@fido4vc/fido-vc-cryptosuite-ts 1.0.1

package/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for describing the origin of the Work and
+      reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2026 The FIDO4VC Authors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,159 @@
+# fido-vc-cryptosuite-ts
+
+> TypeScript reference implementation of the [`fido4vc-jcs-2026`](https://fido4vc.github.io/spec/fido4vc-jcs-2026/) W3C VC Data Integrity cryptosuite.
+> Part of the [FIDO4VC project](https://fido4vc.github.io).
+
+A W3C [Verifiable Credential Data Integrity](https://www.w3.org/TR/vc-data-integrity/) cryptosuite for **FIDO/WebAuthn-signed Verifiable Presentations**.
+
+When a holder presents a VP using a FIDO authenticator (Passkey, YubiKey, Touch ID, Windows Hello, …), the resulting WebAuthn assertion is wrapped as a Data Integrity proof on the VP. This package canonicalizes such documents, validates the WebAuthn challenge binding, and verifies the FIDO signature against the public key resolved from the proof's DID.
+
+## Features
+
+- W3C VC Data Integrity-shaped `ICryptosuite` interface (`canonicalize` / `sign` / `verify`).
+- Pluggable cryptosuite registry — register additional suites alongside the built-in one.
+- Built-in suite: **`fido4vc-jcs-2026`** — verifies VPs whose proof is a FIDO/WebAuthn assertion.
+- DID resolution helpers (currently supports `did:jwk`).
+- Zero-config: JCS canonicalization + SHA-256 hashing of `{document, proof options}`.
+
+## Install
+
+```bash
+npm install fido-vc-cryptosuite-ts
+```
+
+Or, when developing inside this monorepo, depend on it via a local file reference:
+
+```json
+{
+  "dependencies": {
+    "fido-vc-cryptosuite-ts": "file:../fido-vc-cryptosuite-ts"
+  }
+}
+```
+
+## Usage
+
+### Verify a Verifiable Presentation
+
+```ts
+import { getCryptosuiteForDocument, VerifiablePresentation } from 'fido-vc-cryptosuite-ts';
+
+async function verify(vp: VerifiablePresentation) {
+  const suite = getCryptosuiteForDocument(vp);
+  const result = await suite.verify(vp);
+  // { verified: true } | { verified: false, error: '...' }
+  return result;
+}
+```
+
+`getCryptosuiteForDocument` reads `proof.cryptosuite` from the document and returns the matching registered suite, or throws if the name is not registered.
+
+### Use a specific suite directly
+
+```ts
+import { Fido4vcCryptosuite } from 'fido-vc-cryptosuite-ts';
+
+// Compute the challenge a FIDO authenticator must sign over
+const challenge = await Fido4vcCryptosuite.canonicalize(unsignedVp);
+
+// Later, verify the assertion-signed VP
+const result = await Fido4vcCryptosuite.verify(signedVp);
+```
+
+> Note: `fido4vc-jcs-2026` is verify-only by design — the signature comes from the FIDO authenticator, not from this library. Calling `sign(...)` will throw.
+
+### Resolve a DID
+
+```ts
+import { did } from 'fido-vc-cryptosuite-ts';
+
+const jwk = did.resolveDid('did:jwk:eyJ...'); // returns the JWK public key
+```
+
+## Supported cryptosuites
+
+| Name             | Sign | Verify | Notes |
+|------------------|------|--------|-------|
+| `fido4vc-jcs-2026`  | ❌   | ✅     | FIDO2/WebAuthn assertions over JCS-canonicalized VP |
+
+## Supported DID methods
+
+| Method     | Status |
+|------------|--------|
+| `did:jwk`  | ✅ |
+
+## How verification works (`fido4vc-jcs-2026`)
+
+1. Strip the `proof` from the VP; JCS-canonicalize the document and the proof options separately.
+2. SHA-256 hash them in sequence — this is the **expected challenge**.
+3. Extract `clientData.challenge` from the proof value and confirm it equals the expected challenge.
+4. Resolve `proof.verificationMethod` (DID) to a JWK public key.
+5. Recompute the WebAuthn signed bytes (`authenticatorData || sha256(clientData)`) and verify the signature against the resolved key.
+
+Any failure returns `{ verified: false, error }`; success returns `{ verified: true }`.
+
+## Public API
+
+```ts
+export interface ICryptosuite {
+  name: string;
+  canonicalize(document: JsonDocument): Promise<Buffer>;
+  sign<T>(document: JsonLdDocument): Promise<T>;
+  verify(document: JsonLdDocument): Promise<VerificationResult>;
+}
+
+export function getCryptosuite(name: string): ICryptosuite;
+export function getCryptosuiteForDocument(vp: VerifiablePresentation): ICryptosuite;
+
+export const Fido4vcCryptosuite: ICryptosuite;
+export const did: { resolveDid(did: string): JwkPublicKey };
+
+// Types: JsonDocument, JsonLdDocument, Proof, VerifiablePresentation,
+//        SignOptions, VerificationResult, JwkPublicKey, ProofValueType
+```
+
+## Develop locally
+
+Prerequisites: Node.js ≥ 18, npm.
+
+```bash
+git clone https://github.com/fido4vc/fido-vc-cryptosuite-ts
+cd fido-vc-cryptosuite-ts
+npm install
+npm run build      # compile TS -> dist/
+npm test           # run Jest test suite
+```
+
+## Scripts
+
+| Script              | What it does                                  |
+|---------------------|-----------------------------------------------|
+| `npm run build`     | Compile TypeScript to `dist/`                 |
+| `npm run watch`     | Compile in watch mode                         |
+| `npm run clean`     | Remove `dist/`                                |
+| `npm test`          | Run Jest tests                                |
+| `npm run lint`      | Run ESLint                                    |
+| `npm run lint:fix`  | Run ESLint with `--fix`                       |
+| `npm run format`    | Format source with Prettier                   |
+
+## Publishing
+
+`prepublishOnly` cleans and rebuilds before publish, so a fresh `dist/` is always shipped. The published tarball contains only `dist/`, `README.md`, and `LICENSE` (see `files` in [package.json](./package.json)).
+
+```bash
+npm publish
+```
+
+For private registries, configure `publishConfig.registry` in `package.json` accordingly.
+
+## Related projects
+
+Part of the [FIDO4VC project](https://github.com/fido4vc):
+
+- [fido-vc-middleware](https://github.com/fido4vc/fido-vc-middleware) — Express bridge between FIDO/WebAuthn and the walt.id Wallet API. Consumes this package.
+- [fido-vc-verifier-sidecar](https://github.com/fido4vc/fido-vc-verifier-sidecar) — HTTP service exposing this cryptosuite's verification to non-Node verifier stacks.
+- [fido-vc-wallet-ui](https://github.com/fido4vc/fido-vc-wallet-ui) — Next.js user-facing wallet UI.
+
+## License
+
+Licensed under the [Apache License 2.0](./LICENSE).

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export * from './types';
+export * from './lib/cryptosuite';
+export { Fido4vcCryptosuite } from './suites/fido4vc/fido4vc-cryptosuite';
+export * as did from './lib/did';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,mBAAmB,CAAC;AAClC,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,KAAK,GAAG,MAAM,WAAW,CAAC"}

package/dist/index.js

@@ -0,0 +1,45 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.did = exports.Fido4vcCryptosuite = void 0;
+__exportStar(require("./types"), exports);
+__exportStar(require("./lib/cryptosuite"), exports);
+var fido4vc_cryptosuite_1 = require("./suites/fido4vc/fido4vc-cryptosuite");
+Object.defineProperty(exports, "Fido4vcCryptosuite", { enumerable: true, get: function () { return fido4vc_cryptosuite_1.Fido4vcCryptosuite; } });
+exports.did = __importStar(require("./lib/did"));
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAAwB;AACxB,oDAAkC;AAClC,4EAA0E;AAAjE,yHAAA,kBAAkB,OAAA;AAC3B,iDAAiC"}

package/dist/lib/cryptosuite.d.ts

@@ -0,0 +1,5 @@
+import { ICryptosuite, VerifiablePresentation } from '../types';
+export declare const supportedSuites: Map<string, ICryptosuite>;
+export declare function getCryptosuite(cryptosuiteName: string): ICryptosuite;
+export declare function getCryptosuiteForDocument(document: VerifiablePresentation): ICryptosuite;
+//# sourceMappingURL=cryptosuite.d.ts.map

package/dist/lib/cryptosuite.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cryptosuite.d.ts","sourceRoot":"","sources":["../../src/lib/cryptosuite.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,MAAM,UAAU,CAAC;AAIhE,eAAO,MAAM,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,YAAY,CAEpD,CAAC;AAEH,wBAAgB,cAAc,CAAC,eAAe,EAAE,MAAM,GAAG,YAAY,CAMpE;AAED,wBAAgB,yBAAyB,CAAC,QAAQ,EAAE,sBAAsB,GAAG,YAAY,CAMxF"}

package/dist/lib/cryptosuite.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.supportedSuites = void 0;
+exports.getCryptosuite = getCryptosuite;
+exports.getCryptosuiteForDocument = getCryptosuiteForDocument;
+const fido4vc_cryptosuite_1 = require("../suites/fido4vc/fido4vc-cryptosuite");
+const utils_1 = require("../lib/utils");
+exports.supportedSuites = new Map([
+    [fido4vc_cryptosuite_1.Fido4vcCryptosuite.name, fido4vc_cryptosuite_1.Fido4vcCryptosuite],
+]);
+function getCryptosuite(cryptosuiteName) {
+    const suiteObj = exports.supportedSuites.get(cryptosuiteName);
+    if (!suiteObj) {
+        throw new Error(`Unsupported cryptosuite: ${cryptosuiteName}`);
+    }
+    return suiteObj;
+}
+function getCryptosuiteForDocument(document) {
+    const cryptosuite = (0, utils_1.getProofData)(document).proof.cryptosuite;
+    if (!cryptosuite || typeof cryptosuite !== 'string') {
+        throw new Error('Cryptosuite type is missing or invalid in the document proof');
+    }
+    return getCryptosuite(cryptosuite);
+}
+//# sourceMappingURL=cryptosuite.js.map

package/dist/lib/cryptosuite.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cryptosuite.js","sourceRoot":"","sources":["../../src/lib/cryptosuite.ts"],"names":[],"mappings":";;;AAQA,wCAMC;AAED,8DAMC;AArBD,+EAA2E;AAC3E,wCAA4C;AAE/B,QAAA,eAAe,GAA8B,IAAI,GAAG,CAAC;IAChE,CAAC,wCAAkB,CAAC,IAAI,EAAE,wCAAkB,CAAC;CAC9C,CAAC,CAAC;AAEH,SAAgB,cAAc,CAAC,eAAuB;IACpD,MAAM,QAAQ,GAAG,uBAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACtD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,eAAe,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAgB,yBAAyB,CAAC,QAAgC;IACxE,MAAM,WAAW,GAAG,IAAA,oBAAY,EAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC;IAC7D,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;IAClF,CAAC;IACD,OAAO,cAAc,CAAC,WAAW,CAAC,CAAC;AACrC,CAAC"}

package/dist/lib/did.d.ts

@@ -0,0 +1,3 @@
+import { JwkPublicKey } from '../types';
+export declare function resolveDid(did: string): JwkPublicKey;
+//# sourceMappingURL=did.d.ts.map

package/dist/lib/did.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"did.d.ts","sourceRoot":"","sources":["../../src/lib/did.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAGxC,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY,CAKpD"}

package/dist/lib/did.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveDid = resolveDid;
+const utils_1 = require("./utils");
+function resolveDid(did) {
+    const [prefix, method, identifier] = did.split(':');
+    if (prefix !== 'did')
+        throw new Error('Invalid DID prefix');
+    if (method === 'jwk')
+        return resolveJwkDid(identifier);
+    throw new Error(`Unsupported DID method: ${method}`);
+}
+function resolveJwkDid(identifier) {
+    const base = identifier.split('#')[0];
+    const decoded = (0, utils_1.base64urlToUtf8)(base);
+    const jwk = JSON.parse(decoded);
+    if (!jwk.kty)
+        throw new Error('Invalid JWK DID: missing "kty" field');
+    return jwk;
+}
+//# sourceMappingURL=did.js.map

package/dist/lib/did.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"did.js","sourceRoot":"","sources":["../../src/lib/did.ts"],"names":[],"mappings":";;AAGA,gCAKC;AAPD,mCAA0C;AAE1C,SAAgB,UAAU,CAAC,GAAW;IACpC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpD,IAAI,MAAM,KAAK,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAC5D,IAAI,MAAM,KAAK,KAAK;QAAE,OAAO,aAAa,CAAC,UAAU,CAAC,CAAC;IACvD,MAAM,IAAI,KAAK,CAAC,2BAA2B,MAAM,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,aAAa,CAAC,UAAkB;IACvC,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,IAAA,uBAAe,EAAC,IAAI,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,IAAI,CAAC,GAAG,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IACtE,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/lib/utils.d.ts

@@ -0,0 +1,23 @@
+import { VerifiablePresentation } from '../types';
+export declare function getProofData(document: VerifiablePresentation): {
+    proof: import("../types").Proof;
+    proofValue: import("../types").ProofValueType;
+    docWithoutProof: {
+        [key: string]: unknown;
+        type: string | string[];
+        verifiableCredential?: unknown[];
+        holder?: string;
+        '@context': string | string[] | object | object[];
+    };
+    proofOptions: {
+        type: string;
+        cryptosuite: string;
+        verificationMethod: string;
+        proofPurpose: string;
+        created?: string;
+        challenge?: string;
+        domain?: string;
+    };
+};
+export declare function base64urlToUtf8(base64urlString: string): string;
+//# sourceMappingURL=utils.d.ts.map

package/dist/lib/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/lib/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,UAAU,CAAC;AAElD,wBAAgB,YAAY,CAAC,QAAQ,EAAE,sBAAsB;;;;;;;;;;;;;;;;;;;EAM5D;AAED,wBAAgB,eAAe,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAE/D"}

package/dist/lib/utils.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getProofData = getProofData;
+exports.base64urlToUtf8 = base64urlToUtf8;
+function getProofData(document) {
+    const { proof, ...docWithoutProof } = document;
+    if (!proof)
+        throw new Error('Proof is missing in the document');
+    const proofObj = Array.isArray(proof) ? proof[0] : proof;
+    const { proofValue, ...proofOptions } = proofObj;
+    return { proof: proofObj, proofValue, docWithoutProof, proofOptions };
+}
+function base64urlToUtf8(base64urlString) {
+    return Buffer.from(base64urlString, 'base64url').toString('utf8');
+}
+//# sourceMappingURL=utils.js.map

package/dist/lib/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/lib/utils.ts"],"names":[],"mappings":";;AAEA,oCAMC;AAED,0CAEC;AAVD,SAAgB,YAAY,CAAC,QAAgC;IAC3D,MAAM,EAAE,KAAK,EAAE,GAAG,eAAe,EAAE,GAAG,QAAQ,CAAC;IAC/C,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACzD,MAAM,EAAE,UAAU,EAAE,GAAG,YAAY,EAAE,GAAG,QAAQ,CAAC;IACjD,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,eAAe,EAAE,YAAY,EAAE,CAAC;AACxE,CAAC;AAED,SAAgB,eAAe,CAAC,eAAuB;IACrD,OAAO,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACpE,CAAC"}

package/dist/suites/fido4vc/fido4vc-cryptosuite.d.ts

@@ -0,0 +1,12 @@
+import { ICryptosuite, JsonLdDocument, VerifiablePresentation } from '../../types';
+export declare function canonicalize(document: VerifiablePresentation): Promise<NonSharedBuffer>;
+export declare function sign<ProofValue>(_options: JsonLdDocument): Promise<ProofValue>;
+export declare function verify(document: VerifiablePresentation): Promise<{
+    verified: boolean;
+    error?: undefined;
+} | {
+    verified: boolean;
+    error: string;
+}>;
+export declare const Fido4vcCryptosuite: ICryptosuite;
+//# sourceMappingURL=fido4vc-cryptosuite.d.ts.map

package/dist/suites/fido4vc/fido4vc-cryptosuite.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fido4vc-cryptosuite.d.ts","sourceRoot":"","sources":["../../../src/suites/fido4vc/fido4vc-cryptosuite.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAQnF,wBAAsB,YAAY,CAAC,QAAQ,EAAE,sBAAsB,4BASlE;AAED,wBAAsB,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,CAEpF;AAED,wBAAsB,MAAM,CAAC,QAAQ,EAAE,sBAAsB;;;;;;GAiB5D;AAED,eAAO,MAAM,kBAAkB,EAAE,YAKhC,CAAC"}

package/dist/suites/fido4vc/fido4vc-cryptosuite.js

@@ -0,0 +1,53 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Fido4vcCryptosuite = void 0;
+exports.canonicalize = canonicalize;
+exports.sign = sign;
+exports.verify = verify;
+const crypto_1 = require("crypto");
+const utils_1 = require("../../lib/utils");
+const canonicalize_1 = __importDefault(require("canonicalize"));
+const helpers_1 = require("./helpers");
+const did_1 = require("../../lib/did");
+const name = 'fido4vc-jcs-2026';
+async function canonicalize(document) {
+    const { proofOptions, docWithoutProof } = (0, utils_1.getProofData)(document);
+    const canonical = (0, canonicalize_1.default)(docWithoutProof);
+    const canonicalProofOptions = (0, canonicalize_1.default)(proofOptions);
+    const hash = (0, crypto_1.createHash)('sha256');
+    hash.update(canonical);
+    hash.update(canonicalProofOptions);
+    return hash.digest();
+}
+async function sign(_options) {
+    throw new Error(`${name} doesn't support signing.`);
+}
+async function verify(document) {
+    try {
+        const proofValue = (0, helpers_1.extractProofValue)(document);
+        const challenge = await canonicalize(document).then((buf) => buf.toString('base64url'));
+        const extractedChallenge = (0, helpers_1.extractChallenge)(proofValue.clientData);
+        if (challenge !== extractedChallenge) {
+            throw new Error('Challenge mismatch');
+        }
+        const publicKey = (0, did_1.resolveDid)((0, utils_1.getProofData)(document).proof.verificationMethod);
+        const isSignatureValid = await (0, helpers_1.verifyProofSignature)(proofValue, publicKey);
+        if (!isSignatureValid) {
+            throw new Error('Invalid signature');
+        }
+        return { verified: true };
+    }
+    catch (error) {
+        return { verified: false, error: error.message };
+    }
+}
+exports.Fido4vcCryptosuite = {
+    name,
+    canonicalize,
+    sign,
+    verify,
+};
+//# sourceMappingURL=fido4vc-cryptosuite.js.map

package/dist/suites/fido4vc/fido4vc-cryptosuite.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fido4vc-cryptosuite.js","sourceRoot":"","sources":["../../../src/suites/fido4vc/fido4vc-cryptosuite.ts"],"names":[],"mappings":";;;;;;AASA,oCASC;AAED,oBAEC;AAED,wBAiBC;AAzCD,mCAAoC;AAEpC,2CAA+C;AAC/C,gEAA2C;AAC3C,uCAAsF;AACtF,uCAA2C;AAE3C,MAAM,IAAI,GAAG,kBAAkB,CAAC;AAEzB,KAAK,UAAU,YAAY,CAAC,QAAgC;IACjE,MAAM,EAAE,YAAY,EAAE,eAAe,EAAE,GAAG,IAAA,oBAAY,EAAC,QAAQ,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,IAAA,sBAAe,EAAC,eAAe,CAAE,CAAC;IACpD,MAAM,qBAAqB,GAAG,IAAA,sBAAe,EAAC,YAAY,CAAE,CAAC;IAE7D,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACvB,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IACnC,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;AACvB,CAAC;AAEM,KAAK,UAAU,IAAI,CAAa,QAAwB;IAC7D,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,2BAA2B,CAAC,CAAC;AACtD,CAAC;AAEM,KAAK,UAAU,MAAM,CAAC,QAAgC;IAC3D,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAA,2BAAiB,EAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;QACxF,MAAM,kBAAkB,GAAG,IAAA,0BAAgB,EAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QACnE,IAAI,SAAS,KAAK,kBAAkB,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QACD,MAAM,SAAS,GAAG,IAAA,gBAAU,EAAC,IAAA,oBAAY,EAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAC9E,MAAM,gBAAgB,GAAG,MAAM,IAAA,8BAAoB,EAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QAC3E,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAG,KAAe,CAAC,OAAO,EAAE,CAAC;IAC9D,CAAC;AACH,CAAC;AAEY,QAAA,kBAAkB,GAAiB;IAC9C,IAAI;IACJ,YAAY;IACZ,IAAI;IACJ,MAAM;CACP,CAAC"}

package/dist/suites/fido4vc/helpers.d.ts

@@ -0,0 +1,11 @@
+import { JwkPublicKey, VerifiablePresentation } from '../../types';
+interface ProofValue {
+    clientData: string;
+    authenticatorData: string;
+    signature: string;
+}
+export declare function extractProofValue(document: VerifiablePresentation): ProofValue;
+export declare function verifyProofSignature(proofValue: ProofValue, publicKey: JwkPublicKey): Promise<boolean>;
+export declare function extractChallenge(clientData: string): string;
+export {};
+//# sourceMappingURL=helpers.d.ts.map

package/dist/suites/fido4vc/helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../../src/suites/fido4vc/helpers.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAInE,UAAU,UAAU;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,sBAAsB,GAAG,UAAU,CAgB9E;AAED,wBAAsB,oBAAoB,CACxC,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,YAAY,GACtB,OAAO,CAAC,OAAO,CAAC,CAOlB;AAED,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAO3D"}

package/dist/suites/fido4vc/helpers.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractProofValue = extractProofValue;
+exports.verifyProofSignature = verifyProofSignature;
+exports.extractChallenge = extractChallenge;
+const crypto_1 = require("crypto");
+const utils_1 = require("../../lib/utils");
+const verify_signature_jwk_1 = require("./verify-signature-jwk");
+function extractProofValue(document) {
+    const { proofValue } = (0, utils_1.getProofData)(document);
+    if (!proofValue || typeof proofValue !== 'object')
+        throw new Error('Invalid type of proofValue in document');
+    const { clientData, authenticatorData, signature } = proofValue;
+    if (!clientData || !authenticatorData || !signature) {
+        throw new Error('Missing fields in proofValue');
+    }
+    if (typeof clientData !== 'string' ||
+        typeof authenticatorData !== 'string' ||
+        typeof signature !== 'string') {
+        throw new Error('Invalid types in proofValue fields');
+    }
+    return { clientData, authenticatorData, signature };
+}
+async function verifyProofSignature(proofValue, publicKey) {
+    const clientDataBuffer = Buffer.from(proofValue.clientData, 'base64url');
+    const clientDataHash = (0, crypto_1.createHash)('sha256').update(clientDataBuffer).digest();
+    const authDataBuffer = Buffer.from(proofValue.authenticatorData, 'base64url');
+    const data = Buffer.concat([authDataBuffer, clientDataHash]);
+    const signatureBuffer = Buffer.from(proofValue.signature, 'base64url');
+    return await (0, verify_signature_jwk_1.verifyFidoSignature)({ keyData: publicKey, signature: signatureBuffer, data });
+}
+function extractChallenge(clientData) {
+    const clientDataDecoded = (0, utils_1.base64urlToUtf8)(clientData);
+    const clientDataJSON = JSON.parse(clientDataDecoded);
+    if (!clientDataJSON.challenge) {
+        throw new Error('Challenge not found in clientData');
+    }
+    return clientDataJSON.challenge;
+}
+//# sourceMappingURL=helpers.js.map

package/dist/suites/fido4vc/helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../../src/suites/fido4vc/helpers.ts"],"names":[],"mappings":";;AAWA,8CAgBC;AAED,oDAUC;AAED,4CAOC;AAhDD,mCAAoC;AAEpC,2CAAgE;AAChE,iEAA6D;AAQ7D,SAAgB,iBAAiB,CAAC,QAAgC;IAChE,MAAM,EAAE,UAAU,EAAE,GAAG,IAAA,oBAAY,EAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ;QAC/C,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5D,MAAM,EAAE,UAAU,EAAE,iBAAiB,EAAE,SAAS,EAAE,GAAG,UAAU,CAAC;IAChE,IAAI,CAAC,UAAU,IAAI,CAAC,iBAAiB,IAAI,CAAC,SAAS,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAClD,CAAC;IACD,IACE,OAAO,UAAU,KAAK,QAAQ;QAC9B,OAAO,iBAAiB,KAAK,QAAQ;QACrC,OAAO,SAAS,KAAK,QAAQ,EAC7B,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,SAAS,EAAE,CAAC;AACtD,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,UAAsB,EACtB,SAAuB;IAEvB,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACzE,MAAM,cAAc,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,MAAM,EAAE,CAAC;IAC9E,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IAC9E,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;IAC7D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IACvE,OAAO,MAAM,IAAA,0CAAmB,EAAC,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;AAC7F,CAAC;AAED,SAAgB,gBAAgB,CAAC,UAAkB;IACjD,MAAM,iBAAiB,GAAG,IAAA,uBAAe,EAAC,UAAU,CAAC,CAAC;IACtD,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrD,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,OAAO,cAAc,CAAC,SAAS,CAAC;AAClC,CAAC"}

package/dist/suites/fido4vc/unwrap-ec2-signature.d.ts

@@ -0,0 +1,9 @@
+import { cose } from '@simplewebauthn/server/helpers';
+import { Uint8Array_ } from '@simplewebauthn/server';
+/**
+ * In WebAuthn, EC2 signatures are wrapped in ASN.1 structure so we need to peel r and s apart.
+ *
+ * See https://www.w3.org/TR/webauthn-2/#sctn-signature-attestation-types
+ */
+export declare function unwrapEC2Signature(signature: Uint8Array_, crv: cose.COSECRV): Uint8Array_;
+//# sourceMappingURL=unwrap-ec2-signature.d.ts.map

package/dist/suites/fido4vc/unwrap-ec2-signature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"unwrap-ec2-signature.d.ts","sourceRoot":"","sources":["../../../src/suites/fido4vc/unwrap-ec2-signature.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,IAAI,EAAE,MAAM,gCAAgC,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAErD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,WAAW,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,GAAG,WAAW,CAczF"}

package/dist/suites/fido4vc/unwrap-ec2-signature.js

@@ -0,0 +1,75 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.unwrapEC2Signature = unwrapEC2Signature;
+const asn1_schema_1 = require("@peculiar/asn1-schema");
+const asn1_ecc_1 = require("@peculiar/asn1-ecc");
+const helpers_1 = require("@simplewebauthn/server/helpers");
+/**
+ * In WebAuthn, EC2 signatures are wrapped in ASN.1 structure so we need to peel r and s apart.
+ *
+ * See https://www.w3.org/TR/webauthn-2/#sctn-signature-attestation-types
+ */
+function unwrapEC2Signature(signature, crv) {
+    const parsedSignature = asn1_schema_1.AsnParser.parse(signature, asn1_ecc_1.ECDSASigValue);
+    const rBytes = new Uint8Array(parsedSignature.r);
+    const sBytes = new Uint8Array(parsedSignature.s);
+    const componentLength = getSignatureComponentLength(crv);
+    const rNormalizedBytes = toNormalizedBytes(rBytes, componentLength);
+    const sNormalizedBytes = toNormalizedBytes(sBytes, componentLength);
+    const finalSignature = new Uint8Array(rNormalizedBytes.length + sNormalizedBytes.length);
+    finalSignature.set(rNormalizedBytes, 0);
+    finalSignature.set(sNormalizedBytes, rNormalizedBytes.length);
+    return finalSignature;
+}
+/**
+ * The SubtleCrypto Web Crypto API expects ECDSA signatures with `r` and `s` values to be encoded
+ * to a specific length depending on the order of the curve. This function returns the expected
+ * byte-length for each of the `r` and `s` signature components.
+ *
+ * See <https://www.w3.org/TR/WebCryptoAPI/#ecdsa-operations>
+ */
+function getSignatureComponentLength(crv) {
+    switch (crv) {
+        case helpers_1.cose.COSECRV.P256:
+            return 32;
+        case helpers_1.cose.COSECRV.P384:
+            return 48;
+        case helpers_1.cose.COSECRV.P521:
+            return 66;
+        default:
+            throw new Error(`Unexpected COSE crv value of ${crv} (EC2)`);
+    }
+}
+/**
+ * Converts the ASN.1 integer representation to bytes of a specific length `n`.
+ *
+ * DER encodes integers as big-endian byte arrays, with as small as possible representation and
+ * requires a leading `0` byte to disambiguate between negative and positive numbers. This means
+ * that `r` and `s` can potentially not be the expected byte-length that is needed by the
+ * SubtleCrypto Web Crypto API: if there are leading `0`s it can be shorter than expected, and if
+ * it has a leading `1` bit, it can be one byte longer.
+ *
+ * See <https://www.itu.int/rec/T-REC-X.690-202102-I/en>
+ * See <https://www.w3.org/TR/WebCryptoAPI/#ecdsa-operations>
+ */
+function toNormalizedBytes(bytes, componentLength) {
+    let normalizedBytes;
+    if (bytes.length < componentLength) {
+        // In case the bytes are shorter than expected, we need to pad it with leading `0`s.
+        normalizedBytes = new Uint8Array(componentLength);
+        normalizedBytes.set(bytes, componentLength - bytes.length);
+    }
+    else if (bytes.length === componentLength) {
+        normalizedBytes = bytes;
+    }
+    else if (bytes.length === componentLength + 1 && bytes[0] === 0 && (bytes[1] & 0x80) === 0x80) {
+        // The bytes contain a leading `0` to encode that the integer is positive. This leading `0`
+        // needs to be removed for compatibility with the SubtleCrypto Web Crypto API.
+        normalizedBytes = bytes.subarray(1);
+    }
+    else {
+        throw new Error(`Invalid signature component length ${bytes.length}, expected ${componentLength}`);
+    }
+    return normalizedBytes;
+}
+//# sourceMappingURL=unwrap-ec2-signature.js.map

package/dist/suites/fido4vc/unwrap-ec2-signature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"unwrap-ec2-signature.js","sourceRoot":"","sources":["../../../src/suites/fido4vc/unwrap-ec2-signature.ts"],"names":[],"mappings":";;AAUA,gDAcC;AAxBD,uDAAkD;AAClD,iDAAmD;AACnD,4DAAsD;AAGtD;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,SAAsB,EAAE,GAAiB;IAC1E,MAAM,eAAe,GAAG,uBAAS,CAAC,KAAK,CAAC,SAAS,EAAE,wBAAa,CAAC,CAAC;IAClE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAEjD,MAAM,eAAe,GAAG,2BAA2B,CAAC,GAAG,CAAC,CAAC;IACzD,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACpE,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAEpE,MAAM,cAAc,GAAG,IAAI,UAAU,CAAC,gBAAgB,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACzF,cAAc,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;IACxC,cAAc,CAAC,GAAG,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAE9D,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,2BAA2B,CAAC,GAAiB;IACpD,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,cAAI,CAAC,OAAO,CAAC,IAAI;YACpB,OAAO,EAAE,CAAC;QACZ,KAAK,cAAI,CAAC,OAAO,CAAC,IAAI;YACpB,OAAO,EAAE,CAAC;QACZ,KAAK,cAAI,CAAC,OAAO,CAAC,IAAI;YACpB,OAAO,EAAE,CAAC;QACZ;YACE,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,QAAQ,CAAC,CAAC;IACjE,CAAC;AACH,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,iBAAiB,CAAC,KAAkB,EAAE,eAAuB;IACpE,IAAI,eAA4B,CAAC;IAEjC,IAAI,KAAK,CAAC,MAAM,GAAG,eAAe,EAAE,CAAC;QACnC,oFAAoF;QACpF,eAAe,GAAG,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC;QAClD,eAAe,CAAC,GAAG,CAAC,KAAK,EAAE,eAAe,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7D,CAAC;SAAM,IAAI,KAAK,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;QAC5C,eAAe,GAAG,KAAK,CAAC;IAC1B,CAAC;SAAM,IAAI,KAAK,CAAC,MAAM,KAAK,eAAe,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QAChG,2FAA2F;QAC3F,8EAA8E;QAC9E,eAAe,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACtC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CACb,sCAAsC,KAAK,CAAC,MAAM,cAAc,eAAe,EAAE,CAClF,CAAC;IACJ,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC"}

package/dist/suites/fido4vc/verify-signature-jwk.d.ts

@@ -0,0 +1,11 @@
+import { webcrypto } from 'crypto';
+import type { Uint8Array_ } from '@simplewebauthn/server';
+/**
+ * Verify signatures with JWK public key. Supports EC2, OKP, and RSA public keys.
+ */
+export declare function verifyFidoSignature(opts: {
+    keyData: webcrypto.JsonWebKey;
+    signature: Uint8Array_;
+    data: Uint8Array_;
+}): Promise<boolean>;
+//# sourceMappingURL=verify-signature-jwk.d.ts.map

package/dist/suites/fido4vc/verify-signature-jwk.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-signature-jwk.d.ts","sourceRoot":"","sources":["../../../src/suites/fido4vc/verify-signature-jwk.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAEnC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAyK1D;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,IAAI,EAAE;IAC9C,OAAO,EAAE,SAAS,CAAC,UAAU,CAAC;IAC9B,SAAS,EAAE,WAAW,CAAC;IACvB,IAAI,EAAE,WAAW,CAAC;CACnB,GAAG,OAAO,CAAC,OAAO,CAAC,CAyBnB"}

package/dist/suites/fido4vc/verify-signature-jwk.js

@@ -0,0 +1,170 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyFidoSignature = verifyFidoSignature;
+const helpers_1 = require("@simplewebauthn/server/helpers");
+const unwrap_ec2_signature_1 = require("./unwrap-ec2-signature");
+/**
+ * Import a JWK key using Node.js crypto
+ */
+async function importKey(opts) {
+    const { keyData, algorithm } = opts;
+    return crypto.subtle.importKey('jwk', keyData, algorithm, false, ['verify']);
+}
+/**
+ * Verify a signature using an EC2 public key in JWK format
+ */
+async function verifyEC2(opts) {
+    const { keyData, signature, data } = opts;
+    if (!keyData.crv) {
+        throw new Error('JWK was missing crv (EC2)');
+    }
+    const keyAlgorithm = {
+        name: 'ECDSA',
+        namedCurve: keyData.crv,
+    };
+    const key = await importKey({
+        keyData,
+        algorithm: keyAlgorithm,
+    });
+    // Determine which SHA algorithm to use for signature verification
+    // Default to SHA-256 for P-256, SHA-384 for P-384, SHA-512 for P-521
+    let hashName = 'SHA-256';
+    if (keyData.crv === 'P-384') {
+        hashName = 'SHA-384';
+    }
+    else if (keyData.crv === 'P-521') {
+        hashName = 'SHA-512';
+    }
+    const verifyAlgorithm = {
+        name: 'ECDSA',
+        hash: { name: hashName },
+    };
+    return crypto.subtle.verify(verifyAlgorithm, key, signature, data);
+}
+/**
+ * Verify a signature using an OKP public key in JWK format
+ */
+async function verifyOKP(opts) {
+    const { keyData, signature, data } = opts;
+    if (!keyData.crv) {
+        throw new Error('JWK was missing crv (OKP)');
+    }
+    let _crv;
+    if (keyData.crv === 'Ed25519') {
+        _crv = 'Ed25519';
+    }
+    else {
+        throw new Error(`Unexpected JWK crv value of ${keyData.crv} (OKP)`);
+    }
+    const keyAlgorithm = {
+        name: _crv,
+        namedCurve: _crv,
+    };
+    const key = await importKey({
+        keyData,
+        algorithm: keyAlgorithm,
+    });
+    const verifyAlgorithm = {
+        name: _crv,
+    };
+    return crypto.subtle.verify(verifyAlgorithm, key, signature, data);
+}
+/**
+ * Verify a signature using an RSA public key in JWK format
+ */
+async function verifyRSA(opts) {
+    const { keyData, signature, data } = opts;
+    if (!keyData.alg) {
+        throw new Error('JWK was missing alg (RSA)');
+    }
+    // Determine algorithm name and hash from JWK alg
+    let algorithmName;
+    let hashName;
+    let saltLength;
+    if (keyData.alg === 'RS256' ||
+        keyData.alg === 'RS384' ||
+        keyData.alg === 'RS512' ||
+        keyData.alg === 'RS1') {
+        algorithmName = 'RSASSA-PKCS1-v1_5';
+        if (keyData.alg === 'RS256') {
+            hashName = 'SHA-256';
+        }
+        else if (keyData.alg === 'RS384') {
+            hashName = 'SHA-384';
+        }
+        else if (keyData.alg === 'RS512') {
+            hashName = 'SHA-512';
+        }
+        else if (keyData.alg === 'RS1') {
+            hashName = 'SHA-1';
+        }
+        else {
+            throw new Error(`Unexpected RSA alg ${keyData.alg}`);
+        }
+    }
+    else if (keyData.alg === 'PS256' || keyData.alg === 'PS384' || keyData.alg === 'PS512') {
+        algorithmName = 'RSA-PSS';
+        if (keyData.alg === 'PS256') {
+            hashName = 'SHA-256';
+            saltLength = 32;
+        }
+        else if (keyData.alg === 'PS384') {
+            hashName = 'SHA-384';
+            saltLength = 48;
+        }
+        else if (keyData.alg === 'PS512') {
+            hashName = 'SHA-512';
+            saltLength = 64;
+        }
+        else {
+            throw new Error(`Unexpected RSA-PSS alg ${keyData.alg}`);
+        }
+    }
+    else {
+        throw new Error(`Unsupported RSA algorithm ${keyData.alg}`);
+    }
+    const keyAlgorithm = {
+        name: algorithmName,
+        hash: { name: hashName },
+    };
+    const key = await importKey({
+        keyData,
+        algorithm: keyAlgorithm,
+    });
+    const verifyAlgorithm = {
+        name: algorithmName,
+        saltLength,
+    };
+    return crypto.subtle.verify(verifyAlgorithm, key, signature, data);
+}
+/**
+ * Verify signatures with JWK public key. Supports EC2, OKP, and RSA public keys.
+ */
+async function verifyFidoSignature(opts) {
+    const { keyData, signature, data } = opts;
+    if (keyData.kty === 'EC') {
+        let unwrappedSignature = signature;
+        if (keyData.crv === 'P-256') {
+            unwrappedSignature = (0, unwrap_ec2_signature_1.unwrapEC2Signature)(signature, helpers_1.cose.COSECRV.P256);
+        }
+        else if (keyData.crv === 'P-384') {
+            unwrappedSignature = (0, unwrap_ec2_signature_1.unwrapEC2Signature)(signature, helpers_1.cose.COSECRV.P384);
+        }
+        else if (keyData.crv === 'P-521') {
+            unwrappedSignature = (0, unwrap_ec2_signature_1.unwrapEC2Signature)(signature, helpers_1.cose.COSECRV.P521);
+        }
+        return verifyEC2({
+            keyData,
+            signature: unwrappedSignature,
+            data,
+        });
+    }
+    else if (keyData.kty === 'RSA') {
+        return verifyRSA({ keyData, signature, data });
+    }
+    else if (keyData.kty === 'OKP') {
+        return verifyOKP({ keyData, signature, data });
+    }
+    throw new Error(`Signature verification with JWK of kty ${keyData.kty} is not supported`);
+}
+//# sourceMappingURL=verify-signature-jwk.js.map

package/dist/suites/fido4vc/verify-signature-jwk.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-signature-jwk.js","sourceRoot":"","sources":["../../../src/suites/fido4vc/verify-signature-jwk.ts"],"names":[],"mappings":";;AA8KA,kDA6BC;AA1MD,4DAAsD;AAEtD,iEAA4D;AAE5D;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,IAMxB;IACC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;IACpC,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,IAIxB;IACC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;IAE1C,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,YAAY,GAAgC;QAChD,IAAI,EAAE,OAAO;QACb,UAAU,EAAE,OAAO,CAAC,GAAG;KACxB,CAAC;IAEF,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC;QAC1B,OAAO;QACP,SAAS,EAAE,YAAY;KACxB,CAAC,CAAC;IAEH,kEAAkE;IAClE,qEAAqE;IACrE,IAAI,QAAQ,GAAG,SAAS,CAAC;IACzB,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;QAC5B,QAAQ,GAAG,SAAS,CAAC;IACvB,CAAC;SAAM,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;QACnC,QAAQ,GAAG,SAAS,CAAC;IACvB,CAAC;IAED,MAAM,eAAe,GAAG;QACtB,IAAI,EAAE,OAAO;QACb,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;KACzB,CAAC;IAEF,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,IAIxB;IACC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;IAE1C,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,IAAe,CAAC;IACpB,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;QAC9B,IAAI,GAAG,SAAS,CAAC;IACnB,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,+BAA+B,OAAO,CAAC,GAAG,QAAQ,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,YAAY,GAAG;QACnB,IAAI,EAAE,IAAI;QACV,UAAU,EAAE,IAAI;KACjB,CAAC;IAEF,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC;QAC1B,OAAO;QACP,SAAS,EAAE,YAAY;KACxB,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG;QACtB,IAAI,EAAE,IAAI;KACX,CAAC;IAEF,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,IAIxB;IACC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;IAE1C,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IAED,iDAAiD;IACjD,IAAI,aAA8C,CAAC;IACnD,IAAI,QAAgB,CAAC;IACrB,IAAI,UAA8B,CAAC;IAEnC,IACE,OAAO,CAAC,GAAG,KAAK,OAAO;QACvB,OAAO,CAAC,GAAG,KAAK,OAAO;QACvB,OAAO,CAAC,GAAG,KAAK,OAAO;QACvB,OAAO,CAAC,GAAG,KAAK,KAAK,EACrB,CAAC;QACD,aAAa,GAAG,mBAAmB,CAAC;QACpC,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;YAC5B,QAAQ,GAAG,SAAS,CAAC;QACvB,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;YACnC,QAAQ,GAAG,SAAS,CAAC;QACvB,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;YACnC,QAAQ,GAAG,SAAS,CAAC;QACvB,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACjC,QAAQ,GAAG,OAAO,CAAC;QACrB,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,sBAAsB,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;SAAM,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;QACzF,aAAa,GAAG,SAAS,CAAC;QAC1B,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;YAC5B,QAAQ,GAAG,SAAS,CAAC;YACrB,UAAU,GAAG,EAAE,CAAC;QAClB,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;YACnC,QAAQ,GAAG,SAAS,CAAC;YACrB,UAAU,GAAG,EAAE,CAAC;QAClB,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;YACnC,QAAQ,GAAG,SAAS,CAAC;YACrB,UAAU,GAAG,EAAE,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,0BAA0B,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,YAAY,GAAG;QACnB,IAAI,EAAE,aAAa;QACnB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;KACzB,CAAC;IAEF,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC;QAC1B,OAAO;QACP,SAAS,EAAE,YAAY;KACxB,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG;QACtB,IAAI,EAAE,aAAa;QACnB,UAAU;KACX,CAAC;IAEF,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;AACrE,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,mBAAmB,CAAC,IAIzC;IACC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;IAE1C,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;QACzB,IAAI,kBAAkB,GAAG,SAAS,CAAC;QACnC,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;YAC5B,kBAAkB,GAAG,IAAA,yCAAkB,EAAC,SAAS,EAAE,cAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACxE,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;YACnC,kBAAkB,GAAG,IAAA,yCAAkB,EAAC,SAAS,EAAE,cAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACxE,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;YACnC,kBAAkB,GAAG,IAAA,yCAAkB,EAAC,SAAS,EAAE,cAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACxE,CAAC;QAED,OAAO,SAAS,CAAC;YACf,OAAO;YACP,SAAS,EAAE,kBAAkB;YAC7B,IAAI;SACL,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,OAAO,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;QACjC,OAAO,SAAS,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;SAAM,IAAI,OAAO,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;QACjC,OAAO,SAAS,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,0CAA0C,OAAO,CAAC,GAAG,mBAAmB,CAAC,CAAC;AAC5F,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,44 @@
+import type { webcrypto } from 'crypto';
+export type JwkPublicKey = webcrypto.JsonWebKey;
+export type ProofValueType = string | number | JsonDocument;
+export interface JsonDocument {
+    [key: string]: unknown;
+}
+export interface JsonLdDocument extends JsonDocument {
+    '@context': string | string[] | object | object[];
+}
+export interface Proof {
+    type: string;
+    cryptosuite: string;
+    verificationMethod: string;
+    proofPurpose: string;
+    proofValue: ProofValueType;
+    created?: string;
+    challenge?: string;
+    domain?: string;
+}
+export interface VerifiablePresentation extends JsonLdDocument {
+    type: string | string[];
+    verifiableCredential?: unknown[];
+    holder?: string;
+    proof?: Proof | Proof[];
+}
+export interface SignOptions {
+    document: JsonLdDocument;
+    privateKey: JwkPublicKey;
+    verificationMethod: string;
+    proofPurpose: string;
+    challenge?: string;
+    domain?: string;
+}
+export interface VerificationResult {
+    verified: boolean;
+    error?: string;
+}
+export interface ICryptosuite {
+    name: string;
+    canonicalize(document: JsonDocument): Promise<Buffer<ArrayBuffer>>;
+    sign<T extends ProofValueType>(options: JsonLdDocument): Promise<T>;
+    verify(options: JsonLdDocument): Promise<VerificationResult>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAExC,MAAM,MAAM,YAAY,GAAG,SAAS,CAAC,UAAU,CAAC;AAChD,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,MAAM,GAAG,YAAY,CAAC;AAE5D,MAAM,WAAW,YAAY;IAC3B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,cAAe,SAAQ,YAAY;IAClD,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,MAAM,GAAG,MAAM,EAAE,CAAC;CACnD;AAED,MAAM,WAAW,KAAK;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,cAAc,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,sBAAuB,SAAQ,cAAc;IAC5D,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACxB,oBAAoB,CAAC,EAAE,OAAO,EAAE,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,GAAG,KAAK,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,YAAY,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;IACnE,IAAI,CAAC,CAAC,SAAS,cAAc,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACpE,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;CAC9D"}

package/dist/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,78 @@
+{
+  "name": "@fido4vc/fido-vc-cryptosuite-ts",
+  "version": "1.0.1",
+  "description": "W3C VC Data Integrity cryptosuite for FIDO/WebAuthn-signed Verifiable Presentations — TypeScript reference implementation.",
+  "license": "Apache-2.0",
+  "author": "",
+  "type": "commonjs",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "module": "dist/index.js",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "require": "./dist/index.js",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "keywords": [
+    "fido",
+    "fido2",
+    "webauthn",
+    "verifiable-credentials",
+    "verifiable-presentations",
+    "vc",
+    "json-ld",
+    "data-integrity",
+    "cryptosuite",
+    "did",
+    "ssi"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/fido4vc/fido-vc-cryptosuite-ts.git"
+  },
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "scripts": {
+    "build": "tsc",
+    "watch": "tsc --watch",
+    "clean": "rimraf dist",
+    "prepublishOnly": "npm run clean && npm run build",
+    "test": "jest",
+    "lint": "eslint . --ext .ts",
+    "lint:fix": "eslint . --ext .ts --fix",
+    "format": "prettier --write \"src/**/*.ts\" \"tests/**/*.ts\"",
+    "format:check": "prettier --check \"src/**/*.ts\" \"tests/**/*.ts\""
+  },
+  "devDependencies": {
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/git": "^10.0.1",
+    "@types/jest": "^30.0.0",
+    "@types/node": "^25.0.9",
+    "@typescript-eslint/eslint-plugin": "^8.0.0",
+    "@typescript-eslint/parser": "^8.0.0",
+    "eslint": "^9.0.0",
+    "eslint-config-prettier": "^9.1.0",
+    "jest": "^30.2.0",
+    "prettier": "^3.4.0",
+    "rimraf": "^6.0.0",
+    "semantic-release": "^24.2.0",
+    "ts-jest": "^29.4.6",
+    "typescript": "^5.9.3"
+  },
+  "dependencies": {
+    "@simplewebauthn/server": "^13.2.2",
+    "canonicalize": "^2.1.0"
+  }
+}