@haneullabs/signers 0.1.0 → 1.0.2

package/dist/gcp/gcp-kms-client.d.mts

@@ -0,0 +1,70 @@
+import { PublicKey, Signer } from "@haneullabs/haneul/cryptography";
+import { KeyManagementServiceClient } from "@google-cloud/kms";
+
+//#region src/gcp/gcp-kms-client.d.ts
+/**
+ * Configuration options for initializing the GcpKmsSigner.
+ */
+interface GcpKmsSignerOptions {
+  /** The version name generated from `client.cryptoKeyVersionPath()` */
+  versionName: string;
+  /** Options for setting up the GCP KMS client */
+  client: KeyManagementServiceClient;
+  /** Public key */
+  publicKey: PublicKey;
+}
+/**
+ * GCP KMS Signer integrates GCP Key Management Service (KMS) with the Haneul blockchain
+ * to provide signing capabilities using GCP-managed cryptographic keys.
+ */
+declare class GcpKmsSigner extends Signer {
+  #private;
+  /**
+   * Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`
+   * or `fromVersionName` method to create an instance.
+   * For example:
+   * ```
+   * const signer = await GcpKmsSigner.fromVersionName(versionName);
+   * ```
+   * @throws Will throw an error if required GCP credentials are not provided.
+   */
+  constructor({
+    versionName,
+    client,
+    publicKey
+  }: GcpKmsSignerOptions);
+  /**
+   * Retrieves the key scheme used by this signer.
+   * @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.
+   */
+  getKeyScheme(): "ED25519" | "Secp256r1" | "Secp256k1" | "MultiSig" | "ZkLogin" | "Passkey";
+  /**
+   * Retrieves the public key associated with this signer.
+   * @returns The Secp256k1PublicKey instance.
+   * @throws Will throw an error if the public key has not been initialized.
+   */
+  getPublicKey(): PublicKey;
+  /**
+   * Signs the given data using GCP KMS.
+   * @param bytes - The data to be signed as a Uint8Array.
+   * @returns A promise that resolves to the signature as a Uint8Array.
+   * @throws Will throw an error if the public key is not initialized or if signing fails.
+   */
+  sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
+  /**
+   * Creates a GCP KMS signer from the provided options.
+   * Expects the credentials file to be set as an env variable
+   * (GOOGLE_APPLICATION_CREDENTIALS).
+   */
+  static fromOptions(options: {
+    projectId: string;
+    location: string;
+    keyRing: string;
+    cryptoKey: string;
+    cryptoKeyVersion: string;
+  }): Promise<GcpKmsSigner>;
+  static fromVersionName(versionName: string): Promise<GcpKmsSigner>;
+}
+//#endregion
+export { GcpKmsSigner, GcpKmsSignerOptions };
+//# sourceMappingURL=gcp-kms-client.d.mts.map

package/dist/gcp/gcp-kms-client.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gcp-kms-client.d.mts","names":[],"sources":["../../src/gcp/gcp-kms-client.ts"],"mappings":";;;;;AAcA;;UAAiB,mBAAA;EAMI;EAJpB,WAAA;EAEA;EAAA,MAAA,EAAQ,0BAAA;EAER;EAAA,SAAA,EAAW,SAAA;AAAA;;AAOZ;;;cAAa,YAAA,SAAqB,MAAA;EAAA;EAgBE;;;;;;;;;;IAArB,WAAA;IAAa,MAAA;IAAQ;EAAA,GAAa,mBAAA;EA0EA;;;;EA7DhD,YAAA,CAAA;;;;;;EASA,YAAA,CAAA,GAAY,SAAA;EAtBuB;;;;;;EAgC7B,IAAA,CAAK,KAAA,EAAO,UAAA,GAAa,OAAA,CAAQ,UAAA,CAAW,WAAA;EAAhC;;;;;EAAA,OAkBL,WAAA,CAAY,OAAA;IACxB,SAAA;IACA,QAAA;IACA,OAAA;IACA,SAAA;IACA,gBAAA;EAAA,IACA,OAAA,CAAA,YAAA;EAAA,OAkBY,eAAA,CAAgB,WAAA,WAAmB,OAAA,CAAA,YAAA;AAAA"}

package/dist/gcp/gcp-kms-client.mjs

@@ -0,0 +1,104 @@
+import { getConcatenatedSignature, publicKeyFromDER } from "../utils/utils.mjs";
+import { SIGNATURE_FLAG_TO_SCHEME, Signer } from "@haneullabs/haneul/cryptography";
+import { fromBase64 } from "@haneullabs/haneul/utils";
+import { Secp256k1PublicKey } from "@haneullabs/haneul/keypairs/secp256k1";
+import { Secp256r1PublicKey } from "@haneullabs/haneul/keypairs/secp256r1";
+import { KeyManagementServiceClient } from "@google-cloud/kms";
+
+//#region src/gcp/gcp-kms-client.ts
+/**
+* GCP KMS Signer integrates GCP Key Management Service (KMS) with the Haneul blockchain
+* to provide signing capabilities using GCP-managed cryptographic keys.
+*/
+var GcpKmsSigner = class GcpKmsSigner extends Signer {
+	#publicKey;
+	/** GCP KMS client instance */
+	#client;
+	/** GCP KMS version name (generated from `client.cryptoKeyVersionPath()`) */
+	#versionName;
+	/**
+	* Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`
+	* or `fromVersionName` method to create an instance.
+	* For example:
+	* ```
+	* const signer = await GcpKmsSigner.fromVersionName(versionName);
+	* ```
+	* @throws Will throw an error if required GCP credentials are not provided.
+	*/
+	constructor({ versionName, client, publicKey }) {
+		super();
+		if (!versionName) throw new Error("Version name is required");
+		this.#client = client;
+		this.#versionName = versionName;
+		this.#publicKey = publicKey;
+	}
+	/**
+	* Retrieves the key scheme used by this signer.
+	* @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.
+	*/
+	getKeyScheme() {
+		return SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag()];
+	}
+	/**
+	* Retrieves the public key associated with this signer.
+	* @returns The Secp256k1PublicKey instance.
+	* @throws Will throw an error if the public key has not been initialized.
+	*/
+	getPublicKey() {
+		return this.#publicKey;
+	}
+	/**
+	* Signs the given data using GCP KMS.
+	* @param bytes - The data to be signed as a Uint8Array.
+	* @returns A promise that resolves to the signature as a Uint8Array.
+	* @throws Will throw an error if the public key is not initialized or if signing fails.
+	*/
+	async sign(bytes) {
+		const [signResponse] = await this.#client.asymmetricSign({
+			name: this.#versionName,
+			data: bytes
+		});
+		if (!signResponse.signature) throw new Error("No signature returned from GCP KMS");
+		return getConcatenatedSignature(signResponse.signature, this.getKeyScheme());
+	}
+	/**
+	* Creates a GCP KMS signer from the provided options.
+	* Expects the credentials file to be set as an env variable
+	* (GOOGLE_APPLICATION_CREDENTIALS).
+	*/
+	static async fromOptions(options) {
+		const client = new KeyManagementServiceClient();
+		const versionName = client.cryptoKeyVersionPath(options.projectId, options.location, options.keyRing, options.cryptoKey, options.cryptoKeyVersion);
+		return new GcpKmsSigner({
+			versionName,
+			client,
+			publicKey: await getPublicKey(client, versionName)
+		});
+	}
+	static async fromVersionName(versionName) {
+		const client = new KeyManagementServiceClient();
+		return new GcpKmsSigner({
+			versionName,
+			client,
+			publicKey: await getPublicKey(client, versionName)
+		});
+	}
+};
+/**
+* Retrieves the public key associated with the given version name.
+*/
+async function getPublicKey(client, versionName) {
+	const [publicKey] = await client.getPublicKey({ name: versionName });
+	const { algorithm, pem } = publicKey;
+	if (!pem) throw new Error("No PEM key returned from GCP KMS");
+	const compressedKey = publicKeyFromDER(fromBase64(pem.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace(/\s/g, "")));
+	switch (algorithm) {
+		case "EC_SIGN_SECP256K1_SHA256": return new Secp256k1PublicKey(compressedKey);
+		case "EC_SIGN_P256_SHA256": return new Secp256r1PublicKey(compressedKey);
+		default: throw new Error(`Unsupported algorithm: ${algorithm}`);
+	}
+}
+
+//#endregion
+export { GcpKmsSigner };
+//# sourceMappingURL=gcp-kms-client.mjs.map

package/dist/gcp/gcp-kms-client.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"gcp-kms-client.mjs","names":["#client","#versionName","#publicKey"],"sources":["../../src/gcp/gcp-kms-client.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { KeyManagementServiceClient } from '@google-cloud/kms';\nimport type { PublicKey, SignatureFlag } from '@haneullabs/haneul/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@haneullabs/haneul/cryptography';\nimport { Secp256k1PublicKey } from '@haneullabs/haneul/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@haneullabs/haneul/keypairs/secp256r1';\nimport { fromBase64 } from '@haneullabs/haneul/utils';\n\nimport { getConcatenatedSignature, publicKeyFromDER } from '../utils/utils.js';\n\n/**\n * Configuration options for initializing the GcpKmsSigner.\n */\nexport interface GcpKmsSignerOptions {\n\t/** The version name generated from `client.cryptoKeyVersionPath()` */\n\tversionName: string;\n\t/** Options for setting up the GCP KMS client */\n\tclient: KeyManagementServiceClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * GCP KMS Signer integrates GCP Key Management Service (KMS) with the Haneul blockchain\n * to provide signing capabilities using GCP-managed cryptographic keys.\n */\nexport class GcpKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** GCP KMS client instance */\n\t#client: KeyManagementServiceClient;\n\t/** GCP KMS version name (generated from `client.cryptoKeyVersionPath()`) */\n\t#versionName: string;\n\n\t/**\n\t * Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`\n\t * or `fromVersionName` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await GcpKmsSigner.fromVersionName(versionName);\n\t * ```\n\t * @throws Will throw an error if required GCP credentials are not provided.\n\t */\n\tconstructor({ versionName, client, publicKey }: GcpKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!versionName) throw new Error('Version name is required');\n\n\t\tthis.#client = client;\n\t\tthis.#versionName = versionName;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using GCP KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst [signResponse] = await this.#client.asymmetricSign({\n\t\t\tname: this.#versionName,\n\t\t\tdata: bytes,\n\t\t});\n\n\t\tif (!signResponse.signature) {\n\t\t\tthrow new Error('No signature returned from GCP KMS');\n\t\t}\n\n\t\treturn getConcatenatedSignature(signResponse.signature as Uint8Array, this.getKeyScheme());\n\t}\n\n\t/**\n\t * Creates a GCP KMS signer from the provided options.\n\t * Expects the credentials file to be set as an env variable\n\t * (GOOGLE_APPLICATION_CREDENTIALS).\n\t */\n\tstatic async fromOptions(options: {\n\t\tprojectId: string;\n\t\tlocation: string;\n\t\tkeyRing: string;\n\t\tcryptoKey: string;\n\t\tcryptoKeyVersion: string;\n\t}) {\n\t\tconst client = new KeyManagementServiceClient();\n\n\t\tconst versionName = client.cryptoKeyVersionPath(\n\t\t\toptions.projectId,\n\t\t\toptions.location,\n\t\t\toptions.keyRing,\n\t\t\toptions.cryptoKey,\n\t\t\toptions.cryptoKeyVersion,\n\t\t);\n\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n\n\tstatic async fromVersionName(versionName: string) {\n\t\tconst client = new KeyManagementServiceClient();\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n}\n\n/**\n * Retrieves the public key associated with the given version name.\n */\nasync function getPublicKey(\n\tclient: KeyManagementServiceClient,\n\tversionName: string,\n): Promise<PublicKey> {\n\tconst [publicKey] = await client.getPublicKey({ name: versionName });\n\n\tconst { algorithm, pem } = publicKey;\n\n\tif (!pem) throw new Error('No PEM key returned from GCP KMS');\n\n\tconst base64 = pem\n\t\t.replace('-----BEGIN PUBLIC KEY-----', '')\n\t\t.replace('-----END PUBLIC KEY-----', '')\n\t\t.replace(/\\s/g, '');\n\n\tconst compressedKey = publicKeyFromDER(fromBase64(base64));\n\n\tswitch (algorithm) {\n\t\tcase 'EC_SIGN_SECP256K1_SHA256':\n\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\tcase 'EC_SIGN_P256_SHA256':\n\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported algorithm: ${algorithm}`);\n\t}\n}\n"],"mappings":";;;;;;;;;;;;AA2BA,IAAa,eAAb,MAAa,qBAAqB,OAAO;CACxC;;CAEA;;CAEA;;;;;;;;;;CAWA,YAAY,EAAE,aAAa,QAAQ,aAAkC;AACpE,SAAO;AACP,MAAI,CAAC,YAAa,OAAM,IAAI,MAAM,2BAA2B;AAE7D,QAAKA,SAAU;AACf,QAAKC,cAAe;AACpB,QAAKC,YAAa;;;;;;CAOnB,eAAe;AACd,SAAO,yBAAyB,MAAKA,UAAW,MAAM;;;;;;;CAQvD,eAAe;AACd,SAAO,MAAKA;;;;;;;;CASb,MAAM,KAAK,OAAqD;EAC/D,MAAM,CAAC,gBAAgB,MAAM,MAAKF,OAAQ,eAAe;GACxD,MAAM,MAAKC;GACX,MAAM;GACN,CAAC;AAEF,MAAI,CAAC,aAAa,UACjB,OAAM,IAAI,MAAM,qCAAqC;AAGtD,SAAO,yBAAyB,aAAa,WAAyB,KAAK,cAAc,CAAC;;;;;;;CAQ3F,aAAa,YAAY,SAMtB;EACF,MAAM,SAAS,IAAI,4BAA4B;EAE/C,MAAM,cAAc,OAAO,qBAC1B,QAAQ,WACR,QAAQ,UACR,QAAQ,SACR,QAAQ,WACR,QAAQ,iBACR;AAED,SAAO,IAAI,aAAa;GACvB;GACA;GACA,WAAW,MAAM,aAAa,QAAQ,YAAY;GAClD,CAAC;;CAGH,aAAa,gBAAgB,aAAqB;EACjD,MAAM,SAAS,IAAI,4BAA4B;AAC/C,SAAO,IAAI,aAAa;GACvB;GACA;GACA,WAAW,MAAM,aAAa,QAAQ,YAAY;GAClD,CAAC;;;;;;AAOJ,eAAe,aACd,QACA,aACqB;CACrB,MAAM,CAAC,aAAa,MAAM,OAAO,aAAa,EAAE,MAAM,aAAa,CAAC;CAEpE,MAAM,EAAE,WAAW,QAAQ;AAE3B,KAAI,CAAC,IAAK,OAAM,IAAI,MAAM,mCAAmC;CAO7D,MAAM,gBAAgB,iBAAiB,WALxB,IACb,QAAQ,8BAA8B,GAAG,CACzC,QAAQ,4BAA4B,GAAG,CACvC,QAAQ,OAAO,GAAG,CAEqC,CAAC;AAE1D,SAAQ,WAAR;EACC,KAAK,2BACJ,QAAO,IAAI,mBAAmB,cAAc;EAC7C,KAAK,sBACJ,QAAO,IAAI,mBAAmB,cAAc;EAC7C,QACC,OAAM,IAAI,MAAM,0BAA0B,YAAY"}

package/dist/gcp/index.d.mts

@@ -0,0 +1,2 @@
+import { GcpKmsSigner, GcpKmsSignerOptions } from "./gcp-kms-client.mjs";
+export { GcpKmsSigner, type GcpKmsSignerOptions };

package/dist/gcp/index.mjs

@@ -0,0 +1,3 @@
+import { GcpKmsSigner } from "./gcp-kms-client.mjs";
+
+export { GcpKmsSigner };

package/dist/ledger/index.d.mts

@@ -0,0 +1,73 @@
+import { getInputObjects } from "./objects.mjs";
+import { SignatureWithBytes, Signer } from "@haneullabs/haneul/cryptography";
+import { Ed25519PublicKey } from "@haneullabs/haneul/keypairs/ed25519";
+import HaneulLedgerClient, { Resolution } from "@haneullabs/ledgerjs-hw-app-haneul";
+import { ClientWithCoreApi } from "@haneullabs/haneul/client";
+
+//#region src/ledger/index.d.ts
+/**
+ * Configuration options for initializing the LedgerSigner.
+ */
+interface LedgerSignerOptions {
+  publicKey: Ed25519PublicKey;
+  derivationPath: string;
+  ledgerClient: HaneulLedgerClient;
+  haneulClient: ClientWithCoreApi;
+}
+/**
+ * Ledger integrates with the Haneul blockchain to provide signing capabilities using Ledger devices.
+ */
+declare class LedgerSigner extends Signer {
+  #private;
+  /**
+   * Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.
+   * @example
+   * ```
+   * const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);
+   * ```
+   */
+  constructor({
+    publicKey,
+    derivationPath,
+    ledgerClient,
+    haneulClient
+  }: LedgerSignerOptions);
+  /**
+   * Retrieves the key scheme used by this signer.
+   */
+  getKeyScheme(): "ED25519";
+  /**
+   * Retrieves the public key associated with this signer.
+   * @returns The Ed25519PublicKey instance.
+   */
+  getPublicKey(): Ed25519PublicKey;
+  /**
+   * Signs the provided transaction bytes.
+   * @returns The signed transaction bytes and signature.
+   */
+  signTransaction(bytes: Uint8Array, bcsObjects?: Uint8Array[], resolution?: Resolution): Promise<SignatureWithBytes>;
+  /**
+   * Signs the provided personal message.
+   * @returns The signed message bytes and signature.
+   */
+  signPersonalMessage(bytes: Uint8Array): Promise<SignatureWithBytes>;
+  /**
+   * Prepares the signer by fetching and setting the public key from a Ledger device.
+   * It is recommended to initialize an `LedgerSigner` instance using this function.
+   * @returns A promise that resolves once a `LedgerSigner` instance is prepared (public key is set).
+   */
+  static fromDerivationPath(derivationPath: string, ledgerClient: HaneulLedgerClient, haneulClient: ClientWithCoreApi): Promise<LedgerSigner>;
+  /**
+   * Generic signing is not supported by Ledger.
+   * @throws Always throws an error indicating generic signing is unsupported.
+   */
+  sign(): never;
+  /**
+   * Generic signing is not supported by Ledger.
+   * @throws Always throws an error indicating generic signing is unsupported.
+   */
+  signWithIntent(): never;
+}
+//#endregion
+export { LedgerSigner, LedgerSignerOptions, getInputObjects };
+//# sourceMappingURL=index.d.mts.map

package/dist/ledger/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/ledger/index.ts"],"mappings":";;;;;;;AAoBA;;;AAAA,UAAiB,mBAAA;EAChB,SAAA,EAAW,gBAAA;EACX,cAAA;EACA,YAAA,EAAc,kBAAA;EACd,YAAA,EAAc,iBAAA;AAAA;;;;cAMF,YAAA,SAAqB,MAAA;EAAA;EANnB;;;AAMf;;;;;IAae,SAAA;IAAW,cAAA;IAAgB,YAAA;IAAc;EAAA,GAAgB,mBAAA;EAA9B;;;EAWhC,YAAA,CAAA;EAiBD;;;;EATC,YAAA,CAAA,GAAY,gBAAA;EA0CqB;;;;EAlC3B,eAAA,CACd,KAAA,EAAO,UAAA,EACP,UAAA,GAAa,UAAA,IACb,UAAA,GAAa,UAAA,GACX,OAAA,CAAQ,kBAAA;EA0DqB;;;;EA5BjB,mBAAA,CAAoB,KAAA,EAAO,UAAA,GAAa,OAAA,CAAQ,kBAAA;EA1E9B;;;;;EAAA,OAmGpB,kBAAA,CACZ,cAAA,UACA,YAAA,EAAc,kBAAA,EACd,YAAA,EAAc,iBAAA,GAAiB,OAAA,CAAA,YAAA;EAzFP;;;;EA4GhB,IAAA,CAAA;EA5G8D;;;;EAoH9D,cAAA,CAAA;AAAA"}

package/dist/ledger/index.mjs

@@ -0,0 +1,110 @@
+import { getInputObjects } from "./objects.mjs";
+import { Signer, messageWithIntent, toSerializedSignature } from "@haneullabs/haneul/cryptography";
+import { toBase64 } from "@haneullabs/haneul/utils";
+import { Ed25519PublicKey } from "@haneullabs/haneul/keypairs/ed25519";
+import { Transaction } from "@haneullabs/haneul/transactions";
+import { bcs } from "@haneullabs/haneul/bcs";
+
+//#region src/ledger/index.ts
+/**
+* Ledger integrates with the Haneul blockchain to provide signing capabilities using Ledger devices.
+*/
+var LedgerSigner = class LedgerSigner extends Signer {
+	#derivationPath;
+	#publicKey;
+	#ledgerClient;
+	#haneulClient;
+	/**
+	* Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.
+	* @example
+	* ```
+	* const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);
+	* ```
+	*/
+	constructor({ publicKey, derivationPath, ledgerClient, haneulClient }) {
+		super();
+		this.#publicKey = publicKey;
+		this.#derivationPath = derivationPath;
+		this.#ledgerClient = ledgerClient;
+		this.#haneulClient = haneulClient;
+	}
+	/**
+	* Retrieves the key scheme used by this signer.
+	*/
+	getKeyScheme() {
+		return "ED25519";
+	}
+	/**
+	* Retrieves the public key associated with this signer.
+	* @returns The Ed25519PublicKey instance.
+	*/
+	getPublicKey() {
+		return this.#publicKey;
+	}
+	/**
+	* Signs the provided transaction bytes.
+	* @returns The signed transaction bytes and signature.
+	*/
+	async signTransaction(bytes, bcsObjects, resolution) {
+		const transactionOptions = bcsObjects ? { bcsObjects } : await getInputObjects(Transaction.from(bytes), this.#haneulClient).catch(() => ({ bcsObjects: [] }));
+		const intentMessage = messageWithIntent("TransactionData", bytes);
+		const { signature } = await this.#ledgerClient.signTransaction(this.#derivationPath, intentMessage, transactionOptions, resolution);
+		return {
+			bytes: toBase64(bytes),
+			signature: toSerializedSignature({
+				signature,
+				signatureScheme: this.getKeyScheme(),
+				publicKey: this.#publicKey
+			})
+		};
+	}
+	/**
+	* Signs the provided personal message.
+	* @returns The signed message bytes and signature.
+	*/
+	async signPersonalMessage(bytes) {
+		const intentMessage = messageWithIntent("PersonalMessage", bcs.byteVector().serialize(bytes).toBytes());
+		const { signature } = await this.#ledgerClient.signTransaction(this.#derivationPath, intentMessage);
+		return {
+			bytes: toBase64(bytes),
+			signature: toSerializedSignature({
+				signature,
+				signatureScheme: this.getKeyScheme(),
+				publicKey: this.#publicKey
+			})
+		};
+	}
+	/**
+	* Prepares the signer by fetching and setting the public key from a Ledger device.
+	* It is recommended to initialize an `LedgerSigner` instance using this function.
+	* @returns A promise that resolves once a `LedgerSigner` instance is prepared (public key is set).
+	*/
+	static async fromDerivationPath(derivationPath, ledgerClient, haneulClient) {
+		const { publicKey } = await ledgerClient.getPublicKey(derivationPath);
+		if (!publicKey) throw new Error("Failed to get public key from Ledger.");
+		return new LedgerSigner({
+			derivationPath,
+			publicKey: new Ed25519PublicKey(publicKey),
+			ledgerClient,
+			haneulClient
+		});
+	}
+	/**
+	* Generic signing is not supported by Ledger.
+	* @throws Always throws an error indicating generic signing is unsupported.
+	*/
+	sign() {
+		throw new Error("Ledger Signer does not support generic signing.");
+	}
+	/**
+	* Generic signing is not supported by Ledger.
+	* @throws Always throws an error indicating generic signing is unsupported.
+	*/
+	signWithIntent() {
+		throw new Error("Ledger Signer does not support generic signing.");
+	}
+};
+
+//#endregion
+export { LedgerSigner, getInputObjects };
+//# sourceMappingURL=index.mjs.map

package/dist/ledger/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":["#publicKey","#derivationPath","#ledgerClient","#haneulClient"],"sources":["../../src/ledger/index.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type HaneulLedgerClient from '@haneullabs/ledgerjs-hw-app-haneul';\nimport type { ClientWithCoreApi } from '@haneullabs/haneul/client';\nimport type { SignatureWithBytes } from '@haneullabs/haneul/cryptography';\nimport { messageWithIntent, Signer, toSerializedSignature } from '@haneullabs/haneul/cryptography';\nimport { Ed25519PublicKey } from '@haneullabs/haneul/keypairs/ed25519';\nimport { Transaction } from '@haneullabs/haneul/transactions';\nimport { toBase64 } from '@haneullabs/haneul/utils';\n\nimport { bcs } from '@haneullabs/haneul/bcs';\nimport { getInputObjects } from './objects.js';\nimport type { Resolution } from '@haneullabs/ledgerjs-hw-app-haneul';\n\nexport { getInputObjects } from './objects.js';\n\n/**\n * Configuration options for initializing the LedgerSigner.\n */\nexport interface LedgerSignerOptions {\n\tpublicKey: Ed25519PublicKey;\n\tderivationPath: string;\n\tledgerClient: HaneulLedgerClient;\n\thaneulClient: ClientWithCoreApi;\n}\n\n/**\n * Ledger integrates with the Haneul blockchain to provide signing capabilities using Ledger devices.\n */\nexport class LedgerSigner extends Signer {\n\t#derivationPath: string;\n\t#publicKey: Ed25519PublicKey;\n\t#ledgerClient: HaneulLedgerClient;\n\t#haneulClient: ClientWithCoreApi;\n\n\t/**\n\t * Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.\n\t * @example\n\t * ```\n\t * const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);\n\t * ```\n\t */\n\tconstructor({ publicKey, derivationPath, ledgerClient, haneulClient }: LedgerSignerOptions) {\n\t\tsuper();\n\t\tthis.#publicKey = publicKey;\n\t\tthis.#derivationPath = derivationPath;\n\t\tthis.#ledgerClient = ledgerClient;\n\t\tthis.#haneulClient = haneulClient;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t */\n\toverride getKeyScheme() {\n\t\treturn 'ED25519' as const;\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Ed25519PublicKey instance.\n\t */\n\toverride getPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the provided transaction bytes.\n\t * @returns The signed transaction bytes and signature.\n\t */\n\toverride async signTransaction(\n\t\tbytes: Uint8Array,\n\t\tbcsObjects?: Uint8Array[],\n\t\tresolution?: Resolution,\n\t): Promise<SignatureWithBytes> {\n\t\tconst transactionOptions = bcsObjects\n\t\t\t? { bcsObjects }\n\t\t\t: await getInputObjects(Transaction.from(bytes), this.#haneulClient).catch(() => ({\n\t\t\t\t\t// Fail gracefully so network errors or serialization issues don't break transaction signing:\n\t\t\t\t\tbcsObjects: [],\n\t\t\t\t}));\n\n\t\tconst intentMessage = messageWithIntent('TransactionData', bytes);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t\ttransactionOptions,\n\t\t\tresolution,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Signs the provided personal message.\n\t * @returns The signed message bytes and signature.\n\t */\n\toverride async signPersonalMessage(bytes: Uint8Array): Promise<SignatureWithBytes> {\n\t\tconst intentMessage = messageWithIntent(\n\t\t\t'PersonalMessage',\n\t\t\tbcs.byteVector().serialize(bytes).toBytes(),\n\t\t);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from a Ledger device.\n\t * It is recommended to initialize an `LedgerSigner` instance using this function.\n\t * @returns A promise that resolves once a `LedgerSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromDerivationPath(\n\t\tderivationPath: string,\n\t\tledgerClient: HaneulLedgerClient,\n\t\thaneulClient: ClientWithCoreApi,\n\t) {\n\t\tconst { publicKey } = await ledgerClient.getPublicKey(derivationPath);\n\t\tif (!publicKey) {\n\t\t\tthrow new Error('Failed to get public key from Ledger.');\n\t\t}\n\n\t\treturn new LedgerSigner({\n\t\t\tderivationPath,\n\t\t\tpublicKey: new Ed25519PublicKey(publicKey),\n\t\t\tledgerClient,\n\t\t\thaneulClient,\n\t\t});\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride sign(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride signWithIntent(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n}\n"],"mappings":";;;;;;;;;;;AA8BA,IAAa,eAAb,MAAa,qBAAqB,OAAO;CACxC;CACA;CACA;CACA;;;;;;;;CASA,YAAY,EAAE,WAAW,gBAAgB,cAAc,gBAAqC;AAC3F,SAAO;AACP,QAAKA,YAAa;AAClB,QAAKC,iBAAkB;AACvB,QAAKC,eAAgB;AACrB,QAAKC,eAAgB;;;;;CAMtB,AAAS,eAAe;AACvB,SAAO;;;;;;CAOR,AAAS,eAAe;AACvB,SAAO,MAAKH;;;;;;CAOb,MAAe,gBACd,OACA,YACA,YAC8B;EAC9B,MAAM,qBAAqB,aACxB,EAAE,YAAY,GACd,MAAM,gBAAgB,YAAY,KAAK,MAAM,EAAE,MAAKG,aAAc,CAAC,aAAa,EAEhF,YAAY,EAAE,EACd,EAAE;EAEL,MAAM,gBAAgB,kBAAkB,mBAAmB,MAAM;EACjE,MAAM,EAAE,cAAc,MAAM,MAAKD,aAAc,gBAC9C,MAAKD,gBACL,eACA,oBACA,WACA;AAED,SAAO;GACN,OAAO,SAAS,MAAM;GACtB,WAAW,sBAAsB;IAChC;IACA,iBAAiB,KAAK,cAAc;IACpC,WAAW,MAAKD;IAChB,CAAC;GACF;;;;;;CAOF,MAAe,oBAAoB,OAAgD;EAClF,MAAM,gBAAgB,kBACrB,mBACA,IAAI,YAAY,CAAC,UAAU,MAAM,CAAC,SAAS,CAC3C;EACD,MAAM,EAAE,cAAc,MAAM,MAAKE,aAAc,gBAC9C,MAAKD,gBACL,cACA;AAED,SAAO;GACN,OAAO,SAAS,MAAM;GACtB,WAAW,sBAAsB;IAChC;IACA,iBAAiB,KAAK,cAAc;IACpC,WAAW,MAAKD;IAChB,CAAC;GACF;;;;;;;CAQF,aAAa,mBACZ,gBACA,cACA,cACC;EACD,MAAM,EAAE,cAAc,MAAM,aAAa,aAAa,eAAe;AACrE,MAAI,CAAC,UACJ,OAAM,IAAI,MAAM,wCAAwC;AAGzD,SAAO,IAAI,aAAa;GACvB;GACA,WAAW,IAAI,iBAAiB,UAAU;GAC1C;GACA;GACA,CAAC;;;;;;CAOH,AAAS,OAAc;AACtB,QAAM,IAAI,MAAM,kDAAkD;;;;;;CAOnE,AAAS,iBAAwB;AAChC,QAAM,IAAI,MAAM,kDAAkD"}

package/dist/ledger/objects.d.mts

@@ -0,0 +1,10 @@
+import { Transaction } from "@haneullabs/haneul/transactions";
+import { ClientWithCoreApi } from "@haneullabs/haneul/client";
+
+//#region src/ledger/objects.d.ts
+declare const getInputObjects: (transaction: Transaction, client: ClientWithCoreApi) => Promise<{
+  bcsObjects: Uint8Array<ArrayBuffer>[];
+}>;
+//#endregion
+export { getInputObjects };
+//# sourceMappingURL=objects.d.mts.map

package/dist/ledger/objects.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"objects.d.mts","names":[],"sources":["../../src/ledger/objects.ts"],"mappings":";;;;cAMa,eAAA,GAAyB,WAAA,EAAa,WAAA,EAAa,MAAA,EAAQ,iBAAA,KAAiB,OAAA"}

package/dist/ledger/objects.mjs

@@ -0,0 +1,16 @@
+//#region src/ledger/objects.ts
+const getInputObjects = async (transaction, client) => {
+	const data = transaction.getData();
+	const gasObjectIds = data.gasData.payment?.map((object) => object.objectId) ?? [];
+	const inputObjectIds = data.inputs.map((input) => {
+		return input.$kind === "Object" && input.Object.$kind === "ImmOrOwnedObject" ? input.Object.ImmOrOwnedObject.objectId : null;
+	}).filter((objectId) => !!objectId);
+	return { bcsObjects: (await client.core.getObjects({
+		objectIds: [...gasObjectIds, ...inputObjectIds],
+		include: { objectBcs: true }
+	})).objects.filter((obj) => !(obj instanceof Error)).map((object) => object.objectBcs).filter((bytes) => !!bytes) };
+};
+
+//#endregion
+export { getInputObjects };
+//# sourceMappingURL=objects.mjs.map

package/dist/ledger/objects.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"objects.mjs","names":[],"sources":["../../src/ledger/objects.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { Transaction } from '@haneullabs/haneul/transactions';\nimport type { ClientWithCoreApi } from '@haneullabs/haneul/client';\n\nexport const getInputObjects = async (transaction: Transaction, client: ClientWithCoreApi) => {\n\tconst data = transaction.getData();\n\n\tconst gasObjectIds = data.gasData.payment?.map((object) => object.objectId) ?? [];\n\tconst inputObjectIds = data.inputs\n\t\t.map((input) => {\n\t\t\treturn input.$kind === 'Object' && input.Object.$kind === 'ImmOrOwnedObject'\n\t\t\t\t? input.Object.ImmOrOwnedObject.objectId\n\t\t\t\t: null;\n\t\t})\n\t\t.filter((objectId): objectId is string => !!objectId);\n\n\tconst response = await client.core.getObjects({\n\t\tobjectIds: [...gasObjectIds, ...inputObjectIds],\n\t\tinclude: {\n\t\t\tobjectBcs: true,\n\t\t},\n\t});\n\n\tconst bcsObjects = response.objects\n\t\t.filter((obj): obj is Exclude<typeof obj, Error> => !(obj instanceof Error))\n\t\t.map((object) => object.objectBcs)\n\t\t.filter((bytes): bytes is Uint8Array<ArrayBuffer> => !!bytes);\n\n\treturn { bcsObjects };\n};\n"],"mappings":";AAMA,MAAa,kBAAkB,OAAO,aAA0B,WAA8B;CAC7F,MAAM,OAAO,YAAY,SAAS;CAElC,MAAM,eAAe,KAAK,QAAQ,SAAS,KAAK,WAAW,OAAO,SAAS,IAAI,EAAE;CACjF,MAAM,iBAAiB,KAAK,OAC1B,KAAK,UAAU;AACf,SAAO,MAAM,UAAU,YAAY,MAAM,OAAO,UAAU,qBACvD,MAAM,OAAO,iBAAiB,WAC9B;GACF,CACD,QAAQ,aAAiC,CAAC,CAAC,SAAS;AActD,QAAO,EAAE,aAZQ,MAAM,OAAO,KAAK,WAAW;EAC7C,WAAW,CAAC,GAAG,cAAc,GAAG,eAAe;EAC/C,SAAS,EACR,WAAW,MACX;EACD,CAAC,EAE0B,QAC1B,QAAQ,QAA2C,EAAE,eAAe,OAAO,CAC3E,KAAK,WAAW,OAAO,UAAU,CACjC,QAAQ,UAA4C,CAAC,CAAC,MAAM,EAEzC"}

package/dist/utils/utils.mjs

@@ -0,0 +1,71 @@
+import { p256 } from "@noble/curves/nist.js";
+import { secp256k1 } from "@noble/curves/secp256k1.js";
+import { ASN1Construction, ASN1TagClass, DERElement } from "asn1-ts";
+
+//#region src/utils/utils.ts
+/** The total number of bits in the DER bit string for the uncompressed public key. */
+const DER_BIT_STRING_LENGTH = 520;
+/** The total number of bytes corresponding to the DER bit string length. */
+const DER_BYTES_LENGTH = DER_BIT_STRING_LENGTH / 8;
+/**
+* Converts an array of bits into a byte array.
+*
+* @param bitsArray - A `Uint8ClampedArray` representing the bits to convert.
+* @returns A `Uint8Array` containing the corresponding bytes.
+*
+* @throws {Error} If the input array does not have the expected length.
+*/
+function bitsToBytes(bitsArray) {
+	const bytes = new Uint8Array(DER_BYTES_LENGTH);
+	for (let i = 0; i < DER_BIT_STRING_LENGTH; i++) if (bitsArray[i] === 1) bytes[Math.floor(i / 8)] |= 1 << 7 - i % 8;
+	return bytes;
+}
+function publicKeyFromDER(derBytes) {
+	const encodedData = derBytes;
+	const derElement = new DERElement();
+	derElement.fromBytes(encodedData);
+	if (!(derElement.tagClass === ASN1TagClass.universal && derElement.construction === ASN1Construction.constructed)) throw new Error("Unexpected ASN.1 structure");
+	const publicKeyElement = derElement.components[1];
+	if (!publicKeyElement) throw new Error("Public Key not found in the DER structure");
+	return compressPublicKeyClamped(publicKeyElement.bitString);
+}
+function getConcatenatedSignature(signature, keyScheme) {
+	if (!signature || signature.length === 0) throw new Error("Invalid signature");
+	const derElement = new DERElement();
+	derElement.fromBytes(signature);
+	const [r, s] = derElement.toJSON();
+	switch (keyScheme) {
+		case "Secp256k1": {
+			const sig = new secp256k1.Signature(BigInt(r), BigInt(s));
+			return (sig.hasHighS() ? new secp256k1.Signature(sig.r, secp256k1.Point.Fn.neg(sig.s)) : sig).toBytes("compact");
+		}
+		case "Secp256r1": {
+			const sig = new p256.Signature(BigInt(r), BigInt(s));
+			return (sig.hasHighS() ? new p256.Signature(sig.r, p256.Point.Fn.neg(sig.s)) : sig).toBytes("compact");
+		}
+		default: throw new Error("Unsupported key scheme");
+	}
+}
+/**
+* Compresses an uncompressed public key into its compressed form.
+*
+* The uncompressed key must follow the DER bit string format as specified in [RFC 5480](https://datatracker.ietf.org/doc/html/rfc5480#section-2.2)
+* and [SEC 1: Elliptic Curve Cryptography](https://www.secg.org/sec1-v2.pdf).
+*
+* @param uncompressedKey - A `Uint8ClampedArray` representing the uncompressed public key bits.
+* @returns A `Uint8Array` containing the compressed public key.
+*
+* @throws {Error} If the uncompressed key has an unexpected length or does not start with the expected prefix.
+*/
+function compressPublicKeyClamped(uncompressedKey) {
+	if (uncompressedKey.length !== DER_BIT_STRING_LENGTH) throw new Error("Unexpected length for an uncompressed public key");
+	const uncompressedBytes = bitsToBytes(uncompressedKey);
+	if (uncompressedBytes[0] !== 4) throw new Error("Public key does not start with 0x04");
+	const xCoord = uncompressedBytes.slice(1, 33);
+	const parityByte = uncompressedBytes[64] % 2 === 0 ? 2 : 3;
+	return new Uint8Array([parityByte, ...xCoord]);
+}
+
+//#endregion
+export { getConcatenatedSignature, publicKeyFromDER };
+//# sourceMappingURL=utils.mjs.map

package/dist/utils/utils.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.mjs","names":["secp256r1"],"sources":["../../src/utils/utils.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { p256 as secp256r1 } from '@noble/curves/nist.js';\nimport { secp256k1 } from '@noble/curves/secp256k1.js';\nimport { ASN1Construction, ASN1TagClass, DERElement } from 'asn1-ts';\n\n/** The total number of bits in the DER bit string for the uncompressed public key. */\nexport const DER_BIT_STRING_LENGTH = 520;\n\n/** The total number of bytes corresponding to the DER bit string length. */\nexport const DER_BYTES_LENGTH = DER_BIT_STRING_LENGTH / 8;\n\n// Reference Specifications:\n// https://datatracker.ietf.org/doc/html/rfc5480#section-2.2\n// https://www.secg.org/sec1-v2.pdf\n\n/**\n * Converts an array of bits into a byte array.\n *\n * @param bitsArray - A `Uint8ClampedArray` representing the bits to convert.\n * @returns A `Uint8Array` containing the corresponding bytes.\n *\n * @throws {Error} If the input array does not have the expected length.\n */\nfunction bitsToBytes(bitsArray: Uint8ClampedArray): Uint8Array {\n\tconst bytes = new Uint8Array(DER_BYTES_LENGTH);\n\tfor (let i = 0; i < DER_BIT_STRING_LENGTH; i++) {\n\t\tif (bitsArray[i] === 1) {\n\t\t\tbytes[Math.floor(i / 8)] |= 1 << (7 - (i % 8));\n\t\t}\n\t}\n\treturn bytes;\n}\n\nexport function publicKeyFromDER(derBytes: Uint8Array) {\n\tconst encodedData: Uint8Array = derBytes;\n\tconst derElement = new DERElement();\n\tderElement.fromBytes(encodedData);\n\n\t// Validate the ASN.1 structure of the public key\n\tif (\n\t\t!(\n\t\t\tderElement.tagClass === ASN1TagClass.universal &&\n\t\t\tderElement.construction === ASN1Construction.constructed\n\t\t)\n\t) {\n\t\tthrow new Error('Unexpected ASN.1 structure');\n\t}\n\n\tconst components = derElement.components;\n\tconst publicKeyElement = components[1];\n\n\tif (!publicKeyElement) {\n\t\tthrow new Error('Public Key not found in the DER structure');\n\t}\n\n\treturn compressPublicKeyClamped(publicKeyElement.bitString);\n}\n\nexport function getConcatenatedSignature(signature: Uint8Array, keyScheme: string) {\n\tif (!signature || signature.length === 0) {\n\t\tthrow new Error('Invalid signature');\n\t}\n\n\t// Initialize a DERElement to parse the DER-encoded signature\n\tconst derElement = new DERElement();\n\tderElement.fromBytes(signature);\n\n\tconst [r, s] = derElement.toJSON() as [string, string];\n\n\tswitch (keyScheme) {\n\t\tcase 'Secp256k1': {\n\t\t\tconst sig = new secp256k1.Signature(BigInt(r), BigInt(s));\n\t\t\tconst normalized = sig.hasHighS()\n\t\t\t\t? new secp256k1.Signature(sig.r, secp256k1.Point.Fn.neg(sig.s))\n\t\t\t\t: sig;\n\n\t\t\treturn normalized.toBytes('compact') as Uint8Array<ArrayBuffer>;\n\t\t}\n\t\tcase 'Secp256r1': {\n\t\t\tconst sig = new secp256r1.Signature(BigInt(r), BigInt(s));\n\t\t\tconst normalized = sig.hasHighS()\n\t\t\t\t? new secp256r1.Signature(sig.r, secp256r1.Point.Fn.neg(sig.s))\n\t\t\t\t: sig;\n\n\t\t\treturn normalized.toBytes('compact') as Uint8Array<ArrayBuffer>;\n\t\t}\n\t\tdefault:\n\t\t\tthrow new Error('Unsupported key scheme');\n\t}\n}\n\n/**\n * Compresses an uncompressed public key into its compressed form.\n *\n * The uncompressed key must follow the DER bit string format as specified in [RFC 5480](https://datatracker.ietf.org/doc/html/rfc5480#section-2.2)\n * and [SEC 1: Elliptic Curve Cryptography](https://www.secg.org/sec1-v2.pdf).\n *\n * @param uncompressedKey - A `Uint8ClampedArray` representing the uncompressed public key bits.\n * @returns A `Uint8Array` containing the compressed public key.\n *\n * @throws {Error} If the uncompressed key has an unexpected length or does not start with the expected prefix.\n */\nexport function compressPublicKeyClamped(uncompressedKey: Uint8ClampedArray): Uint8Array {\n\tif (uncompressedKey.length !== DER_BIT_STRING_LENGTH) {\n\t\tthrow new Error('Unexpected length for an uncompressed public key');\n\t}\n\n\t// Convert bits to bytes\n\tconst uncompressedBytes = bitsToBytes(uncompressedKey);\n\n\t// Ensure the public key starts with the standard uncompressed prefix 0x04\n\tif (uncompressedBytes[0] !== 0x04) {\n\t\tthrow new Error('Public key does not start with 0x04');\n\t}\n\n\t// Extract X-Coordinate (skip the first byte, which is the prefix 0x04)\n\tconst xCoord = uncompressedBytes.slice(1, 33);\n\n\t// Determine parity byte for Y coordinate based on the last byte\n\tconst yCoordLastByte = uncompressedBytes[64];\n\tconst parityByte = yCoordLastByte % 2 === 0 ? 0x02 : 0x03;\n\n\t// Return the compressed public key consisting of the parity byte and X-coordinate\n\treturn new Uint8Array([parityByte, ...xCoord]);\n}\n"],"mappings":";;;;;;AAQA,MAAa,wBAAwB;;AAGrC,MAAa,mBAAmB,wBAAwB;;;;;;;;;AAcxD,SAAS,YAAY,WAA0C;CAC9D,MAAM,QAAQ,IAAI,WAAW,iBAAiB;AAC9C,MAAK,IAAI,IAAI,GAAG,IAAI,uBAAuB,IAC1C,KAAI,UAAU,OAAO,EACpB,OAAM,KAAK,MAAM,IAAI,EAAE,KAAK,KAAM,IAAK,IAAI;AAG7C,QAAO;;AAGR,SAAgB,iBAAiB,UAAsB;CACtD,MAAM,cAA0B;CAChC,MAAM,aAAa,IAAI,YAAY;AACnC,YAAW,UAAU,YAAY;AAGjC,KACC,EACC,WAAW,aAAa,aAAa,aACrC,WAAW,iBAAiB,iBAAiB,aAG9C,OAAM,IAAI,MAAM,6BAA6B;CAI9C,MAAM,mBADa,WAAW,WACM;AAEpC,KAAI,CAAC,iBACJ,OAAM,IAAI,MAAM,4CAA4C;AAG7D,QAAO,yBAAyB,iBAAiB,UAAU;;AAG5D,SAAgB,yBAAyB,WAAuB,WAAmB;AAClF,KAAI,CAAC,aAAa,UAAU,WAAW,EACtC,OAAM,IAAI,MAAM,oBAAoB;CAIrC,MAAM,aAAa,IAAI,YAAY;AACnC,YAAW,UAAU,UAAU;CAE/B,MAAM,CAAC,GAAG,KAAK,WAAW,QAAQ;AAElC,SAAQ,WAAR;EACC,KAAK,aAAa;GACjB,MAAM,MAAM,IAAI,UAAU,UAAU,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC;AAKzD,WAJmB,IAAI,UAAU,GAC9B,IAAI,UAAU,UAAU,IAAI,GAAG,UAAU,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC,GAC7D,KAEe,QAAQ,UAAU;;EAErC,KAAK,aAAa;GACjB,MAAM,MAAM,IAAIA,KAAU,UAAU,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC;AAKzD,WAJmB,IAAI,UAAU,GAC9B,IAAIA,KAAU,UAAU,IAAI,GAAGA,KAAU,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC,GAC7D,KAEe,QAAQ,UAAU;;EAErC,QACC,OAAM,IAAI,MAAM,yBAAyB;;;;;;;;;;;;;;AAe5C,SAAgB,yBAAyB,iBAAgD;AACxF,KAAI,gBAAgB,WAAW,sBAC9B,OAAM,IAAI,MAAM,mDAAmD;CAIpE,MAAM,oBAAoB,YAAY,gBAAgB;AAGtD,KAAI,kBAAkB,OAAO,EAC5B,OAAM,IAAI,MAAM,sCAAsC;CAIvD,MAAM,SAAS,kBAAkB,MAAM,GAAG,GAAG;CAI7C,MAAM,aADiB,kBAAkB,MACL,MAAM,IAAI,IAAO;AAGrD,QAAO,IAAI,WAAW,CAAC,YAAY,GAAG,OAAO,CAAC"}

package/dist/webcrypto/index.d.mts

@@ -0,0 +1,32 @@
+import { SignatureScheme, Signer } from "@haneullabs/haneul/cryptography";
+import { Secp256r1PublicKey } from "@haneullabs/haneul/keypairs/secp256r1";
+
+//#region src/webcrypto/index.d.ts
+interface ExportedWebCryptoKeypair {
+  privateKey: CryptoKey;
+  publicKey: Uint8Array<ArrayBuffer>;
+}
+declare class WebCryptoSigner extends Signer {
+  #private;
+  privateKey: CryptoKey;
+  static generate({
+    extractable
+  }?: {
+    extractable?: boolean;
+  }): Promise<WebCryptoSigner>;
+  /**
+   * Imports a keypair using the value returned by `export()`.
+   */
+  static import(data: ExportedWebCryptoKeypair): WebCryptoSigner;
+  getKeyScheme(): SignatureScheme;
+  constructor(privateKey: CryptoKey, publicKey: Uint8Array);
+  /**
+   * Exports the keypair so that it can be stored in IndexedDB.
+   */
+  export(): ExportedWebCryptoKeypair;
+  getPublicKey(): Secp256r1PublicKey;
+  sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
+}
+//#endregion
+export { ExportedWebCryptoKeypair, WebCryptoSigner };
+//# sourceMappingURL=index.d.mts.map

package/dist/webcrypto/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/webcrypto/index.ts"],"mappings":";;;;UAuBiB,wBAAA;EAChB,UAAA,EAAY,SAAA;EACZ,SAAA,EAAW,UAAA,CAAW,WAAA;AAAA;AAAA,cAGV,eAAA,SAAwB,MAAA;EAAA;EACpC,UAAA,EAAY,SAAA;EAAA,OAIC,QAAA,CAAA;IAAW;EAAA;IAAyB,WAAA;EAAA,IAA4B,OAAA,CAAA,eAAA;EATjE;;;EAAA,OA8BL,MAAA,CAAO,IAAA,EAAM,wBAAA,GAAwB,eAAA;EAI5C,YAAA,CAAA,GAAgB,eAAA;cAIJ,UAAA,EAAY,SAAA,EAAW,SAAA,EAAW,UAAA;EAlClC;;;EA2CZ,MAAA,CAAA,GAAU,wBAAA;EAkBV,YAAA,CAAA,GAAY,kBAAA;EAIN,IAAA,CAAK,KAAA,EAAO,UAAA,GAAa,OAAA,CAAQ,UAAA,CAAW,WAAA;AAAA"}

package/dist/webcrypto/index.mjs

@@ -0,0 +1,70 @@
+import { Signer } from "@haneullabs/haneul/cryptography";
+import { p256 } from "@noble/curves/nist.js";
+import { Secp256r1PublicKey } from "@haneullabs/haneul/keypairs/secp256r1";
+
+//#region src/webcrypto/index.ts
+function getCompressedPublicKey(publicKey) {
+	const rawBytes = new Uint8Array(publicKey);
+	const x = rawBytes.slice(1, 33);
+	const prefix = (rawBytes.slice(33, 65)[31] & 1) === 0 ? 2 : 3;
+	const compressed = new Uint8Array(Secp256r1PublicKey.SIZE);
+	compressed[0] = prefix;
+	compressed.set(x, 1);
+	return compressed;
+}
+var WebCryptoSigner = class WebCryptoSigner extends Signer {
+	#publicKey;
+	static async generate({ extractable = false } = {}) {
+		const keypair = await globalThis.crypto.subtle.generateKey({
+			name: "ECDSA",
+			namedCurve: "P-256"
+		}, extractable, ["sign", "verify"]);
+		const publicKey = await globalThis.crypto.subtle.exportKey("raw", keypair.publicKey);
+		return new WebCryptoSigner(keypair.privateKey, getCompressedPublicKey(new Uint8Array(publicKey)));
+	}
+	/**
+	* Imports a keypair using the value returned by `export()`.
+	*/
+	static import(data) {
+		return new WebCryptoSigner(data.privateKey, data.publicKey);
+	}
+	getKeyScheme() {
+		return "Secp256r1";
+	}
+	constructor(privateKey, publicKey) {
+		super();
+		this.privateKey = privateKey;
+		this.#publicKey = new Secp256r1PublicKey(publicKey);
+	}
+	/**
+	* Exports the keypair so that it can be stored in IndexedDB.
+	*/
+	export() {
+		const exportedKeypair = {
+			privateKey: this.privateKey,
+			publicKey: this.#publicKey.toRawBytes()
+		};
+		Object.defineProperty(exportedKeypair, "toJSON", {
+			enumerable: false,
+			value: () => {
+				throw new Error("The exported keypair must not be serialized. It must be stored in IndexedDB directly.");
+			}
+		});
+		return exportedKeypair;
+	}
+	getPublicKey() {
+		return this.#publicKey;
+	}
+	async sign(bytes) {
+		const rawSignature = await globalThis.crypto.subtle.sign({
+			name: "ECDSA",
+			hash: "SHA-256"
+		}, this.privateKey, bytes);
+		const signature = p256.Signature.fromBytes(new Uint8Array(rawSignature));
+		return (signature.hasHighS() ? new p256.Signature(signature.r, p256.Point.Fn.neg(signature.s)) : signature).toBytes("compact");
+	}
+};
+
+//#endregion
+export { WebCryptoSigner };
+//# sourceMappingURL=index.mjs.map

package/dist/webcrypto/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":["#publicKey","secp256r1"],"sources":["../../src/webcrypto/index.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { SignatureScheme } from '@haneullabs/haneul/cryptography';\nimport { Signer } from '@haneullabs/haneul/cryptography';\nimport { Secp256r1PublicKey } from '@haneullabs/haneul/keypairs/secp256r1';\nimport { p256 as secp256r1 } from '@noble/curves/nist.js';\n\n// Convert from uncompressed (65 bytes) to compressed (33 bytes) format\nfunction getCompressedPublicKey(publicKey: Uint8Array) {\n\tconst rawBytes = new Uint8Array(publicKey);\n\tconst x = rawBytes.slice(1, 33);\n\tconst y = rawBytes.slice(33, 65);\n\n\tconst prefix = (y[31] & 1) === 0 ? 0x02 : 0x03;\n\n\tconst compressed = new Uint8Array(Secp256r1PublicKey.SIZE);\n\tcompressed[0] = prefix;\n\tcompressed.set(x, 1);\n\n\treturn compressed;\n}\n\nexport interface ExportedWebCryptoKeypair {\n\tprivateKey: CryptoKey;\n\tpublicKey: Uint8Array<ArrayBuffer>;\n}\n\nexport class WebCryptoSigner extends Signer {\n\tprivateKey: CryptoKey;\n\n\t#publicKey: Secp256r1PublicKey;\n\n\tstatic async generate({ extractable = false }: { extractable?: boolean } = {}) {\n\t\tconst keypair = await globalThis.crypto.subtle.generateKey(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\tnamedCurve: 'P-256',\n\t\t\t},\n\t\t\textractable,\n\t\t\t['sign', 'verify'],\n\t\t);\n\n\t\tconst publicKey = await globalThis.crypto.subtle.exportKey('raw', keypair.publicKey);\n\n\t\treturn new WebCryptoSigner(\n\t\t\tkeypair.privateKey,\n\t\t\tgetCompressedPublicKey(new Uint8Array(publicKey)),\n\t\t);\n\t}\n\n\t/**\n\t * Imports a keypair using the value returned by `export()`.\n\t */\n\tstatic import(data: ExportedWebCryptoKeypair) {\n\t\treturn new WebCryptoSigner(data.privateKey, data.publicKey);\n\t}\n\n\tgetKeyScheme(): SignatureScheme {\n\t\treturn 'Secp256r1';\n\t}\n\n\tconstructor(privateKey: CryptoKey, publicKey: Uint8Array) {\n\t\tsuper();\n\t\tthis.privateKey = privateKey;\n\t\tthis.#publicKey = new Secp256r1PublicKey(publicKey);\n\t}\n\n\t/**\n\t * Exports the keypair so that it can be stored in IndexedDB.\n\t */\n\texport(): ExportedWebCryptoKeypair {\n\t\tconst exportedKeypair = {\n\t\t\tprivateKey: this.privateKey,\n\t\t\tpublicKey: this.#publicKey.toRawBytes(),\n\t\t};\n\n\t\tObject.defineProperty(exportedKeypair, 'toJSON', {\n\t\t\tenumerable: false,\n\t\t\tvalue: () => {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'The exported keypair must not be serialized. It must be stored in IndexedDB directly.',\n\t\t\t\t);\n\t\t\t},\n\t\t});\n\n\t\treturn exportedKeypair;\n\t}\n\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst rawSignature = await globalThis.crypto.subtle.sign(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\thash: 'SHA-256',\n\t\t\t},\n\t\t\tthis.privateKey,\n\t\t\tbytes as BufferSource,\n\t\t);\n\n\t\tconst signature = secp256r1.Signature.fromBytes(new Uint8Array(rawSignature));\n\t\tconst normalizedSig = signature.hasHighS()\n\t\t\t? new secp256r1.Signature(signature.r, secp256r1.Point.Fn.neg(signature.s))\n\t\t\t: signature;\n\n\t\treturn normalizedSig.toBytes('compact') as Uint8Array<ArrayBuffer>;\n\t}\n}\n"],"mappings":";;;;;AASA,SAAS,uBAAuB,WAAuB;CACtD,MAAM,WAAW,IAAI,WAAW,UAAU;CAC1C,MAAM,IAAI,SAAS,MAAM,GAAG,GAAG;CAG/B,MAAM,UAFI,SAAS,MAAM,IAAI,GAAG,CAEd,MAAM,OAAO,IAAI,IAAO;CAE1C,MAAM,aAAa,IAAI,WAAW,mBAAmB,KAAK;AAC1D,YAAW,KAAK;AAChB,YAAW,IAAI,GAAG,EAAE;AAEpB,QAAO;;AAQR,IAAa,kBAAb,MAAa,wBAAwB,OAAO;CAG3C;CAEA,aAAa,SAAS,EAAE,cAAc,UAAqC,EAAE,EAAE;EAC9E,MAAM,UAAU,MAAM,WAAW,OAAO,OAAO,YAC9C;GACC,MAAM;GACN,YAAY;GACZ,EACD,aACA,CAAC,QAAQ,SAAS,CAClB;EAED,MAAM,YAAY,MAAM,WAAW,OAAO,OAAO,UAAU,OAAO,QAAQ,UAAU;AAEpF,SAAO,IAAI,gBACV,QAAQ,YACR,uBAAuB,IAAI,WAAW,UAAU,CAAC,CACjD;;;;;CAMF,OAAO,OAAO,MAAgC;AAC7C,SAAO,IAAI,gBAAgB,KAAK,YAAY,KAAK,UAAU;;CAG5D,eAAgC;AAC/B,SAAO;;CAGR,YAAY,YAAuB,WAAuB;AACzD,SAAO;AACP,OAAK,aAAa;AAClB,QAAKA,YAAa,IAAI,mBAAmB,UAAU;;;;;CAMpD,SAAmC;EAClC,MAAM,kBAAkB;GACvB,YAAY,KAAK;GACjB,WAAW,MAAKA,UAAW,YAAY;GACvC;AAED,SAAO,eAAe,iBAAiB,UAAU;GAChD,YAAY;GACZ,aAAa;AACZ,UAAM,IAAI,MACT,wFACA;;GAEF,CAAC;AAEF,SAAO;;CAGR,eAAe;AACd,SAAO,MAAKA;;CAGb,MAAM,KAAK,OAAqD;EAC/D,MAAM,eAAe,MAAM,WAAW,OAAO,OAAO,KACnD;GACC,MAAM;GACN,MAAM;GACN,EACD,KAAK,YACL,MACA;EAED,MAAM,YAAYC,KAAU,UAAU,UAAU,IAAI,WAAW,aAAa,CAAC;AAK7E,UAJsB,UAAU,UAAU,GACvC,IAAIA,KAAU,UAAU,UAAU,GAAGA,KAAU,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC,GACzE,WAEkB,QAAQ,UAAU"}