@interop/minimal-cipher 7.3.0 → 7.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +197 -21
- package/dist/Cipher.d.ts +29 -0
- package/dist/Cipher.d.ts.map +1 -1
- package/dist/Cipher.js +36 -0
- package/dist/Cipher.js.map +1 -1
- package/package.json +7 -7
package/README.md
CHANGED
|
@@ -8,7 +8,6 @@ library, secure algs only, browser-compatible.
|
|
|
8
8
|
|
|
9
9
|
## Table of Contents
|
|
10
10
|
|
|
11
|
-
- [Security](#security)
|
|
12
11
|
- [Background](#background)
|
|
13
12
|
- [Install](#install)
|
|
14
13
|
- [Usage](#usage)
|
|
@@ -16,10 +15,6 @@ library, secure algs only, browser-compatible.
|
|
|
16
15
|
- [Commercial Support](#commercial-support)
|
|
17
16
|
- [License](#license)
|
|
18
17
|
|
|
19
|
-
## Security
|
|
20
|
-
|
|
21
|
-
TBD
|
|
22
|
-
|
|
23
18
|
## Background
|
|
24
19
|
|
|
25
20
|
Every version of this library will only offer at most two algorithms for
|
|
@@ -84,8 +79,25 @@ Pick a Cipher interface (`recommended` or `fips`) and create an instance:
|
|
|
84
79
|
import { Cipher } from '@interop/minimal-cipher'
|
|
85
80
|
|
|
86
81
|
const cipher = new Cipher() // by default {version: 'recommended'}
|
|
82
|
+
|
|
83
|
+
// or, to use FIPS-validated algorithms:
|
|
84
|
+
const fipsCipher = new Cipher({ version: 'fips' })
|
|
87
85
|
```
|
|
88
86
|
|
|
87
|
+
Both versions produce the same JWE envelope structure -- ECDH-ES key agreement
|
|
88
|
+
that wraps the content encryption key (CEK) with AES Key Wrap (`A256KW`) -- and
|
|
89
|
+
differ only in the content-encryption cipher and the key-agreement curve:
|
|
90
|
+
|
|
91
|
+
| Version | Content encryption (`enc`) | Key agreement | Notes |
|
|
92
|
+
| ------------- | ---------------------------- | ------------- | ------------------------------------------------- |
|
|
93
|
+
| `recommended` | `XC20P` (XChaCha20-Poly1305) | X25519 | Default. Modern, fast; not on the NIST/FIPS list. |
|
|
94
|
+
| `fips` | `A256GCM` (AES-256-GCM) | NIST P-256 | Uses only FIPS 140-validated algorithms. |
|
|
95
|
+
|
|
96
|
+
Use `recommended` (the default) unless you have a specific FIPS requirement, in
|
|
97
|
+
which case use `fips`. Note that `version` controls the algorithms used to
|
|
98
|
+
**encrypt**, so it must match the kind of key agreement keys your recipients
|
|
99
|
+
have: X25519 keys for `recommended`, P-256 keys for `fips`.
|
|
100
|
+
|
|
89
101
|
### Encrypting
|
|
90
102
|
|
|
91
103
|
To encrypt something (to create a cipher, serialized as a JWE JSON document),
|
|
@@ -107,13 +119,14 @@ public/private key pairs that will be used to encrypt/decrypt the message):
|
|
|
107
119
|
const keyAgreementKey = await fetchFromSomewhere()
|
|
108
120
|
|
|
109
121
|
// or derive them from an existing Ed25519 signing key
|
|
110
|
-
import { X25519KeyAgreementKey2020 } from '@
|
|
111
|
-
import {
|
|
112
|
-
const keyPair = await
|
|
113
|
-
|
|
114
|
-
const keyAgreementKey =
|
|
115
|
-
|
|
116
|
-
|
|
122
|
+
import { X25519KeyAgreementKey2020 } from '@interop/x25519-key-agreement-key'
|
|
123
|
+
import { Ed25519VerificationKey } from '@interop/ed25519-verification-key'
|
|
124
|
+
const keyPair = await Ed25519VerificationKey.generate()
|
|
125
|
+
|
|
126
|
+
const keyAgreementKey =
|
|
127
|
+
X25519KeyAgreementKey2020.fromEd25519VerificationKey2020({
|
|
128
|
+
keyPair
|
|
129
|
+
})
|
|
117
130
|
// If the source key pair didn't have a controller set, don't forget to set one:
|
|
118
131
|
keyAgreementKey.controller = did // The controller's DID
|
|
119
132
|
keyAgreementKey.id = `${did}#${keyAgreementKey.fingerprint()}`
|
|
@@ -123,8 +136,11 @@ const didDoc = await veresDriver.get({ did })
|
|
|
123
136
|
const authnKey = didDoc.getVerificationMethod({
|
|
124
137
|
proofPurpose: 'authentication'
|
|
125
138
|
})
|
|
126
|
-
const edKeyPair = await
|
|
127
|
-
const
|
|
139
|
+
const edKeyPair = await Ed25519VerificationKey.from(authnKey)
|
|
140
|
+
const keyAgreementKey =
|
|
141
|
+
X25519KeyAgreementKey2020.fromEd25519VerificationKey2020({
|
|
142
|
+
keyPair: edKeyPair
|
|
143
|
+
})
|
|
128
144
|
|
|
129
145
|
const recipient = {
|
|
130
146
|
header: {
|
|
@@ -157,21 +173,46 @@ const keyResolver = async () => publicKeyNode
|
|
|
157
173
|
// A more advanced resolver based on DID doc authentication keys
|
|
158
174
|
const keyResolver = async ({ id }) => {
|
|
159
175
|
// Use veres driver to fetch the authn key directly
|
|
160
|
-
const keyPair = await
|
|
176
|
+
const keyPair = await Ed25519VerificationKey.from(
|
|
161
177
|
await veresDriver.get({ did: id })
|
|
162
178
|
)
|
|
163
179
|
// Convert authn key to key agreement key
|
|
164
|
-
return
|
|
180
|
+
return X25519KeyAgreementKey2020.fromEd25519VerificationKey2020({ keyPair })
|
|
165
181
|
}
|
|
166
182
|
```
|
|
167
183
|
|
|
168
184
|
```js
|
|
169
|
-
// Using did
|
|
170
|
-
|
|
185
|
+
// Using the did:key method driver as a key resolver
|
|
186
|
+
import { driver } from '@interop/did-method-key'
|
|
187
|
+
import { Ed25519VerificationKey } from '@interop/ed25519-verification-key'
|
|
188
|
+
|
|
189
|
+
const didKeyDriver = driver()
|
|
190
|
+
// Register Ed25519 keys, and derive an X25519 keyAgreement key when resolving
|
|
191
|
+
// (did:key identities are Ed25519 signing keys; encryption needs the derived
|
|
192
|
+
// X25519 key agreement key)
|
|
193
|
+
didKeyDriver.use({
|
|
194
|
+
keyPairClass: Ed25519VerificationKey,
|
|
195
|
+
enableEncryptionKeyDerivation: true
|
|
196
|
+
})
|
|
197
|
+
|
|
198
|
+
// The resolver is called with a key agreement key id (a did:key URL with a
|
|
199
|
+
// fragment) and returns the matching public key node
|
|
200
|
+
const keyResolver = async ({ id }) => didKeyDriver.get({ url: id })
|
|
171
201
|
```
|
|
172
202
|
|
|
203
|
+
#### Shortcut: `createRecipients`
|
|
204
|
+
|
|
205
|
+
If you already hold the recipient key-agreement keys (each with an `id` and the
|
|
206
|
+
public key material the algorithm reads, e.g. `X25519KeyAgreementKey2020`
|
|
207
|
+
instances), `cipher.createRecipients({ keys })` builds both the `recipients`
|
|
208
|
+
array and a matching by-id `keyResolver` for you -- no need to assemble the
|
|
209
|
+
headers or write a resolver. The header `alg` is taken from the cipher's key
|
|
210
|
+
agreement algorithm, so it always matches the version:
|
|
211
|
+
|
|
173
212
|
```js
|
|
174
|
-
|
|
213
|
+
const keys = [aliceKeyAgreementKey, bobKeyAgreementKey]
|
|
214
|
+
const { recipients, keyResolver } = cipher.createRecipients({ keys })
|
|
215
|
+
const jweDoc = await cipher.encryptObject({ obj, recipients, keyResolver })
|
|
175
216
|
```
|
|
176
217
|
|
|
177
218
|
Create the JWE:
|
|
@@ -186,6 +227,91 @@ const obj = { key: 'value' }
|
|
|
186
227
|
const jweDoc = await cipher.encryptObject({ obj, recipients, keyResolver })
|
|
187
228
|
```
|
|
188
229
|
|
|
230
|
+
To encrypt a binary blob, pass the bytes directly as a `Uint8Array`. There is no
|
|
231
|
+
need to text-encode the data first -- a `Uint8Array` is passed through to the
|
|
232
|
+
content-encryption step as-is, while a string is UTF-8 encoded for you:
|
|
233
|
+
|
|
234
|
+
```js
|
|
235
|
+
// To encrypt a binary blob
|
|
236
|
+
const data = new Uint8Array(await blob.arrayBuffer()) // e.g. from a browser Blob
|
|
237
|
+
const jweDoc = await cipher.encrypt({ data, recipients, keyResolver })
|
|
238
|
+
```
|
|
239
|
+
|
|
240
|
+
### Streaming encryption
|
|
241
|
+
|
|
242
|
+
`encrypt()` buffers the whole input in memory and produces a single JWE, which
|
|
243
|
+
is fine for small payloads. For large blobs or files, use the streaming API
|
|
244
|
+
instead: `createEncryptStream()` returns a WHATWG
|
|
245
|
+
[`TransformStream`][Streams API] that breaks the incoming data into chunks
|
|
246
|
+
(default `chunkSize` of 1 MiB) and emits one `{ jwe }` object per chunk, so the
|
|
247
|
+
data is never fully held in memory.
|
|
248
|
+
|
|
249
|
+
```js
|
|
250
|
+
// `stream` is a WHATWG ReadableStream of Uint8Array chunks
|
|
251
|
+
const encryptStream = await cipher.createEncryptStream({
|
|
252
|
+
recipients,
|
|
253
|
+
keyResolver,
|
|
254
|
+
chunkSize: 1048576 // optional; bytes per chunk, defaults to 1 MiB
|
|
255
|
+
})
|
|
256
|
+
|
|
257
|
+
// Each chunk read from the resulting stream is an object: { jwe }
|
|
258
|
+
const readable = stream.pipeThrough(encryptStream)
|
|
259
|
+
const reader = readable.getReader()
|
|
260
|
+
let done
|
|
261
|
+
let value
|
|
262
|
+
while (!done) {
|
|
263
|
+
;({ value, done } = await reader.read())
|
|
264
|
+
if (value) {
|
|
265
|
+
// store or upload value.jwe ...
|
|
266
|
+
}
|
|
267
|
+
}
|
|
268
|
+
```
|
|
269
|
+
|
|
270
|
+
This is how [`edv-client`](https://github.com/digitalbazaar/edv-client) encrypts
|
|
271
|
+
large documents: it pipes a user-supplied `ReadableStream` through
|
|
272
|
+
`createEncryptStream()` and stores each emitted `jwe` as a separate chunk.
|
|
273
|
+
|
|
274
|
+
### Encrypting with the FIPS version
|
|
275
|
+
|
|
276
|
+
The examples above use the default `recommended` version, whose key agreement
|
|
277
|
+
keys are X25519. To encrypt with FIPS-validated algorithms, construct the cipher
|
|
278
|
+
with `{ version: 'fips' }` and use NIST P-256 key agreement keys. Everything
|
|
279
|
+
else -- the `recipients` array, `keyResolver`, and the `encrypt*` calls -- works
|
|
280
|
+
the same way.
|
|
281
|
+
|
|
282
|
+
```js
|
|
283
|
+
import { Cipher } from '@interop/minimal-cipher'
|
|
284
|
+
import * as EcdsaMultikey from '@interop/ecdsa-multikey'
|
|
285
|
+
|
|
286
|
+
const cipher = new Cipher({ version: 'fips' })
|
|
287
|
+
|
|
288
|
+
// Generate (or load) a P-256 key agreement key for each recipient
|
|
289
|
+
const keyAgreementKey = await EcdsaMultikey.generate({
|
|
290
|
+
id: 'urn:123',
|
|
291
|
+
curve: 'P-256',
|
|
292
|
+
keyAgreement: true
|
|
293
|
+
})
|
|
294
|
+
|
|
295
|
+
// The recipient header is the same shape as the recommended version
|
|
296
|
+
const recipients = [
|
|
297
|
+
{ header: { kid: keyAgreementKey.id, alg: 'ECDH-ES+A256KW' } }
|
|
298
|
+
]
|
|
299
|
+
|
|
300
|
+
// `keyResolver` resolves each `kid` to the recipient's P-256 public key
|
|
301
|
+
const publicKeyNode = await keyAgreementKey.export({ publicKey: true })
|
|
302
|
+
const keyResolver = async () => publicKeyNode
|
|
303
|
+
|
|
304
|
+
const obj = { key: 'value' }
|
|
305
|
+
const jweDoc = await cipher.encryptObject({ obj, recipients, keyResolver })
|
|
306
|
+
```
|
|
307
|
+
|
|
308
|
+
To decrypt, pass the P-256 key agreement key (which can derive the shared
|
|
309
|
+
secret) as `keyAgreementKey`, exactly as with the recommended version:
|
|
310
|
+
|
|
311
|
+
```js
|
|
312
|
+
const object = await cipher.decryptObject({ jwe: jweDoc, keyAgreementKey })
|
|
313
|
+
```
|
|
314
|
+
|
|
189
315
|
### Decrypting
|
|
190
316
|
|
|
191
317
|
Decrypt a JWE JSON Document, using a private `keyAgreementKey`:
|
|
@@ -196,8 +322,58 @@ const data = await cipher.decrypt({ jwe, keyAgreementKey })
|
|
|
196
322
|
const object = await cipher.decryptObject({ jwe, keyAgreementKey })
|
|
197
323
|
```
|
|
198
324
|
|
|
199
|
-
|
|
200
|
-
`
|
|
325
|
+
To decrypt streamed (chunked) data, use `createDecryptStream()`. It returns a
|
|
326
|
+
[`TransformStream`][Streams API] that takes `{ jwe }` chunks (as produced by
|
|
327
|
+
`createEncryptStream()`) and outputs the decrypted `Uint8Array` chunks:
|
|
328
|
+
|
|
329
|
+
```js
|
|
330
|
+
// `stream` is a ReadableStream of { jwe } chunks
|
|
331
|
+
const decryptStream = await cipher.createDecryptStream({ keyAgreementKey })
|
|
332
|
+
const readable = stream.pipeThrough(decryptStream)
|
|
333
|
+
const reader = readable.getReader()
|
|
334
|
+
let done
|
|
335
|
+
let value
|
|
336
|
+
while (!done) {
|
|
337
|
+
;({ value, done } = await reader.read())
|
|
338
|
+
if (value) {
|
|
339
|
+
// value is a Uint8Array of decrypted bytes ...
|
|
340
|
+
}
|
|
341
|
+
}
|
|
342
|
+
```
|
|
343
|
+
|
|
344
|
+
### Key wrapping (the KEK interface)
|
|
345
|
+
|
|
346
|
+
Encryption uses two layers of keys. A randomly generated **content encryption
|
|
347
|
+
key (CEK)** encrypts the payload (with `A256GCM` or `XC20P`). That CEK is then
|
|
348
|
+
wrapped, once per recipient, by a **key encryption key (KEK)**, and the wrapped
|
|
349
|
+
result is stored as each recipient's `encrypted_key`. Decryption reverses this:
|
|
350
|
+
the KEK unwraps the CEK, which then decrypts the payload.
|
|
351
|
+
|
|
352
|
+
You do not construct or pass a KEK yourself. Because the cipher uses ECDH-ES key
|
|
353
|
+
agreement, each KEK is derived internally, per recipient, from a shared secret
|
|
354
|
+
between an ephemeral key and a recipient's static key agreement key. The
|
|
355
|
+
recipient is identified in the JWE by its key agreement key id (the `kid` in the
|
|
356
|
+
recipient header), which `keyResolver` maps to a public key -- the KEK itself is
|
|
357
|
+
ephemeral and has no identity of its own.
|
|
358
|
+
|
|
359
|
+
A KEK object implements the following interface:
|
|
360
|
+
|
|
361
|
+
```ts
|
|
362
|
+
interface KEK {
|
|
363
|
+
// The key-wrapping algorithm, e.g. { name: 'A256KW' }.
|
|
364
|
+
algorithm: { name: string }
|
|
365
|
+
|
|
366
|
+
// Wraps the CEK bytes; resolves to the base64url-encoded wrapped key.
|
|
367
|
+
wrapKey(options: { unwrappedKey: Uint8Array }): Promise<string>
|
|
368
|
+
|
|
369
|
+
// Unwraps a base64url-encoded wrapped key; resolves to the CEK bytes,
|
|
370
|
+
// or null if unwrapping fails (e.g. this KEK does not match the recipient).
|
|
371
|
+
unwrapKey(options: { wrappedKey: string }): Promise<Uint8Array | null>
|
|
372
|
+
}
|
|
373
|
+
```
|
|
374
|
+
|
|
375
|
+
The built-in implementation wraps the CEK with AES Key Wrap (`A256KW`) using the
|
|
376
|
+
Web Crypto API; see `src/algorithms/aeskw.ts`.
|
|
201
377
|
|
|
202
378
|
## Contribute
|
|
203
379
|
|
package/dist/Cipher.d.ts
CHANGED
|
@@ -36,6 +36,35 @@ export declare class Cipher {
|
|
|
36
36
|
constructor({ version }?: {
|
|
37
37
|
version?: string;
|
|
38
38
|
});
|
|
39
|
+
/**
|
|
40
|
+
* Builds the `recipients` array and a matching `keyResolver` from a set of
|
|
41
|
+
* recipient key-agreement keys, for use with `encrypt`/`encryptObject` (and
|
|
42
|
+
* the stream/transformer variants). Saves callers from assembling the
|
|
43
|
+
* recipient headers and a by-id resolver by hand.
|
|
44
|
+
*
|
|
45
|
+
* Each key must expose an `id` (used as the JWE recipient `kid`) and the
|
|
46
|
+
* public key material the key agreement algorithm reads -- for X25519, a
|
|
47
|
+
* `publicKeyMultibase` (e.g. an `X25519KeyAgreementKey2020` instance or its
|
|
48
|
+
* exported public key). The recipient header `alg` is taken from this
|
|
49
|
+
* cipher's key agreement algorithm (`this.keyAgreement.JWE_ALG`), so it
|
|
50
|
+
* always matches the cipher version. The returned `keyResolver` looks a
|
|
51
|
+
* recipient up by `id` and throws when asked for an unknown key.
|
|
52
|
+
*
|
|
53
|
+
* @param {object} options - Options.
|
|
54
|
+
* @param {Array} options.keys - Recipient key-agreement keys, each with an
|
|
55
|
+
* `id` and the public key material the algorithm reads.
|
|
56
|
+
*
|
|
57
|
+
* @returns {{recipients: IRecipientTemplate[], keyResolver: IKeyResolver}}
|
|
58
|
+
* The `recipients` array and the `keyResolver` to pass to `encrypt`.
|
|
59
|
+
*/
|
|
60
|
+
createRecipients({ keys }: {
|
|
61
|
+
keys: {
|
|
62
|
+
id: string;
|
|
63
|
+
}[];
|
|
64
|
+
}): {
|
|
65
|
+
recipients: IRecipientTemplate[];
|
|
66
|
+
keyResolver: IKeyResolver;
|
|
67
|
+
};
|
|
39
68
|
/**
|
|
40
69
|
* Creates a TransformStream that will encrypt some data for one or more
|
|
41
70
|
* recipients and output a stream of chunks, each containing an object
|
package/dist/Cipher.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Cipher.d.ts","sourceRoot":"","sources":["../src/Cipher.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAE5D,OAAO,KAAK,EACV,IAAI,EACJ,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,kBAAkB,EACnB,MAAM,8BAA8B,CAAA;AACrC,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACtB,MAAM,YAAY,CAAA;AAInB,UAAU,cAAc;IACtB,IAAI,CAAC,EAAE,UAAU,GAAG,MAAM,CAAA;IAC1B,UAAU,EAAE,kBAAkB,EAAE,CAAA;IAChC,WAAW,EAAE,YAAY,CAAA;CAC1B;AAED,UAAU,oBAAoB;IAC5B,GAAG,EAAE,MAAM,CAAA;IACX,UAAU,EAAE,kBAAkB,EAAE,CAAA;IAChC,WAAW,EAAE,YAAY,CAAA;CAC1B;AAED,UAAU,oBAAoB;IAC5B,UAAU,EAAE,kBAAkB,EAAE,CAAA;IAChC,WAAW,EAAE,YAAY,CAAA;IACzB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,qBAAa,MAAM;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,eAAe,CAAA;IACvB,YAAY,EAAE,qBAAqB,CAAA;IAEnC;;;;;;;;;;;OAWG;gBACS,EAAE,OAAuB,EAAE,GAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO;IAiBlE;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,mBAAmB,CAAC,EACxB,UAAU,EACV,WAAW,EACX,SAAS,EACV,EAAE,oBAAoB,GAAG,OAAO,CAAC,eAAe,CAAC;IASlD;;;;;;;;;;;;;;;;;;OAkBG;IACG,mBAAmB,CAAC,EACxB,eAAe,EAChB,EAAE;QACD,eAAe,EAAE,gBAAgB,CAAA;KAClC,GAAG,OAAO,CAAC,eAAe,CAAC;IAK5B;;;;;;;;;;;;;;;;;;OAkBG;IACG,OAAO,CAAC,EACZ,IAAI,EACJ,UAAU,EACV,WAAW,EACZ,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAejC;;;;;;;;;OASG;IACG,aAAa,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;IAO1E;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,OAAO,CAAC,EACZ,GAAG,EACH,eAAe,EAChB,EAAE;QACD,GAAG,EAAE,IAAI,CAAA;QACT,eAAe,EAAE,gBAAgB,CAAA;KAClC,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAK9B;;;;;;;;;;;OAWG;IACG,aAAa,CAAC,EAClB,GAAG,EACH,eAAe,EAChB,EAAE;QACD,GAAG,EAAE,IAAI,CAAA;QACT,eAAe,EAAE,gBAAgB,CAAA;KAClC,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAS1B;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,wBAAwB,CAAC,EAC7B,UAAU,EACV,WAAW,EACX,SAAS,EACV,EAAE,oBAAoB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IA4CrD;;;;;;;;OAQG;IACG,wBAAwB,CAAC,EAC7B,eAAe,EAChB,EAAE;QACD,eAAe,EAAE,gBAAgB,CAAA;KAClC,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAO/B;;;;;;;;;;;;;OAaG;IACG,gBAAgB,CAAC,EACrB,SAAS,EACT,gBAAgB,EAChB,GAAG,EACH,WAAW,EACZ,EAAE;QACD,SAAS,EAAE,kBAAkB,CAAA;QAC7B,gBAAgB,EAAE,gBAAgB,CAAA;QAClC,GAAG,EAAE,UAAU,CAAA;QACf,WAAW,EAAE,YAAY,CAAA;KAC1B,GAAG,OAAO,CAAC,UAAU,CAAC;CAwCxB"}
|
|
1
|
+
{"version":3,"file":"Cipher.d.ts","sourceRoot":"","sources":["../src/Cipher.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAE5D,OAAO,KAAK,EACV,IAAI,EACJ,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,kBAAkB,EACnB,MAAM,8BAA8B,CAAA;AACrC,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACtB,MAAM,YAAY,CAAA;AAInB,UAAU,cAAc;IACtB,IAAI,CAAC,EAAE,UAAU,GAAG,MAAM,CAAA;IAC1B,UAAU,EAAE,kBAAkB,EAAE,CAAA;IAChC,WAAW,EAAE,YAAY,CAAA;CAC1B;AAED,UAAU,oBAAoB;IAC5B,GAAG,EAAE,MAAM,CAAA;IACX,UAAU,EAAE,kBAAkB,EAAE,CAAA;IAChC,WAAW,EAAE,YAAY,CAAA;CAC1B;AAED,UAAU,oBAAoB;IAC5B,UAAU,EAAE,kBAAkB,EAAE,CAAA;IAChC,WAAW,EAAE,YAAY,CAAA;IACzB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,qBAAa,MAAM;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,eAAe,CAAA;IACvB,YAAY,EAAE,qBAAqB,CAAA;IAEnC;;;;;;;;;;;OAWG;gBACS,EAAE,OAAuB,EAAE,GAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO;IAiBlE;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,gBAAgB,CAAC,EAAE,IAAI,EAAE,EAAE;QAAE,IAAI,EAAE;YAAE,EAAE,EAAE,MAAM,CAAA;SAAE,EAAE,CAAA;KAAE,GAAG;QACtD,UAAU,EAAE,kBAAkB,EAAE,CAAA;QAChC,WAAW,EAAE,YAAY,CAAA;KAC1B;IAgBD;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,mBAAmB,CAAC,EACxB,UAAU,EACV,WAAW,EACX,SAAS,EACV,EAAE,oBAAoB,GAAG,OAAO,CAAC,eAAe,CAAC;IASlD;;;;;;;;;;;;;;;;;;OAkBG;IACG,mBAAmB,CAAC,EACxB,eAAe,EAChB,EAAE;QACD,eAAe,EAAE,gBAAgB,CAAA;KAClC,GAAG,OAAO,CAAC,eAAe,CAAC;IAK5B;;;;;;;;;;;;;;;;;;OAkBG;IACG,OAAO,CAAC,EACZ,IAAI,EACJ,UAAU,EACV,WAAW,EACZ,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAejC;;;;;;;;;OASG;IACG,aAAa,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;IAO1E;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,OAAO,CAAC,EACZ,GAAG,EACH,eAAe,EAChB,EAAE;QACD,GAAG,EAAE,IAAI,CAAA;QACT,eAAe,EAAE,gBAAgB,CAAA;KAClC,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAK9B;;;;;;;;;;;OAWG;IACG,aAAa,CAAC,EAClB,GAAG,EACH,eAAe,EAChB,EAAE;QACD,GAAG,EAAE,IAAI,CAAA;QACT,eAAe,EAAE,gBAAgB,CAAA;KAClC,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAS1B;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,wBAAwB,CAAC,EAC7B,UAAU,EACV,WAAW,EACX,SAAS,EACV,EAAE,oBAAoB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IA4CrD;;;;;;;;OAQG;IACG,wBAAwB,CAAC,EAC7B,eAAe,EAChB,EAAE;QACD,eAAe,EAAE,gBAAgB,CAAA;KAClC,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAO/B;;;;;;;;;;;;;OAaG;IACG,gBAAgB,CAAC,EACrB,SAAS,EACT,gBAAgB,EAChB,GAAG,EACH,WAAW,EACZ,EAAE;QACD,SAAS,EAAE,kBAAkB,CAAA;QAC7B,gBAAgB,EAAE,gBAAgB,CAAA;QAClC,GAAG,EAAE,UAAU,CAAA;QACf,WAAW,EAAE,YAAY,CAAA;KAC1B,GAAG,OAAO,CAAC,UAAU,CAAC;CAwCxB"}
|
package/dist/Cipher.js
CHANGED
|
@@ -41,6 +41,42 @@ export class Cipher {
|
|
|
41
41
|
this.keyAgreement = recAlgorithm.keyAgreement;
|
|
42
42
|
}
|
|
43
43
|
}
|
|
44
|
+
/**
|
|
45
|
+
* Builds the `recipients` array and a matching `keyResolver` from a set of
|
|
46
|
+
* recipient key-agreement keys, for use with `encrypt`/`encryptObject` (and
|
|
47
|
+
* the stream/transformer variants). Saves callers from assembling the
|
|
48
|
+
* recipient headers and a by-id resolver by hand.
|
|
49
|
+
*
|
|
50
|
+
* Each key must expose an `id` (used as the JWE recipient `kid`) and the
|
|
51
|
+
* public key material the key agreement algorithm reads -- for X25519, a
|
|
52
|
+
* `publicKeyMultibase` (e.g. an `X25519KeyAgreementKey2020` instance or its
|
|
53
|
+
* exported public key). The recipient header `alg` is taken from this
|
|
54
|
+
* cipher's key agreement algorithm (`this.keyAgreement.JWE_ALG`), so it
|
|
55
|
+
* always matches the cipher version. The returned `keyResolver` looks a
|
|
56
|
+
* recipient up by `id` and throws when asked for an unknown key.
|
|
57
|
+
*
|
|
58
|
+
* @param {object} options - Options.
|
|
59
|
+
* @param {Array} options.keys - Recipient key-agreement keys, each with an
|
|
60
|
+
* `id` and the public key material the algorithm reads.
|
|
61
|
+
*
|
|
62
|
+
* @returns {{recipients: IRecipientTemplate[], keyResolver: IKeyResolver}}
|
|
63
|
+
* The `recipients` array and the `keyResolver` to pass to `encrypt`.
|
|
64
|
+
*/
|
|
65
|
+
createRecipients({ keys }) {
|
|
66
|
+
const alg = this.keyAgreement.JWE_ALG;
|
|
67
|
+
const byId = new Map(keys.map(key => [key.id, key]));
|
|
68
|
+
const recipients = keys.map(key => ({
|
|
69
|
+
header: { kid: key.id, alg }
|
|
70
|
+
}));
|
|
71
|
+
const keyResolver = async ({ id }) => {
|
|
72
|
+
const key = id ? byId.get(id) : undefined;
|
|
73
|
+
if (!key) {
|
|
74
|
+
throw new Error(`No public key for recipient "${id}".`);
|
|
75
|
+
}
|
|
76
|
+
return key;
|
|
77
|
+
};
|
|
78
|
+
return { recipients, keyResolver };
|
|
79
|
+
}
|
|
44
80
|
/**
|
|
45
81
|
* Creates a TransformStream that will encrypt some data for one or more
|
|
46
82
|
* recipients and output a stream of chunks, each containing an object
|
package/dist/Cipher.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Cipher.js","sourceRoot":"","sources":["../src/Cipher.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAA;AACtC,OAAO,KAAK,aAAa,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,YAAY,MAAM,6BAA6B,CAAA;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAA;AAc9C,MAAM,QAAQ,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAA;AAoBxC,MAAM,OAAO,MAAM;IACjB,OAAO,CAAQ;IACf,MAAM,CAAiB;IACvB,YAAY,CAAuB;IAEnC;;;;;;;;;;;OAWG;IACH,YAAY,EAAE,OAAO,GAAG,aAAa,KAA2B,EAAE;QAChE,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAChC,MAAM,IAAI,SAAS,CAAC,6BAA6B,CAAC,CAAA;QACpD,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,IAAI,CAAC,CAAA;QACtD,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YACvB,IAAI,CAAC,MAAM,GAAG,aAAa,CAAC,MAAM,CAAA;YAClC,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC,YAAY,CAAA;QAChD,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAA;YACjC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC,YAAY,CAAA;QAC/C,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,KAAK,CAAC,mBAAmB,CAAC,EACxB,UAAU,EACV,WAAW,EACX,SAAS,EACY;QACrB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC;YACtD,UAAU;YACV,WAAW;YACX,SAAS;SACV,CAAC,CAAA;QACF,OAAO,IAAI,eAAe,CAAC,WAAW,CAAC,CAAA;IACzC,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,KAAK,CAAC,mBAAmB,CAAC,EACxB,eAAe,EAGhB;QACC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,EAAE,eAAe,EAAE,CAAC,CAAA;QAC5E,OAAO,IAAI,eAAe,CAAC,WAAW,CAAC,CAAA;IACzC,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,KAAK,CAAC,OAAO,CAAC,EACZ,IAAI,EACJ,UAAU,EACV,WAAW,EACI;QACf,IAAI,CAAC,CAAC,IAAI,YAAY,UAAU,CAAC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9D,MAAM,IAAI,SAAS,CAAC,0CAA0C,CAAC,CAAA;QACjE,CAAC;QACD,IAAI,KAAK,GAAwB,IAAI,CAAA;QACrC,IAAI,IAAI,EAAE,CAAC;YACT,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAA;QAClC,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC;YACtD,UAAU;YACV,WAAW;SACZ,CAAC,CAAA;QACF,OAAO,WAAW,CAAC,OAAO,CAAC,KAAmB,CAAC,CAAA;IACjD,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,aAAa,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,EAAwB;QACxD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CAAC,0BAA0B,CAAC,CAAA;QACjD,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,CAAA;IAC7D,CAAC;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,KAAK,CAAC,OAAO,CAAC,EACZ,GAAG,EACH,eAAe,EAIhB;QACC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,EAAE,eAAe,EAAE,CAAC,CAAA;QAC5E,OAAO,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjC,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,aAAa,CAAC,EAClB,GAAG,EACH,eAAe,EAIhB;QACC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,eAAe,EAAE,CAAC,CAAA;QACzD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,oBAAoB;YACpB,OAAO,IAAI,CAAA;QACb,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAA;IACnD,CAAC;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,KAAK,CAAC,wBAAwB,CAAC,EAC7B,UAAU,EACV,WAAW,EACX,SAAS,EACY;QACrB,IAAI,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;YAC1D,MAAM,IAAI,SAAS,CAAC,yCAAyC,CAAC,CAAA;QAChE,CAAC;QACD,kEAAkE;QAClE,MAAM,EAAE,YAAY,EAAE,GAAG,IAAI,CAAA;QAC7B,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,YAAY,CAAA;QACrC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,GAAG,KAAK,GAAG,CAAC,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,0CAA0C,GAAG,IAAI,CAAC,CAAA;QACpE,CAAC;QACD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;QAEvB,4CAA4C;QAC5C,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,WAAW,EAAE,CAAA;QAEtC,4DAA4D;QAC5D,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,wBAAwB,EAAE,CAAA;QAEtE,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,GAAG,CACzC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CACzB,IAAI,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,gBAAgB,EAAE,WAAW,EAAE,CAAC,CACzE,CACF,CAAA;QAED,wEAAwE;QACxE,+CAA+C;QAC/C,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAA;QAC1B,MAAM,kBAAkB,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,CAAC,CAAA;QAClD,MAAM,sBAAsB,GAAG,SAAS,CAAC,MAAM,CAC7C,kBAAkB,CAAC,kBAAkB,CAAC,CACvC,CAAA;QACD,gEAAgE;QAChE,MAAM,cAAc,GAAG,kBAAkB,CAAC,sBAAsB,CAAC,CAAA;QAEjE,OAAO,IAAI,kBAAkB,CAAC;YAC5B,UAAU,EAAE,iBAAiB;YAC7B,sBAAsB;YACtB,MAAM;YACN,cAAc;YACd,GAAG;YACH,SAAS;SACV,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,wBAAwB,CAAC,EAC7B,eAAe,EAGhB;QACC,OAAO,IAAI,kBAAkB,CAAC;YAC5B,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,eAAe;SAChB,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,gBAAgB,CAAC,EACrB,SAAS,EACT,gBAAgB,EAChB,GAAG,EACH,WAAW,EAMZ;QACC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,SAAS,CAAC,kCAAkC,CAAC,CAAA;QACzD,CAAC;QACD,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,IAAI,SAAS,CAAC,yCAAyC,CAAC,CAAA;QAChE,CAAC;QACD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,SAAS,CAAC,4BAA4B,CAAC,CAAA;QACnD,CAAC;QACD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC,CAAA;QAC3D,CAAC;QACD,sCAAsC;QACtC,MAAM,EAAE,YAAY,EAAE,GAAG,IAAI,CAAA;QAC7B,MAAM,eAAe,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAA;QACvE,iCAAiC;QACjC,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,iBAAiB,CAAC;YACzD,gBAAgB;YAChB,eAAe;SAChB,CAAC,CAAA;QACF,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,aAAa,CAAA;QAC5C,MAAM,MAAM,GAAG;YACb,4BAA4B;YAC5B,+BAA+B;YAC/B,GAAG,SAAS,CAAC,MAAM;YACnB,uBAAuB;YACvB,GAAG;YACH,8CAA8C;YAC9C,GAAG;YACH,sCAAsC;YACtC,GAAG;SACJ,CAAA;QACD,OAAO;YACL,GAAG,SAAS;YACZ,MAAM;YACN,kEAAkE;YAClE,aAAa,EAAE,MAAM,GAAG,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC;SACxD,CAAA;IACH,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"Cipher.js","sourceRoot":"","sources":["../src/Cipher.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAA;AACtC,OAAO,KAAK,aAAa,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,YAAY,MAAM,6BAA6B,CAAA;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAA;AAc9C,MAAM,QAAQ,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAA;AAoBxC,MAAM,OAAO,MAAM;IACjB,OAAO,CAAQ;IACf,MAAM,CAAiB;IACvB,YAAY,CAAuB;IAEnC;;;;;;;;;;;OAWG;IACH,YAAY,EAAE,OAAO,GAAG,aAAa,KAA2B,EAAE;QAChE,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAChC,MAAM,IAAI,SAAS,CAAC,6BAA6B,CAAC,CAAA;QACpD,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,IAAI,CAAC,CAAA;QACtD,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YACvB,IAAI,CAAC,MAAM,GAAG,aAAa,CAAC,MAAM,CAAA;YAClC,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC,YAAY,CAAA;QAChD,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAA;YACjC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC,YAAY,CAAA;QAC/C,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,gBAAgB,CAAC,EAAE,IAAI,EAA8B;QAInD,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAA;QACrC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAA;QACpD,MAAM,UAAU,GAAyB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACxD,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE;SAC7B,CAAC,CAAC,CAAA;QACH,MAAM,WAAW,GAAiB,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;YACjD,MAAM,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YACzC,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,MAAM,IAAI,KAAK,CAAC,gCAAgC,EAAE,IAAI,CAAC,CAAA;YACzD,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC,CAAA;QACD,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,CAAA;IACpC,CAAC;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,KAAK,CAAC,mBAAmB,CAAC,EACxB,UAAU,EACV,WAAW,EACX,SAAS,EACY;QACrB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC;YACtD,UAAU;YACV,WAAW;YACX,SAAS;SACV,CAAC,CAAA;QACF,OAAO,IAAI,eAAe,CAAC,WAAW,CAAC,CAAA;IACzC,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,KAAK,CAAC,mBAAmB,CAAC,EACxB,eAAe,EAGhB;QACC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,EAAE,eAAe,EAAE,CAAC,CAAA;QAC5E,OAAO,IAAI,eAAe,CAAC,WAAW,CAAC,CAAA;IACzC,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,KAAK,CAAC,OAAO,CAAC,EACZ,IAAI,EACJ,UAAU,EACV,WAAW,EACI;QACf,IAAI,CAAC,CAAC,IAAI,YAAY,UAAU,CAAC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9D,MAAM,IAAI,SAAS,CAAC,0CAA0C,CAAC,CAAA;QACjE,CAAC;QACD,IAAI,KAAK,GAAwB,IAAI,CAAA;QACrC,IAAI,IAAI,EAAE,CAAC;YACT,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAA;QAClC,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC;YACtD,UAAU;YACV,WAAW;SACZ,CAAC,CAAA;QACF,OAAO,WAAW,CAAC,OAAO,CAAC,KAAmB,CAAC,CAAA;IACjD,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,aAAa,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,EAAwB;QACxD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CAAC,0BAA0B,CAAC,CAAA;QACjD,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,CAAA;IAC7D,CAAC;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,KAAK,CAAC,OAAO,CAAC,EACZ,GAAG,EACH,eAAe,EAIhB;QACC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,EAAE,eAAe,EAAE,CAAC,CAAA;QAC5E,OAAO,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjC,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,aAAa,CAAC,EAClB,GAAG,EACH,eAAe,EAIhB;QACC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,eAAe,EAAE,CAAC,CAAA;QACzD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,oBAAoB;YACpB,OAAO,IAAI,CAAA;QACb,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAA;IACnD,CAAC;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,KAAK,CAAC,wBAAwB,CAAC,EAC7B,UAAU,EACV,WAAW,EACX,SAAS,EACY;QACrB,IAAI,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;YAC1D,MAAM,IAAI,SAAS,CAAC,yCAAyC,CAAC,CAAA;QAChE,CAAC;QACD,kEAAkE;QAClE,MAAM,EAAE,YAAY,EAAE,GAAG,IAAI,CAAA;QAC7B,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,YAAY,CAAA;QACrC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,GAAG,KAAK,GAAG,CAAC,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,0CAA0C,GAAG,IAAI,CAAC,CAAA;QACpE,CAAC;QACD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;QAEvB,4CAA4C;QAC5C,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,WAAW,EAAE,CAAA;QAEtC,4DAA4D;QAC5D,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,wBAAwB,EAAE,CAAA;QAEtE,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,GAAG,CACzC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CACzB,IAAI,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,gBAAgB,EAAE,WAAW,EAAE,CAAC,CACzE,CACF,CAAA;QAED,wEAAwE;QACxE,+CAA+C;QAC/C,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAA;QAC1B,MAAM,kBAAkB,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,CAAC,CAAA;QAClD,MAAM,sBAAsB,GAAG,SAAS,CAAC,MAAM,CAC7C,kBAAkB,CAAC,kBAAkB,CAAC,CACvC,CAAA;QACD,gEAAgE;QAChE,MAAM,cAAc,GAAG,kBAAkB,CAAC,sBAAsB,CAAC,CAAA;QAEjE,OAAO,IAAI,kBAAkB,CAAC;YAC5B,UAAU,EAAE,iBAAiB;YAC7B,sBAAsB;YACtB,MAAM;YACN,cAAc;YACd,GAAG;YACH,SAAS;SACV,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,wBAAwB,CAAC,EAC7B,eAAe,EAGhB;QACC,OAAO,IAAI,kBAAkB,CAAC;YAC5B,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,eAAe;SAChB,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,gBAAgB,CAAC,EACrB,SAAS,EACT,gBAAgB,EAChB,GAAG,EACH,WAAW,EAMZ;QACC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,SAAS,CAAC,kCAAkC,CAAC,CAAA;QACzD,CAAC;QACD,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,IAAI,SAAS,CAAC,yCAAyC,CAAC,CAAA;QAChE,CAAC;QACD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,SAAS,CAAC,4BAA4B,CAAC,CAAA;QACnD,CAAC;QACD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC,CAAA;QAC3D,CAAC;QACD,sCAAsC;QACtC,MAAM,EAAE,YAAY,EAAE,GAAG,IAAI,CAAA;QAC7B,MAAM,eAAe,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAA;QACvE,iCAAiC;QACjC,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,iBAAiB,CAAC;YACzD,gBAAgB;YAChB,eAAe;SAChB,CAAC,CAAA;QACF,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,aAAa,CAAA;QAC5C,MAAM,MAAM,GAAG;YACb,4BAA4B;YAC5B,+BAA+B;YAC/B,GAAG,SAAS,CAAC,MAAM;YACnB,uBAAuB;YACvB,GAAG;YACH,8CAA8C;YAC9C,GAAG;YACH,sCAAsC;YACtC,GAAG;SACJ,CAAA;QACD,OAAO;YACL,GAAG,SAAS;YACZ,MAAM;YACN,kEAAkE;YAClE,aAAa,EAAE,MAAM,GAAG,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC;SACxD,CAAA;IACH,CAAC;CACF"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@interop/minimal-cipher",
|
|
3
|
-
"version": "7.
|
|
3
|
+
"version": "7.4.1",
|
|
4
4
|
"description": "Minimal encryption/decryption JWE library.",
|
|
5
5
|
"license": "BSD-3-Clause",
|
|
6
6
|
"type": "module",
|
|
@@ -40,8 +40,8 @@
|
|
|
40
40
|
"test:coverage": "vitest run --coverage"
|
|
41
41
|
},
|
|
42
42
|
"dependencies": {
|
|
43
|
-
"@interop/data-integrity-core": "^8.
|
|
44
|
-
"@interop/ecdsa-multikey": "^2.3.
|
|
43
|
+
"@interop/data-integrity-core": "^8.1.0",
|
|
44
|
+
"@interop/ecdsa-multikey": "^2.3.2",
|
|
45
45
|
"@noble/curves": "^2.2.0",
|
|
46
46
|
"@scure/base": "^2.2.0",
|
|
47
47
|
"@stablelib/chacha": "^2.0.1",
|
|
@@ -49,10 +49,10 @@
|
|
|
49
49
|
},
|
|
50
50
|
"devDependencies": {
|
|
51
51
|
"@eslint/js": "^10.0.1",
|
|
52
|
-
"@interop/did-io": "^4.0.
|
|
53
|
-
"@interop/did-method-key": "^7.3.
|
|
54
|
-
"@interop/ed25519-verification-key": "^8.0.
|
|
55
|
-
"@interop/x25519-key-agreement-key": "^5.
|
|
52
|
+
"@interop/did-io": "^4.0.6",
|
|
53
|
+
"@interop/did-method-key": "^7.3.3",
|
|
54
|
+
"@interop/ed25519-verification-key": "^8.0.2",
|
|
55
|
+
"@interop/x25519-key-agreement-key": "^5.1.0",
|
|
56
56
|
"@playwright/test": "^1.60.0",
|
|
57
57
|
"@types/node": "^25.9.1",
|
|
58
58
|
"@vitest/coverage-v8": "^4.1.7",
|