@keyhive/keyhive 0.1.0-alpha.3 → 0.1.0-alpha.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/pkg/keyhive_wasm.d.ts +57 -37
- package/pkg/keyhive_wasm.js +1 -1
- package/pkg/keyhive_wasm_bg.js +255 -127
- package/pkg/keyhive_wasm_bg.wasm +0 -0
- package/pkg/keyhive_wasm_bg.wasm.d.ts +144 -135
- package/pkg-node/keyhive_wasm.d.ts +57 -37
- package/pkg-node/keyhive_wasm.js +259 -128
- package/pkg-node/keyhive_wasm_bg.wasm +0 -0
- package/pkg-node/keyhive_wasm_bg.wasm.d.ts +144 -135
- package/pkg-slim/keyhive_wasm.d.ts +201 -172
- package/pkg-slim/keyhive_wasm.js +255 -127
- package/pkg-slim/keyhive_wasm_bg.wasm +0 -0
- package/pkg-slim/keyhive_wasm_bg.wasm.base64.js +1 -1
- package/pkg-slim/keyhive_wasm_bg.wasm.d.ts +144 -135
package/package.json
CHANGED
package/pkg/keyhive_wasm.d.ts
CHANGED
|
@@ -9,26 +9,6 @@ export class Access {
|
|
|
9
9
|
static tryFromString(s: string): Access | undefined;
|
|
10
10
|
}
|
|
11
11
|
|
|
12
|
-
/**
|
|
13
|
-
* The result of adding a member: the membership delegation, plus any new leaf
|
|
14
|
-
* secrets produced by auto-rekeying a non-forward-secret document on add.
|
|
15
|
-
*/
|
|
16
|
-
export class AddMemberUpdate {
|
|
17
|
-
private constructor();
|
|
18
|
-
free(): void;
|
|
19
|
-
[Symbol.dispose](): void;
|
|
20
|
-
readonly delegation: SignedDelegation;
|
|
21
|
-
/**
|
|
22
|
-
* New leaf secret keypairs from auto-rekeying a non-forward-secret document
|
|
23
|
-
* when this reader was added, serialized as a
|
|
24
|
-
* `BTreeMap<ShareKey, ShareSecretKey>` (the format `importPrekeySecrets`
|
|
25
|
-
* accepts). A sibling instance of this identity (e.g. a tab and its
|
|
26
|
-
* SharedWorker) installs them to derive the rotated key. `undefined` when
|
|
27
|
-
* no rotation occurred (a forward-secret document).
|
|
28
|
-
*/
|
|
29
|
-
readonly leafSecrets: Uint8Array | undefined;
|
|
30
|
-
}
|
|
31
|
-
|
|
32
12
|
export class Agent {
|
|
33
13
|
private constructor();
|
|
34
14
|
free(): void;
|
|
@@ -135,6 +115,21 @@ export class ContactCard {
|
|
|
135
115
|
readonly shareKey: ShareKey;
|
|
136
116
|
}
|
|
137
117
|
|
|
118
|
+
/**
|
|
119
|
+
* Plaintext plus the application secret key that decrypted it.
|
|
120
|
+
*/
|
|
121
|
+
export class DecryptedKeyed {
|
|
122
|
+
private constructor();
|
|
123
|
+
free(): void;
|
|
124
|
+
[Symbol.dispose](): void;
|
|
125
|
+
/**
|
|
126
|
+
* The 32-byte application secret key used to decrypt this content.
|
|
127
|
+
* Treat as secret: do not log or persist unencrypted.
|
|
128
|
+
*/
|
|
129
|
+
readonly applicationSecret: Uint8Array;
|
|
130
|
+
readonly plaintext: Uint8Array;
|
|
131
|
+
}
|
|
132
|
+
|
|
138
133
|
export class Delegation {
|
|
139
134
|
private constructor();
|
|
140
135
|
free(): void;
|
|
@@ -183,6 +178,11 @@ export class Encrypted {
|
|
|
183
178
|
private constructor();
|
|
184
179
|
free(): void;
|
|
185
180
|
[Symbol.dispose](): void;
|
|
181
|
+
/**
|
|
182
|
+
* Decrypt this content with an explicit 32-byte application secret key,
|
|
183
|
+
* bypassing CGKA.
|
|
184
|
+
*/
|
|
185
|
+
decryptWithKey(key: Uint8Array): Uint8Array;
|
|
186
186
|
static fromBytes(bytes: Uint8Array): Encrypted;
|
|
187
187
|
serialize(): Uint8Array;
|
|
188
188
|
toBytes(): Uint8Array;
|
|
@@ -201,6 +201,21 @@ export class EncryptedContentWithUpdate {
|
|
|
201
201
|
update_op(): SignedCgkaOperation | undefined;
|
|
202
202
|
}
|
|
203
203
|
|
|
204
|
+
/**
|
|
205
|
+
* Encrypted content plus the application secret key it was encrypted under.
|
|
206
|
+
*/
|
|
207
|
+
export class EncryptedKeyed {
|
|
208
|
+
private constructor();
|
|
209
|
+
free(): void;
|
|
210
|
+
[Symbol.dispose](): void;
|
|
211
|
+
encrypted_content(): Encrypted;
|
|
212
|
+
update_op(): SignedCgkaOperation | undefined;
|
|
213
|
+
/**
|
|
214
|
+
* The 32-byte application secret key used to encrypt this content.
|
|
215
|
+
*/
|
|
216
|
+
readonly applicationSecret: Uint8Array;
|
|
217
|
+
}
|
|
218
|
+
|
|
204
219
|
export class Event {
|
|
205
220
|
private constructor();
|
|
206
221
|
free(): void;
|
|
@@ -293,7 +308,7 @@ export class Keyhive {
|
|
|
293
308
|
free(): void;
|
|
294
309
|
[Symbol.dispose](): void;
|
|
295
310
|
accessForDoc(id: Identifier, doc_id: DocumentId): Promise<Access | undefined>;
|
|
296
|
-
addMember(to_add: Agent, membered: Membered, access: Access, other_relevant_docs: Document[]): Promise<
|
|
311
|
+
addMember(to_add: Agent, membered: Membered, access: Access, other_relevant_docs: Document[]): Promise<SignedDelegation>;
|
|
297
312
|
/**
|
|
298
313
|
* Returns all agent events with deduplicated storage and two-tier indirection
|
|
299
314
|
* for membership, prekey, and CGKA ops.
|
|
@@ -314,14 +329,9 @@ export class Keyhive {
|
|
|
314
329
|
/**
|
|
315
330
|
* Force a PCS key rotation and return the new leaf secret, serialized as a
|
|
316
331
|
* one-entry `BTreeMap<ShareKey, ShareSecretKey>` (the exact format
|
|
317
|
-
* `importPrekeySecrets` accepts).
|
|
318
|
-
* install it to derive the rotated key without re-importing the whole bundle.
|
|
332
|
+
* `importPrekeySecrets` accepts).
|
|
319
333
|
*/
|
|
320
334
|
forcePcsUpdate(doc: Document): Promise<Uint8Array>;
|
|
321
|
-
/**
|
|
322
|
-
* Generate a document. Whether it provides forward secrecy is determined by
|
|
323
|
-
* this peer's forward-secrecy policy (chosen at `Keyhive.init`).
|
|
324
|
-
*/
|
|
325
335
|
generateDocument(coparents: Peer[], initial_content_ref_head: ChangeId, more_initial_content_refs: ChangeId[]): Promise<Document>;
|
|
326
336
|
generateGroup(js_coparents: Peer[]): Promise<Group>;
|
|
327
337
|
getAgent(id: Identifier): Promise<Agent | undefined>;
|
|
@@ -332,16 +342,7 @@ export class Keyhive {
|
|
|
332
342
|
importPrekeySecrets(bytes: Uint8Array): Promise<void>;
|
|
333
343
|
ingestArchive(archive: Archive): Promise<void>;
|
|
334
344
|
ingestEventsBytes(events_bytes_array: Array<any>): Promise<Array<any>>;
|
|
335
|
-
|
|
336
|
-
* Initialize a peer.
|
|
337
|
-
*
|
|
338
|
-
* `forward_secrecy` is this peer's policy for all documents it creates or
|
|
339
|
-
* receives. When `false`, documents carry the CGKA predecessor key chain
|
|
340
|
-
* (a member added later reads the whole prior history) and adding a reader
|
|
341
|
-
* auto-rekeys (see `addMember`'s `leafSecrets`). When `true`, a member
|
|
342
|
-
* added later cannot read content from before they joined.
|
|
343
|
-
*/
|
|
344
|
-
static init(signer: Signer, ciphertext_store: CiphertextStore, event_handler: Function, forward_secrecy: boolean): Promise<Keyhive>;
|
|
345
|
+
static init(signer: Signer, ciphertext_store: CiphertextStore, event_handler: Function): Promise<Keyhive>;
|
|
345
346
|
intoArchive(): Promise<Archive>;
|
|
346
347
|
membershipOpsForAgent(agent: Agent): Promise<Map<any, any>>;
|
|
347
348
|
pendingEventHashes(): Promise<Set<any>>;
|
|
@@ -353,8 +354,17 @@ export class Keyhive {
|
|
|
353
354
|
stats(): Promise<Stats>;
|
|
354
355
|
toArchive(): Promise<Archive>;
|
|
355
356
|
tryDecrypt(doc: Document, encrypted: Encrypted): Promise<Uint8Array>;
|
|
357
|
+
/**
|
|
358
|
+
* Decrypt content and also return the 32-byte application secret key used.
|
|
359
|
+
*/
|
|
360
|
+
tryDecryptKeyed(doc: Document, encrypted: Encrypted): Promise<DecryptedKeyed>;
|
|
356
361
|
tryEncrypt(doc: Document, content_ref: ChangeId, js_pred_refs: ChangeId[], content: Uint8Array): Promise<EncryptedContentWithUpdate>;
|
|
357
362
|
tryEncryptArchive(doc: Document, content_ref: ChangeId, pred_refs: ChangeId[], content: Uint8Array): Promise<EncryptedContentWithUpdate>;
|
|
363
|
+
/**
|
|
364
|
+
* Encrypt content and also return the application secret key it was
|
|
365
|
+
* encrypted under.
|
|
366
|
+
*/
|
|
367
|
+
tryEncryptKeyed(doc: Document, content_ref: ChangeId, js_pred_refs: ChangeId[], content: Uint8Array): Promise<EncryptedKeyed>;
|
|
358
368
|
tryPcsKeyHash(doc: Document): Promise<Uint8Array | undefined>;
|
|
359
369
|
trySign(data: Uint8Array): Promise<Signed>;
|
|
360
370
|
readonly id: IndividualId;
|
|
@@ -514,3 +524,13 @@ export class Summary {
|
|
|
514
524
|
* https://rustwasm.github.io/docs/wasm-pack/tutorials/npm-browser-packages/template-deep-dive/src-utils-rs.html#2-what-is-console_error_panic_hook
|
|
515
525
|
*/
|
|
516
526
|
export function setPanicHook(): void;
|
|
527
|
+
|
|
528
|
+
/**
|
|
529
|
+
* Inverse of [`symmetric_encrypt`]. Reads `nonce(24) || ciphertext`.
|
|
530
|
+
*/
|
|
531
|
+
export function symmetricDecrypt(key: Uint8Array, blob: Uint8Array): Uint8Array;
|
|
532
|
+
|
|
533
|
+
/**
|
|
534
|
+
* Encrypt `plaintext` under a 32-byte `key`, returning `nonce(24) || ciphertext`.
|
|
535
|
+
*/
|
|
536
|
+
export function symmetricEncrypt(key: Uint8Array, plaintext: Uint8Array, associated_data: Uint8Array): Uint8Array;
|
package/pkg/keyhive_wasm.js
CHANGED
|
@@ -5,5 +5,5 @@ import { __wbg_set_wasm } from "./keyhive_wasm_bg.js";
|
|
|
5
5
|
__wbg_set_wasm(wasm);
|
|
6
6
|
wasm.__wbindgen_start();
|
|
7
7
|
export {
|
|
8
|
-
Access,
|
|
8
|
+
Access, Agent, AllAgentEvents, Archive, CannotParseEd25519SigningKey, CannotParseIdentifier, Capability, CgkaOperation, ChangeId, CiphertextStore, ContactCard, DecryptedKeyed, Delegation, DocContentRefs, Document, DocumentId, Encrypted, EncryptedContentWithUpdate, EncryptedKeyed, Event, GenerateWebCryptoError, Group, GroupId, History, Identifier, Individual, IndividualId, Invocation, Keyhive, Membered, Membership, Peer, Revocation, ShareKey, Signed, SignedCgkaOperation, SignedDelegation, SignedInvocation, SignedRevocation, Signer, Stats, Summary, setPanicHook, symmetricDecrypt, symmetricEncrypt
|
|
9
9
|
} from "./keyhive_wasm_bg.js";
|