@haven-chat-org/core 1.0.0

package/dist/crypto/index.js

@@ -0,0 +1,10 @@
+export { initSodium, getSodium, toBase64, fromBase64, randomBytes } from "./utils.js";
+export { encryptFile, decryptFile } from "./file.js";
+export { generateIdentityKeyPair, generateDHKeyPair, generateSignedPreKey, generateOneTimePreKeys, prepareRegistrationKeys, verifySignature, } from "./keys.js";
+export { x3dhInitiate, x3dhRespond } from "./x3dh.js";
+export { DoubleRatchetSession, serializeMessage, deserializeMessage, } from "./double-ratchet.js";
+export { GROUP_MSG_TYPE, generateSenderKey, createSkdmPayload, parseSkdmPayload, encryptSkdm, decryptSkdm, senderKeyEncrypt, senderKeyDecrypt, } from "./sender-keys.js";
+export { generateProfileKey, encryptProfile, decryptProfile, encryptProfileKeyFor, decryptProfileKey, encryptProfileToBase64, decryptProfileFromBase64, } from "./profile.js";
+export { encryptBackup, decryptBackup, deriveBackupKey, generateRecoveryKey, } from "./backup.js";
+export { generatePassphrase } from "./passphrase.js";
+//# sourceMappingURL=index.js.map

package/dist/crypto/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACtF,OAAO,EAAE,WAAW,EAAE,WAAW,EAAsB,MAAM,WAAW,CAAC;AACzE,OAAO,EAIL,uBAAuB,EACvB,iBAAiB,EACjB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,eAAe,GAChB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAmB,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACvE,OAAO,EACL,oBAAoB,EAIpB,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAIL,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,EAChB,WAAW,EACX,WAAW,EACX,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,sBAAsB,EACtB,wBAAwB,GACzB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,aAAa,EACb,aAAa,EACb,eAAe,EACf,mBAAmB,GAIpB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/crypto/keys.d.ts

@@ -0,0 +1,61 @@
+/** Ed25519 identity keypair — used for signing and converted to X25519 for DH. */
+export interface IdentityKeyPair {
+    publicKey: Uint8Array;
+    privateKey: Uint8Array;
+}
+/** X25519 keypair for Diffie-Hellman (prekeys, ephemeral keys). */
+export interface DHKeyPair {
+    publicKey: Uint8Array;
+    privateKey: Uint8Array;
+}
+/** Signed prekey with Ed25519 signature from identity key. */
+export interface SignedPreKey {
+    keyPair: DHKeyPair;
+    signature: Uint8Array;
+}
+/**
+ * Generate a new Ed25519 identity keypair.
+ * The identity key is used for:
+ *   - Signing the signed prekey (Ed25519)
+ *   - X3DH DH operations (converted to X25519)
+ */
+export declare function generateIdentityKeyPair(): IdentityKeyPair;
+/**
+ * Generate a new X25519 DH keypair (for prekeys and ephemeral keys).
+ */
+export declare function generateDHKeyPair(): DHKeyPair;
+/**
+ * Generate a signed prekey: a DH keypair signed with the identity key.
+ */
+export declare function generateSignedPreKey(identityKeyPair: IdentityKeyPair): SignedPreKey;
+/**
+ * Generate a batch of one-time prekeys (X25519 DH keypairs).
+ * Returns the keypairs — public keys get uploaded, private keys stored locally.
+ */
+export declare function generateOneTimePreKeys(count: number): DHKeyPair[];
+/**
+ * Convert an Ed25519 public key to an X25519 public key for DH.
+ */
+export declare function ed25519PkToX25519(edPk: Uint8Array): Uint8Array;
+/**
+ * Convert an Ed25519 secret key to an X25519 secret key for DH.
+ */
+export declare function ed25519SkToX25519(edSk: Uint8Array): Uint8Array;
+/**
+ * Perform X25519 Diffie-Hellman: shared_secret = DH(ourPrivate, theirPublic).
+ */
+export declare function dh(ourPrivateKey: Uint8Array, theirPublicKey: Uint8Array): Uint8Array;
+/**
+ * Verify an Ed25519 signature.
+ */
+export declare function verifySignature(signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array): boolean;
+/**
+ * Prepare the local key material for registration.
+ * Returns base64-encoded values ready for the register API.
+ */
+export declare function prepareRegistrationKeys(identityKeyPair: IdentityKeyPair, signedPreKey: SignedPreKey, oneTimePreKeys: DHKeyPair[]): {
+    identity_key: string;
+    signed_prekey: string;
+    signed_prekey_signature: string;
+    one_time_prekeys: string[];
+};

package/dist/crypto/keys.js

@@ -0,0 +1,79 @@
+import { getSodium, toBase64 } from "./utils.js";
+// ─── Key Generation ────────────────────────────────────
+/**
+ * Generate a new Ed25519 identity keypair.
+ * The identity key is used for:
+ *   - Signing the signed prekey (Ed25519)
+ *   - X3DH DH operations (converted to X25519)
+ */
+export function generateIdentityKeyPair() {
+    const kp = getSodium().crypto_sign_keypair();
+    return { publicKey: kp.publicKey, privateKey: kp.privateKey };
+}
+/**
+ * Generate a new X25519 DH keypair (for prekeys and ephemeral keys).
+ */
+export function generateDHKeyPair() {
+    const kp = getSodium().crypto_box_keypair();
+    return { publicKey: kp.publicKey, privateKey: kp.privateKey };
+}
+/**
+ * Generate a signed prekey: a DH keypair signed with the identity key.
+ */
+export function generateSignedPreKey(identityKeyPair) {
+    const keyPair = generateDHKeyPair();
+    const signature = getSodium().crypto_sign_detached(keyPair.publicKey, identityKeyPair.privateKey);
+    return { keyPair, signature };
+}
+/**
+ * Generate a batch of one-time prekeys (X25519 DH keypairs).
+ * Returns the keypairs — public keys get uploaded, private keys stored locally.
+ */
+export function generateOneTimePreKeys(count) {
+    return Array.from({ length: count }, () => generateDHKeyPair());
+}
+// ─── Key Conversion ────────────────────────────────────
+/**
+ * Convert an Ed25519 public key to an X25519 public key for DH.
+ */
+export function ed25519PkToX25519(edPk) {
+    return getSodium().crypto_sign_ed25519_pk_to_curve25519(edPk);
+}
+/**
+ * Convert an Ed25519 secret key to an X25519 secret key for DH.
+ */
+export function ed25519SkToX25519(edSk) {
+    return getSodium().crypto_sign_ed25519_sk_to_curve25519(edSk);
+}
+// ─── DH & Signatures ──────────────────────────────────
+/**
+ * Perform X25519 Diffie-Hellman: shared_secret = DH(ourPrivate, theirPublic).
+ */
+export function dh(ourPrivateKey, theirPublicKey) {
+    return getSodium().crypto_scalarmult(ourPrivateKey, theirPublicKey);
+}
+/**
+ * Verify an Ed25519 signature.
+ */
+export function verifySignature(signature, message, publicKey) {
+    try {
+        return getSodium().crypto_sign_verify_detached(signature, message, publicKey);
+    }
+    catch {
+        return false;
+    }
+}
+// ─── Serialization Helpers ─────────────────────────────
+/**
+ * Prepare the local key material for registration.
+ * Returns base64-encoded values ready for the register API.
+ */
+export function prepareRegistrationKeys(identityKeyPair, signedPreKey, oneTimePreKeys) {
+    return {
+        identity_key: toBase64(identityKeyPair.publicKey),
+        signed_prekey: toBase64(signedPreKey.keyPair.publicKey),
+        signed_prekey_signature: toBase64(signedPreKey.signature),
+        one_time_prekeys: oneTimePreKeys.map((kp) => toBase64(kp.publicKey)),
+    };
+}
+//# sourceMappingURL=keys.js.map

package/dist/crypto/keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keys.js","sourceRoot":"","sources":["../../src/crypto/keys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAsBjD,0DAA0D;AAE1D;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC,mBAAmB,EAAE,CAAC;IAC7C,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,CAAC,UAAU,EAAE,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC,kBAAkB,EAAE,CAAC;IAC5C,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,CAAC,UAAU,EAAE,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,eAAgC;IACnE,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;IACpC,MAAM,SAAS,GAAG,SAAS,EAAE,CAAC,oBAAoB,CAAC,OAAO,CAAC,SAAS,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC;IAClG,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,KAAa;IAClD,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,iBAAiB,EAAE,CAAC,CAAC;AAClE,CAAC;AAED,0DAA0D;AAE1D;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAgB;IAChD,OAAO,SAAS,EAAE,CAAC,oCAAoC,CAAC,IAAI,CAAC,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAgB;IAChD,OAAO,SAAS,EAAE,CAAC,oCAAoC,CAAC,IAAI,CAAC,CAAC;AAChE,CAAC;AAED,yDAAyD;AAEzD;;GAEG;AACH,MAAM,UAAU,EAAE,CAAC,aAAyB,EAAE,cAA0B;IACtE,OAAO,SAAS,EAAE,CAAC,iBAAiB,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;AACtE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,SAAqB,EACrB,OAAmB,EACnB,SAAqB;IAErB,IAAI,CAAC;QACH,OAAO,SAAS,EAAE,CAAC,2BAA2B,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IAChF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,0DAA0D;AAE1D;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CACrC,eAAgC,EAChC,YAA0B,EAC1B,cAA2B;IAE3B,OAAO;QACL,YAAY,EAAE,QAAQ,CAAC,eAAe,CAAC,SAAS,CAAC;QACjD,aAAa,EAAE,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC;QACvD,uBAAuB,EAAE,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC;QACzD,gBAAgB,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;KACrE,CAAC;AACJ,CAAC"}

package/dist/crypto/passphrase.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Passphrase generator using a curated wordlist and crypto.getRandomValues().
+ * Generates memorable passphrases like "correct-horse-battery-staple".
+ */
+/**
+ * Generate a random passphrase using cryptographic randomness.
+ * @param wordCount Number of words (default 6, ~60 bits of entropy)
+ * @returns Hyphen-separated passphrase, e.g. "correct-horse-battery-staple-anchor-brave"
+ */
+export declare function generatePassphrase(wordCount?: number): string;

package/dist/crypto/passphrase.js

@@ -0,0 +1,142 @@
+/**
+ * Passphrase generator using a curated wordlist and crypto.getRandomValues().
+ * Generates memorable passphrases like "correct-horse-battery-staple".
+ */
+// 1024-word curated list (10 bits of entropy per word)
+// 6 words → ~60 bits, 8 words → ~80 bits
+const WORDS = [
+    "abandon", "able", "about", "above", "absorb", "abstract", "absurd", "abuse",
+    "access", "acid", "across", "act", "action", "actual", "adapt", "add",
+    "addict", "address", "adjust", "admit", "adult", "advance", "advice", "afford",
+    "again", "age", "agent", "agree", "ahead", "aim", "air", "alarm",
+    "album", "alert", "alien", "all", "alley", "allow", "almost", "alone",
+    "alpha", "already", "also", "alter", "always", "amazing", "among", "amount",
+    "amuse", "anchor", "ancient", "angel", "anger", "angle", "animal", "ankle",
+    "announce", "annual", "another", "answer", "antenna", "antique", "anxiety", "any",
+    "apart", "apology", "appear", "apple", "approve", "april", "arch", "arctic",
+    "area", "arena", "armor", "army", "arrange", "arrest", "arrive", "arrow",
+    "art", "artist", "asthma", "atom", "attack", "attend", "attract", "auction",
+    "audit", "august", "aunt", "auto", "autumn", "average", "avocado", "avoid",
+    "awake", "aware", "axis", "baby", "bachelor", "bacon", "badge", "bag",
+    "balance", "balcony", "ball", "bamboo", "banana", "banner", "bar", "barely",
+    "barrel", "base", "basic", "basket", "battle", "beach", "bean", "beauty",
+    "become", "beef", "before", "begin", "behave", "behind", "believe", "bench",
+    "benefit", "best", "betray", "better", "between", "beyond", "bicycle", "bird",
+    "birth", "bitter", "blade", "blame", "blanket", "blast", "blaze", "bleak",
+    "bless", "blind", "blood", "blossom", "blue", "blur", "blush", "board",
+    "boat", "body", "bomb", "bone", "bonus", "book", "boost", "border",
+    "boring", "borrow", "boss", "bottom", "bounce", "bowl", "brave", "bread",
+    "breeze", "brick", "bridge", "brief", "bright", "bring", "brisk", "broken",
+    "bronze", "brother", "brown", "brush", "bubble", "buddy", "budget", "buffalo",
+    "build", "bulb", "bulk", "bullet", "bundle", "burger", "burst", "bus",
+    "butter", "buyer", "cabin", "cable", "cactus", "cage", "cake", "call",
+    "calm", "camera", "camp", "canal", "cancel", "candy", "canoe", "canvas",
+    "canyon", "capable", "capital", "captain", "carbon", "card", "cargo", "carpet",
+    "carry", "case", "cash", "castle", "casual", "catalog", "catch", "category",
+    "cattle", "caught", "cause", "caution", "cave", "ceiling", "celery", "cement",
+    "census", "century", "cereal", "certain", "chair", "chalk", "champion", "change",
+    "chaos", "chapter", "charge", "chase", "cheap", "check", "cheese", "cherry",
+    "chest", "chicken", "chief", "child", "chimney", "choice", "chunk", "cinema",
+    "circle", "citizen", "city", "civil", "claim", "clap", "clarify", "claw",
+    "clean", "clerk", "clever", "cliff", "climb", "clinic", "clip", "clock",
+    "close", "cloth", "cloud", "clown", "club", "cluster", "clutch", "coach",
+    "coast", "coconut", "code", "coffee", "coil", "coin", "collect", "color",
+    "column", "combine", "come", "comfort", "comic", "common", "company", "concert",
+    "conduct", "confirm", "connect", "consider", "control", "convince", "cook", "cool",
+    "copper", "copy", "coral", "core", "corn", "correct", "cost", "cotton",
+    "couch", "country", "couple", "course", "cousin", "cover", "craft", "crane",
+    "crash", "crater", "crawl", "crazy", "cream", "credit", "crew", "cricket",
+    "crime", "crisp", "cross", "crouch", "crowd", "crucial", "cruel", "cruise",
+    "crumble", "crush", "crystal", "cube", "culture", "cup", "cupboard", "curious",
+    "current", "curtain", "curve", "cushion", "custom", "cute", "cycle", "dad",
+    "damage", "dance", "danger", "daring", "dash", "daughter", "dawn", "day",
+    "deal", "debate", "debris", "decade", "december", "decide", "decline", "decorate",
+    "decrease", "deer", "defense", "define", "defy", "degree", "delay", "deliver",
+    "demand", "denial", "dentist", "deny", "depart", "depend", "deposit", "depth",
+    "deputy", "derive", "describe", "desert", "design", "desk", "despair", "destroy",
+    "detail", "detect", "develop", "device", "devote", "diamond", "diary", "diesel",
+    "differ", "digital", "dignity", "dilemma", "dinner", "dinosaur", "direct", "dirt",
+    "disagree", "discover", "disease", "dish", "dismiss", "disorder", "display", "distance",
+    "divert", "divide", "divorce", "dizzy", "doctor", "document", "dog", "dolphin",
+    "domain", "donate", "donkey", "donor", "door", "dose", "double", "dove",
+    "draft", "dragon", "drama", "drastic", "draw", "dream", "dress", "drift",
+    "drill", "drink", "drip", "drive", "drop", "drum", "dry", "duck",
+    "dumb", "dune", "during", "dust", "dutch", "duty", "dwarf", "dynamic",
+    "eager", "eagle", "early", "earn", "earth", "east", "easy", "echo",
+    "ecology", "economy", "edge", "edit", "educate", "effort", "eight", "either",
+    "elbow", "elder", "electric", "elegant", "element", "elephant", "elevator", "elite",
+    "else", "embark", "embody", "embrace", "emerge", "emotion", "employ", "empower",
+    "empty", "enable", "enact", "end", "endless", "endorse", "enemy", "energy",
+    "enforce", "engage", "engine", "enhance", "enjoy", "enlist", "enough", "enrich",
+    "enroll", "ensure", "enter", "entire", "entry", "envelope", "episode", "equal",
+    "equip", "era", "erase", "erode", "erosion", "error", "erupt", "escape",
+    "essay", "essence", "estate", "eternal", "ethics", "evidence", "evil", "evolve",
+    "exact", "example", "excess", "exchange", "excite", "exclude", "excuse", "execute",
+    "exercise", "exhaust", "exhibit", "exist", "exit", "exotic", "expand", "expect",
+    "expire", "explain", "expose", "express", "extend", "extra", "eye", "fabric",
+    "face", "faculty", "fade", "faint", "faith", "fall", "false", "family",
+    "famous", "fan", "fancy", "fantasy", "farm", "fashion", "fatal", "father",
+    "fatigue", "fault", "favorite", "feature", "february", "federal", "feel", "female",
+    "fence", "festival", "fetch", "fever", "few", "fiber", "fiction", "field",
+    "figure", "file", "film", "filter", "final", "find", "finger", "finish",
+    "fire", "firm", "fiscal", "fish", "fit", "fitness", "fix", "flag",
+    "flame", "flash", "flat", "flavor", "flee", "flight", "flip", "float",
+    "flock", "floor", "flower", "fluid", "flush", "fly", "foam", "focus",
+    "fog", "foil", "fold", "follow", "food", "foot", "force", "forest",
+    "forget", "fork", "fortune", "forum", "forward", "fossil", "foster", "found",
+    "fox", "fragile", "frame", "frequent", "fresh", "friend", "fringe", "frog",
+    "front", "frost", "frown", "frozen", "fruit", "fuel", "fun", "funny",
+    "furnace", "fury", "future", "gadget", "galaxy", "gallery", "game", "gap",
+    "garage", "garbage", "garden", "garlic", "garment", "gas", "gasp", "gate",
+    "gather", "gauge", "gaze", "general", "genius", "genre", "gentle", "genuine",
+    "gesture", "ghost", "giant", "gift", "giggle", "ginger", "giraffe", "glad",
+    "glance", "glare", "glass", "glide", "glimpse", "globe", "gloom", "glory",
+    "glove", "glow", "glue", "goat", "goddess", "gold", "good", "goose",
+    "gorilla", "gospel", "gossip", "govern", "gown", "grab", "grace", "grain",
+    "grant", "grape", "grass", "gravity", "great", "green", "grid", "grief",
+    "grit", "grocery", "group", "grow", "grunt", "guard", "guess", "guide",
+    "guilt", "guitar", "gun", "gym", "habit", "half", "hammer", "hamster",
+    "hand", "happy", "harbor", "hard", "harsh", "harvest", "hat", "have",
+    "hawk", "hazard", "head", "health", "heart", "heavy", "hedgehog", "height",
+    "hello", "help", "hen", "hero", "hidden", "high", "hill", "hint",
+    "hip", "hire", "history", "hobby", "hockey", "hold", "hole", "holiday",
+    "hollow", "home", "honey", "hood", "hope", "horn", "horror", "horse",
+    "hospital", "host", "hotel", "hour", "hover", "hub", "huge", "human",
+    "humble", "humor", "hundred", "hungry", "hunt", "hurdle", "hurry", "hurt",
+    "hybrid", "ice", "icon", "idea", "identify", "idle", "ignore", "image",
+    "immune", "impact", "impose", "improve", "impulse", "inch", "include", "income",
+    "increase", "index", "indicate", "indoor", "industry", "infant", "inflict", "inform",
+    "initial", "inner", "innocent", "input", "inquiry", "insane", "insect", "inside",
+    "inspire", "install", "intact", "interest", "into", "invest", "invite", "iron",
+    "island", "isolate", "issue", "item", "ivory", "jacket", "jaguar", "jazz",
+    "jealous", "jeans", "jelly", "jewel", "job", "join", "joke", "journey",
+    "joy", "judge", "juice", "jump", "jungle", "junior", "junk", "just",
+    "kangaroo", "keen", "keep", "kettle", "key", "kick", "kid", "kidney",
+    "kind", "kingdom", "kiss", "kit", "kitchen", "kite", "kitten", "kiwi",
+    "knee", "knife", "knock", "know", "label", "labor", "ladder", "lady",
+    "lake", "lamp", "language", "laptop", "large", "later", "latin", "laugh",
+    "laundry", "lava", "law", "lawn", "lawsuit", "layer", "lazy", "leader",
+    "leaf", "learn", "leave", "lecture", "left", "legal", "legend", "leisure",
+    "lemon", "length", "lens", "leopard", "lesson", "letter", "level", "liberty",
+    "library", "license", "life", "lift", "light", "like", "limb", "limit",
+    "link", "lion", "liquid", "list", "little", "live", "lizard", "load",
+    "loan", "lobster", "local", "lock", "logic", "lonely", "long", "loop",
+    "lottery", "loud", "lounge", "love", "loyal", "lucky", "lumber", "lunar",
+    "lunch", "luxury", "lyrics", "machine", "mad", "magic", "magnet", "maid",
+    "mail", "main", "major", "make", "mammal", "manage", "mandate", "mango",
+];
+/**
+ * Generate a random passphrase using cryptographic randomness.
+ * @param wordCount Number of words (default 6, ~60 bits of entropy)
+ * @returns Hyphen-separated passphrase, e.g. "correct-horse-battery-staple-anchor-brave"
+ */
+export function generatePassphrase(wordCount = 6) {
+    const indices = new Uint32Array(wordCount);
+    crypto.getRandomValues(indices);
+    const words = [];
+    for (let i = 0; i < wordCount; i++) {
+        words.push(WORDS[indices[i] % WORDS.length]);
+    }
+    return words.join("-").toUpperCase();
+}
+//# sourceMappingURL=passphrase.js.map

package/dist/crypto/passphrase.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"passphrase.js","sourceRoot":"","sources":["../../src/crypto/passphrase.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,uDAAuD;AACvD,yCAAyC;AACzC,MAAM,KAAK,GAAG;IACZ,SAAS,EAAC,MAAM,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,UAAU,EAAC,QAAQ,EAAC,OAAO;IACrE,QAAQ,EAAC,MAAM,EAAC,QAAQ,EAAC,KAAK,EAAC,QAAQ,EAAC,QAAQ,EAAC,OAAO,EAAC,KAAK;IAC9D,QAAQ,EAAC,SAAS,EAAC,QAAQ,EAAC,OAAO,EAAC,OAAO,EAAC,SAAS,EAAC,QAAQ,EAAC,QAAQ;IACvE,OAAO,EAAC,KAAK,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,KAAK,EAAC,KAAK,EAAC,OAAO;IACzD,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,KAAK,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,OAAO;IAC9D,OAAO,EAAC,SAAS,EAAC,MAAM,EAAC,OAAO,EAAC,QAAQ,EAAC,SAAS,EAAC,OAAO,EAAC,QAAQ;IACpE,OAAO,EAAC,QAAQ,EAAC,SAAS,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,OAAO;IACnE,UAAU,EAAC,QAAQ,EAAC,SAAS,EAAC,QAAQ,EAAC,SAAS,EAAC,SAAS,EAAC,SAAS,EAAC,KAAK;IAC1E,OAAO,EAAC,SAAS,EAAC,QAAQ,EAAC,OAAO,EAAC,SAAS,EAAC,OAAO,EAAC,MAAM,EAAC,QAAQ;IACpE,MAAM,EAAC,OAAO,EAAC,OAAO,EAAC,MAAM,EAAC,SAAS,EAAC,QAAQ,EAAC,QAAQ,EAAC,OAAO;IACjE,KAAK,EAAC,QAAQ,EAAC,QAAQ,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,SAAS;IACpE,OAAO,EAAC,QAAQ,EAAC,MAAM,EAAC,MAAM,EAAC,QAAQ,EAAC,SAAS,EAAC,SAAS,EAAC,OAAO;IACnE,OAAO,EAAC,OAAO,EAAC,MAAM,EAAC,MAAM,EAAC,UAAU,EAAC,OAAO,EAAC,OAAO,EAAC,KAAK;IAC9D,SAAS,EAAC,SAAS,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,QAAQ,EAAC,KAAK,EAAC,QAAQ;IACpE,QAAQ,EAAC,MAAM,EAAC,OAAO,EAAC,QAAQ,EAAC,QAAQ,EAAC,OAAO,EAAC,MAAM,EAAC,QAAQ;IACjE,QAAQ,EAAC,MAAM,EAAC,QAAQ,EAAC,OAAO,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,OAAO;IACpE,SAAS,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,QAAQ,EAAC,SAAS,EAAC,MAAM;IACtE,OAAO,EAAC,QAAQ,EAAC,OAAO,EAAC,OAAO,EAAC,SAAS,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO;IAClE,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,SAAS,EAAC,MAAM,EAAC,MAAM,EAAC,OAAO,EAAC,OAAO;IAC/D,MAAM,EAAC,MAAM,EAAC,MAAM,EAAC,MAAM,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO,EAAC,QAAQ;IAC3D,QAAQ,EAAC,QAAQ,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,MAAM,EAAC,OAAO,EAAC,OAAO;IACjE,QAAQ,EAAC,OAAO,EAAC,QAAQ,EAAC,OAAO,EAAC,QAAQ,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ;IACnE,QAAQ,EAAC,SAAS,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,OAAO,EAAC,QAAQ,EAAC,SAAS;IACtE,OAAO,EAAC,MAAM,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,QAAQ,EAAC,OAAO,EAAC,KAAK;IAC9D,QAAQ,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,MAAM,EAAC,MAAM,EAAC,MAAM;IAC9D,MAAM,EAAC,QAAQ,EAAC,MAAM,EAAC,OAAO,EAAC,QAAQ,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ;IAChE,QAAQ,EAAC,SAAS,EAAC,SAAS,EAAC,SAAS,EAAC,QAAQ,EAAC,MAAM,EAAC,OAAO,EAAC,QAAQ;IACvE,OAAO,EAAC,MAAM,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,OAAO,EAAC,UAAU;IACpE,QAAQ,EAAC,QAAQ,EAAC,OAAO,EAAC,SAAS,EAAC,MAAM,EAAC,SAAS,EAAC,QAAQ,EAAC,QAAQ;IACtE,QAAQ,EAAC,SAAS,EAAC,QAAQ,EAAC,SAAS,EAAC,OAAO,EAAC,OAAO,EAAC,UAAU,EAAC,QAAQ;IACzE,OAAO,EAAC,SAAS,EAAC,QAAQ,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,QAAQ;IACpE,OAAO,EAAC,SAAS,EAAC,OAAO,EAAC,OAAO,EAAC,SAAS,EAAC,QAAQ,EAAC,OAAO,EAAC,QAAQ;IACrE,QAAQ,EAAC,SAAS,EAAC,MAAM,EAAC,OAAO,EAAC,OAAO,EAAC,MAAM,EAAC,SAAS,EAAC,MAAM;IACjE,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,MAAM,EAAC,OAAO;IAChE,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,MAAM,EAAC,SAAS,EAAC,QAAQ,EAAC,OAAO;IACjE,OAAO,EAAC,SAAS,EAAC,MAAM,EAAC,QAAQ,EAAC,MAAM,EAAC,MAAM,EAAC,SAAS,EAAC,OAAO;IACjE,QAAQ,EAAC,SAAS,EAAC,MAAM,EAAC,SAAS,EAAC,OAAO,EAAC,QAAQ,EAAC,SAAS,EAAC,SAAS;IACxE,SAAS,EAAC,SAAS,EAAC,SAAS,EAAC,UAAU,EAAC,SAAS,EAAC,UAAU,EAAC,MAAM,EAAC,MAAM;IAC3E,QAAQ,EAAC,MAAM,EAAC,OAAO,EAAC,MAAM,EAAC,MAAM,EAAC,SAAS,EAAC,MAAM,EAAC,QAAQ;IAC/D,OAAO,EAAC,SAAS,EAAC,QAAQ,EAAC,QAAQ,EAAC,QAAQ,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO;IACpE,OAAO,EAAC,QAAQ,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,MAAM,EAAC,SAAS;IAClE,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,OAAO,EAAC,SAAS,EAAC,OAAO,EAAC,QAAQ;IACnE,SAAS,EAAC,OAAO,EAAC,SAAS,EAAC,MAAM,EAAC,SAAS,EAAC,KAAK,EAAC,UAAU,EAAC,SAAS;IACvE,SAAS,EAAC,SAAS,EAAC,OAAO,EAAC,SAAS,EAAC,QAAQ,EAAC,MAAM,EAAC,OAAO,EAAC,KAAK;IACnE,QAAQ,EAAC,OAAO,EAAC,QAAQ,EAAC,QAAQ,EAAC,MAAM,EAAC,UAAU,EAAC,MAAM,EAAC,KAAK;IACjE,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,QAAQ,EAAC,UAAU,EAAC,QAAQ,EAAC,SAAS,EAAC,UAAU;IAC1E,UAAU,EAAC,MAAM,EAAC,SAAS,EAAC,QAAQ,EAAC,MAAM,EAAC,QAAQ,EAAC,OAAO,EAAC,SAAS;IACtE,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,OAAO;IACtE,QAAQ,EAAC,QAAQ,EAAC,UAAU,EAAC,QAAQ,EAAC,QAAQ,EAAC,MAAM,EAAC,SAAS,EAAC,SAAS;IACzE,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,OAAO,EAAC,QAAQ;IACxE,QAAQ,EAAC,SAAS,EAAC,SAAS,EAAC,SAAS,EAAC,QAAQ,EAAC,UAAU,EAAC,QAAQ,EAAC,MAAM;IAC1E,UAAU,EAAC,UAAU,EAAC,SAAS,EAAC,MAAM,EAAC,SAAS,EAAC,UAAU,EAAC,SAAS,EAAC,UAAU;IAChF,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,OAAO,EAAC,QAAQ,EAAC,UAAU,EAAC,KAAK,EAAC,SAAS;IACvE,QAAQ,EAAC,QAAQ,EAAC,QAAQ,EAAC,OAAO,EAAC,MAAM,EAAC,MAAM,EAAC,QAAQ,EAAC,MAAM;IAChE,OAAO,EAAC,QAAQ,EAAC,OAAO,EAAC,SAAS,EAAC,MAAM,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO;IACjE,OAAO,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO,EAAC,MAAM,EAAC,MAAM,EAAC,KAAK,EAAC,MAAM;IACzD,MAAM,EAAC,MAAM,EAAC,QAAQ,EAAC,MAAM,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO,EAAC,SAAS;IAC9D,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO,EAAC,MAAM,EAAC,MAAM,EAAC,MAAM;IAC3D,SAAS,EAAC,SAAS,EAAC,MAAM,EAAC,MAAM,EAAC,SAAS,EAAC,QAAQ,EAAC,OAAO,EAAC,QAAQ;IACrE,OAAO,EAAC,OAAO,EAAC,UAAU,EAAC,SAAS,EAAC,SAAS,EAAC,UAAU,EAAC,UAAU,EAAC,OAAO;IAC5E,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,QAAQ,EAAC,SAAS,EAAC,QAAQ,EAAC,SAAS;IACxE,OAAO,EAAC,QAAQ,EAAC,OAAO,EAAC,KAAK,EAAC,SAAS,EAAC,SAAS,EAAC,OAAO,EAAC,QAAQ;IACnE,SAAS,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,OAAO,EAAC,QAAQ,EAAC,QAAQ,EAAC,QAAQ;IACxE,QAAQ,EAAC,QAAQ,EAAC,OAAO,EAAC,QAAQ,EAAC,OAAO,EAAC,UAAU,EAAC,SAAS,EAAC,OAAO;IACvE,OAAO,EAAC,KAAK,EAAC,OAAO,EAAC,OAAO,EAAC,SAAS,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ;IAChE,OAAO,EAAC,SAAS,EAAC,QAAQ,EAAC,SAAS,EAAC,QAAQ,EAAC,UAAU,EAAC,MAAM,EAAC,QAAQ;IACxE,OAAO,EAAC,SAAS,EAAC,QAAQ,EAAC,UAAU,EAAC,QAAQ,EAAC,SAAS,EAAC,QAAQ,EAAC,SAAS;IAC3E,UAAU,EAAC,SAAS,EAAC,SAAS,EAAC,OAAO,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,QAAQ;IACxE,QAAQ,EAAC,SAAS,EAAC,QAAQ,EAAC,SAAS,EAAC,QAAQ,EAAC,OAAO,EAAC,KAAK,EAAC,QAAQ;IACrE,MAAM,EAAC,SAAS,EAAC,MAAM,EAAC,OAAO,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO,EAAC,QAAQ;IAC/D,QAAQ,EAAC,KAAK,EAAC,OAAO,EAAC,SAAS,EAAC,MAAM,EAAC,SAAS,EAAC,OAAO,EAAC,QAAQ;IAClE,SAAS,EAAC,OAAO,EAAC,UAAU,EAAC,SAAS,EAAC,UAAU,EAAC,SAAS,EAAC,MAAM,EAAC,QAAQ;IAC3E,OAAO,EAAC,UAAU,EAAC,OAAO,EAAC,OAAO,EAAC,KAAK,EAAC,OAAO,EAAC,SAAS,EAAC,OAAO;IAClE,QAAQ,EAAC,MAAM,EAAC,MAAM,EAAC,QAAQ,EAAC,OAAO,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ;IAChE,MAAM,EAAC,MAAM,EAAC,QAAQ,EAAC,MAAM,EAAC,KAAK,EAAC,SAAS,EAAC,KAAK,EAAC,MAAM;IAC1D,OAAO,EAAC,OAAO,EAAC,MAAM,EAAC,QAAQ,EAAC,MAAM,EAAC,QAAQ,EAAC,MAAM,EAAC,OAAO;IAC9D,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,OAAO,EAAC,OAAO,EAAC,KAAK,EAAC,MAAM,EAAC,OAAO;IAC7D,KAAK,EAAC,MAAM,EAAC,MAAM,EAAC,QAAQ,EAAC,MAAM,EAAC,MAAM,EAAC,OAAO,EAAC,QAAQ;IAC3D,QAAQ,EAAC,MAAM,EAAC,SAAS,EAAC,OAAO,EAAC,SAAS,EAAC,QAAQ,EAAC,QAAQ,EAAC,OAAO;IACrE,KAAK,EAAC,SAAS,EAAC,OAAO,EAAC,UAAU,EAAC,OAAO,EAAC,QAAQ,EAAC,QAAQ,EAAC,MAAM;IACnE,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,OAAO,EAAC,MAAM,EAAC,KAAK,EAAC,OAAO;IAC7D,SAAS,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,MAAM,EAAC,KAAK;IAClE,QAAQ,EAAC,SAAS,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,KAAK,EAAC,MAAM,EAAC,MAAM;IAClE,QAAQ,EAAC,OAAO,EAAC,MAAM,EAAC,SAAS,EAAC,QAAQ,EAAC,OAAO,EAAC,QAAQ,EAAC,SAAS;IACrE,SAAS,EAAC,OAAO,EAAC,OAAO,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,MAAM;IACnE,QAAQ,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,SAAS,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO;IAClE,OAAO,EAAC,MAAM,EAAC,MAAM,EAAC,MAAM,EAAC,SAAS,EAAC,MAAM,EAAC,MAAM,EAAC,OAAO;IAC5D,SAAS,EAAC,QAAQ,EAAC,QAAQ,EAAC,QAAQ,EAAC,MAAM,EAAC,MAAM,EAAC,OAAO,EAAC,OAAO;IAClE,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,SAAS,EAAC,OAAO,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO;IAChE,MAAM,EAAC,SAAS,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO;IAC/D,OAAO,EAAC,QAAQ,EAAC,KAAK,EAAC,KAAK,EAAC,OAAO,EAAC,MAAM,EAAC,QAAQ,EAAC,SAAS;IAC9D,MAAM,EAAC,OAAO,EAAC,QAAQ,EAAC,MAAM,EAAC,OAAO,EAAC,SAAS,EAAC,KAAK,EAAC,MAAM;IAC7D,MAAM,EAAC,QAAQ,EAAC,MAAM,EAAC,QAAQ,EAAC,OAAO,EAAC,OAAO,EAAC,UAAU,EAAC,QAAQ;IACnE,OAAO,EAAC,MAAM,EAAC,KAAK,EAAC,MAAM,EAAC,QAAQ,EAAC,MAAM,EAAC,MAAM,EAAC,MAAM;IACzD,KAAK,EAAC,MAAM,EAAC,SAAS,EAAC,OAAO,EAAC,QAAQ,EAAC,MAAM,EAAC,MAAM,EAAC,SAAS;IAC/D,QAAQ,EAAC,MAAM,EAAC,OAAO,EAAC,MAAM,EAAC,MAAM,EAAC,MAAM,EAAC,QAAQ,EAAC,OAAO;IAC7D,UAAU,EAAC,MAAM,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO,EAAC,KAAK,EAAC,MAAM,EAAC,OAAO;IAC7D,QAAQ,EAAC,OAAO,EAAC,SAAS,EAAC,QAAQ,EAAC,MAAM,EAAC,QAAQ,EAAC,OAAO,EAAC,MAAM;IAClE,QAAQ,EAAC,KAAK,EAAC,MAAM,EAAC,MAAM,EAAC,UAAU,EAAC,MAAM,EAAC,QAAQ,EAAC,OAAO;IAC/D,QAAQ,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,SAAS,EAAC,MAAM,EAAC,SAAS,EAAC,QAAQ;IACxE,UAAU,EAAC,OAAO,EAAC,UAAU,EAAC,QAAQ,EAAC,UAAU,EAAC,QAAQ,EAAC,SAAS,EAAC,QAAQ;IAC7E,SAAS,EAAC,OAAO,EAAC,UAAU,EAAC,OAAO,EAAC,SAAS,EAAC,QAAQ,EAAC,QAAQ,EAAC,QAAQ;IACzE,SAAS,EAAC,SAAS,EAAC,QAAQ,EAAC,UAAU,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,MAAM;IACvE,QAAQ,EAAC,SAAS,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO,EAAC,QAAQ,EAAC,QAAQ,EAAC,MAAM;IAClE,SAAS,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,KAAK,EAAC,MAAM,EAAC,MAAM,EAAC,SAAS;IAC/D,KAAK,EAAC,OAAO,EAAC,OAAO,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,MAAM,EAAC,MAAM;IAC5D,UAAU,EAAC,MAAM,EAAC,MAAM,EAAC,QAAQ,EAAC,KAAK,EAAC,MAAM,EAAC,KAAK,EAAC,QAAQ;IAC7D,MAAM,EAAC,SAAS,EAAC,MAAM,EAAC,KAAK,EAAC,SAAS,EAAC,MAAM,EAAC,QAAQ,EAAC,MAAM;IAC9D,MAAM,EAAC,OAAO,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,MAAM;IAC7D,MAAM,EAAC,MAAM,EAAC,UAAU,EAAC,QAAQ,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO,EAAC,OAAO;IACjE,SAAS,EAAC,MAAM,EAAC,KAAK,EAAC,MAAM,EAAC,SAAS,EAAC,OAAO,EAAC,MAAM,EAAC,QAAQ;IAC/D,MAAM,EAAC,OAAO,EAAC,OAAO,EAAC,SAAS,EAAC,MAAM,EAAC,OAAO,EAAC,QAAQ,EAAC,SAAS;IAClE,OAAO,EAAC,QAAQ,EAAC,MAAM,EAAC,SAAS,EAAC,QAAQ,EAAC,QAAQ,EAAC,OAAO,EAAC,SAAS;IACrE,SAAS,EAAC,SAAS,EAAC,MAAM,EAAC,MAAM,EAAC,OAAO,EAAC,MAAM,EAAC,MAAM,EAAC,OAAO;IAC/D,MAAM,EAAC,MAAM,EAAC,QAAQ,EAAC,MAAM,EAAC,QAAQ,EAAC,MAAM,EAAC,QAAQ,EAAC,MAAM;IAC7D,MAAM,EAAC,SAAS,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO,EAAC,QAAQ,EAAC,MAAM,EAAC,MAAM;IAC9D,SAAS,EAAC,MAAM,EAAC,QAAQ,EAAC,MAAM,EAAC,OAAO,EAAC,OAAO,EAAC,QAAQ,EAAC,OAAO;IACjE,OAAO,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,KAAK,EAAC,OAAO,EAAC,QAAQ,EAAC,MAAM;IACjE,MAAM,EAAC,MAAM,EAAC,OAAO,EAAC,MAAM,EAAC,QAAQ,EAAC,QAAQ,EAAC,SAAS,EAAC,OAAO;CACjE,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,SAAS,GAAG,CAAC;IAC9C,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC,SAAS,CAAC,CAAC;IAC3C,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IAChC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;AACvC,CAAC"}

package/dist/crypto/profile.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Profile encryption: selective encryption of about_me, custom_status, custom_status_emoji.
+ *
+ * Model:
+ * - User generates a 32-byte profile key on registration (stored client-side)
+ * - Profile fields are JSON-serialized, then encrypted with XChaCha20-Poly1305 using the profile key
+ * - The encrypted blob is stored on the server as `encrypted_profile`
+ * - Profile key is distributed to contacts via crypto_box_seal (using recipient's identity public key)
+ * - Recipients decrypt the profile key, then use it to decrypt the profile blob
+ */
+import type { ProfileFields } from "../types.js";
+/** Generate a random 32-byte profile key. */
+export declare function generateProfileKey(): Uint8Array;
+/** Encrypt profile fields into a single blob using the profile key. */
+export declare function encryptProfile(profileKey: Uint8Array, fields: ProfileFields): Uint8Array;
+/** Decrypt a profile blob using the profile key. Returns the plaintext fields. */
+export declare function decryptProfile(profileKey: Uint8Array, encrypted: Uint8Array): ProfileFields;
+/**
+ * Encrypt a profile key for a recipient using their identity public key.
+ * Uses crypto_box_seal (anonymous, authenticated encryption).
+ */
+export declare function encryptProfileKeyFor(profileKey: Uint8Array, recipientIdentityPublicKey: Uint8Array): Uint8Array;
+/**
+ * Decrypt a profile key that was encrypted to our identity key.
+ * Requires both the public and secret parts of our identity key pair.
+ */
+export declare function decryptProfileKey(encryptedKey: Uint8Array, identityPublicKey: Uint8Array, identitySecretKey: Uint8Array): Uint8Array;
+/** Convenience: encrypt profile fields and return as base64. */
+export declare function encryptProfileToBase64(profileKey: Uint8Array, fields: ProfileFields): string;
+/** Convenience: decrypt a base64 profile blob. */
+export declare function decryptProfileFromBase64(profileKey: Uint8Array, encryptedBase64: string): ProfileFields;

package/dist/crypto/profile.js

@@ -0,0 +1,73 @@
+/**
+ * Profile encryption: selective encryption of about_me, custom_status, custom_status_emoji.
+ *
+ * Model:
+ * - User generates a 32-byte profile key on registration (stored client-side)
+ * - Profile fields are JSON-serialized, then encrypted with XChaCha20-Poly1305 using the profile key
+ * - The encrypted blob is stored on the server as `encrypted_profile`
+ * - Profile key is distributed to contacts via crypto_box_seal (using recipient's identity public key)
+ * - Recipients decrypt the profile key, then use it to decrypt the profile blob
+ */
+import { getSodium, toBase64, fromBase64, randomBytes } from "./utils.js";
+/** Generate a random 32-byte profile key. */
+export function generateProfileKey() {
+    return randomBytes(32);
+}
+/** Encrypt profile fields into a single blob using the profile key. */
+export function encryptProfile(profileKey, fields) {
+    const s = getSodium();
+    const plaintext = new TextEncoder().encode(JSON.stringify(fields));
+    const nonce = s.randombytes_buf(s.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
+    const ciphertext = s.crypto_aead_xchacha20poly1305_ietf_encrypt(plaintext, null, // additional data
+    null, // nsec (unused)
+    nonce, profileKey);
+    // Format: [nonce || ciphertext]
+    const result = new Uint8Array(nonce.length + ciphertext.length);
+    result.set(nonce, 0);
+    result.set(ciphertext, nonce.length);
+    return result;
+}
+/** Decrypt a profile blob using the profile key. Returns the plaintext fields. */
+export function decryptProfile(profileKey, encrypted) {
+    const s = getSodium();
+    const nonceLen = s.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES;
+    if (encrypted.length < nonceLen) {
+        throw new Error("Encrypted profile too short");
+    }
+    const nonce = encrypted.slice(0, nonceLen);
+    const ciphertext = encrypted.slice(nonceLen);
+    const plaintext = s.crypto_aead_xchacha20poly1305_ietf_decrypt(null, // nsec (unused)
+    ciphertext, null, // additional data
+    nonce, profileKey);
+    return JSON.parse(new TextDecoder().decode(plaintext));
+}
+/**
+ * Encrypt a profile key for a recipient using their identity public key.
+ * Uses crypto_box_seal (anonymous, authenticated encryption).
+ */
+export function encryptProfileKeyFor(profileKey, recipientIdentityPublicKey) {
+    const s = getSodium();
+    // Convert identity key (Ed25519) to X25519 for crypto_box
+    const x25519Pub = s.crypto_sign_ed25519_pk_to_curve25519(recipientIdentityPublicKey);
+    return s.crypto_box_seal(profileKey, x25519Pub);
+}
+/**
+ * Decrypt a profile key that was encrypted to our identity key.
+ * Requires both the public and secret parts of our identity key pair.
+ */
+export function decryptProfileKey(encryptedKey, identityPublicKey, identitySecretKey) {
+    const s = getSodium();
+    // Convert Ed25519 keys to X25519
+    const x25519Pub = s.crypto_sign_ed25519_pk_to_curve25519(identityPublicKey);
+    const x25519Sec = s.crypto_sign_ed25519_sk_to_curve25519(identitySecretKey);
+    return s.crypto_box_seal_open(encryptedKey, x25519Pub, x25519Sec);
+}
+/** Convenience: encrypt profile fields and return as base64. */
+export function encryptProfileToBase64(profileKey, fields) {
+    return toBase64(encryptProfile(profileKey, fields));
+}
+/** Convenience: decrypt a base64 profile blob. */
+export function decryptProfileFromBase64(profileKey, encryptedBase64) {
+    return decryptProfile(profileKey, fromBase64(encryptedBase64));
+}
+//# sourceMappingURL=profile.js.map

package/dist/crypto/profile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"profile.js","sourceRoot":"","sources":["../../src/crypto/profile.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAG1E,6CAA6C;AAC7C,MAAM,UAAU,kBAAkB;IAChC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC;AACzB,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,cAAc,CAC5B,UAAsB,EACtB,MAAqB;IAErB,MAAM,CAAC,GAAG,SAAS,EAAE,CAAC;IACtB,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACnE,MAAM,KAAK,GAAG,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,4CAA4C,CAAC,CAAC;IAChF,MAAM,UAAU,GAAG,CAAC,CAAC,0CAA0C,CAC7D,SAAS,EACT,IAAI,EAAE,kBAAkB;IACxB,IAAI,EAAE,gBAAgB;IACtB,KAAK,EACL,UAAU,CACX,CAAC;IACF,gCAAgC;IAChC,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAChE,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACrB,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,kFAAkF;AAClF,MAAM,UAAU,cAAc,CAC5B,UAAsB,EACtB,SAAqB;IAErB,MAAM,CAAC,GAAG,SAAS,EAAE,CAAC;IACtB,MAAM,QAAQ,GAAG,CAAC,CAAC,4CAA4C,CAAC;IAChE,IAAI,SAAS,CAAC,MAAM,GAAG,QAAQ,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IACD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC3C,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,CAAC,CAAC,0CAA0C,CAC5D,IAAI,EAAE,gBAAgB;IACtB,UAAU,EACV,IAAI,EAAE,kBAAkB;IACxB,KAAK,EACL,UAAU,CACX,CAAC;IACF,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;AACzD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,UAAsB,EACtB,0BAAsC;IAEtC,MAAM,CAAC,GAAG,SAAS,EAAE,CAAC;IACtB,0DAA0D;IAC1D,MAAM,SAAS,GAAG,CAAC,CAAC,oCAAoC,CAAC,0BAA0B,CAAC,CAAC;IACrF,OAAO,CAAC,CAAC,eAAe,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;AAClD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAC/B,YAAwB,EACxB,iBAA6B,EAC7B,iBAA6B;IAE7B,MAAM,CAAC,GAAG,SAAS,EAAE,CAAC;IACtB,iCAAiC;IACjC,MAAM,SAAS,GAAG,CAAC,CAAC,oCAAoC,CAAC,iBAAiB,CAAC,CAAC;IAC5E,MAAM,SAAS,GAAG,CAAC,CAAC,oCAAoC,CAAC,iBAAiB,CAAC,CAAC;IAC5E,OAAO,CAAC,CAAC,oBAAoB,CAAC,YAAY,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;AACpE,CAAC;AAED,gEAAgE;AAChE,MAAM,UAAU,sBAAsB,CACpC,UAAsB,EACtB,MAAqB;IAErB,OAAO,QAAQ,CAAC,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,kDAAkD;AAClD,MAAM,UAAU,wBAAwB,CACtC,UAAsB,EACtB,eAAuB;IAEvB,OAAO,cAAc,CAAC,UAAU,EAAE,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;AACjE,CAAC"}

package/dist/crypto/sender-keys.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Signal-style Sender Keys protocol for group E2EE.
+ *
+ * Each member generates a sender key per channel. Messages are encrypted O(1)
+ * using a symmetric chain ratchet. Distribution uses crypto_box_seal to each
+ * recipient's X25519 identity key.
+ *
+ * Wire format (type 0x03):
+ *   [0x03][distributionId:16][chainIndex:4 LE][nonce:24][ciphertext+tag]
+ *   Overhead: 45 bytes + ciphertext
+ *
+ * References:
+ *   - https://signal.org/docs/specifications/group-v2/
+ */
+import { type IdentityKeyPair } from "./keys.js";
+export declare const GROUP_MSG_TYPE = 3;
+/** The sender's own key state for one channel. */
+export interface SenderKeyState {
+    distributionId: Uint8Array;
+    chainKey: Uint8Array;
+    chainIndex: number;
+}
+/** A received sender key from another member. */
+export interface ReceivedSenderKey {
+    distributionId: Uint8Array;
+    chainKey: Uint8Array;
+    chainIndex: number;
+}
+/** SKDM payload fields (before encryption). */
+export interface SenderKeyDistributionPayload {
+    distributionId: Uint8Array;
+    chainKey: Uint8Array;
+    chainIndex: number;
+}
+/**
+ * Generate a fresh sender key for a channel.
+ * Called when first joining a channel or after a re-key event.
+ */
+export declare function generateSenderKey(): SenderKeyState;
+/**
+ * Serialize an SKDM payload for distribution.
+ * Format: [distributionId:16][chainIndex:4 LE][chainKey:32] = 52 bytes
+ */
+export declare function createSkdmPayload(state: SenderKeyState): Uint8Array;
+/**
+ * Parse an SKDM payload back into structured data.
+ */
+export declare function parseSkdmPayload(buf: Uint8Array): SenderKeyDistributionPayload;
+/**
+ * Encrypt an SKDM for a single recipient using crypto_box_seal.
+ * The recipient's Ed25519 identity key is converted to X25519 for sealing.
+ */
+export declare function encryptSkdm(skdmPayload: Uint8Array, recipientIdentityKeyEd25519: Uint8Array): Uint8Array;
+/**
+ * Decrypt an SKDM received for us.
+ */
+export declare function decryptSkdm(encrypted: Uint8Array, ourIdentityKeyPair: IdentityKeyPair): Uint8Array;
+/**
+ * Encrypt a message using the sender's key for a channel.
+ * Ratchets the chain forward. Returns the full wire-format bytes.
+ *
+ * Wire format:
+ *   [0x03][distributionId:16][chainIndex:4 LE][nonce:24][ciphertext+tag]
+ *
+ * @param senderKey  The sender's key state (mutated: chain ratchets forward)
+ * @param plaintext  The message plaintext bytes
+ */
+export declare function senderKeyEncrypt(senderKey: SenderKeyState, plaintext: Uint8Array): Uint8Array;
+/**
+ * Decrypt a group message using a received sender key.
+ * Ratchets the received key forward to match the message's chain index.
+ *
+ * @param wireBytes   Full wire-format bytes (including type byte 0x03)
+ * @param receivedKey The sender's key (mutated: ratchets forward)
+ */
+export declare function senderKeyDecrypt(wireBytes: Uint8Array, receivedKey: ReceivedSenderKey): Uint8Array;