@happyvertical/encryption 0.74.8

package/AGENT.md

@@ -0,0 +1,33 @@
+# @happyvertical/encryption
+
+<!-- BEGIN AGENT:GENERATED -->
+## Purpose
+Unified encryption and cryptography operations with adapter-based architecture
+
+## Package Map
+- Package: `@happyvertical/encryption`
+- Hierarchy path: `@happyvertical/sdk > packages > encryption`
+- Workspace position: `10 of 30` local packages
+- Internal dependencies: `@happyvertical/logger`, `@happyvertical/utils`
+- Internal dependents: none
+- Knowledge graph files: `AGENT.md`, `metadata.json`, `ecosystem-manifest.json`
+
+## Build & Test
+```bash
+pnpm --filter @happyvertical/encryption build
+pnpm --filter @happyvertical/encryption test
+pnpm --filter @happyvertical/encryption typecheck
+```
+
+## Agent Correction Loops
+- If module resolution or export errors mention a workspace dependency, build the dependency first (`pnpm --filter @happyvertical/logger build`, `pnpm --filter @happyvertical/utils build`) and then rerun `pnpm --filter @happyvertical/encryption build`.
+- If you hit type-only regressions, run `pnpm --filter @happyvertical/encryption typecheck` before rerunning the package build or tests to isolate the failing surface.
+- If failures span multiple packages or Turborepo ordering looks wrong, run `pnpm build` and `pnpm typecheck` from the repo root before retrying package-scoped commands.
+
+## Ecosystem Relationships
+- Provides: Unified encryption and cryptography operations with adapter-based architecture
+- Implements: none
+- Requires: @happyvertical/logger, @happyvertical/utils, @openpgp/web-stream-tools, openpgp, tweetnacl, tweetnacl-util
+- Stability: stable (Primary package surface is described as implemented and production-oriented.)
+<!-- END AGENT:GENERATED -->
+

package/LICENSE

@@ -0,0 +1,7 @@
+Copyright <2025> <Happy Vertical Corporation>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md

@@ -0,0 +1,478 @@
+# @happyvertical/encryption
+
+> Unified encryption and cryptography operations with adapter-based architecture supporting PGP, NaCl, and Node.js crypto.
+
+[![Tests](https://img.shields.io/badge/tests-209%20passing-brightgreen)](./test)
+[![License](https://img.shields.io/badge/license-MIT-blue.svg)](../../LICENSE)
+[![TypeScript](https://img.shields.io/badge/TypeScript-5.3+-blue.svg)](https://www.typescriptlang.org/)
+
+## Features
+
+- **🔐 Multiple Encryption Methods**: PGP/OpenPGP, NaCl/libsodium, Node.js crypto
+- **📝 Text, Files & Buffers**: Encrypt any data format with a unified API
+- **📧 Email Integration**: Specialized PGP/MIME email encryption
+- **🔑 Key Management**: Generate, import, export, and manage encryption keys
+- **✍️ Digital Signatures**: Sign and verify data with RSA, ECDSA, and EdDSA
+- **🎯 Type-Safe**: Full TypeScript support with comprehensive type definitions
+- **⚡ High Performance**: Fast NaCl encryption, efficient streaming for large files
+- **🧪 Well-Tested**: 209 tests covering all adapters and use cases
+
+## Installation
+
+```bash
+npm install @happyvertical/encryption
+# or
+pnpm add @happyvertical/encryption
+# or
+yarn add @happyvertical/encryption
+```
+
+## Claude Code Context
+
+Install Claude Code context files for AI-assisted development:
+
+```bash
+npx have-encryption-context
+```
+
+This copies the package's `AGENT.md` documentation and `metadata.json` metadata to your project's `.claude/` directory, enabling Claude to provide better assistance when working with this package.
+
+## Quick Start
+
+### PGP Encryption
+
+```typescript
+import { getEncryption } from '@happyvertical/encryption';
+
+// Create PGP encryption instance
+const pgp = await getEncryption({ type: 'pgp' });
+
+// Generate keypair
+const keypair = await pgp.generateKeyPair({
+  name: 'Alice',
+  email: 'alice@example.com',
+  passphrase: 'secure-passphrase',
+  type: 'rsa',
+  keySize: 4096
+});
+
+// Initialize with keys
+const encryption = await getEncryption({
+  type: 'pgp',
+  publicKey: keypair.publicKey,
+  privateKey: keypair.privateKey,
+  passphrase: 'secure-passphrase'
+});
+
+// Encrypt and decrypt text
+const encrypted = await encryption.encryptText('Secret message');
+const decrypted = await encryption.decryptText(encrypted);
+
+// Encrypt and decrypt files
+await encryption.encryptFile('document.pdf', 'document.pdf.pgp');
+await encryption.decryptFile('document.pdf.pgp', 'document.pdf');
+```
+
+### NaCl Encryption (Fast & Modern)
+
+```typescript
+import { getEncryption } from '@happyvertical/encryption';
+
+// Generate keypair
+const nacl = await getEncryption({ type: 'nacl' });
+const keypair = await nacl.generateKeyPair();
+
+// Symmetric encryption (secretbox)
+const encryption = await getEncryption({
+  type: 'nacl',
+  secretKey: keypair.secretKey
+});
+
+const encrypted = await encryption.encryptText('Secret message');
+const decrypted = await encryption.decryptText(encrypted);
+
+// Encrypt files (very fast!)
+await encryption.encryptFile('data.json', 'data.json.enc');
+await encryption.decryptFile('data.json.enc', 'data.json');
+```
+
+### Node.js Crypto (AES & RSA)
+
+```typescript
+import { getEncryption } from '@happyvertical/encryption';
+
+// AES-256-GCM encryption
+const aes = await getEncryption({
+  type: 'node',
+  algorithm: 'aes-256-gcm',
+  keyDerivation: {
+    password: 'user-password',
+    salt: 'unique-salt',
+    iterations: 100000
+  }
+});
+
+const encrypted = await aes.encryptText('Secret message');
+const decrypted = await aes.decryptText(encrypted);
+
+// RSA encryption
+const rsa = await getEncryption({
+  type: 'node',
+  algorithm: 'rsa-oaep'
+});
+
+const keypair = await rsa.generateKeyPair({
+  type: 'rsa',
+  keySize: 2048
+});
+
+const rsaEncryption = await getEncryption({
+  type: 'node',
+  algorithm: 'rsa-oaep',
+  publicKey: keypair.publicKey,
+  privateKey: keypair.privateKey
+});
+
+const encrypted = await rsaEncryption.encryptText('Small message');
+const decrypted = await rsaEncryption.decryptText(encrypted);
+```
+
+## Common Use Cases
+
+### Email Encryption (PGP/MIME)
+
+```typescript
+import { getEncryption } from '@happyvertical/encryption';
+
+const pgp = await getEncryption({
+  type: 'pgp',
+  publicKey: recipientPublicKey,
+  privateKey: myPrivateKey,
+  passphrase: 'my-passphrase'
+});
+
+// Encrypt email message
+const encryptedEmail = await pgp.encryptEmail({
+  from: { address: 'sender@example.com' },
+  to: [{ address: 'recipient@example.com' }],
+  subject: 'Confidential Information',
+  text: 'Secret message content',
+  attachments: [
+    { filename: 'document.pdf', content: pdfBuffer }
+  ]
+}, {
+  sign: true,
+  armor: true
+});
+
+// Send with your email provider
+// await mailbox.send(encryptedEmail);
+```
+
+### Database Field Encryption
+
+```typescript
+import { getEncryption } from '@happyvertical/encryption';
+
+const encryption = await getEncryption({
+  type: 'node',
+  algorithm: 'aes-256-gcm',
+  keyDerivation: {
+    password: process.env.DB_ENCRYPTION_PASSWORD,
+    salt: 'db-encryption-salt',
+    iterations: 100000
+  }
+});
+
+// Encrypt sensitive fields
+async function saveUser(user) {
+  const encryptedSSN = await encryption.encryptText(user.ssn);
+  const encryptedCreditCard = await encryption.encryptText(user.creditCard);
+
+  await db.insert('users', {
+    id: user.id,
+    name: user.name,  // Plain text
+    ssn: encryptedSSN,
+    credit_card: encryptedCreditCard
+  });
+}
+
+// Decrypt when retrieving
+async function getUser(id) {
+  const row = await db.selectOne('users', { where: { id } });
+
+  return {
+    id: row.id,
+    name: row.name,
+    ssn: await encryption.decryptText(row.ssn),
+    creditCard: await encryption.decryptText(row.credit_card)
+  };
+}
+```
+
+### File Backup Encryption
+
+```typescript
+import { getEncryption } from '@happyvertical/encryption';
+
+const encryption = await getEncryption({
+  type: 'nacl',
+  secretKey: backupSecretKey
+});
+
+// Encrypt backup files
+await encryption.encryptFile(
+  '/data/backup-2024-01.tar.gz',
+  '/encrypted-backups/backup-2024-01.tar.gz.enc'
+);
+
+// Decrypt when needed
+await encryption.decryptFile(
+  '/encrypted-backups/backup-2024-01.tar.gz.enc',
+  '/restored/backup-2024-01.tar.gz'
+);
+```
+
+### Digital Signatures
+
+```typescript
+import { getEncryption } from '@happyvertical/encryption';
+
+const pgp = await getEncryption({
+  type: 'pgp',
+  privateKey: myPrivateKey,
+  passphrase: 'my-passphrase'
+});
+
+// Sign message
+const message = 'Important announcement';
+const signature = await pgp.sign(message, {
+  detached: true,
+  armor: true
+});
+
+// Verify signature
+const valid = await pgp.verify(message, signature, {
+  publicKey: signerPublicKey
+});
+
+if (valid) {
+  console.log('✓ Signature verified - message is authentic');
+} else {
+  console.log('✗ Invalid signature - message may be tampered');
+}
+```
+
+## API Overview
+
+### Factory Function
+
+```typescript
+function getEncryption(options: GetEncryptionOptions): Promise<Encryption>
+```
+
+### Encryption Interface
+
+All adapters implement this unified interface:
+
+```typescript
+interface Encryption {
+  // Text operations
+  encryptText(text: string, options?: EncryptOptions): Promise<string>;
+  decryptText(encrypted: string, options?: DecryptOptions): Promise<string>;
+
+  // File operations
+  encryptFile(inputPath: string, outputPath: string, options?: EncryptOptions): Promise<void>;
+  decryptFile(inputPath: string, outputPath: string, options?: DecryptOptions): Promise<void>;
+
+  // Buffer operations
+  encryptBuffer(buffer: Buffer, options?: EncryptOptions): Promise<Buffer>;
+  decryptBuffer(buffer: Buffer, options?: DecryptOptions): Promise<Buffer>;
+
+  // Key management
+  generateKeyPair(options?: KeyPairOptions): Promise<KeyPair>;
+  importKey(key: string | Buffer, options?: ImportKeyOptions): Promise<Key>;
+  exportKey(key: Key, options?: ExportKeyOptions): Promise<string | Buffer>;
+
+  // Signing (optional)
+  sign?(data: string | Buffer, options?: SignOptions): Promise<string | Buffer>;
+  verify?(data: string | Buffer, signature: string | Buffer, options?: VerifyOptions): Promise<boolean>;
+
+  // Email operations (PGP only)
+  encryptEmail?(message: EmailMessage, options?: EncryptEmailOptions): Promise<EmailMessage>;
+  decryptEmail?(message: EmailMessage, options?: DecryptEmailOptions): Promise<DecryptedEmail>;
+
+  // Adapter info
+  getCapabilities(): Promise<EncryptionCapabilities>;
+  getAdapter(): AdapterType;
+}
+```
+
+## Adapter Comparison
+
+| Feature | PGP | NaCl | Node Crypto |
+|---------|-----|------|-------------|
+| **Text Encryption** | ✅ | ✅ | ✅ |
+| **File Encryption** | ✅ | ✅ | ✅ |
+| **Email Encryption** | ✅ | ❌ | ❌ |
+| **Digital Signatures** | ✅ | ✅ | ✅ |
+| **Multiple Recipients** | ✅ | ❌ | ❌ |
+| **Symmetric** | ❌ | ✅ | ✅ |
+| **Asymmetric** | ✅ | ✅ | ✅ |
+| **Speed** | Medium | Fast | Fast |
+| **Key Size** | Large | Small | Medium |
+| **Best For** | Email, compatibility | Performance, modern apps | Standard algorithms, built-in |
+
+### When to Use Each Adapter
+
+**PGP/OpenPGP** - Best for:
+- Email encryption (PGP/MIME standard)
+- Multi-recipient scenarios
+- Compatibility with existing PGP infrastructure
+- Long-term archival
+
+**NaCl/libsodium** - Best for:
+- High-performance applications
+- Modern cryptography
+- File encryption
+- API token encryption
+- Real-time data encryption
+
+**Node.js Crypto** - Best for:
+- Standard algorithms (AES, RSA)
+- No external dependencies needed
+- Password-based encryption (PBKDF2)
+- Enterprise requirements (FIPS compliance)
+
+## Security Considerations
+
+### Key Storage
+
+**❌ DO NOT:**
+- Store private keys in plain text
+- Commit keys to version control
+- Log keys or passphrases
+- Transmit keys over insecure channels
+
+**✅ DO:**
+- Use environment variables for keys
+- Encrypt private keys with strong passphrases
+- Use hardware security modules (HSMs) for production
+- Implement key rotation policies
+- Use key derivation for password-based encryption
+
+### Best Practices
+
+1. **Key Length**:
+   - RSA: Minimum 2048 bits (4096 recommended)
+   - AES: 256 bits
+   - ECC: curve25519 or P-384
+
+2. **Algorithms**:
+   - ✅ Prefer: AES-256-GCM, RSA-OAEP, ECDH, NaCl
+   - ❌ Avoid: DES, 3DES, MD5, SHA1
+
+3. **Key Derivation**:
+   - PBKDF2: Minimum 100,000 iterations
+   - Use unique salts per encryption
+   - Consider Argon2 for new applications
+
+4. **Encrypted Data Integrity**:
+   - Use authenticated encryption (GCM, Poly1305)
+   - Always verify signatures before trusting data
+   - Implement replay protection
+
+## Testing
+
+Run the test suite:
+
+```bash
+npm test
+```
+
+Run tests for a specific adapter:
+
+```bash
+npm test -- test/unit/pgp.test.ts
+npm test -- test/unit/nacl.test.ts
+npm test -- test/unit/node.test.ts
+```
+
+Run file operations tests:
+
+```bash
+npm test -- test/unit/file-operations.test.ts
+```
+
+## Performance Benchmarks
+
+Approximate performance for 100KB data:
+
+| Adapter | Encryption | Decryption | Key Generation |
+|---------|------------|------------|----------------|
+| **PGP (RSA 4096)** | ~200ms | ~100ms | ~3000ms |
+| **NaCl (secretbox)** | ~2ms | ~2ms | ~1ms |
+| **AES-256-GCM** | ~5ms | ~5ms | N/A |
+| **RSA-OAEP 2048** | ~50ms | ~100ms | ~500ms |
+
+*Benchmarks run on M1 MacBook Pro. Your results may vary.*
+
+## Documentation
+
+- **[AGENT.md](./AGENT.md)** - Comprehensive developer guide with detailed API reference, architecture, and implementation phases
+- **[API Types](./src/shared/types.ts)** - TypeScript type definitions
+- **[Error Handling](./src/shared/errors.ts)** - Custom error classes
+
+## Examples
+
+See the [test directory](./test) for comprehensive examples:
+
+- **[PGP Tests](./test/unit/pgp.test.ts)** - Text, file, signature examples
+- **[PGP Email Tests](./test/unit/pgp-email.test.ts)** - Email encryption examples
+- **[NaCl Tests](./test/unit/nacl.test.ts)** - Symmetric and asymmetric examples
+- **[Node Crypto Tests](./test/unit/node.test.ts)** - AES, RSA, ECDSA examples
+- **[File Operations Tests](./test/unit/file-operations.test.ts)** - File encryption for all adapters
+
+## Related Packages
+
+- **[@happyvertical/email](../email/)** - Email operations with encryption support
+- **[@happyvertical/files](../files/)** - File operations
+- **[@happyvertical/sql](../sql/)** - Database operations (can encrypt fields)
+
+## Contributing
+
+Contributions are welcome! Please see the root [CONTRIBUTING.md](../../CONTRIBUTING.md) for guidelines.
+
+### Development
+
+```bash
+# Install dependencies
+pnpm install
+
+# Run tests
+npm test
+
+# Run tests in watch mode
+npm test -- --watch
+
+# Build package
+npm run build
+
+# Lint and format
+npm run lint
+npm run format
+```
+
+## License
+
+MIT License - see [LICENSE](../../LICENSE) for details.
+
+## Support
+
+- **Issues**: [GitHub Issues](https://github.com/happyvertical/sdk/issues)
+- **Documentation**: [AGENT.md](./AGENT.md)
+- **Examples**: [test/unit/](./test/unit/)
+
+---
+
+**Built with ❤️ by HappyVertical**

package/dist/adapters/nacl.d.ts

@@ -0,0 +1,75 @@
+import { BaseEncryption } from '../shared/base.js';
+import { DecryptOptions, EncryptionCapabilities, EncryptOptions, ExportKeyOptions, ImportKeyOptions, Key, KeyPair, KeyPairOptions, NaClOptions, SignOptions, VerifyOptions } from '../shared/types.js';
+/**
+ * NaCl/TweetNaCl encryption adapter
+ *
+ * Provides fast, modern cryptography using the NaCl library.
+ * Supports both symmetric (secretbox) and asymmetric (box) encryption.
+ *
+ * @example
+ * ```typescript
+ * // Symmetric encryption
+ * const nacl = new NaClEncryption({
+ *   type: 'nacl',
+ *   secretKey: secretKey
+ * });
+ *
+ * const encrypted = await nacl.encryptText('Secret message');
+ * const decrypted = await nacl.decryptText(encrypted);
+ *
+ * // Asymmetric encryption
+ * const nacl = new NaClEncryption({
+ *   type: 'nacl',
+ *   publicKey: theirPublicKey,
+ *   secretKey: mySecretKey
+ * });
+ *
+ * const encrypted = await nacl.encryptText('Secret message', {
+ *   recipientPublicKey: theirPublicKey
+ * });
+ * const decrypted = await nacl.decryptText(encrypted);
+ * ```
+ */
+export declare class NaClEncryption extends BaseEncryption {
+    private options;
+    private secretKey?;
+    private publicKey?;
+    constructor(options: NaClOptions);
+    /**
+     * Initialize keys from options
+     */
+    private initializeKeys;
+    /**
+     * Parse key from various formats
+     */
+    private parseKey;
+    /**
+     * Format key for output
+     */
+    private formatKey;
+    encryptText(text: string, options?: EncryptOptions): Promise<string>;
+    decryptText(encrypted: string, options?: DecryptOptions): Promise<string>;
+    encryptBuffer(buffer: Buffer, options?: EncryptOptions): Promise<Buffer>;
+    decryptBuffer(buffer: Buffer, options?: DecryptOptions): Promise<Buffer>;
+    /**
+     * Symmetric encryption using secretbox
+     */
+    private encryptSymmetric;
+    /**
+     * Asymmetric encryption using box
+     */
+    private encryptAsymmetric;
+    generateKeyPair(options?: KeyPairOptions): Promise<KeyPair>;
+    importKey(key: string | Buffer, options?: ImportKeyOptions): Promise<Key>;
+    exportKey(key: Key, options?: ExportKeyOptions): Promise<string | Buffer>;
+    /**
+     * Sign data with signing key
+     */
+    sign(data: string | Buffer, options?: SignOptions): Promise<string | Buffer>;
+    /**
+     * Verify signature
+     */
+    verify(data: string | Buffer, signature: string | Buffer, options?: VerifyOptions): Promise<boolean>;
+    getCapabilities(): Promise<EncryptionCapabilities>;
+}
+//# sourceMappingURL=nacl.d.ts.map

package/dist/adapters/nacl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nacl.d.ts","sourceRoot":"","sources":["../../src/adapters/nacl.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAQnD,OAAO,KAAK,EACV,cAAc,EACd,sBAAsB,EACtB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,GAAG,EACH,OAAO,EACP,cAAc,EACd,WAAW,EACX,WAAW,EACX,aAAa,EACd,MAAM,oBAAoB,CAAC;AAE5B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,qBAAa,cAAe,SAAQ,cAAc;IAChD,OAAO,CAAC,OAAO,CAAc;IAC7B,OAAO,CAAC,SAAS,CAAC,CAAa;IAC/B,OAAO,CAAC,SAAS,CAAC,CAAa;gBAEnB,OAAO,EAAE,WAAW;IAMhC;;OAEG;IACH,OAAO,CAAC,cAAc;IA0BtB;;OAEG;IACH,OAAO,CAAC,QAAQ;IA2BhB;;OAEG;IACH,OAAO,CAAC,SAAS;IAgBX,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IAuBpE,WAAW,CACf,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,MAAM,CAAC;IA6DZ,aAAa,CACjB,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,MAAM,CAAC;IAyBZ,aAAa,CACjB,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,MAAM,CAAC;IA4DlB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAsBxB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAmDnB,eAAe,CAAC,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC;IA2C3D,SAAS,CACb,GAAG,EAAE,MAAM,GAAG,MAAM,EACpB,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,GAAG,CAAC;IA6CT,SAAS,CACb,GAAG,EAAE,GAAG,EACR,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;IA0C3B;;OAEG;IACG,IAAI,CACR,IAAI,EAAE,MAAM,GAAG,MAAM,EACrB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;IAiD3B;;OAEG;IACG,MAAM,CACV,IAAI,EAAE,MAAM,GAAG,MAAM,EACrB,SAAS,EAAE,MAAM,GAAG,MAAM,EAC1B,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,OAAO,CAAC;IAgEb,eAAe,IAAI,OAAO,CAAC,sBAAsB,CAAC;CAgBzD"}

package/dist/adapters/node.d.ts

@@ -0,0 +1,96 @@
+import { BaseEncryption } from '../shared/base.js';
+import { DecryptOptions, EncryptionCapabilities, EncryptOptions, ExportKeyOptions, ImportKeyOptions, Key, KeyPair, KeyPairOptions, NodeCryptoOptions, SignOptions, VerifyOptions } from '../shared/types.js';
+/**
+ * Node.js crypto adapter
+ *
+ * Uses Node.js built-in crypto module for standard encryption algorithms
+ * (AES, RSA, ECDH, ECDSA, etc.).
+ *
+ * @example
+ * ```typescript
+ * const crypto = new NodeCryptoEncryption({
+ *   type: 'node',
+ *   algorithm: 'aes-256-gcm',
+ *   key: encryptionKey
+ * });
+ *
+ * const encrypted = await crypto.encryptText('Secret message');
+ * const decrypted = await crypto.decryptText(encrypted);
+ * ```
+ */
+export declare class NodeCryptoEncryption extends BaseEncryption {
+    private options;
+    private key?;
+    private publicKey?;
+    private privateKey?;
+    constructor(options: NodeCryptoOptions);
+    /**
+     * Initialize keys from options
+     */
+    private initializeKeys;
+    /**
+     * Derive key from password using PBKDF2
+     */
+    private deriveKey;
+    /**
+     * Get key length for current algorithm
+     */
+    private getKeyLength;
+    /**
+     * Parse buffer from string or Buffer
+     */
+    private parseBuffer;
+    /**
+     * Import public key from PEM/DER
+     */
+    private importPublicKeyObject;
+    /**
+     * Import private key from PEM/DER
+     */
+    private importPrivateKeyObject;
+    /**
+     * Check if algorithm is symmetric (AES)
+     */
+    private isSymmetric;
+    /**
+     * Check if algorithm is RSA
+     */
+    private isRSA;
+    encryptText(text: string, options?: EncryptOptions): Promise<string>;
+    decryptText(encrypted: string, options?: DecryptOptions): Promise<string>;
+    encryptBuffer(buffer: Buffer, options?: EncryptOptions): Promise<Buffer>;
+    decryptBuffer(buffer: Buffer, options?: DecryptOptions): Promise<Buffer>;
+    /**
+     * Symmetric encryption (AES)
+     */
+    private encryptSymmetric;
+    /**
+     * Symmetric decryption (AES)
+     */
+    private decryptSymmetric;
+    /**
+     * Asymmetric encryption (RSA)
+     */
+    private encryptAsymmetric;
+    /**
+     * Asymmetric decryption (RSA)
+     */
+    private decryptAsymmetric;
+    /**
+     * Get RSA padding mode
+     */
+    private getRSAPadding;
+    generateKeyPair(options?: KeyPairOptions): Promise<KeyPair>;
+    importKey(key: string | Buffer, options?: ImportKeyOptions): Promise<Key>;
+    exportKey(key: Key, options?: ExportKeyOptions): Promise<string | Buffer>;
+    /**
+     * Sign data
+     */
+    sign(data: string | Buffer, options?: SignOptions): Promise<string | Buffer>;
+    /**
+     * Verify signature
+     */
+    verify(data: string | Buffer, signature: string | Buffer, options?: VerifyOptions): Promise<boolean>;
+    getCapabilities(): Promise<EncryptionCapabilities>;
+}
+//# sourceMappingURL=node.d.ts.map

package/dist/adapters/node.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"node.d.ts","sourceRoot":"","sources":["../../src/adapters/node.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAQnD,OAAO,KAAK,EACV,cAAc,EACd,sBAAsB,EACtB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,GAAG,EACH,OAAO,EACP,cAAc,EACd,iBAAiB,EACjB,WAAW,EACX,aAAa,EACd,MAAM,oBAAoB,CAAC;AAE5B;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,oBAAqB,SAAQ,cAAc;IACtD,OAAO,CAAC,OAAO,CAAoB;IACnC,OAAO,CAAC,GAAG,CAAC,CAAS;IACrB,OAAO,CAAC,SAAS,CAAC,CAAmB;IACrC,OAAO,CAAC,UAAU,CAAC,CAAmB;gBAE1B,OAAO,EAAE,iBAAiB;IAMtC;;OAEG;IACH,OAAO,CAAC,cAAc;IAqBtB;;OAEG;IACH,OAAO,CAAC,SAAS;IAmBjB;;OAEG;IACH,OAAO,CAAC,YAAY;IAQpB;;OAEG;IACH,OAAO,CAAC,WAAW;IAWnB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAY7B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAkB9B;;OAEG;IACH,OAAO,CAAC,WAAW;IAKnB;;OAEG;IACH,OAAO,CAAC,KAAK;IAKP,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IA0BpE,WAAW,CACf,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,MAAM,CAAC;IA4BZ,aAAa,CACjB,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,MAAM,CAAC;IA4BZ,aAAa,CACjB,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,MAAM,CAAC;IA4BlB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAwCxB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA4CxB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAmBzB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAqBzB;;OAEG;IACH,OAAO,CAAC,aAAa;IAWf,eAAe,CAAC,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC;IAwF3D,SAAS,CACb,GAAG,EAAE,MAAM,GAAG,MAAM,EACpB,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,GAAG,CAAC;IAoDT,SAAS,CACb,GAAG,EAAE,GAAG,EACR,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;IA2B3B;;OAEG;IACG,IAAI,CACR,IAAI,EAAE,MAAM,GAAG,MAAM,EACrB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;IAuC3B;;OAEG;IACG,MAAM,CACV,IAAI,EAAE,MAAM,GAAG,MAAM,EACrB,SAAS,EAAE,MAAM,GAAG,MAAM,EAC1B,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,OAAO,CAAC;IA8Bb,eAAe,IAAI,OAAO,CAAC,sBAAsB,CAAC;CAsCzD"}