@interop/minimal-cipher 7.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/LICENSE +27 -0
  2. package/README.md +220 -0
  3. package/dist/Cipher.d.ts +210 -0
  4. package/dist/Cipher.d.ts.map +1 -0
  5. package/dist/Cipher.js +313 -0
  6. package/dist/Cipher.js.map +1 -0
  7. package/dist/DecryptTransformer.d.ts +14 -0
  8. package/dist/DecryptTransformer.d.ts.map +1 -0
  9. package/dist/DecryptTransformer.js +125 -0
  10. package/dist/DecryptTransformer.js.map +1 -0
  11. package/dist/EncryptTransformer.d.ts +28 -0
  12. package/dist/EncryptTransformer.d.ts.map +1 -0
  13. package/dist/EncryptTransformer.js +94 -0
  14. package/dist/EncryptTransformer.js.map +1 -0
  15. package/dist/algorithms/a256gcm.d.ts +39 -0
  16. package/dist/algorithms/a256gcm.d.ts.map +1 -0
  17. package/dist/algorithms/a256gcm.js +101 -0
  18. package/dist/algorithms/a256gcm.js.map +1 -0
  19. package/dist/algorithms/aeskw.d.ts +5 -0
  20. package/dist/algorithms/aeskw.d.ts.map +1 -0
  21. package/dist/algorithms/aeskw.js +68 -0
  22. package/dist/algorithms/aeskw.js.map +1 -0
  23. package/dist/algorithms/c20p-browser.d.ts +51 -0
  24. package/dist/algorithms/c20p-browser.d.ts.map +1 -0
  25. package/dist/algorithms/c20p-browser.js +106 -0
  26. package/dist/algorithms/c20p-browser.js.map +1 -0
  27. package/dist/algorithms/c20p.d.ts +51 -0
  28. package/dist/algorithms/c20p.d.ts.map +1 -0
  29. package/dist/algorithms/c20p.js +110 -0
  30. package/dist/algorithms/c20p.js.map +1 -0
  31. package/dist/algorithms/ecdhkdf.d.ts +24 -0
  32. package/dist/algorithms/ecdhkdf.d.ts.map +1 -0
  33. package/dist/algorithms/ecdhkdf.js +76 -0
  34. package/dist/algorithms/ecdhkdf.js.map +1 -0
  35. package/dist/algorithms/fips.d.ts +8 -0
  36. package/dist/algorithms/fips.d.ts.map +1 -0
  37. package/dist/algorithms/fips.js +8 -0
  38. package/dist/algorithms/fips.js.map +1 -0
  39. package/dist/algorithms/p256.d.ts +24 -0
  40. package/dist/algorithms/p256.d.ts.map +1 -0
  41. package/dist/algorithms/p256.js +106 -0
  42. package/dist/algorithms/p256.js.map +1 -0
  43. package/dist/algorithms/recommended.d.ts +8 -0
  44. package/dist/algorithms/recommended.d.ts.map +1 -0
  45. package/dist/algorithms/recommended.js +8 -0
  46. package/dist/algorithms/recommended.js.map +1 -0
  47. package/dist/algorithms/x25519-helper-browser.d.ts +7 -0
  48. package/dist/algorithms/x25519-helper-browser.d.ts.map +1 -0
  49. package/dist/algorithms/x25519-helper-browser.js +25 -0
  50. package/dist/algorithms/x25519-helper-browser.js.map +1 -0
  51. package/dist/algorithms/x25519-helper.d.ts +7 -0
  52. package/dist/algorithms/x25519-helper.d.ts.map +1 -0
  53. package/dist/algorithms/x25519-helper.js +51 -0
  54. package/dist/algorithms/x25519-helper.js.map +1 -0
  55. package/dist/algorithms/x25519.d.ts +44 -0
  56. package/dist/algorithms/x25519.d.ts.map +1 -0
  57. package/dist/algorithms/x25519.js +112 -0
  58. package/dist/algorithms/x25519.js.map +1 -0
  59. package/dist/algorithms/xc20p.d.ts +40 -0
  60. package/dist/algorithms/xc20p.d.ts.map +1 -0
  61. package/dist/algorithms/xc20p.js +160 -0
  62. package/dist/algorithms/xc20p.js.map +1 -0
  63. package/dist/baseX.d.ts +7 -0
  64. package/dist/baseX.d.ts.map +1 -0
  65. package/dist/baseX.js +11 -0
  66. package/dist/baseX.js.map +1 -0
  67. package/dist/crypto.d.ts +3 -0
  68. package/dist/crypto.d.ts.map +1 -0
  69. package/dist/crypto.js +3 -0
  70. package/dist/crypto.js.map +1 -0
  71. package/dist/index.d.ts +5 -0
  72. package/dist/index.d.ts.map +1 -0
  73. package/dist/index.js +5 -0
  74. package/dist/index.js.map +1 -0
  75. package/dist/types.d.ts +119 -0
  76. package/dist/types.d.ts.map +1 -0
  77. package/dist/types.js +5 -0
  78. package/dist/types.js.map +1 -0
  79. package/dist/util.d.ts +2 -0
  80. package/dist/util.d.ts.map +1 -0
  81. package/dist/util.js +11 -0
  82. package/dist/util.js.map +1 -0
  83. package/package.json +99 -0
package/LICENSE ADDED
@@ -0,0 +1,27 @@
1
+ Copyright (c) 2019-2020, Digital Bazaar, Inc.
2
+ All rights reserved.
3
+
4
+ Redistribution and use in source and binary forms, with or without
5
+ modification, are permitted provided that the following conditions are met:
6
+
7
+ * Redistributions of source code must retain the above copyright notice, this
8
+ list of conditions and the following disclaimer.
9
+
10
+ * Redistributions in binary form must reproduce the above copyright notice,
11
+ this list of conditions and the following disclaimer in the documentation
12
+ and/or other materials provided with the distribution.
13
+
14
+ * Neither the name of the copyright holder nor the names of its
15
+ contributors may be used to endorse or promote products derived from
16
+ this software without specific prior written permission.
17
+
18
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
22
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
24
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
25
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
26
+ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package/README.md ADDED
@@ -0,0 +1,220 @@
1
+ # Minimal Cipher _(@interop/minimal-cipher)_
2
+
3
+ Minimal encryption/decryption [JWE](https://tools.ietf.org/html/rfc7516)
4
+ library, secure algs only, browser-compatible.
5
+
6
+ ## Table of Contents
7
+
8
+ - [Security](#security)
9
+ - [Background](#background)
10
+ - [Install](#install)
11
+ - [Usage](#usage)
12
+ - [Contribute](#contribute)
13
+ - [Commercial Support](#commercial-support)
14
+ - [License](#license)
15
+
16
+ ## Security
17
+
18
+ TBD
19
+
20
+ ## Background
21
+
22
+ Every version of this library will only offer at most two algorithms for
23
+ encryption/decryption: a recommended algorithm and a FIPS-compliant algorithm.
24
+ The encryption API will expect the user to specify "recommended" or "fips" as
25
+ the version of the algorithm to use, defaulting to "recommended".
26
+
27
+ In the event that the FIPS-compliant algorithm is the same as the recommended
28
+ one in a given version of this library, then that particular version will use
29
+ the same algorithm regardless of the user specified "version".
30
+
31
+ This version of the library will use "XChaCha20-Poly1305" as the "recommended"
32
+ version and 256-bit "AES-GCM" as the FIPS-compliant version.
33
+
34
+ Note: XSalsa20-Poly1305 is an AE (Authenticated Encryption) algorithm, not an
35
+ AEAD (Authenticated Encryption and Associated Data) algorithm, making it
36
+ incompatible with the current requirements for a
37
+ [JWE (JOSE Web Encryption)](https://tools.ietf.org/html/rfc7516) `protected`
38
+ clear text header.
39
+
40
+ This library's API requires an interface for Key Encryption Key (KEKs). This
41
+ enables key material that is protected from exfiltration to be used via HSM/SSM
42
+ APIs, including Web KMS (TODO: citation needed).
43
+
44
+ ## Install
45
+
46
+ This software requires and supports maintained recent versions of Node.js and
47
+ browsers. Updates may remove support for older unmaintained platform versions.
48
+ Please use dependency version lock files and testing to ensure compatibility
49
+ with this software.
50
+
51
+ To install from NPM:
52
+
53
+ https://www.npmjs.com/package/@interop/minimal-cipher
54
+
55
+ ```sh
56
+ npm install @interop/minimal-cipher
57
+ ```
58
+
59
+ To install locally (for development):
60
+
61
+ ```sh
62
+ git clone https://github.com/interop-alliance/minimal-cipher.git
63
+ cd minimal-cipher
64
+ pnpm install
65
+ ```
66
+
67
+ This library is written in TypeScript and built with `tsc`. Common scripts:
68
+
69
+ ```sh
70
+ pnpm run build # type-check and build to dist/
71
+ pnpm run lint # lint src and test
72
+ pnpm run test:node # run the Node test suite (vitest)
73
+ pnpm run test:browser # run the browser smoke test (playwright)
74
+ ```
75
+
76
+ ## Usage
77
+
78
+ Pick a Cipher interface (`recommended` or `fips`) and create an instance:
79
+
80
+ ```js
81
+ import { Cipher } from '@interop/minimal-cipher'
82
+
83
+ const cipher = new Cipher() // by default {version: 'recommended'}
84
+ ```
85
+
86
+ ### Encrypting
87
+
88
+ To encrypt something (to create a cipher, serialized as a JWE JSON document),
89
+ you will need:
90
+
91
+ - Some data to encrypt (a string, an object, a stream)
92
+ - Keys (called Key Agreement Keys, or KAKs for short)
93
+
94
+ (You'll also need a `keyResolver`, more about that later.)
95
+
96
+ First, assemble your Key Agreement public keys (you'll be encrypting with them,
97
+ and the intended recipient will use the corresponding private keys to decrypt).
98
+
99
+ Put together a list of `recipients` (essentially, you're listing the `id`s of
100
+ public/private key pairs that will be used to encrypt/decrypt the message):
101
+
102
+ ```js
103
+ // Retrieve them from config, a ledger, registry or back channel
104
+ const keyAgreementKey = await fetchFromSomewhere()
105
+
106
+ // or derive them from an existing Ed25519 signing key
107
+ import { X25519KeyAgreementKey2020 } from '@digitalbazaar/x25519-key-agreement-key-2020'
108
+ import { Ed25519VerificationKey2020 } from '@digitalbazaar/ed25519-verification-key-2020'
109
+ const keyPair = await Ed25519VerificationKey2020.generate()
110
+
111
+ const keyAgreementKey = X25519KeyPair.fromEd25519VerificationKey2020({
112
+ keyPair
113
+ })
114
+ // If the source key pair didn't have a controller set, don't forget to set one:
115
+ keyAgreementKey.controller = did // The controller's DID
116
+ keyAgreementKey.id = `${did}#${keyAgreementKey.fingerprint()}`
117
+
118
+ // or derive them from an authentication key extracted from DID Document
119
+ const didDoc = await veresDriver.get({ did })
120
+ const authnKey = didDoc.getVerificationMethod({
121
+ proofPurpose: 'authentication'
122
+ })
123
+ const edKeyPair = await Ed25519VerificationKey2020.from(authnKey)
124
+ const keyPair = X25519KeyPair.fromEd25519VerificationKey2020({ keyPair })
125
+
126
+ const recipient = {
127
+ header: {
128
+ kid: keyAgreementKey.id,
129
+ alg: 'ECDH-ES+A256KW'
130
+ }
131
+ }
132
+
133
+ const recipients = [recipient]
134
+ ```
135
+
136
+ You'll also need a `keyResolver`. Notice that `recipients` lists only key IDs,
137
+ not the keys themselves. A `keyResolver` is a function that accepts a key ID and
138
+ resolves to the public key corresponding to it.
139
+
140
+ Some example resolvers:
141
+
142
+ ```js
143
+ // Basic hardcoded key resolver; you already have the key material
144
+ const publicKeyNode = {
145
+ '@context': 'https://w3id.org/security/suites/x25519-2020/v1',
146
+ id: keyAgreementKey.id,
147
+ type: 'X25519KeyAgreementKey2020',
148
+ publicKeyMultibase: keyAgreementKey.publicKeyMultibase
149
+ }
150
+ const keyResolver = async () => publicKeyNode
151
+ ```
152
+
153
+ ```js
154
+ // A more advanced resolver based on DID doc authentication keys
155
+ const keyResolver = async ({ id }) => {
156
+ // Use veres driver to fetch the authn key directly
157
+ const keyPair = await Ed25519VerificationKey2020.from(
158
+ await veresDriver.get({ did: id })
159
+ )
160
+ // Convert authn key to key agreement key
161
+ return X25519KeyPair.fromEd25519VerificationKey2020({ keyPair })
162
+ }
163
+ ```
164
+
165
+ ```js
166
+ // Using did-veres-one driver as a resolver for did:v1:nym: DID keys
167
+ // TODO: Implement this
168
+ ```
169
+
170
+ ```js
171
+ // Using the did:key method driver as a key resolver
172
+ ```
173
+
174
+ Create the JWE:
175
+
176
+ ```js
177
+ // To encrypt a string or a Uint8Array
178
+ const data = 'plain text'
179
+ const jweDoc = await cipher.encrypt({ data, recipients, keyResolver })
180
+
181
+ // To encrypt an object
182
+ const obj = { key: 'value' }
183
+ const jweDoc = await cipher.encryptObject({ obj, recipients, keyResolver })
184
+ ```
185
+
186
+ ### Decrypting
187
+
188
+ Decrypt a JWE JSON Document, using a private `keyAgreementKey`:
189
+
190
+ ```js
191
+ const data = await cipher.decrypt({ jwe, keyAgreementKey })
192
+
193
+ const object = await cipher.decryptObject({ jwe, keyAgreementKey })
194
+ ```
195
+
196
+ TODO: Describe the required KEK API: // `id`, `algorithm`,
197
+ `wrapKey({unwrappedKey})`, and `unwrapKey({wrappedKey})`
198
+
199
+ ## Contribute
200
+
201
+ See
202
+ [the contribute file](https://github.com/digitalbazaar/bedrock/blob/master/CONTRIBUTING.md)!
203
+
204
+ PRs accepted.
205
+
206
+ If editing the README, please conform to the
207
+ [standard-readme](https://github.com/RichardLitt/standard-readme) specification.
208
+
209
+ ## Commercial Support
210
+
211
+ Commercial support for this library is available upon request from Digital
212
+ Bazaar: support@digitalbazaar.com
213
+
214
+ ## License
215
+
216
+ [New BSD License (3-clause)](LICENSE) © Digital Bazaar
217
+
218
+ [Streams API]: https://developer.mozilla.org/en-US/docs/Web/API/Streams_API
219
+ [Web Crypto API]:
220
+ https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API
@@ -0,0 +1,210 @@
1
+ import { DecryptTransformer } from './DecryptTransformer.js';
2
+ import { EncryptTransformer } from './EncryptTransformer.js';
3
+ import type { CipherAlgorithm, EphemeralKeyPair, JWE, KeyAgreementAlgorithm, KeyAgreementKey, KeyResolver, Recipient } from './types.js';
4
+ interface EncryptOptions {
5
+ data?: Uint8Array | string;
6
+ recipients: Recipient[];
7
+ keyResolver: KeyResolver;
8
+ }
9
+ interface EncryptObjectOptions {
10
+ obj: object;
11
+ recipients: Recipient[];
12
+ keyResolver: KeyResolver;
13
+ }
14
+ interface CreateEncryptOptions {
15
+ recipients: Recipient[];
16
+ keyResolver: KeyResolver;
17
+ chunkSize?: number;
18
+ }
19
+ export declare class Cipher {
20
+ version: string;
21
+ cipher: CipherAlgorithm;
22
+ keyAgreement: KeyAgreementAlgorithm;
23
+ /**
24
+ * Creates a new Cipher instance that can be used to encrypt or decrypt
25
+ * data. A version must be supplied for encrypting data; the version
26
+ * indicates whether a FIPS-compliant algorithm or the latest recommended
27
+ * algorithm will be used.
28
+ *
29
+ * @param {string} [version='recommended'] - `fips` to use a FIPS-compliant
30
+ * algorithm, `recommended` to use the latest recommended algorithm when
31
+ * encrypting.
32
+ *
33
+ * @returns {Cipher} A Cipher used to encrypt and decrypt data.
34
+ */
35
+ constructor({ version }?: {
36
+ version?: string;
37
+ });
38
+ /**
39
+ * Creates a TransformStream that will encrypt some data for one or more
40
+ * recipients and output a stream of chunks, each containing an object
41
+ * with the property `jwe` with a JWE value.
42
+ *
43
+ * A list of recipients must be given in the `recipients` array, identified
44
+ * by key agreement keys. An ephemeral ECDH key will be generated and used to
45
+ * derive shared KEKs that will wrap a randomly generated CEK. Each recipient
46
+ * in the `recipients` array will be updated to include the generated
47
+ * ephemeral ECDH key.
48
+ *
49
+ * @param {object} options - The options for the stream.
50
+ * @param {Array} options.recipients - An array of recipients for the
51
+ * encrypted content.
52
+ * @param {Function} options.keyResolver - A function that returns a Promise
53
+ * that resolves a key ID to a DH public key.
54
+ * @param {number} [options.chunkSize=1048576] - The size, in bytes,
55
+ * of the chunks to break the incoming data into.
56
+ *
57
+ * @returns {Promise<TransformStream>} Resolves to a TransformStream.
58
+ */
59
+ createEncryptStream({ recipients, keyResolver, chunkSize }: CreateEncryptOptions): Promise<TransformStream>;
60
+ /**
61
+ * Creates a TransformStream that will decrypt one or more chunks, each one
62
+ * that is an object with a `jwe` property that has a JWE as a value. The
63
+ * stream will output chunks of Uint8Arrays consisting of the decrypted
64
+ * data from each chunk.
65
+ *
66
+ * The only JWEs currently supported use an `alg` of `ECDH-ES+A256KW` and
67
+ * `enc` of `A256GCM` or `XC20P`. These parameters refer to data that has been
68
+ * encrypted using a 256-bit AES-GCM or XChaCha20Poly1305 content encryption
69
+ * key (CEK) that has been wrapped using a 256-bit AES-KW key encryption key
70
+ * (KEK) generated via a shared secret between an ephemeral ECDH key and a
71
+ * static ECDH key (ECDH-ES).
72
+ *
73
+ * @param {object} options - Options for createDecryptStream.
74
+ * @param {object} options.keyAgreementKey - A key agreement key API with
75
+ * `id` and deriveSecret`.
76
+ *
77
+ * @returns {Promise<TransformStream>} Resolves to the TransformStream.
78
+ */
79
+ createDecryptStream({ keyAgreementKey }: {
80
+ keyAgreementKey: KeyAgreementKey;
81
+ }): Promise<TransformStream>;
82
+ /**
83
+ * Encrypts some data for one or more recipients and outputs a JWE. The
84
+ * data to encrypt can be given as a Uint8Array or a string.
85
+ *
86
+ * A list of recipients must be given in the `recipients` array, identified
87
+ * by key agreement keys. An ephemeral ECDH key will be generated and used to
88
+ * derive shared KEKs that will wrap a randomly generated CEK. Each recipient
89
+ * in the `recipients` array will be updated to include the generated
90
+ * ephemeral ECDH key.
91
+ *
92
+ * @param {object} options - Options for encrypt.
93
+ * @param {Uint8Array|string} [options.data] - The data to encrypt.
94
+ * @param {Array} options.recipients - An array of recipients for the\
95
+ * encrypted content.
96
+ * @param {Function} options.keyResolver - A function that returns a Promise
97
+ * that resolves a key ID to a DH public key.
98
+ *
99
+ * @returns {Promise<object>} Resolves to a JWE.
100
+ */
101
+ encrypt({ data, recipients, keyResolver }: EncryptOptions): Promise<JWE>;
102
+ /**
103
+ * Encrypts an object. The object will be serialized to JSON and passed
104
+ * to `encrypt`. See `encrypt` for other parameters.
105
+ *
106
+ * @param {object} options - Options to use.
107
+ * @param {object} options.obj - The object to encrypt.
108
+ * @param {object} options.rest - The other options to be passed to encrypt.
109
+ *
110
+ * @returns {Promise<object>} Resolves to a JWE.
111
+ */
112
+ encryptObject({ obj, ...rest }: EncryptObjectOptions): Promise<JWE>;
113
+ /**
114
+ * Decrypts a single JWE.
115
+ *
116
+ * The only JWEs currently supported use an `alg` of `ECDH-ES+A256KW` and
117
+ * `enc` of `A256GCM` or `XC20P`. These parameters refer to data that has been
118
+ * encrypted using a 256-bit AES-GCM or XChaCha20Poly1305 content encryption
119
+ * key (CEK) that has been wrapped using a 256-bit AES-KW key encryption key
120
+ * (KEK) generated via a shared secret between an ephemeral ECDH key and a
121
+ * static ECDH key (ECDH-ES).
122
+ *
123
+ * Note: This version also supports decrypting data that was encrypted using
124
+ * `C20P` (ChaCha20Poly1305) for backwards compatibility.
125
+ *
126
+ * @param {object} options - Options for decrypt.
127
+ * @param {object} options.jwe - The JWE to decrypt.
128
+ * @param {object} options.keyAgreementKey - A key agreement key API with
129
+ * `id` and `deriveSecret`.
130
+ *
131
+ * @returns {Promise<Uint8Array>} - Resolves to the decrypted data
132
+ * or `null` if the decryption failed.
133
+ */
134
+ decrypt({ jwe, keyAgreementKey }: {
135
+ jwe: JWE;
136
+ keyAgreementKey: KeyAgreementKey;
137
+ }): Promise<Uint8Array | null>;
138
+ /**
139
+ * Decrypts a JWE that must contain an encrypted object. This method will
140
+ * call `decrypt` and then `JSON.parse` the resulting decrypted UTF-8 data.
141
+ *
142
+ * @param {object} options - Options.
143
+ * @param {object} options.jwe - The JWE to decrypt.
144
+ * @param {object} options.keyAgreementKey - A key agreement key API with
145
+ * `id` and `deriveSecret`.
146
+ *
147
+ * @returns {Promise<object>} - Resolves to the decrypted object or `null`
148
+ * if the decryption failed.
149
+ */
150
+ decryptObject({ jwe, keyAgreementKey }: {
151
+ jwe: JWE;
152
+ keyAgreementKey: KeyAgreementKey;
153
+ }): Promise<object | null>;
154
+ /**
155
+ * Creates an EncryptTransformer that can be used to encrypt one or more
156
+ * chunks of data.
157
+ *
158
+ * A list of recipients must be given in the `recipients` array, identified
159
+ * by key agreement keys. An ephemeral ECDH key will be generated and used to
160
+ * derive shared KEKs that will wrap a randomly generated CEK. Each recipient
161
+ * in the `recipients` array will be updated to include the generated
162
+ * ephemeral ECDH key.
163
+ *
164
+ * @param {object} options - Options for the transformer.
165
+ * @param {Array} options.recipients - An array of recipients for the
166
+ * encrypted content.
167
+ * @param {Function} options.keyResolver - A function that returns
168
+ * a Promise that resolves a key ID to a DH public key.
169
+ * @param {number} [options.chunkSize=1048576] - The size, in bytes, of the
170
+ * chunks to break the incoming data into (only applies if returning a
171
+ * stream).
172
+ *
173
+ * @returns {Promise<EncryptTransformer>} - Resolves to an EncryptTransformer.
174
+ */
175
+ createEncryptTransformer({ recipients, keyResolver, chunkSize }: CreateEncryptOptions): Promise<EncryptTransformer>;
176
+ /**
177
+ * Creates a DecryptTransformer.
178
+ *
179
+ * @param {object} options - Options to use.
180
+ * @param {object} options.keyAgreementKey - A key agreement key API with
181
+ * `id` and `deriveSecret`.
182
+ *
183
+ * @returns {Promise<DecryptTransformer>} - Resolves to a DecryptTransformer.
184
+ */
185
+ createDecryptTransformer({ keyAgreementKey }: {
186
+ keyAgreementKey: KeyAgreementKey;
187
+ }): Promise<DecryptTransformer>;
188
+ /**
189
+ * Creates a JWE recipient using the given inputs.
190
+ *
191
+ * @see https://tools.ietf.org/html/rfc7516#section-4
192
+ *
193
+ * @param {object} options - Options to use.
194
+ * @param {object} options.recipient - A recipient with a header with a
195
+ * kid and alg.
196
+ * @param {object} options.ephemeralKeyPair - An ephemeral key pair.
197
+ * @param {object} options.cek - A content encryption key.
198
+ * @param {Function} options.keyResolver - A function that can resolve keys.
199
+ *
200
+ * @returns {Promise<object>} A JWE recipient object.
201
+ */
202
+ _createRecipient({ recipient, ephemeralKeyPair, cek, keyResolver }: {
203
+ recipient: Recipient;
204
+ ephemeralKeyPair: EphemeralKeyPair;
205
+ cek: Uint8Array;
206
+ keyResolver: KeyResolver;
207
+ }): Promise<Recipient>;
208
+ }
209
+ export {};
210
+ //# sourceMappingURL=Cipher.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"Cipher.d.ts","sourceRoot":"","sources":["../src/Cipher.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAE5D,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAChB,GAAG,EACH,qBAAqB,EACrB,eAAe,EACf,WAAW,EACX,SAAS,EACV,MAAM,YAAY,CAAA;AAInB,UAAU,cAAc;IACtB,IAAI,CAAC,EAAE,UAAU,GAAG,MAAM,CAAA;IAC1B,UAAU,EAAE,SAAS,EAAE,CAAA;IACvB,WAAW,EAAE,WAAW,CAAA;CACzB;AAED,UAAU,oBAAoB;IAC5B,GAAG,EAAE,MAAM,CAAA;IACX,UAAU,EAAE,SAAS,EAAE,CAAA;IACvB,WAAW,EAAE,WAAW,CAAA;CACzB;AAED,UAAU,oBAAoB;IAC5B,UAAU,EAAE,SAAS,EAAE,CAAA;IACvB,WAAW,EAAE,WAAW,CAAA;IACxB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,qBAAa,MAAM;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,eAAe,CAAA;IACvB,YAAY,EAAE,qBAAqB,CAAA;IAEnC;;;;;;;;;;;OAWG;gBACS,EAAE,OAAuB,EAAE,GAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO;IAiBlE;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,mBAAmB,CAAC,EACxB,UAAU,EACV,WAAW,EACX,SAAS,EACV,EAAE,oBAAoB,GAAG,OAAO,CAAC,eAAe,CAAC;IASlD;;;;;;;;;;;;;;;;;;OAkBG;IACG,mBAAmB,CAAC,EACxB,eAAe,EAChB,EAAE;QACD,eAAe,EAAE,eAAe,CAAA;KACjC,GAAG,OAAO,CAAC,eAAe,CAAC;IAK5B;;;;;;;;;;;;;;;;;;OAkBG;IACG,OAAO,CAAC,EACZ,IAAI,EACJ,UAAU,EACV,WAAW,EACZ,EAAE,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC;IAehC;;;;;;;;;OASG;IACG,aAAa,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,EAAE,oBAAoB,GAAG,OAAO,CAAC,GAAG,CAAC;IAOzE;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,OAAO,CAAC,EACZ,GAAG,EACH,eAAe,EAChB,EAAE;QACD,GAAG,EAAE,GAAG,CAAA;QACR,eAAe,EAAE,eAAe,CAAA;KACjC,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAK9B;;;;;;;;;;;OAWG;IACG,aAAa,CAAC,EAClB,GAAG,EACH,eAAe,EAChB,EAAE;QACD,GAAG,EAAE,GAAG,CAAA;QACR,eAAe,EAAE,eAAe,CAAA;KACjC,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAS1B;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,wBAAwB,CAAC,EAC7B,UAAU,EACV,WAAW,EACX,SAAS,EACV,EAAE,oBAAoB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IA4CrD;;;;;;;;OAQG;IACG,wBAAwB,CAAC,EAC7B,eAAe,EAChB,EAAE;QACD,eAAe,EAAE,eAAe,CAAA;KACjC,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAO/B;;;;;;;;;;;;;OAaG;IACG,gBAAgB,CAAC,EACrB,SAAS,EACT,gBAAgB,EAChB,GAAG,EACH,WAAW,EACZ,EAAE;QACD,SAAS,EAAE,SAAS,CAAA;QACpB,gBAAgB,EAAE,gBAAgB,CAAA;QAClC,GAAG,EAAE,UAAU,CAAA;QACf,WAAW,EAAE,WAAW,CAAA;KACzB,GAAG,OAAO,CAAC,SAAS,CAAC;CAwCvB"}