@gjsify/crypto 0.4.35 → 0.4.36

package/lib/esm/browser/cipher.js

@@ -0,0 +1 @@
+import"../_virtual/_rolldown/runtime.js";import{Buffer as e}from"node:buffer";function parseCipherName(e){let t=e.toLowerCase().replace(/_/g,`-`).match(/^aes-(128|192|256)-(cbc|ctr|gcm)$/);if(!t){let t=Error(`Unsupported cipher in browser builds: ${e}. Supported: aes-{128,192,256}-{cbc,ctr,gcm}.`);throw t.code=`ENOTSUP_CIPHER`,t}let n=Number(t[1]),r=t[2];return{webMode:`AES-${r.toUpperCase()}`,keyBits:n,aesMode:`aes-${r}`}}function getWebSubtle(){if(globalThis.crypto===void 0||globalThis.crypto.subtle===void 0)throw Error(`WebCrypto SubtleCrypto is unavailable in this environment`);return globalThis.crypto.subtle}function toBytes(t){return typeof t==`string`?e.from(t,`utf8`):t instanceof Uint8Array?t:e.from(t)}function syncUnsupportedError(){let e=Error(`Synchronous Cipher.final() / Decipher.final() is not supported in browser builds. Use finalAsync() (returns Promise<Buffer>) or await crypto.subtle.encrypt/decrypt directly.`);return e.code=`ENOTSUP_SYNC_CIPHER`,e}var CipherBase=class{_parsed;_key;_iv;_chunks=[];_aad=null;_authTag=null;_finalized=!1;constructor(e,t,n){if(this._parsed=parseCipherName(e),t.byteLength*8!==this._parsed.keyBits)throw RangeError(`Invalid key length: got ${t.byteLength*8} bits, expected ${this._parsed.keyBits}.`);this._key=t,this._iv=n}update(t,n){if(this._finalized)throw Error(`Cipher already finalised`);let r=typeof t==`string`?e.from(t,n??`utf8`):toBytes(t);return this._chunks.push(r),e.alloc(0)}setAAD(t){if(this._parsed.aesMode!==`aes-gcm`)throw Error(`setAAD() is only valid for AES-GCM`);return this._aad=t instanceof Uint8Array?t:e.from(t),this}final(e){throw syncUnsupportedError()}_allBytes(){if(this._chunks.length===0)return new Uint8Array;if(this._chunks.length===1)return this._chunks[0];let e=this._chunks.reduce((e,t)=>e+t.byteLength,0),t=new Uint8Array(e),n=0;for(let e of this._chunks)t.set(e,n),n+=e.byteLength;return t}_algorithmParams(){switch(this._parsed.aesMode){case`aes-cbc`:return{name:`AES-CBC`,iv:this._iv};case`aes-ctr`:return{name:`AES-CTR`,counter:this._iv,length:64};case`aes-gcm`:return{name:`AES-GCM`,iv:this._iv,...this._aad?{additionalData:this._aad}:{}}}}},Cipher=class extends CipherBase{async finalAsync(t){if(this._finalized)throw Error(`Cipher already finalised`);this._finalized=!0;let n=getWebSubtle(),r=await n.importKey(`raw`,this._key,this._parsed.webMode,!1,[`encrypt`]),i=await n.encrypt(this._algorithmParams(),r,this._allBytes()),a=e.from(i);return this._parsed.aesMode===`aes-gcm`&&(this._authTag=a.subarray(a.byteLength-16)),t?a.toString(t):a}getAuthTag(){if(this._parsed.aesMode!==`aes-gcm`)throw Error(`getAuthTag() is only valid for AES-GCM`);if(!this._authTag)throw Error(`getAuthTag() called before finalAsync()`);return e.from(this._authTag)}},Decipher=class extends CipherBase{setAuthTag(t){if(this._parsed.aesMode!==`aes-gcm`)throw Error(`setAuthTag() is only valid for AES-GCM`);return this._authTag=t instanceof Uint8Array?t:e.from(t),this}async finalAsync(t){if(this._finalized)throw Error(`Cipher already finalised`);this._finalized=!0;let n=getWebSubtle(),r=await n.importKey(`raw`,this._key,this._parsed.webMode,!1,[`decrypt`]),i=this._allBytes();if(this._parsed.aesMode===`aes-gcm`){if(!this._authTag)throw Error(`GCM decrypt requires setAuthTag() before finalAsync()`);let e=new Uint8Array(i.byteLength+this._authTag.byteLength);e.set(i,0),e.set(this._authTag,i.byteLength),i=e}let a=await n.decrypt(this._algorithmParams(),r,i),o=e.from(a);return t?o.toString(t):o}};function createCipheriv(e,t,n){return new Cipher(e,toBytes(t),toBytes(n))}function createDecipheriv(e,t,n){return new Decipher(e,toBytes(t),toBytes(n))}function createCipher(e,t){let n=Error(`createCipher() is deprecated and not supported in browser builds. Use createCipheriv() with an explicit IV.`);throw n.code=`ENOTSUP_LEGACY_CIPHER`,n}function createDecipher(e,t){let n=Error(`createDecipher() is deprecated and not supported in browser builds. Use createDecipheriv() with an explicit IV.`);throw n.code=`ENOTSUP_LEGACY_CIPHER`,n}function getCiphers(){return[`aes-128-cbc`,`aes-192-cbc`,`aes-256-cbc`,`aes-128-ctr`,`aes-192-ctr`,`aes-256-ctr`,`aes-128-gcm`,`aes-192-gcm`,`aes-256-gcm`]}export{Cipher,Decipher,createCipher,createCipheriv,createDecipher,createDecipheriv,getCiphers};

package/lib/esm/browser/hash.js

@@ -0,0 +1 @@
+import"../_virtual/_rolldown/runtime.js";import{Buffer as e}from"node:buffer";const t={sha1:`SHA-1`,sha256:`SHA-256`,sha384:`SHA-384`,sha512:`SHA-512`};function normalizeAlgorithm(e){return e.toLowerCase().replace(/-/g,``)}function getWebSubtle(){if(globalThis.crypto===void 0||globalThis.crypto.subtle===void 0)throw Error(`WebCrypto SubtleCrypto is unavailable in this environment`);return globalThis.crypto.subtle}function makeSyncUnsupportedError(e){let t=Error(`Synchronous digest is not supported in browser builds (algorithm: ${e}). Call hash.digestAsync(encoding) or await crypto.subtle.digest() instead.`);return t.code=`ENOTSUP_SYNC_DIGEST`,t}var n=class Hash{_algorithm;_webAlgo;_chunks=[];_totalLen=0;_finalized=!1;constructor(e){let n=normalizeAlgorithm(e),r=t[n];if(!r){let t=Error(`Unknown or unsupported message digest: ${e}`);throw t.code=`ERR_CRYPTO_HASH_UNKNOWN`,t}this._algorithm=n,this._webAlgo=r}update(t,n){if(this._finalized)throw Error(`Digest already called`);let r;return r=typeof t==`string`?e.from(t,n??`utf8`):t instanceof Uint8Array?t:e.from(t),this._chunks.push(r),this._totalLen+=r.byteLength,this}async digestAsync(t){if(this._finalized)throw Error(`Digest already called`);this._finalized=!0;let n=getWebSubtle(),r=this._concat(),i=await n.digest(this._webAlgo,r),a=e.from(i);return t?a.toString(t):a}digest(e){throw makeSyncUnsupportedError(this._algorithm)}copy(){if(this._finalized)throw Error(`Digest already called`);let e=new Hash(this._algorithm);return e._chunks=[...this._chunks],e._totalLen=this._totalLen,e}_concat(){if(this._chunks.length===1)return this._chunks[0];let e=new Uint8Array(this._totalLen),t=0;for(let n of this._chunks)e.set(n,t),t+=n.byteLength;return e}};function createHash(e){return new n(e)}function getHashes(){return Object.keys(t)}async function hash(e,t,r){return new n(e).update(t).digestAsync(r)}export{n as Hash,createHash,getHashes,hash};

package/lib/esm/browser/hmac.js

@@ -0,0 +1 @@
+import"../_virtual/_rolldown/runtime.js";import{Buffer as e}from"node:buffer";const t={sha1:`SHA-1`,sha256:`SHA-256`,sha384:`SHA-384`,sha512:`SHA-512`};function normalizeAlgorithm(e){return e.toLowerCase().replace(/-/g,``)}function getWebSubtle(){if(globalThis.crypto===void 0||globalThis.crypto.subtle===void 0)throw Error(`WebCrypto SubtleCrypto is unavailable in this environment`);return globalThis.crypto.subtle}function makeSyncUnsupportedError(e){let t=Error(`Synchronous Hmac digest is not supported in browser builds (algorithm: ${e}). Call hmac.digestAsync(encoding) or await crypto.subtle.sign('HMAC', …) instead.`);return t.code=`ENOTSUP_SYNC_DIGEST`,t}var Hmac=class{_algorithm;_webAlgo;_keyBytes;_chunks=[];_totalLen=0;_finalized=!1;constructor(n,r){let i=normalizeAlgorithm(n),a=t[i];if(!a){let e=Error(`Unknown or unsupported message digest: ${n}`);throw e.code=`ERR_CRYPTO_HASH_UNKNOWN`,e}this._algorithm=i,this._webAlgo=a,typeof r==`string`?this._keyBytes=e.from(r,`utf8`):this._keyBytes=r instanceof Uint8Array?r:e.from(r)}update(t,n){if(this._finalized)throw Error(`Digest already called`);let r;return r=typeof t==`string`?e.from(t,n??`utf8`):t instanceof Uint8Array?t:e.from(t),this._chunks.push(r),this._totalLen+=r.byteLength,this}async digestAsync(t){if(this._finalized)throw Error(`Digest already called`);this._finalized=!0;let n=getWebSubtle(),r=await n.importKey(`raw`,this._keyBytes,{name:`HMAC`,hash:this._webAlgo},!1,[`sign`]),i=await n.sign(`HMAC`,r,this._concat()),a=e.from(i);return t?a.toString(t):a}digest(e){throw makeSyncUnsupportedError(this._algorithm)}_concat(){if(this._chunks.length===0)return new Uint8Array;if(this._chunks.length===1)return this._chunks[0];let e=new Uint8Array(this._totalLen),t=0;for(let n of this._chunks)e.set(n,t),t+=n.byteLength;return e}};function createHmac(e,t){return new Hmac(e,t)}export{Hmac,createHmac};

package/lib/esm/browser/kdf.js

@@ -0,0 +1 @@
+import"../_virtual/_rolldown/runtime.js";import{Buffer as e}from"node:buffer";const t={sha1:`SHA-1`,sha256:`SHA-256`,sha384:`SHA-384`,sha512:`SHA-512`};function normalizeAlgorithm(e){return e.toLowerCase().replace(/-/g,``)}function getWebSubtle(){if(globalThis.crypto===void 0||globalThis.crypto.subtle===void 0)throw Error(`WebCrypto SubtleCrypto is unavailable in this environment`);return globalThis.crypto.subtle}function toBytes(t){return typeof t==`string`?e.from(t,`utf8`):t instanceof Uint8Array?t:e.from(t)}function resolveWebAlgo(e){let n=t[normalizeAlgorithm(e)];if(!n)throw Error(`Unsupported PBKDF2/HKDF digest: ${e}`);return n}function pbkdf2(t,n,r,i,a,o){let s,c;typeof a==`function`?(s=`sha1`,c=a):(s=a,c=o);let l=resolveWebAlgo(s),u=toBytes(t),d=toBytes(n),f=getWebSubtle();f.importKey(`raw`,u,{name:`PBKDF2`},!1,[`deriveBits`]).then(e=>f.deriveBits({name:`PBKDF2`,salt:d,iterations:r,hash:l},e,i*8)).then(t=>c(null,e.from(t))).catch(t=>c(t,e.alloc(0)))}function pbkdf2Sync(e,t,n,r,i){let a=Error(`Synchronous pbkdf2Sync is not supported in browser builds. Use pbkdf2() with a callback, or await crypto.subtle.deriveBits({name:"PBKDF2", …}) directly.`);throw a.code=`ENOTSUP_SYNC_KDF`,a}function hkdf(e,t,n,r,i,a){let o=resolveWebAlgo(e),s=getWebSubtle();s.importKey(`raw`,toBytes(t),{name:`HKDF`},!1,[`deriveBits`]).then(e=>s.deriveBits({name:`HKDF`,hash:o,salt:toBytes(n),info:toBytes(r)},e,i*8)).then(e=>a(null,e)).catch(e=>a(e,new ArrayBuffer(0)))}function hkdfSync(e,t,n,r,i){let a=Error(`Synchronous hkdfSync is not supported in browser builds. Use hkdf() with a callback, or await crypto.subtle.deriveBits({name:"HKDF", …}) directly.`);throw a.code=`ENOTSUP_SYNC_KDF`,a}function scrypt(t,n,r,i,a){let o=Error(`scrypt is not supported in browser builds — WebCrypto does not provide a scrypt primitive.`);o.code=`ENOTSUP_NO_WEBCRYPTO_PRIMITIVE`;let s=typeof i==`function`?i:a;if(s){s(o,e.alloc(0));return}throw o}function scryptSync(e,t,n,r){let i=Error(`scryptSync is not supported in browser builds — WebCrypto does not provide a scrypt primitive.`);throw i.code=`ENOTSUP_NO_WEBCRYPTO_PRIMITIVE`,i}export{hkdf,hkdfSync,pbkdf2,pbkdf2Sync,scrypt,scryptSync};

package/lib/esm/browser/random.js

@@ -0,0 +1 @@
+import"../_virtual/_rolldown/runtime.js";import{Buffer as e}from"node:buffer";const t=65536;function getWebCrypto(){if(globalThis.crypto===void 0||typeof globalThis.crypto.getRandomValues!=`function`)throw Error(`WebCrypto getRandomValues is unavailable in this environment`);return globalThis.crypto}function fillRandom(e){let n=getWebCrypto();for(let r=0;r<e.length;r+=t){let i=Math.min(e.length-r,t),a=new Uint8Array(e.buffer,e.byteOffset+r,i);n.getRandomValues(a)}}function randomBytes(t,n){if(typeof t!=`number`||t<0||!Number.isInteger(t))throw TypeError(`The "size" argument must be a non-negative integer. Received ${t}`);try{let r=e.alloc(t);if(t>0&&fillRandom(new Uint8Array(r.buffer,r.byteOffset,r.byteLength)),n){n(null,r);return}return r}catch(t){if(n){n(t,e.alloc(0));return}throw t}}function randomFillSync(e,t=0,n){let r=n??e.length-t;if(t<0||t>e.length)throw RangeError(`The value of "offset" is out of range. Received ${t}`);if(r<0||t+r>e.length)throw RangeError(`The value of "size" is out of range. Received ${r}`);return r>0&&fillRandom(new Uint8Array(e.buffer,e.byteOffset+t,r)),e}function randomFill(e,t,n,r){let i,a,o;typeof t==`function`?(o=t,i=0,a=e.length):typeof n==`function`?(o=n,i=t,a=e.length-t):(o=r,i=t,a=n);try{randomFillSync(e,i,a),o(null,e)}catch(t){o(t,e)}}function randomUUID(){let e=getWebCrypto();if(typeof e.randomUUID==`function`)return e.randomUUID();let t=new Uint8Array(16);fillRandom(t),t[6]=t[6]&15|64,t[8]=t[8]&63|128;let n=Array.from(t,e=>e.toString(16).padStart(2,`0`)).join(``);return`${n.slice(0,8)}-${n.slice(8,12)}-${n.slice(12,16)}-${n.slice(16,20)}-${n.slice(20)}`}function randomInt(e,t,n){let r,i,a;if(typeof t==`function`?(a=t,i=e,r=0):typeof t==`number`?(r=e,i=t,a=n):(i=e,r=0,a=n),!Number.isInteger(r))throw TypeError(`The "min" argument must be a safe integer. Received ${r}`);if(!Number.isInteger(i))throw TypeError(`The "max" argument must be a safe integer. Received ${i}`);if(r>=i)throw RangeError(`The value of "min" must be less than "max". Received min: ${r}, max: ${i}`);let o=i-r,s=new Uint32Array(1);fillRandom(new Uint8Array(s.buffer));let c=r+s[0]%o;if(a){a(null,c);return}return c}export{randomBytes,randomFill,randomFillSync,randomInt,randomUUID};

package/lib/esm/browser/sign.js

@@ -0,0 +1 @@
+import"../_virtual/_rolldown/runtime.js";import{Buffer as e}from"node:buffer";const t={sha1:`SHA-1`,sha256:`SHA-256`,sha384:`SHA-384`,sha512:`SHA-512`};function normalizeHash(e){let n=t[e.toLowerCase().replace(/-/g,``)];if(!n)throw Error(`Unsupported digest in browser builds: ${e}`);return n}function getWebSubtle(){if(globalThis.crypto===void 0||globalThis.crypto.subtle===void 0)throw Error(`WebCrypto SubtleCrypto is unavailable in this environment`);return globalThis.crypto.subtle}function syncUnsupportedError(){let e=Error(`Synchronous Sign.sign() / Verify.verify() is not supported in browser builds. Use signAsync(cryptoKey) / verifyAsync(cryptoKey, signature) with a pre-imported CryptoKey.`);return e.code=`ENOTSUP_SYNC_SIGN`,e}var SignBase=class{_algorithm;_webAlgo;_chunks=[];_finalized=!1;constructor(e){this._algorithm=e.toLowerCase(),this._webAlgo=normalizeHash(e)}update(t,n){if(this._finalized)throw Error(`Sign/Verify already finalised`);let r=typeof t==`string`?e.from(t,n??`utf8`):t instanceof Uint8Array?t:e.from(t);return this._chunks.push(r),this}_allBytes(){if(this._chunks.length===0)return new Uint8Array;if(this._chunks.length===1)return this._chunks[0];let e=this._chunks.reduce((e,t)=>e+t.byteLength,0),t=new Uint8Array(e),n=0;for(let e of this._chunks)t.set(e,n),n+=e.byteLength;return t}},Sign=class extends SignBase{sign(e,t){throw syncUnsupportedError()}async signAsync(t,n){if(this._finalized)throw Error(`Sign already finalised`);this._finalized=!0;let r=getWebSubtle(),i=t.algorithm.name,a;a=i===`ECDSA`?{name:`ECDSA`,hash:this._webAlgo}:i===`RSA-PSS`?{name:`RSA-PSS`,saltLength:32}:i;let o=await r.sign(a,t,this._allBytes()),s=e.from(o);return n?s.toString(n):s}},Verify=class extends SignBase{verify(e,t,n){throw syncUnsupportedError()}async verifyAsync(e,t){if(this._finalized)throw Error(`Verify already finalised`);this._finalized=!0;let n=getWebSubtle(),r=e.algorithm.name,i;return i=r===`ECDSA`?{name:`ECDSA`,hash:this._webAlgo}:r===`RSA-PSS`?{name:`RSA-PSS`,saltLength:32}:r,n.verify(i,e,t,this._allBytes())}};function createSign(e){return new Sign(e)}function createVerify(e){return new Verify(e)}async function sign(t,n,r){let i=getWebSubtle(),a=r.algorithm.name,o;return o=a===`ECDSA`?{name:`ECDSA`,hash:t?normalizeHash(t):`SHA-256`}:a===`RSA-PSS`?{name:`RSA-PSS`,saltLength:32}:a,e.from(await i.sign(o,r,n))}async function verify(e,t,n,r){let i=getWebSubtle(),a=n.algorithm.name,o;return o=a===`ECDSA`?{name:`ECDSA`,hash:e?normalizeHash(e):`SHA-256`}:a===`RSA-PSS`?{name:`RSA-PSS`,saltLength:32}:a,i.verify(o,n,r,t)}export{Sign,Verify,createSign,createVerify,sign,verify};

package/lib/esm/browser/stubs.js

@@ -0,0 +1 @@
+import"../_virtual/_rolldown/runtime.js";function notSupported(e,t){let n=`${e} is not supported in browser builds.${t?` `+t:``}`,r=Error(n);throw r.code=`ENOTSUP`,r}function createDiffieHellman(...e){return notSupported(`createDiffieHellman`,`WebCrypto does not expose classic DH. Use crypto.subtle.deriveBits({name:"ECDH",…}) instead.`)}function getDiffieHellman(e){return notSupported(`getDiffieHellman`)}var DiffieHellman=class{constructor(){notSupported(`DiffieHellman`)}},DiffieHellmanGroup=class{constructor(){notSupported(`DiffieHellmanGroup`)}};function createDiffieHellmanGroup(e){return notSupported(`createDiffieHellmanGroup`)}function createECDH(e){return notSupported(`createECDH`,`Use crypto.subtle.generateKey({name:"ECDH",namedCurve:…}) + subtle.deriveBits instead.`)}function getCurves(){return[`prime256v1`,`secp256r1`,`secp384r1`,`secp521r1`]}function ecdsaSign(){return notSupported(`ecdsaSign`,`Use createSign("sha256").update(…).signAsync(cryptoKey).`)}function ecdsaVerify(){return notSupported(`ecdsaVerify`,`Use createVerify("sha256").update(…).verifyAsync(cryptoKey, signature).`)}function publicEncrypt(e,t){return notSupported(`publicEncrypt`,`Use crypto.subtle.encrypt({name:"RSA-OAEP",…}, cryptoKey, plaintext).`)}function privateDecrypt(e,t){return notSupported(`privateDecrypt`,`Use crypto.subtle.decrypt({name:"RSA-OAEP",…}, cryptoKey, ciphertext).`)}function privateEncrypt(e,t){return notSupported(`privateEncrypt`,`No WebCrypto equivalent — used by legacy JWT libraries only.`)}function publicDecrypt(e,t){return notSupported(`publicDecrypt`,`No WebCrypto equivalent — used by legacy JWT libraries only.`)}function rsaPssSign(){return notSupported(`rsaPssSign`,`Use createSign(digest).signAsync(rsaPssCryptoKey).`)}function rsaPssVerify(){return notSupported(`rsaPssVerify`,`Use createVerify(digest).verifyAsync(rsaPssCryptoKey, signature).`)}function rsaOaepEncrypt(){return notSupported(`rsaOaepEncrypt`,`Use crypto.subtle.encrypt({name:"RSA-OAEP",…}, cryptoKey, plaintext).`)}function rsaOaepDecrypt(){return notSupported(`rsaOaepDecrypt`,`Use crypto.subtle.decrypt({name:"RSA-OAEP",…}, cryptoKey, ciphertext).`)}function mgf1(){return notSupported(`mgf1`,`WebCrypto does not expose MGF1 directly — it is internal to RSA-OAEP/PSS.`)}var KeyObject=class{constructor(){notSupported(`KeyObject`,`Use crypto.subtle.importKey / exportKey to obtain a CryptoKey instead.`)}static from(){return notSupported(`KeyObject.from`)}};function createSecretKey(e){return notSupported(`createSecretKey`,`Use crypto.subtle.importKey("raw", key, …).`)}function createPublicKey(e){return notSupported(`createPublicKey`,`Use crypto.subtle.importKey("spki" | "jwk", …).`)}function createPrivateKey(e){return notSupported(`createPrivateKey`,`Use crypto.subtle.importKey("pkcs8" | "jwk", …).`)}function generateKeyPair(...e){return notSupported(`generateKeyPair`,`Use crypto.subtle.generateKey({name:…, …}, true, [usages]).`)}function generateKeyPairSync(...e){return notSupported(`generateKeyPairSync`,`No sync key-pair gen in WebCrypto. Use crypto.subtle.generateKey (async).`)}function generateKey(...e){return notSupported(`generateKey`,`Use crypto.subtle.generateKey for symmetric keys.`)}var X509Certificate=class{constructor(){notSupported(`X509Certificate`,`WebCrypto does not expose X.509 parsing. Use a third-party library or the platform certificate APIs.`)}};export{DiffieHellman,DiffieHellmanGroup,KeyObject,X509Certificate,createDiffieHellman,createDiffieHellmanGroup,createECDH,createPrivateKey,createPublicKey,createSecretKey,ecdsaSign,ecdsaVerify,generateKey,generateKeyPair,generateKeyPairSync,getCurves,getDiffieHellman,mgf1,privateDecrypt,privateEncrypt,publicDecrypt,publicEncrypt,rsaOaepDecrypt,rsaOaepEncrypt,rsaPssSign,rsaPssVerify};

package/lib/esm/browser.js

@@ -0,0 +1 @@
+import{constants as e}from"./constants.js";import{randomBytes as t,randomFill as n,randomFillSync as r,randomInt as i,randomUUID as a}from"./browser/random.js";import{Hash as o,createHash as s,getHashes as c,hash as l}from"./browser/hash.js";import{Hmac as u,createHmac as d}from"./browser/hmac.js";import{hkdf as f,hkdfSync as p,pbkdf2 as m,pbkdf2Sync as h,scrypt as g,scryptSync as _}from"./browser/kdf.js";import{Cipher as v,Decipher as y,createCipher as b,createCipheriv as x,createDecipher as S,createDecipheriv as C,getCiphers as w}from"./browser/cipher.js";import{Sign as T,Verify as E,createSign as D,createVerify as O,sign as k,verify as A}from"./browser/sign.js";import{DiffieHellman as j,DiffieHellmanGroup as M,KeyObject as N,X509Certificate as P,createDiffieHellman as F,createDiffieHellmanGroup as I,createECDH as L,createPrivateKey as R,createPublicKey as z,createSecretKey as B,ecdsaSign as V,ecdsaVerify as H,generateKey as U,generateKeyPair as W,generateKeyPairSync as G,getCurves as K,getDiffieHellman as q,mgf1 as J,privateDecrypt as Y,privateEncrypt as X,publicDecrypt as Z,publicEncrypt as Q,rsaOaepDecrypt as $,rsaOaepEncrypt as ee,rsaPssSign as te,rsaPssVerify as ne}from"./browser/stubs.js";import{timingSafeEqual as re}from"./timing-safe-equal.js";const ie=globalThis.crypto,ae=globalThis.crypto.subtle;var oe={webcrypto:ie,subtle:ae,constants:e,randomBytes:t,randomFill:n,randomFillSync:r,randomUUID:a,randomInt:i,Hash:o,createHash:s,getHashes:c,hash:l,Hmac:u,createHmac:d,pbkdf2:m,pbkdf2Sync:h,hkdf:f,hkdfSync:p,scrypt:g,scryptSync:_,Cipher:v,Decipher:y,createCipher:b,createCipheriv:x,createDecipher:S,createDecipheriv:C,getCiphers:w,Sign:T,Verify:E,createSign:D,createVerify:O,sign:k,verify:A,createDiffieHellman:F,getDiffieHellman:q,DiffieHellman:j,DiffieHellmanGroup:M,createDiffieHellmanGroup:I,createECDH:L,getCurves:K,ecdsaSign:V,ecdsaVerify:H,publicEncrypt:Q,privateDecrypt:Y,privateEncrypt:X,publicDecrypt:Z,rsaPssSign:te,rsaPssVerify:ne,rsaOaepEncrypt:ee,rsaOaepDecrypt:$,mgf1:J,KeyObject:N,createSecretKey:B,createPublicKey:z,createPrivateKey:R,generateKeyPair:W,generateKeyPairSync:G,generateKey:U,X509Certificate:P,timingSafeEqual:re};export{v as Cipher,y as Decipher,j as DiffieHellman,M as DiffieHellmanGroup,o as Hash,u as Hmac,N as KeyObject,T as Sign,E as Verify,P as X509Certificate,e as constants,b as createCipher,x as createCipheriv,S as createDecipher,C as createDecipheriv,F as createDiffieHellman,I as createDiffieHellmanGroup,L as createECDH,s as createHash,d as createHmac,R as createPrivateKey,z as createPublicKey,B as createSecretKey,D as createSign,O as createVerify,oe as default,V as ecdsaSign,H as ecdsaVerify,U as generateKey,W as generateKeyPair,G as generateKeyPairSync,w as getCiphers,K as getCurves,q as getDiffieHellman,c as getHashes,l as hash,f as hkdf,p as hkdfSync,J as mgf1,m as pbkdf2,h as pbkdf2Sync,Y as privateDecrypt,X as privateEncrypt,Z as publicDecrypt,Q as publicEncrypt,t as randomBytes,n as randomFill,r as randomFillSync,i as randomInt,a as randomUUID,$ as rsaOaepDecrypt,ee as rsaOaepEncrypt,te as rsaPssSign,ne as rsaPssVerify,g as scrypt,_ as scryptSync,k as sign,ae as subtle,re as timingSafeEqual,A as verify,ie as webcrypto};

package/lib/esm/index.js

@@ -1 +1 @@
-import"./_virtual/_rolldown/runtime.js";import{createCipher as e,createCipheriv as t,createDecipher as n,createDecipheriv as r,getCiphers as i}from"./cipher.js";import{constants as a}from"./constants.js";import{randomBytes as o,randomFill as s,randomFillSync as c,randomInt as l,randomUUID as u}from"./random.js";import{DiffieHellman as d,DiffieHellmanGroup as f,createDiffieHellman as p,createDiffieHellmanGroup as m,getDiffieHellman as h}from"./dh.js";import{createECDH as g,getCurves as _}from"./ecdh.js";import{Hash as v,getHashes as y,hash as b}from"./hash.js";import{Hmac as x}from"./hmac.js";import{ecdsaSign as S,ecdsaVerify as C}from"./ecdsa.js";import{hkdf as w,hkdfSync as T}from"./hkdf.js";import{timingSafeEqual as E}from"./timing-safe-equal.js";import{pbkdf2 as D,pbkdf2Sync as O}from"./pbkdf2.js";import{scrypt as k,scryptSync as A}from"./scrypt.js";import{Sign as j,Verify as M,createSign as N,createVerify as P}from"./sign.js";import{privateDecrypt as F,privateEncrypt as I,publicDecrypt as L,publicEncrypt as R}from"./public-encrypt.js";import{mgf1 as z}from"./mgf1.js";import{rsaPssSign as B,rsaPssVerify as V}from"./rsa-pss.js";import{rsaOaepDecrypt as H,rsaOaepEncrypt as U}from"./rsa-oaep.js";import{KeyObject as W,createPrivateKey as G,createPublicKey as K,createSecretKey as q}from"./key-object.js";import{X509Certificate as J}from"./x509.js";function createHash(e){return new v(e)}function createHmac(e,t){return new x(e,t)}var Y={Hash:v,getHashes:y,hash:b,Hmac:x,randomBytes:o,randomFill:s,randomFillSync:c,randomUUID:u,randomInt:l,timingSafeEqual:E,constants:a,pbkdf2:D,pbkdf2Sync:O,hkdf:w,hkdfSync:T,scrypt:k,scryptSync:A,createHash,createHmac,createCipher:e,createCipheriv:t,createDecipher:n,createDecipheriv:r,getCiphers:i,Sign:j,Verify:M,createSign:N,createVerify:P,createDiffieHellman:p,getDiffieHellman:h,DiffieHellman:d,DiffieHellmanGroup:f,createDiffieHellmanGroup:m,createECDH:g,getCurves:_,ecdsaSign:S,ecdsaVerify:C,publicEncrypt:R,privateDecrypt:F,privateEncrypt:I,publicDecrypt:L,rsaPssSign:B,rsaPssVerify:V,rsaOaepEncrypt:U,rsaOaepDecrypt:H,mgf1:z,KeyObject:W,createSecretKey:q,createPublicKey:K,createPrivateKey:G,X509Certificate:J};export{d as DiffieHellman,f as DiffieHellmanGroup,v as Hash,x as Hmac,W as KeyObject,j as Sign,M as Verify,J as X509Certificate,a as constants,e as createCipher,t as createCipheriv,n as createDecipher,r as createDecipheriv,p as createDiffieHellman,m as createDiffieHellmanGroup,g as createECDH,createHash,createHmac,G as createPrivateKey,K as createPublicKey,q as createSecretKey,N as createSign,P as createVerify,Y as default,S as ecdsaSign,C as ecdsaVerify,i as getCiphers,_ as getCurves,h as getDiffieHellman,y as getHashes,b as hash,w as hkdf,T as hkdfSync,z as mgf1,D as pbkdf2,O as pbkdf2Sync,F as privateDecrypt,I as privateEncrypt,L as publicDecrypt,R as publicEncrypt,o as randomBytes,s as randomFill,c as randomFillSync,l as randomInt,u as randomUUID,H as rsaOaepDecrypt,U as rsaOaepEncrypt,B as rsaPssSign,V as rsaPssVerify,k as scrypt,A as scryptSync,E as timingSafeEqual};
+import"./_virtual/_rolldown/runtime.js";import{constants as e}from"./constants.js";import{timingSafeEqual as t}from"./timing-safe-equal.js";import{createCipher as n,createCipheriv as r,createDecipher as i,createDecipheriv as a,getCiphers as o}from"./cipher.js";import{randomBytes as s,randomFill as c,randomFillSync as l,randomInt as u,randomUUID as d}from"./random.js";import{DiffieHellman as f,DiffieHellmanGroup as p,createDiffieHellman as m,createDiffieHellmanGroup as h,getDiffieHellman as g}from"./dh.js";import{createECDH as _,getCurves as v}from"./ecdh.js";import{Hash as y,getHashes as b,hash as x}from"./hash.js";import{Hmac as S}from"./hmac.js";import{ecdsaSign as C,ecdsaVerify as w}from"./ecdsa.js";import{hkdf as T,hkdfSync as E}from"./hkdf.js";import{pbkdf2 as D,pbkdf2Sync as O}from"./pbkdf2.js";import{scrypt as k,scryptSync as A}from"./scrypt.js";import{Sign as j,Verify as M,createSign as N,createVerify as P}from"./sign.js";import{privateDecrypt as F,privateEncrypt as I,publicDecrypt as L,publicEncrypt as R}from"./public-encrypt.js";import{mgf1 as z}from"./mgf1.js";import{rsaPssSign as B,rsaPssVerify as V}from"./rsa-pss.js";import{rsaOaepDecrypt as H,rsaOaepEncrypt as U}from"./rsa-oaep.js";import{KeyObject as W,createPrivateKey as G,createPublicKey as K,createSecretKey as q}from"./key-object.js";import{X509Certificate as J}from"./x509.js";function createHash(e){return new y(e)}function createHmac(e,t){return new S(e,t)}var Y={Hash:y,getHashes:b,hash:x,Hmac:S,randomBytes:s,randomFill:c,randomFillSync:l,randomUUID:d,randomInt:u,timingSafeEqual:t,constants:e,pbkdf2:D,pbkdf2Sync:O,hkdf:T,hkdfSync:E,scrypt:k,scryptSync:A,createHash,createHmac,createCipher:n,createCipheriv:r,createDecipher:i,createDecipheriv:a,getCiphers:o,Sign:j,Verify:M,createSign:N,createVerify:P,createDiffieHellman:m,getDiffieHellman:g,DiffieHellman:f,DiffieHellmanGroup:p,createDiffieHellmanGroup:h,createECDH:_,getCurves:v,ecdsaSign:C,ecdsaVerify:w,publicEncrypt:R,privateDecrypt:F,privateEncrypt:I,publicDecrypt:L,rsaPssSign:B,rsaPssVerify:V,rsaOaepEncrypt:U,rsaOaepDecrypt:H,mgf1:z,KeyObject:W,createSecretKey:q,createPublicKey:K,createPrivateKey:G,X509Certificate:J};export{f as DiffieHellman,p as DiffieHellmanGroup,y as Hash,S as Hmac,W as KeyObject,j as Sign,M as Verify,J as X509Certificate,e as constants,n as createCipher,r as createCipheriv,i as createDecipher,a as createDecipheriv,m as createDiffieHellman,h as createDiffieHellmanGroup,_ as createECDH,createHash,createHmac,G as createPrivateKey,K as createPublicKey,q as createSecretKey,N as createSign,P as createVerify,Y as default,C as ecdsaSign,w as ecdsaVerify,o as getCiphers,v as getCurves,g as getDiffieHellman,b as getHashes,x as hash,T as hkdf,E as hkdfSync,z as mgf1,D as pbkdf2,O as pbkdf2Sync,F as privateDecrypt,I as privateEncrypt,L as publicDecrypt,R as publicEncrypt,s as randomBytes,c as randomFill,l as randomFillSync,u as randomInt,d as randomUUID,H as rsaOaepDecrypt,U as rsaOaepEncrypt,B as rsaPssSign,V as rsaPssVerify,k as scrypt,A as scryptSync,t as timingSafeEqual};

package/lib/types/browser/cipher.d.ts

@@ -0,0 +1,48 @@
+import { Buffer } from 'node:buffer';
+type AesMode = 'aes-cbc' | 'aes-ctr' | 'aes-gcm';
+interface ParsedCipherName {
+    /** WebCrypto AlgorithmIdentifier mode prefix, e.g. "AES-CBC". */
+    webMode: 'AES-CBC' | 'AES-CTR' | 'AES-GCM';
+    /** Key bit-length: 128/192/256. */
+    keyBits: 128 | 192 | 256;
+    /** Short mode tag used internally. */
+    aesMode: AesMode;
+}
+declare abstract class CipherBase {
+    protected _parsed: ParsedCipherName;
+    protected _key: Uint8Array;
+    protected _iv: Uint8Array;
+    protected _chunks: Uint8Array[];
+    protected _aad: Uint8Array | null;
+    protected _authTag: Uint8Array | null;
+    protected _finalized: boolean;
+    constructor(name: string, key: Uint8Array, iv: Uint8Array);
+    update(data: string | Buffer | Uint8Array, inputEncoding?: BufferEncoding): Buffer;
+    setAAD(buffer: Buffer | Uint8Array): this;
+    /** Sync final — throws ENOTSUP_SYNC_CIPHER. */
+    final(_outputEncoding?: BufferEncoding): Buffer | string;
+    protected _allBytes(): Uint8Array;
+    protected _algorithmParams(): AesCbcParams | AesCtrParams | AesGcmParams;
+}
+export declare class Cipher extends CipherBase {
+    /** Async final — preferred entry. Returns ciphertext (incl. GCM tag appended). */
+    finalAsync(outputEncoding?: BufferEncoding): Promise<Buffer | string>;
+    /** GCM auth tag — only valid after `finalAsync()`. */
+    getAuthTag(): Buffer;
+}
+export declare class Decipher extends CipherBase {
+    setAuthTag(buffer: Buffer | Uint8Array): this;
+    /** Async final — preferred entry. Returns plaintext. */
+    finalAsync(outputEncoding?: BufferEncoding): Promise<Buffer | string>;
+}
+export declare function createCipheriv(algorithm: string, key: Buffer | Uint8Array | string, iv: Buffer | Uint8Array | string): Cipher;
+export declare function createDecipheriv(algorithm: string, key: Buffer | Uint8Array | string, iv: Buffer | Uint8Array | string): Decipher;
+/**
+ * Legacy `createCipher(algorithm, password)` — deprecated in Node and unsafe;
+ * not supported in browser builds because it requires a sync PBKDF1
+ * key-derivation that WebCrypto cannot reproduce.
+ */
+export declare function createCipher(_algorithm: string, _password: string | Buffer | Uint8Array): never;
+export declare function createDecipher(_algorithm: string, _password: string | Buffer | Uint8Array): never;
+export declare function getCiphers(): string[];
+export {};

package/lib/types/browser/hash.d.ts

@@ -0,0 +1,22 @@
+import { Buffer } from 'node:buffer';
+/** Hash class backed by WebCrypto `subtle.digest`. */
+export declare class Hash {
+    private _algorithm;
+    private _webAlgo;
+    private _chunks;
+    private _totalLen;
+    private _finalized;
+    constructor(algorithm: string);
+    update(data: string | Buffer | Uint8Array, inputEncoding?: BufferEncoding): this;
+    /** Async digest — preferred entry in browser builds. */
+    digestAsync(encoding?: BufferEncoding): Promise<Buffer | string>;
+    /** Sync digest — throws ENOTSUP_SYNC_DIGEST in browser builds. */
+    digest(_encoding?: BufferEncoding): Buffer | string;
+    /** Snapshot copy — `_chunks` are reused (Uint8Array views are read-only here). */
+    copy(): Hash;
+    private _concat;
+}
+export declare function createHash(algorithm: string): Hash;
+export declare function getHashes(): string[];
+/** Convenience: one-shot hash (Node 21+). Async — use await. */
+export declare function hash(algorithm: string, data: string | Buffer | Uint8Array, encoding?: BufferEncoding): Promise<Buffer | string>;

package/lib/types/browser/hmac.d.ts

@@ -0,0 +1,16 @@
+import { Buffer } from 'node:buffer';
+/** Hmac class backed by WebCrypto `subtle.importKey` + `subtle.sign('HMAC')`. */
+export declare class Hmac {
+    private _algorithm;
+    private _webAlgo;
+    private _keyBytes;
+    private _chunks;
+    private _totalLen;
+    private _finalized;
+    constructor(algorithm: string, key: string | Buffer | Uint8Array);
+    update(data: string | Buffer | Uint8Array, inputEncoding?: BufferEncoding): this;
+    digestAsync(encoding?: BufferEncoding): Promise<Buffer | string>;
+    digest(_encoding?: BufferEncoding): Buffer | string;
+    private _concat;
+}
+export declare function createHmac(algorithm: string, key: string | Buffer | Uint8Array): Hmac;

package/lib/types/browser/kdf.d.ts

@@ -0,0 +1,15 @@
+import { Buffer } from 'node:buffer';
+type Pbkdf2Callback = (err: Error | null, derivedKey: Buffer) => void;
+/** PBKDF2 — async via `subtle.deriveBits`. */
+export declare function pbkdf2(password: string | Buffer | Uint8Array, salt: string | Buffer | Uint8Array, iterations: number, keylen: number, digest: string, callback?: Pbkdf2Callback): void;
+/** Synchronous PBKDF2 — throws ENOTSUP_SYNC_KDF in browser builds. */
+export declare function pbkdf2Sync(_password: string | Buffer | Uint8Array, _salt: string | Buffer | Uint8Array, _iterations: number, _keylen: number, _digest?: string): Buffer;
+type HkdfCallback = (err: Error | null, derivedKey: ArrayBuffer) => void;
+/** HKDF — async via `subtle.deriveBits`. */
+export declare function hkdf(digest: string, ikm: string | Buffer | Uint8Array, salt: string | Buffer | Uint8Array, info: string | Buffer | Uint8Array, keylen: number, callback: HkdfCallback): void;
+/** Synchronous HKDF — throws ENOTSUP_SYNC_KDF in browser builds. */
+export declare function hkdfSync(_digest: string, _ikm: string | Buffer | Uint8Array, _salt: string | Buffer | Uint8Array, _info: string | Buffer | Uint8Array, _keylen: number): ArrayBuffer;
+/** Scrypt is not in WebCrypto. */
+export declare function scrypt(_password: string | Buffer | Uint8Array, _salt: string | Buffer | Uint8Array, _keylen: number, _optionsOrCallback: unknown, callback?: (err: Error | null, derivedKey: Buffer) => void): void;
+export declare function scryptSync(_password: string | Buffer | Uint8Array, _salt: string | Buffer | Uint8Array, _keylen: number, _options?: unknown): Buffer;
+export {};

package/lib/types/browser/random.d.ts

@@ -0,0 +1,12 @@
+import { Buffer } from 'node:buffer';
+/** Generate cryptographically strong pseudo-random data. */
+export declare function randomBytes(size: number): Buffer;
+export declare function randomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
+/** Fill a buffer with cryptographically strong pseudo-random data (synchronous). */
+export declare function randomFillSync(buffer: Buffer | Uint8Array, offset?: number, size?: number): Buffer | Uint8Array;
+/** Fill a buffer with cryptographically strong pseudo-random data (async). */
+export declare function randomFill(buffer: Buffer | Uint8Array, offset: number | ((err: Error | null, buf: Buffer | Uint8Array) => void), size?: number | ((err: Error | null, buf: Buffer | Uint8Array) => void), callback?: (err: Error | null, buf: Buffer | Uint8Array) => void): void;
+/** Generate a random UUID v4 string — uses native `crypto.randomUUID` when present. */
+export declare function randomUUID(): string;
+/** Generate a random integer between min (inclusive) and max (exclusive). */
+export declare function randomInt(min: number, max?: number | ((err: Error | null, value: number) => void), callback?: (err: Error | null, value: number) => void): number | void;

package/lib/types/browser/sign.d.ts

@@ -0,0 +1,35 @@
+import { Buffer } from 'node:buffer';
+declare abstract class SignBase {
+    protected _algorithm: string;
+    protected _webAlgo: string;
+    protected _chunks: Uint8Array[];
+    protected _finalized: boolean;
+    constructor(algorithm: string);
+    update(data: string | Buffer | Uint8Array, inputEncoding?: BufferEncoding): this;
+    protected _allBytes(): Uint8Array;
+}
+export declare class Sign extends SignBase {
+    /** Sync sign — throws ENOTSUP_SYNC_SIGN. */
+    sign(_privateKey: unknown, _outputFormat?: BufferEncoding): Buffer | string;
+    /**
+     * Async sign — accepts a pre-imported `CryptoKey` (use `subtle.importKey`).
+     * Algorithm depends on the digest used in `createSign(digest)`:
+     * - RSASSA-PKCS1-v1_5 if the key was imported as such
+     * - ECDSA if the key is EC
+     * - RSA-PSS if the key was imported with PSS metadata
+     * Caller is responsible for matching the key algorithm; this wrapper
+     * defaults to the `key.algorithm.name` reported by the CryptoKey.
+     */
+    signAsync(privateKey: CryptoKey, outputEncoding?: BufferEncoding): Promise<Buffer | string>;
+}
+export declare class Verify extends SignBase {
+    /** Sync verify — throws ENOTSUP_SYNC_SIGN. */
+    verify(_publicKey: unknown, _signature: string | Buffer | Uint8Array, _signatureFormat?: BufferEncoding): boolean;
+    verifyAsync(publicKey: CryptoKey, signature: Buffer | Uint8Array): Promise<boolean>;
+}
+export declare function createSign(algorithm: string): Sign;
+export declare function createVerify(algorithm: string): Verify;
+/** One-shot sign — Node 15+ API. Async only in browser builds. */
+export declare function sign(algorithm: string | null | undefined, data: Buffer | Uint8Array, key: CryptoKey): Promise<Buffer>;
+export declare function verify(algorithm: string | null | undefined, data: Buffer | Uint8Array, key: CryptoKey, signature: Buffer | Uint8Array): Promise<boolean>;
+export {};

package/lib/types/browser/stubs.d.ts

@@ -0,0 +1,36 @@
+import { Buffer } from 'node:buffer';
+export declare function createDiffieHellman(..._args: unknown[]): never;
+export declare function getDiffieHellman(_groupName: string): never;
+export declare class DiffieHellman {
+    constructor();
+}
+export declare class DiffieHellmanGroup {
+    constructor();
+}
+export declare function createDiffieHellmanGroup(_groupName: string): never;
+export declare function createECDH(_curveName: string): never;
+export declare function getCurves(): string[];
+export declare function ecdsaSign(): never;
+export declare function ecdsaVerify(): never;
+export declare function publicEncrypt(_keyLike: unknown, _data: Buffer | Uint8Array): never;
+export declare function privateDecrypt(_keyLike: unknown, _data: Buffer | Uint8Array): never;
+export declare function privateEncrypt(_keyLike: unknown, _data: Buffer | Uint8Array): never;
+export declare function publicDecrypt(_keyLike: unknown, _data: Buffer | Uint8Array): never;
+export declare function rsaPssSign(): never;
+export declare function rsaPssVerify(): never;
+export declare function rsaOaepEncrypt(): never;
+export declare function rsaOaepDecrypt(): never;
+export declare function mgf1(): never;
+export declare class KeyObject {
+    constructor();
+    static from(): never;
+}
+export declare function createSecretKey(_key: Buffer | Uint8Array): never;
+export declare function createPublicKey(_keyLike: unknown): never;
+export declare function createPrivateKey(_keyLike: unknown): never;
+export declare function generateKeyPair(..._args: unknown[]): never;
+export declare function generateKeyPairSync(..._args: unknown[]): never;
+export declare function generateKey(..._args: unknown[]): never;
+export declare class X509Certificate {
+    constructor();
+}

package/lib/types/browser.d.ts

@@ -0,0 +1,93 @@
+import { Buffer } from 'node:buffer';
+export declare const webcrypto: Crypto;
+export declare const subtle: SubtleCrypto;
+export { constants } from './constants.js';
+export { randomBytes, randomFill, randomFillSync, randomUUID, randomInt } from './browser/random.js';
+export { Hash, createHash, getHashes, hash } from './browser/hash.js';
+export { Hmac, createHmac } from './browser/hmac.js';
+export { pbkdf2, pbkdf2Sync, hkdf, hkdfSync, scrypt, scryptSync } from './browser/kdf.js';
+export { Cipher, Decipher, createCipher, createCipheriv, createDecipher, createDecipheriv, getCiphers, } from './browser/cipher.js';
+export { Sign, Verify, createSign, createVerify, sign, verify } from './browser/sign.js';
+export { createDiffieHellman, getDiffieHellman, DiffieHellman, DiffieHellmanGroup, createDiffieHellmanGroup, createECDH, getCurves, ecdsaSign, ecdsaVerify, publicEncrypt, privateDecrypt, privateEncrypt, publicDecrypt, rsaPssSign, rsaPssVerify, rsaOaepEncrypt, rsaOaepDecrypt, mgf1, KeyObject, createSecretKey, createPublicKey, createPrivateKey, generateKeyPair, generateKeyPairSync, generateKey, X509Certificate, } from './browser/stubs.js';
+export { timingSafeEqual } from './timing-safe-equal.js';
+import { randomBytes, randomFill, randomFillSync, randomUUID, randomInt } from './browser/random.js';
+import { Hash, createHash, getHashes, hash } from './browser/hash.js';
+import { Hmac, createHmac } from './browser/hmac.js';
+import { pbkdf2, pbkdf2Sync, hkdf, hkdfSync, scrypt, scryptSync } from './browser/kdf.js';
+import { Cipher, Decipher, createCipher, createCipheriv, createDecipher, createDecipheriv, getCiphers } from './browser/cipher.js';
+import { Sign, Verify, createSign, createVerify, sign, verify } from './browser/sign.js';
+import { createDiffieHellman, getDiffieHellman, DiffieHellman, DiffieHellmanGroup, createDiffieHellmanGroup, createECDH, getCurves, ecdsaSign, ecdsaVerify, publicEncrypt, privateDecrypt, privateEncrypt, publicDecrypt, rsaPssSign, rsaPssVerify, rsaOaepEncrypt, rsaOaepDecrypt, mgf1, KeyObject, createSecretKey, createPublicKey, createPrivateKey, generateKeyPair, generateKeyPairSync, generateKey, X509Certificate } from './browser/stubs.js';
+import { timingSafeEqual } from './timing-safe-equal.js';
+export type { Buffer };
+declare const _default: {
+    webcrypto: Crypto;
+    subtle: SubtleCrypto;
+    constants: {
+        readonly RSA_PKCS1_PADDING: 1;
+        readonly RSA_NO_PADDING: 3;
+        readonly RSA_PKCS1_OAEP_PADDING: 4;
+        readonly RSA_PKCS1_PSS_PADDING: 6;
+        readonly DH_CHECK_P_NOT_SAFE_PRIME: 2;
+        readonly DH_CHECK_P_NOT_PRIME: 1;
+        readonly DH_UNABLE_TO_CHECK_GENERATOR: 4;
+        readonly DH_NOT_SUITABLE_GENERATOR: 8;
+    };
+    randomBytes: typeof randomBytes;
+    randomFill: typeof randomFill;
+    randomFillSync: typeof randomFillSync;
+    randomUUID: typeof randomUUID;
+    randomInt: typeof randomInt;
+    Hash: typeof Hash;
+    createHash: typeof createHash;
+    getHashes: typeof getHashes;
+    hash: typeof hash;
+    Hmac: typeof Hmac;
+    createHmac: typeof createHmac;
+    pbkdf2: typeof pbkdf2;
+    pbkdf2Sync: typeof pbkdf2Sync;
+    hkdf: typeof hkdf;
+    hkdfSync: typeof hkdfSync;
+    scrypt: typeof scrypt;
+    scryptSync: typeof scryptSync;
+    Cipher: typeof Cipher;
+    Decipher: typeof Decipher;
+    createCipher: typeof createCipher;
+    createCipheriv: typeof createCipheriv;
+    createDecipher: typeof createDecipher;
+    createDecipheriv: typeof createDecipheriv;
+    getCiphers: typeof getCiphers;
+    Sign: typeof Sign;
+    Verify: typeof Verify;
+    createSign: typeof createSign;
+    createVerify: typeof createVerify;
+    sign: typeof sign;
+    verify: typeof verify;
+    createDiffieHellman: typeof createDiffieHellman;
+    getDiffieHellman: typeof getDiffieHellman;
+    DiffieHellman: typeof DiffieHellman;
+    DiffieHellmanGroup: typeof DiffieHellmanGroup;
+    createDiffieHellmanGroup: typeof createDiffieHellmanGroup;
+    createECDH: typeof createECDH;
+    getCurves: typeof getCurves;
+    ecdsaSign: typeof ecdsaSign;
+    ecdsaVerify: typeof ecdsaVerify;
+    publicEncrypt: typeof publicEncrypt;
+    privateDecrypt: typeof privateDecrypt;
+    privateEncrypt: typeof privateEncrypt;
+    publicDecrypt: typeof publicDecrypt;
+    rsaPssSign: typeof rsaPssSign;
+    rsaPssVerify: typeof rsaPssVerify;
+    rsaOaepEncrypt: typeof rsaOaepEncrypt;
+    rsaOaepDecrypt: typeof rsaOaepDecrypt;
+    mgf1: typeof mgf1;
+    KeyObject: typeof KeyObject;
+    createSecretKey: typeof createSecretKey;
+    createPublicKey: typeof createPublicKey;
+    createPrivateKey: typeof createPrivateKey;
+    generateKeyPair: typeof generateKeyPair;
+    generateKeyPairSync: typeof generateKeyPairSync;
+    generateKey: typeof generateKey;
+    X509Certificate: typeof X509Certificate;
+    timingSafeEqual: typeof timingSafeEqual;
+};
+export default _default;

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@gjsify/crypto",
-    "version": "0.4.35",
+    "version": "0.4.36",
     "description": "Node.js crypto module for Gjs",
     "type": "module",
     "module": "lib/esm/index.js",
@@ -9,6 +9,38 @@
         ".": {
             "types": "./lib/types/index.d.ts",
             "default": "./lib/esm/index.js"
+        },
+        "./browser": {
+            "types": "./lib/types/browser.d.ts",
+            "default": "./lib/esm/browser.js"
+        },
+        "./browser/hash": {
+            "types": "./lib/types/browser/hash.d.ts",
+            "default": "./lib/esm/browser/hash.js"
+        },
+        "./browser/hmac": {
+            "types": "./lib/types/browser/hmac.d.ts",
+            "default": "./lib/esm/browser/hmac.js"
+        },
+        "./browser/random": {
+            "types": "./lib/types/browser/random.d.ts",
+            "default": "./lib/esm/browser/random.js"
+        },
+        "./browser/kdf": {
+            "types": "./lib/types/browser/kdf.d.ts",
+            "default": "./lib/esm/browser/kdf.js"
+        },
+        "./browser/cipher": {
+            "types": "./lib/types/browser/cipher.d.ts",
+            "default": "./lib/esm/browser/cipher.js"
+        },
+        "./browser/sign": {
+            "types": "./lib/types/browser/sign.d.ts",
+            "default": "./lib/esm/browser/sign.js"
+        },
+        "./browser/stubs": {
+            "types": "./lib/types/browser/stubs.d.ts",
+            "default": "./lib/esm/browser/stubs.js"
         }
     },
     "files": [
@@ -33,23 +65,33 @@
         "crypto"
     ],
     "devDependencies": {
-        "@gjsify/cli": "^0.4.35",
-        "@gjsify/unit": "^0.4.35",
+        "@gjsify/cli": "^0.4.36",
+        "@gjsify/unit": "^0.4.36",
         "@types/diffie-hellman": "^5.0.3",
         "@types/node": "^25.9.1",
-        "typescript": "^6.0.3"
+        "typescript": "^5.9.3"
     },
     "dependencies": {
-        "@girs/glib-2.0": "2.88.0-4.0.1",
-        "@gjsify/buffer": "^0.4.35",
-        "@gjsify/stream": "^0.4.35",
-        "@gjsify/utils": "^0.4.35"
+        "@girs/glib-2.0": "2.88.0-4.0.4",
+        "@gjsify/buffer": "^0.4.36",
+        "@gjsify/stream": "^0.4.36",
+        "@gjsify/utils": "^0.4.36"
     },
     "gjsify": {
         "runtimes": {
             "gjs": "polyfill",
             "node": "none",
-            "browser": "none"
+            "browser": "partial"
         }
-    }
+    },
+    "license": "MIT",
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/gjsify/gjsify.git",
+        "directory": "packages/node/crypto"
+    },
+    "bugs": {
+        "url": "https://github.com/gjsify/gjsify/issues"
+    },
+    "homepage": "https://github.com/gjsify/gjsify/tree/main/packages/node/crypto#readme"
 }