4G7Rou3iBf9vPmT5dbkm9qsZsuVNjq8HCuW1w24nhBFGkRE4cd2Uf2tfrB3N7h4mnyPp1BF3ZttHTYv3DLUPi1zMdkULiow3M1GfXkoC6DoxDUm1jmN6GBj22SjVsr6dxezRVQc7aj9TxE7JLbMH1wh5X3kA58H3DFW8rnYMakFGbca5CB2Jf6CnGQZmL7o5uJAdTwXfy2iiiyPxXEGerMhHwhjTA1mKYobyk2CpeEcmvynADfNZ5MBvcCS7m3XkFCMNUYBS9NQ3fze6vMSUPsNa6GVYmKx2x6JrdEjCk3qRMMmyjnjCMfR4pXbRMZa3i");
+	const ed25519Key2 = await importJwk({
+		alg: "Ed25519",
+		crv: "Ed25519",
+		ext: true,
+		key_ops: ["verify"],
+		kty: "OKP",
+		x: "Lm_M42cB3HkUiODQsXRcweM6TByfzEHGO9ND274JcOY"
+	}, "public");
+	const ed25519Mb2 = await exportMultibaseKey(ed25519Key2);
+	(0, node_assert.deepStrictEqual)(ed25519Mb2, "z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK");
+});
+
+//#endregion

package/dist/key.test.d.cts

@@ -0,0 +1 @@
+export { };

package/dist/key.test.d.ts

@@ -0,0 +1 @@
+export { };

package/dist/key.test.js

@@ -0,0 +1,271 @@
+import { decodeMultibase, encodeMultibase } from "./multibase-DStmqni9.js";
+import { deepStrictEqual } from "node:assert";
+import { test } from "node:test";
+import { Integer, Sequence } from "asn1js";
+import { decodeBase64, encodeBase64 } from "byte-encodings/base64";
+import { decodeBase64Url } from "byte-encodings/base64url";
+import { decodeHex } from "byte-encodings/hex";
+import { addPrefix, getCodeFromData, rmPrefix } from "multicodec";
+import { createPublicKey } from "node:crypto";
+import { PublicKeyInfo } from "pkijs";
+
+//#region src/jwk.ts
+function validateCryptoKey(key, type) {
+	if (type != null && key.type !== type) throw new TypeError(`The key is not a ${type} key.`);
+	if (!key.extractable) throw new TypeError("The key is not extractable.");
+	if (key.algorithm.name !== "RSASSA-PKCS1-v1_5" && key.algorithm.name !== "Ed25519") throw new TypeError("Currently only RSASSA-PKCS1-v1_5 and Ed25519 keys are supported.  More algorithms will be added in the future!");
+	if (key.algorithm.name === "RSASSA-PKCS1-v1_5") {
+		const algorithm = key.algorithm;
+		if (algorithm.hash.name !== "SHA-256") throw new TypeError("For compatibility with the existing Fediverse software (e.g., Mastodon), hash algorithm for RSASSA-PKCS1-v1_5 keys must be SHA-256.");
+	}
+}
+async function exportJwk(key) {
+	validateCryptoKey(key);
+	const jwk = await crypto.subtle.exportKey("jwk", key);
+	if (jwk.crv === "Ed25519") jwk.alg = "Ed25519";
+	return jwk;
+}
+async function importJwk(jwk, type) {
+	let key;
+	if (jwk.kty === "RSA" && jwk.alg === "RS256") key = await crypto.subtle.importKey("jwk", jwk, {
+		name: "RSASSA-PKCS1-v1_5",
+		hash: "SHA-256"
+	}, true, type === "public" ? ["verify"] : ["sign"]);
+	else if (jwk.kty === "OKP" && jwk.crv === "Ed25519") {
+		if (navigator?.userAgent === "Cloudflare-Workers") {
+			jwk = { ...jwk };
+			delete jwk.alg;
+		}
+		key = await crypto.subtle.importKey("jwk", jwk, "Ed25519", true, type === "public" ? ["verify"] : ["sign"]);
+	} else throw new TypeError("Unsupported JWK format.");
+	validateCryptoKey(key, type);
+	return key;
+}
+
+//#endregion
+//#region src/key.ts
+const algorithms = {
+	"1.2.840.113549.1.1.1": {
+		name: "RSASSA-PKCS1-v1_5",
+		hash: "SHA-256"
+	},
+	"1.3.101.112": "Ed25519"
+};
+/**
+* Imports a PEM-SPKI formatted public key.
+* @param pem The PEM-SPKI formatted public key.
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.5.0
+*/
+async function importSpki(pem) {
+	pem = pem.replace(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "");
+	let spki;
+	try {
+		spki = decodeBase64(pem);
+	} catch (_) {
+		throw new TypeError("Invalid PEM-SPKI format.");
+	}
+	const pki = PublicKeyInfo.fromBER(spki);
+	const oid = pki.algorithm.algorithmId;
+	const algorithm = algorithms[oid];
+	if (algorithm == null) throw new TypeError("Unsupported algorithm: " + oid);
+	return await crypto.subtle.importKey("spki", spki, algorithm, true, ["verify"]);
+}
+/**
+* Exports a public key in PEM-SPKI format.
+* @param key The public key to export.
+* @returns The exported public key in PEM-SPKI format.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.5.0
+*/
+async function exportSpki(key) {
+	validateCryptoKey(key);
+	const spki = await crypto.subtle.exportKey("spki", key);
+	let pem = encodeBase64(spki);
+	pem = (pem.match(/.{1,64}/g) || []).join("\n");
+	return `-----BEGIN PUBLIC KEY-----\n${pem}\n-----END PUBLIC KEY-----\n`;
+}
+/**
+* Imports a PEM-PKCS#1 formatted public key.
+* @param pem The PEM-PKCS#1 formatted public key.
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 1.5.0
+*/
+function importPkcs1(pem) {
+	const key = createPublicKey({
+		key: pem,
+		format: "pem",
+		type: "pkcs1"
+	});
+	const spki = key.export({
+		type: "spki",
+		format: "pem"
+	});
+	return importSpki(spki);
+}
+const PKCS1_HEADER = /^\s*-----BEGIN\s+RSA\s+PUBLIC\s+KEY-----\s*\n/;
+/**
+* Imports a PEM formatted public key (SPKI or PKCS#1).
+* @param pem The PEM formatted public key to import (SPKI or PKCS#1).
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 1.5.0
+*/
+function importPem(pem) {
+	return PKCS1_HEADER.test(pem) ? importPkcs1(pem) : importSpki(pem);
+}
+/**
+* Imports a [Multibase]-encoded public key.
+*
+* [Multibase]: https://www.w3.org/TR/vc-data-integrity/#multibase-0
+* @param key The Multibase-encoded public key.
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.10.0
+*/
+async function importMultibaseKey(key) {
+	const decoded = decodeMultibase(key);
+	const code = getCodeFromData(decoded);
+	const content = rmPrefix(decoded);
+	if (code === 4613) {
+		const keyObject = createPublicKey({
+			key: content,
+			format: "der",
+			type: "pkcs1"
+		});
+		const exported = keyObject.export({
+			type: "spki",
+			format: "der"
+		});
+		const spki = exported instanceof Uint8Array ? exported : new Uint8Array(exported);
+		return await crypto.subtle.importKey("spki", new Uint8Array(spki), {
+			name: "RSASSA-PKCS1-v1_5",
+			hash: "SHA-256"
+		}, true, ["verify"]);
+	} else if (code === 237) return await crypto.subtle.importKey("raw", content.slice(), "Ed25519", true, ["verify"]);
+	else throw new TypeError("Unsupported key type: 0x" + code.toString(16));
+}
+/**
+* Exports a public key in [Multibase] format.
+*
+* [Multibase]: https://www.w3.org/TR/vc-data-integrity/#multibase-0
+* @param key The public key to export.
+* @returns The exported public key in Multibase format.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.10.0
+*/
+async function exportMultibaseKey(key) {
+	let content;
+	let code;
+	if (key.algorithm.name === "Ed25519") {
+		content = await crypto.subtle.exportKey("raw", key);
+		code = 237;
+	} else if (key.algorithm.name === "RSASSA-PKCS1-v1_5" && key.algorithm.hash.name === "SHA-256") {
+		const jwk = await crypto.subtle.exportKey("jwk", key);
+		const decodedN = decodeBase64Url(jwk.n);
+		const n = new Uint8Array(decodedN.length + 1);
+		n.set(decodedN, 1);
+		const sequence = new Sequence({ value: [new Integer({
+			isHexOnly: true,
+			valueHex: n
+		}), new Integer({
+			isHexOnly: true,
+			valueHex: decodeBase64Url(jwk.e)
+		})] });
+		content = sequence.toBER(false);
+		code = 4613;
+	} else throw new TypeError("Unsupported key type: " + JSON.stringify(key.algorithm));
+	const codeHex = code.toString(16);
+	const codeBytes = decodeHex(codeHex.length % 2 < 1 ? codeHex : "0" + codeHex);
+	const prefixed = addPrefix(codeBytes, new Uint8Array(content));
+	const encoded = encodeMultibase("base58btc", prefixed);
+	return new TextDecoder().decode(encoded);
+}
+
+//#endregion
+//#region src/key.test.ts
+const rsaSpki = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsRuvCkgJtflBTl4OVsm\nnt/J1mQfZasfJtN33dcZ3d1lJroxmgmMu69zjGEAwkNbMQaWNLqC4eogkJaeJ4RR\n5MHYXkL9nNilVoTkjX5BVit3puzs7XJ7WQnKQgQMI+ezn24GHsZ/v1JIo77lerX5\nk4HNwTNVt+yaZVQWaOMR3+6FwziQR6kd0VuG9/a9dgAnz2cEoORRC1i4W7IZaB1s\nZnh1WbHbevlGd72HSXll5rocPIHn8gq6xpBgpHwRphlRsgn4KHaJ6brXDIJjrnQh\nIe/YUBOGj/ImSEXhRwlFerKsoAVnZ0Hwbfa46qk44TAt8CyoPMWmpK6pt0ng4pQ2\nuwIDAQAB\n-----END PUBLIC KEY-----\n";
+const rsaPkcs1 = "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAxsRuvCkgJtflBTl4OVsmnt/J1mQfZasfJtN33dcZ3d1lJroxmgmM\nu69zjGEAwkNbMQaWNLqC4eogkJaeJ4RR5MHYXkL9nNilVoTkjX5BVit3puzs7XJ7\nWQnKQgQMI+ezn24GHsZ/v1JIo77lerX5k4HNwTNVt+yaZVQWaOMR3+6FwziQR6kd\n0VuG9/a9dgAnz2cEoORRC1i4W7IZaB1sZnh1WbHbevlGd72HSXll5rocPIHn8gq6\nxpBgpHwRphlRsgn4KHaJ6brXDIJjrnQhIe/YUBOGj/ImSEXhRwlFerKsoAVnZ0Hw\nbfa46qk44TAt8CyoPMWmpK6pt0ng4pQ2uwIDAQAB\n-----END RSA PUBLIC KEY-----\n";
+const rsaJwk = {
+	alg: "RS256",
+	e: "AQAB",
+	ext: true,
+	key_ops: ["verify"],
+	kty: "RSA",
+	n: "xsRuvCkgJtflBTl4OVsmnt_J1mQfZasfJtN33dcZ3d1lJroxmgmMu69zjGEAwkNbMQaWNLqC4eogkJaeJ4RR5MHYXkL9nNilVoTkjX5BVit3puzs7XJ7WQnKQgQMI-ezn24GHsZ_v1JIo77lerX5k4HNwTNVt-yaZVQWaOMR3-6FwziQR6kd0VuG9_a9dgAnz2cEoORRC1i4W7IZaB1sZnh1WbHbevlGd72HSXll5rocPIHn8gq6xpBgpHwRphlRsgn4KHaJ6brXDIJjrnQhIe_YUBOGj_ImSEXhRwlFerKsoAVnZ0Hwbfa46qk44TAt8CyoPMWmpK6pt0ng4pQ2uw"
+};
+const rsaMultibase = "z4MXj1wBzi9jUstyPqYMn6Gum79JtbKFiHTibtPRoPeufjdimA24Kg8Q5N7E2eMpgVUtD61kUvmy4FaT5D5G8XU3ktxeduwEw5FHTtiLCzaruadf6rit1AUPL34UtcPuHh6GxBzTxgFKMMuzcHiUzG9wvbxn7toS4H2gbmUn1r91836ET2EVgmSdzju614Wu67ukyBGivcboncdfxPSR5JXwURBaL8K2P6yhKn3NyprFV8s6QpN4zgQMAD3Q6fjAsEvGNwXaQTZmEN2yd1NQ7uBE3RJ2XywZnehmfLQTEqD7Ad5XM3qfLLd9CtdzJGBkRfunHhkH1kz8dHL7hXwtk5EMXktY4QF5gZ1uisUV5mpPjEgqz7uDz";
+const ed25519Pem = "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAvrabdlLgVI5jWl7GpF+fLFJVF4ccI8D7h+v5ulBCYwo=\n-----END PUBLIC KEY-----\n";
+const ed25519Jwk = {
+	alg: "Ed25519",
+	kty: "OKP",
+	crv: "Ed25519",
+	x: "vrabdlLgVI5jWl7GpF-fLFJVF4ccI8D7h-v5ulBCYwo",
+	key_ops: ["verify"],
+	ext: true
+};
+const ed25519Multibase = "z6MksHj1MJnidCtDiyYW9ugNFftoX9fLK4bornTxmMZ6X7vq";
+test("importSpki()", async () => {
+	const rsaKey = await importSpki(rsaSpki);
+	deepStrictEqual(await exportJwk(rsaKey), rsaJwk);
+	const ed25519Key = await importSpki(ed25519Pem);
+	deepStrictEqual(await exportJwk(ed25519Key), ed25519Jwk);
+});
+test("exportSpki()", async () => {
+	const rsaKey = await importJwk(rsaJwk, "public");
+	const rsaSpki$1 = await exportSpki(rsaKey);
+	deepStrictEqual(rsaSpki$1, rsaSpki$1);
+	const ed25519Key = await importJwk(ed25519Jwk, "public");
+	const ed25519Spki = await exportSpki(ed25519Key);
+	deepStrictEqual(ed25519Spki, ed25519Pem);
+});
+test("importPkcs1()", async () => {
+	const rsaKey = await importPkcs1(rsaPkcs1);
+	deepStrictEqual(await exportJwk(rsaKey), rsaJwk);
+});
+test("importPem()", async () => {
+	const rsaPkcs1Key = await importPem(rsaPkcs1);
+	deepStrictEqual(await exportJwk(rsaPkcs1Key), rsaJwk);
+	const rsaSpkiKey = await importPem(rsaSpki);
+	deepStrictEqual(await exportJwk(rsaSpkiKey), rsaJwk);
+	const ed25519Key = await importPem(ed25519Pem);
+	deepStrictEqual(await exportJwk(ed25519Key), ed25519Jwk);
+});
+test("importMultibase()", async () => {
+	const rsaKey = await importMultibaseKey(rsaMultibase);
+	deepStrictEqual(await exportJwk(rsaKey), rsaJwk);
+	const ed25519Key = await importMultibaseKey(ed25519Multibase);
+	deepStrictEqual(await exportJwk(ed25519Key), ed25519Jwk);
+});
+test("exportMultibaseKey()", async () => {
+	const rsaKey = await importJwk(rsaJwk, "public");
+	const rsaMb = await exportMultibaseKey(rsaKey);
+	deepStrictEqual(rsaMb, rsaMultibase);
+	const ed25519Key = await importJwk(ed25519Jwk, "public");
+	const ed25519Mb = await exportMultibaseKey(ed25519Key);
+	deepStrictEqual(ed25519Mb, ed25519Multibase);
+	const rsaKey2 = await importJwk({
+		alg: "RS256",
+		ext: true,
+		key_ops: ["verify"],
+		e: "AQAB",
+		kty: "RSA",
+		n: "sbX82NTV6IylxCh7MfV4hlyvaniCajuP97GyOqSvTmoEdBOflFvZ06kR_9D6ctt45Fk6hskfnag2GG69NALVH2o4RCR6tQiLRpKcMRtDYE_thEmfBvDzm_VVkOIYfxu-Ipuo9J_S5XDNDjczx2v-3oDh5-CIHkU46hvFeCvpUS-L8TJSbgX0kjVk_m4eIb9wh63rtmD6Uz_KBtCo5mmR4TEtcLZKYdqMp3wCjN-TlgHiz_4oVXWbHUefCEe8rFnX1iQnpDHU49_SaXQoud1jCaexFn25n-Aa8f8bc5Vm-5SeRwidHa6ErvEhTvf1dz6GoNPp2iRvm-wJ1gxwWJEYPQ"
+	}, "public");
+	const rsaMb2 = await exportMultibaseKey(rsaKey2);
+	deepStrictEqual(rsaMb2, "z4MXj1wBzi9jUstyPMS4jQqB6KdJaiatPkAtVtGc6bQEQEEsKTic4G7Rou3iBf9vPmT5dbkm9qsZsuVNjq8HCuW1w24nhBFGkRE4cd2Uf2tfrB3N7h4mnyPp1BF3ZttHTYv3DLUPi1zMdkULiow3M1GfXkoC6DoxDUm1jmN6GBj22SjVsr6dxezRVQc7aj9TxE7JLbMH1wh5X3kA58H3DFW8rnYMakFGbca5CB2Jf6CnGQZmL7o5uJAdTwXfy2iiiyPxXEGerMhHwhjTA1mKYobyk2CpeEcmvynADfNZ5MBvcCS7m3XkFCMNUYBS9NQ3fze6vMSUPsNa6GVYmKx2x6JrdEjCk3qRMMmyjnjCMfR4pXbRMZa3i");
+	const ed25519Key2 = await importJwk({
+		alg: "Ed25519",
+		crv: "Ed25519",
+		ext: true,
+		key_ops: ["verify"],
+		kty: "OKP",
+		x: "Lm_M42cB3HkUiODQsXRcweM6TByfzEHGO9ND274JcOY"
+	}, "public");
+	const ed25519Mb2 = await exportMultibaseKey(ed25519Key2);
+	deepStrictEqual(ed25519Mb2, "z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK");
+});
+
+//#endregion

package/dist/langstr.test.cjs

@@ -0,0 +1,51 @@
+const require_chunk = require('./chunk-DWy1uDak.cjs');
+const node_assert = require_chunk.__toESM(require("node:assert"));
+const node_test = require_chunk.__toESM(require("node:test"));
+const node_util = require_chunk.__toESM(require("node:util"));
+
+//#region src/langstr.ts
+/**
+* A language-tagged string which corresponds to the `rdf:langString` type.
+*/
+var LanguageString = class extends String {
+	/**
+	* The locale of the string.
+	* @since 2.0.0
+	*/
+	locale;
+	/**
+	* Constructs a new `LanguageString`.
+	* @param value A string value written in the given language.
+	* @param locale The language of the string.  If a string is given, it will
+	*               be parsed as a `Intl.Locale` object.
+	*/
+	constructor(value, language) {
+		super(value);
+		this.locale = typeof language === "string" ? new Intl.Locale(language) : language;
+	}
+	[Symbol.for("Deno.customInspect")](inspect, options) {
+		return `<${this.locale.baseName}> ${inspect(this.toString(), options)}`;
+	}
+	[Symbol.for("nodejs.util.inspect.custom")](_depth, options, inspect) {
+		return `<${this.locale.baseName}> ${inspect(this.toString(), options)}`;
+	}
+};
+
+//#endregion
+//#region src/langstr.test.ts
+(0, node_test.test)("new LanguageString()", () => {
+	const langStr = new LanguageString("Hello", "en");
+	(0, node_assert.deepStrictEqual)(langStr.toString(), "Hello");
+	(0, node_assert.deepStrictEqual)(langStr.locale, new Intl.Locale("en"));
+	(0, node_assert.deepStrictEqual)(new LanguageString("Hello", new Intl.Locale("en")), langStr);
+});
+(0, node_test.test)("Deno.inspect(LanguageString)", () => {
+	const langStr = new LanguageString("Hello, 'world'", "en");
+	(0, node_assert.deepStrictEqual)(node_util.default.inspect(langStr, { colors: false }), "<en> \"Hello, 'world'\"");
+});
+(0, node_test.test)("util.inspect(LanguageString)", () => {
+	const langStr = new LanguageString("Hello, 'world'", "en");
+	(0, node_assert.deepStrictEqual)(node_util.default.inspect(langStr, { colors: false }), "<en> \"Hello, 'world'\"");
+});
+
+//#endregion

package/dist/langstr.test.d.cts

@@ -0,0 +1 @@
+export { };

package/dist/langstr.test.d.ts

@@ -0,0 +1 @@
+export { };

package/dist/langstr.test.js

@@ -0,0 +1,50 @@
+import { deepStrictEqual } from "node:assert";
+import { test } from "node:test";
+import util from "node:util";
+
+//#region src/langstr.ts
+/**
+* A language-tagged string which corresponds to the `rdf:langString` type.
+*/
+var LanguageString = class extends String {
+	/**
+	* The locale of the string.
+	* @since 2.0.0
+	*/
+	locale;
+	/**
+	* Constructs a new `LanguageString`.
+	* @param value A string value written in the given language.
+	* @param locale The language of the string.  If a string is given, it will
+	*               be parsed as a `Intl.Locale` object.
+	*/
+	constructor(value, language) {
+		super(value);
+		this.locale = typeof language === "string" ? new Intl.Locale(language) : language;
+	}
+	[Symbol.for("Deno.customInspect")](inspect, options) {
+		return `<${this.locale.baseName}> ${inspect(this.toString(), options)}`;
+	}
+	[Symbol.for("nodejs.util.inspect.custom")](_depth, options, inspect) {
+		return `<${this.locale.baseName}> ${inspect(this.toString(), options)}`;
+	}
+};
+
+//#endregion
+//#region src/langstr.test.ts
+test("new LanguageString()", () => {
+	const langStr = new LanguageString("Hello", "en");
+	deepStrictEqual(langStr.toString(), "Hello");
+	deepStrictEqual(langStr.locale, new Intl.Locale("en"));
+	deepStrictEqual(new LanguageString("Hello", new Intl.Locale("en")), langStr);
+});
+test("Deno.inspect(LanguageString)", () => {
+	const langStr = new LanguageString("Hello, 'world'", "en");
+	deepStrictEqual(util.inspect(langStr, { colors: false }), "<en> \"Hello, 'world'\"");
+});
+test("util.inspect(LanguageString)", () => {
+	const langStr = new LanguageString("Hello, 'world'", "en");
+	deepStrictEqual(util.inspect(langStr, { colors: false }), "<en> \"Hello, 'world'\"");
+});
+
+//#endregion