@keyhive/keyhive 0.1.0-alpha.3 → 0.1.0-alpha.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/pkg/keyhive_wasm.d.ts +55 -18
- package/pkg/keyhive_wasm.js +1 -1
- package/pkg/keyhive_wasm_bg.js +206 -85
- package/pkg/keyhive_wasm_bg.wasm +0 -0
- package/pkg/keyhive_wasm_bg.wasm.d.ts +115 -108
- package/pkg-node/keyhive_wasm.d.ts +55 -18
- package/pkg-node/keyhive_wasm.js +209 -85
- package/pkg-node/keyhive_wasm_bg.wasm +0 -0
- package/pkg-node/keyhive_wasm_bg.wasm.d.ts +115 -108
- package/pkg-slim/keyhive_wasm.d.ts +170 -126
- package/pkg-slim/keyhive_wasm.js +206 -85
- package/pkg-slim/keyhive_wasm_bg.wasm +0 -0
- package/pkg-slim/keyhive_wasm_bg.wasm.base64.js +1 -1
- package/pkg-slim/keyhive_wasm_bg.wasm.d.ts +115 -108
package/package.json
CHANGED
package/pkg/keyhive_wasm.d.ts
CHANGED
|
@@ -10,23 +10,13 @@ export class Access {
|
|
|
10
10
|
}
|
|
11
11
|
|
|
12
12
|
/**
|
|
13
|
-
* The result of adding a member: the membership delegation
|
|
14
|
-
* secrets produced by auto-rekeying a non-forward-secret document on add.
|
|
13
|
+
* The result of adding a member: the membership delegation.
|
|
15
14
|
*/
|
|
16
15
|
export class AddMemberUpdate {
|
|
17
16
|
private constructor();
|
|
18
17
|
free(): void;
|
|
19
18
|
[Symbol.dispose](): void;
|
|
20
19
|
readonly delegation: SignedDelegation;
|
|
21
|
-
/**
|
|
22
|
-
* New leaf secret keypairs from auto-rekeying a non-forward-secret document
|
|
23
|
-
* when this reader was added, serialized as a
|
|
24
|
-
* `BTreeMap<ShareKey, ShareSecretKey>` (the format `importPrekeySecrets`
|
|
25
|
-
* accepts). A sibling instance of this identity (e.g. a tab and its
|
|
26
|
-
* SharedWorker) installs them to derive the rotated key. `undefined` when
|
|
27
|
-
* no rotation occurred (a forward-secret document).
|
|
28
|
-
*/
|
|
29
|
-
readonly leafSecrets: Uint8Array | undefined;
|
|
30
20
|
}
|
|
31
21
|
|
|
32
22
|
export class Agent {
|
|
@@ -135,6 +125,23 @@ export class ContactCard {
|
|
|
135
125
|
readonly shareKey: ShareKey;
|
|
136
126
|
}
|
|
137
127
|
|
|
128
|
+
/**
|
|
129
|
+
* Plaintext plus the application secret key that decrypted it.
|
|
130
|
+
*
|
|
131
|
+
* The key lets the consumer recover the blob's external predecessor-secret
|
|
132
|
+
* chain and chain further encryptions onto it, without re-entering CGKA.
|
|
133
|
+
*/
|
|
134
|
+
export class DecryptedWithKey {
|
|
135
|
+
private constructor();
|
|
136
|
+
free(): void;
|
|
137
|
+
[Symbol.dispose](): void;
|
|
138
|
+
/**
|
|
139
|
+
* The 32-byte application secret key used to decrypt this content.
|
|
140
|
+
*/
|
|
141
|
+
readonly applicationSecret: Uint8Array;
|
|
142
|
+
readonly plaintext: Uint8Array;
|
|
143
|
+
}
|
|
144
|
+
|
|
138
145
|
export class Delegation {
|
|
139
146
|
private constructor();
|
|
140
147
|
free(): void;
|
|
@@ -183,6 +190,12 @@ export class Encrypted {
|
|
|
183
190
|
private constructor();
|
|
184
191
|
free(): void;
|
|
185
192
|
[Symbol.dispose](): void;
|
|
193
|
+
/**
|
|
194
|
+
* Decrypt this content with an explicit 32-byte application secret key,
|
|
195
|
+
* bypassing CGKA. The consumer uses this to follow the external
|
|
196
|
+
* predecessor-secret chain once it has recovered a blob's key.
|
|
197
|
+
*/
|
|
198
|
+
decryptWithKey(key: Uint8Array): Uint8Array;
|
|
186
199
|
static fromBytes(bytes: Uint8Array): Encrypted;
|
|
187
200
|
serialize(): Uint8Array;
|
|
188
201
|
toBytes(): Uint8Array;
|
|
@@ -199,6 +212,13 @@ export class EncryptedContentWithUpdate {
|
|
|
199
212
|
[Symbol.dispose](): void;
|
|
200
213
|
encrypted_content(): Encrypted;
|
|
201
214
|
update_op(): SignedCgkaOperation | undefined;
|
|
215
|
+
/**
|
|
216
|
+
* The 32-byte application secret key used to encrypt this content.
|
|
217
|
+
*
|
|
218
|
+
* Lets the consumer build the external predecessor-secret chain and chain
|
|
219
|
+
* further encryptions onto this blob.
|
|
220
|
+
*/
|
|
221
|
+
readonly applicationSecret: Uint8Array;
|
|
202
222
|
}
|
|
203
223
|
|
|
204
224
|
export class Event {
|
|
@@ -334,14 +354,8 @@ export class Keyhive {
|
|
|
334
354
|
ingestEventsBytes(events_bytes_array: Array<any>): Promise<Array<any>>;
|
|
335
355
|
/**
|
|
336
356
|
* Initialize a peer.
|
|
337
|
-
*
|
|
338
|
-
* `forward_secrecy` is this peer's policy for all documents it creates or
|
|
339
|
-
* receives. When `false`, documents carry the CGKA predecessor key chain
|
|
340
|
-
* (a member added later reads the whole prior history) and adding a reader
|
|
341
|
-
* auto-rekeys (see `addMember`'s `leafSecrets`). When `true`, a member
|
|
342
|
-
* added later cannot read content from before they joined.
|
|
343
357
|
*/
|
|
344
|
-
static init(signer: Signer, ciphertext_store: CiphertextStore, event_handler: Function
|
|
358
|
+
static init(signer: Signer, ciphertext_store: CiphertextStore, event_handler: Function): Promise<Keyhive>;
|
|
345
359
|
intoArchive(): Promise<Archive>;
|
|
346
360
|
membershipOpsForAgent(agent: Agent): Promise<Map<any, any>>;
|
|
347
361
|
pendingEventHashes(): Promise<Set<any>>;
|
|
@@ -353,6 +367,13 @@ export class Keyhive {
|
|
|
353
367
|
stats(): Promise<Stats>;
|
|
354
368
|
toArchive(): Promise<Archive>;
|
|
355
369
|
tryDecrypt(doc: Document, encrypted: Encrypted): Promise<Uint8Array>;
|
|
370
|
+
/**
|
|
371
|
+
* Decrypt content and also return the 32-byte application secret key used.
|
|
372
|
+
*
|
|
373
|
+
* The consumer follows the external predecessor-secret chain from this key
|
|
374
|
+
* with `Encrypted.decryptWithKey`, avoiding further CGKA dives.
|
|
375
|
+
*/
|
|
376
|
+
tryDecryptWithKey(doc: Document, encrypted: Encrypted): Promise<DecryptedWithKey>;
|
|
356
377
|
tryEncrypt(doc: Document, content_ref: ChangeId, js_pred_refs: ChangeId[], content: Uint8Array): Promise<EncryptedContentWithUpdate>;
|
|
357
378
|
tryEncryptArchive(doc: Document, content_ref: ChangeId, pred_refs: ChangeId[], content: Uint8Array): Promise<EncryptedContentWithUpdate>;
|
|
358
379
|
tryPcsKeyHash(doc: Document): Promise<Uint8Array | undefined>;
|
|
@@ -514,3 +535,19 @@ export class Summary {
|
|
|
514
535
|
* https://rustwasm.github.io/docs/wasm-pack/tutorials/npm-browser-packages/template-deep-dive/src-utils-rs.html#2-what-is-console_error_panic_hook
|
|
515
536
|
*/
|
|
516
537
|
export function setPanicHook(): void;
|
|
538
|
+
|
|
539
|
+
/**
|
|
540
|
+
* Inverse of [`symmetric_encrypt`]. Reads `nonce(24) || ciphertext`.
|
|
541
|
+
*/
|
|
542
|
+
export function symmetricDecrypt(key: Uint8Array, blob: Uint8Array): Uint8Array;
|
|
543
|
+
|
|
544
|
+
/**
|
|
545
|
+
* AEAD-encrypt `plaintext` under a 32-byte `key`.
|
|
546
|
+
*
|
|
547
|
+
* `associated_data` flavors the synthetic nonce (e.g. the document or content
|
|
548
|
+
* id) so identical plaintext under the same key in different contexts produces
|
|
549
|
+
* distinct ciphertext. Returns `nonce(24) || ciphertext` (the ciphertext
|
|
550
|
+
* includes the Poly1305 tag). The nonce is carried in the output, so
|
|
551
|
+
* [`symmetric_decrypt`] does not need the associated data.
|
|
552
|
+
*/
|
|
553
|
+
export function symmetricEncrypt(key: Uint8Array, plaintext: Uint8Array, associated_data: Uint8Array): Uint8Array;
|
package/pkg/keyhive_wasm.js
CHANGED
|
@@ -5,5 +5,5 @@ import { __wbg_set_wasm } from "./keyhive_wasm_bg.js";
|
|
|
5
5
|
__wbg_set_wasm(wasm);
|
|
6
6
|
wasm.__wbindgen_start();
|
|
7
7
|
export {
|
|
8
|
-
Access, AddMemberUpdate, Agent, AllAgentEvents, Archive, CannotParseEd25519SigningKey, CannotParseIdentifier, Capability, CgkaOperation, ChangeId, CiphertextStore, ContactCard, Delegation, DocContentRefs, Document, DocumentId, Encrypted, EncryptedContentWithUpdate, Event, GenerateWebCryptoError, Group, GroupId, History, Identifier, Individual, IndividualId, Invocation, Keyhive, Membered, Membership, Peer, Revocation, ShareKey, Signed, SignedCgkaOperation, SignedDelegation, SignedInvocation, SignedRevocation, Signer, Stats, Summary, setPanicHook
|
|
8
|
+
Access, AddMemberUpdate, Agent, AllAgentEvents, Archive, CannotParseEd25519SigningKey, CannotParseIdentifier, Capability, CgkaOperation, ChangeId, CiphertextStore, ContactCard, DecryptedWithKey, Delegation, DocContentRefs, Document, DocumentId, Encrypted, EncryptedContentWithUpdate, Event, GenerateWebCryptoError, Group, GroupId, History, Identifier, Individual, IndividualId, Invocation, Keyhive, Membered, Membership, Peer, Revocation, ShareKey, Signed, SignedCgkaOperation, SignedDelegation, SignedInvocation, SignedRevocation, Signer, Stats, Summary, setPanicHook, symmetricDecrypt, symmetricEncrypt
|
|
9
9
|
} from "./keyhive_wasm_bg.js";
|