@libp2p/crypto 1.0.11 → 1.0.13

package/src/aes/cipher-mode.ts

@@ -1,15 +1,15 @@
-import errcode from 'err-code'
+import { CodeError } from '@libp2p/interfaces/errors'
 
 const CIPHER_MODES = {
   16: 'aes-128-ctr',
   32: 'aes-256-ctr'
 }
 
-export function cipherMode (key: Uint8Array) {
+export function cipherMode (key: Uint8Array): string {
   if (key.length === 16 || key.length === 32) {
     return CIPHER_MODES[key.length]
   }
 
   const modes = Object.entries(CIPHER_MODES).map(([k, v]) => `${k} (${v})`).join(' / ')
-  throw errcode(new Error(`Invalid key length ${key.length} bytes. Must be ${modes}`), 'ERR_INVALID_KEY_LENGTH')
+  throw new CodeError(`Invalid key length ${key.length} bytes. Must be ${modes}`, 'ERR_INVALID_KEY_LENGTH')
 }

package/src/aes/ciphers-browser.ts

@@ -5,7 +5,11 @@ import forge from 'node-forge/lib/forge.js'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
 
-export function createCipheriv (mode: any, key: Uint8Array, iv: Uint8Array) {
+export interface Cipher {
+  update: (data: Uint8Array) => Uint8Array
+}
+
+export function createCipheriv (mode: any, key: Uint8Array, iv: Uint8Array): Cipher {
   const cipher2 = forge.cipher.createCipher('AES-CTR', uint8ArrayToString(key, 'ascii'))
   cipher2.start({ iv: uint8ArrayToString(iv, 'ascii') })
   return {
@@ -16,7 +20,7 @@ export function createCipheriv (mode: any, key: Uint8Array, iv: Uint8Array) {
   }
 }
 
-export function createDecipheriv (mode: any, key: Uint8Array, iv: Uint8Array) {
+export function createDecipheriv (mode: any, key: Uint8Array, iv: Uint8Array): Cipher {
   const cipher2 = forge.cipher.createDecipher('AES-CTR', uint8ArrayToString(key, 'ascii'))
   cipher2.start({ iv: uint8ArrayToString(iv, 'ascii') })
   return {

package/src/aes/index.ts

@@ -6,7 +6,7 @@ export interface AESCipher {
   decrypt: (data: Uint8Array) => Promise<Uint8Array>
 }
 
-export async function create (key: Uint8Array, iv: Uint8Array) { // eslint-disable-line require-await
+export async function create (key: Uint8Array, iv: Uint8Array): Promise<AESCipher> { // eslint-disable-line require-await
   const mode = cipherMode(key)
   const cipher = ciphers.createCipheriv(mode, key, iv)
   const decipher = ciphers.createDecipheriv(mode, key, iv)

package/src/ciphers/aes-gcm.browser.ts

@@ -5,7 +5,7 @@ import type { CreateOptions, AESCipher } from './interface.js'
 
 // Based off of code from https://github.com/luke-park/SecureCompatibleEncryptionExamples
 
-export function create (opts?: CreateOptions) {
+export function create (opts?: CreateOptions): AESCipher {
   const algorithm = opts?.algorithm ?? 'AES-GCM'
   let keyLength = opts?.keyLength ?? 16
   const nonceLength = opts?.nonceLength ?? 12
@@ -20,7 +20,7 @@ export function create (opts?: CreateOptions) {
    * Uses the provided password to derive a pbkdf2 key. The key
    * will then be used to encrypt the data.
    */
-  async function encrypt (data: Uint8Array, password: string | Uint8Array) { // eslint-disable-line require-await
+  async function encrypt (data: Uint8Array, password: string | Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
     const salt = crypto.getRandomValues(new Uint8Array(saltLength))
     const nonce = crypto.getRandomValues(new Uint8Array(nonceLength))
     const aesGcm = { name: algorithm, iv: nonce }
@@ -45,7 +45,7 @@ export function create (opts?: CreateOptions) {
    * this decryption cipher must be the same as those used to create
    * the encryption cipher.
    */
-  async function decrypt (data: Uint8Array, password: string | Uint8Array) {
+  async function decrypt (data: Uint8Array, password: string | Uint8Array): Promise<Uint8Array> {
     const salt = data.subarray(0, saltLength)
     const nonce = data.subarray(saltLength, saltLength + nonceLength)
     const ciphertext = data.subarray(saltLength + nonceLength)

package/src/ciphers/aes-gcm.ts

@@ -5,7 +5,7 @@ import type { CreateOptions, AESCipher } from './interface.js'
 
 // Based off of code from https://github.com/luke-park/SecureCompatibleEncryptionExamples
 
-export function create (opts?: CreateOptions) {
+export function create (opts?: CreateOptions): AESCipher {
   const algorithm = opts?.algorithm ?? 'aes-128-gcm'
   const keyLength = opts?.keyLength ?? 16
   const nonceLength = opts?.nonceLength ?? 12
@@ -14,7 +14,7 @@ export function create (opts?: CreateOptions) {
   const iterations = opts?.iterations ?? 32767
   const algorithmTagLength = opts?.algorithmTagLength ?? 16
 
-  async function encryptWithKey (data: Uint8Array, key: Uint8Array) { // eslint-disable-line require-await
+  async function encryptWithKey (data: Uint8Array, key: Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
     const nonce = crypto.randomBytes(nonceLength)
 
     // Create the cipher instance.
@@ -31,7 +31,7 @@ export function create (opts?: CreateOptions) {
    * Uses the provided password to derive a pbkdf2 key. The key
    * will then be used to encrypt the data.
    */
-  async function encrypt (data: Uint8Array, password: string | Uint8Array) { // eslint-disable-line require-await
+  async function encrypt (data: Uint8Array, password: string | Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
     // Generate a 128-bit salt using a CSPRNG.
     const salt = crypto.randomBytes(saltLength)
 
@@ -53,7 +53,7 @@ export function create (opts?: CreateOptions) {
    * this decryption cipher must be the same as those used to create
    * the encryption cipher.
    */
-  async function decryptWithKey (ciphertextAndNonce: Uint8Array, key: Uint8Array) { // eslint-disable-line require-await
+  async function decryptWithKey (ciphertextAndNonce: Uint8Array, key: Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
     // Create Uint8Arrays of nonce, ciphertext and tag.
     const nonce = ciphertextAndNonce.subarray(0, nonceLength)
     const ciphertext = ciphertextAndNonce.subarray(nonceLength, ciphertextAndNonce.length - algorithmTagLength)
@@ -77,7 +77,7 @@ export function create (opts?: CreateOptions) {
    * @param {Uint8Array} data - The data to decrypt
    * @param {string|Uint8Array} password - A plain password
    */
-  async function decrypt (data: Uint8Array, password: string | Uint8Array) { // eslint-disable-line require-await
+  async function decrypt (data: Uint8Array, password: string | Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
     // Create Uint8Arrays of salt and ciphertextAndNonce.
     const salt = data.subarray(0, saltLength)
     const ciphertextAndNonce = data.subarray(saltLength)

package/src/hmac/index-browser.ts

@@ -7,12 +7,12 @@ const hashTypes = {
   SHA512: 'SHA-512'
 }
 
-const sign = async (key: CryptoKey, data: Uint8Array) => {
+const sign = async (key: CryptoKey, data: Uint8Array): Promise<Uint8Array> => {
   const buf = await webcrypto.get().subtle.sign({ name: 'HMAC' }, key, data)
   return new Uint8Array(buf, 0, buf.byteLength)
 }
 
-export async function create (hashType: 'SHA1' | 'SHA256' | 'SHA512', secret: Uint8Array) {
+export async function create (hashType: 'SHA1' | 'SHA256' | 'SHA512', secret: Uint8Array): Promise<{ digest: (data: Uint8Array) => Promise<Uint8Array>, length: number }> {
   const hash = hashTypes[hashType]
 
   const key = await webcrypto.get().subtle.importKey(

package/src/hmac/index.ts

@@ -1,7 +1,12 @@
 import crypto from 'crypto'
 import lengths from './lengths.js'
 
-export async function create (hash: 'SHA1' | 'SHA256' | 'SHA512', secret: Uint8Array) { // eslint-disable-line require-await
+export interface HMAC {
+  digest: (data: Uint8Array) => Promise<Uint8Array>
+  length: number
+}
+
+export async function create (hash: 'SHA1' | 'SHA256' | 'SHA512', secret: Uint8Array): Promise<HMAC> {
   const res = {
     async digest (data: Uint8Array) { // eslint-disable-line require-await
       const hmac = crypto.createHmac(hash.toLowerCase(), secret)

package/src/keys/ecdh-browser.ts

@@ -1,10 +1,10 @@
-import errcode from 'err-code'
+import { CodeError } from '@libp2p/interfaces/errors'
 import webcrypto from '../webcrypto.js'
 import { base64urlToBuffer } from '../util.js'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
 import { concat as uint8ArrayConcat } from 'uint8arrays/concat'
 import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
-import type { ECDHKey, ECDHKeyPair } from './interface.js'
+import type { ECDHKey, ECDHKeyPair, JWKEncodedPrivateKey, JWKEncodedPublicKey } from './interface.js'
 
 const bits = {
   'P-256': 256,
@@ -15,9 +15,9 @@ const bits = {
 const curveTypes = Object.keys(bits)
 const names = curveTypes.join(' / ')
 
-export async function generateEphmeralKeyPair (curve: string) {
+export async function generateEphmeralKeyPair (curve: string): Promise<ECDHKey> {
   if (curve !== 'P-256' && curve !== 'P-384' && curve !== 'P-521') {
-    throw errcode(new Error(`Unknown curve: ${curve}. Must be ${names}`), 'ERR_INVALID_CURVE')
+    throw new CodeError(`Unknown curve: ${curve}. Must be ${names}`, 'ERR_INVALID_CURVE')
   }
 
   const pair = await webcrypto.get().subtle.generateKey(
@@ -30,7 +30,7 @@ export async function generateEphmeralKeyPair (curve: string) {
   )
 
   // forcePrivate is used for testing only
-  const genSharedKey = async (theirPub: Uint8Array, forcePrivate?: ECDHKeyPair) => {
+  const genSharedKey = async (theirPub: Uint8Array, forcePrivate?: ECDHKeyPair): Promise<Uint8Array> => {
     let privateKey
 
     if (forcePrivate != null) {
@@ -92,13 +92,13 @@ const curveLengths = {
 // Marshal converts a jwk encoded ECDH public key into the
 // form specified in section 4.3.6 of ANSI X9.62. (This is the format
 // go-ipfs uses)
-function marshalPublicKey (jwk: JsonWebKey) {
+function marshalPublicKey (jwk: JsonWebKey): Uint8Array {
   if (jwk.crv == null || jwk.x == null || jwk.y == null) {
-    throw errcode(new Error('JWK was missing components'), 'ERR_INVALID_PARAMETERS')
+    throw new CodeError('JWK was missing components', 'ERR_INVALID_PARAMETERS')
   }
 
   if (jwk.crv !== 'P-256' && jwk.crv !== 'P-384' && jwk.crv !== 'P-521') {
-    throw errcode(new Error(`Unknown curve: ${jwk.crv}. Must be ${names}`), 'ERR_INVALID_CURVE')
+    throw new CodeError(`Unknown curve: ${jwk.crv}. Must be ${names}`, 'ERR_INVALID_CURVE')
   }
 
   const byteLen = curveLengths[jwk.crv]
@@ -111,15 +111,15 @@ function marshalPublicKey (jwk: JsonWebKey) {
 }
 
 // Unmarshal converts a point, serialized by Marshal, into an jwk encoded key
-function unmarshalPublicKey (curve: string, key: Uint8Array) {
+function unmarshalPublicKey (curve: string, key: Uint8Array): JWKEncodedPublicKey {
   if (curve !== 'P-256' && curve !== 'P-384' && curve !== 'P-521') {
-    throw errcode(new Error(`Unknown curve: ${curve}. Must be ${names}`), 'ERR_INVALID_CURVE')
+    throw new CodeError(`Unknown curve: ${curve}. Must be ${names}`, 'ERR_INVALID_CURVE')
   }
 
   const byteLen = curveLengths[curve]
 
   if (!uint8ArrayEquals(key.subarray(0, 1), Uint8Array.from([4]))) {
-    throw errcode(new Error('Cannot unmarshal public key - invalid key format'), 'ERR_INVALID_KEY_FORMAT')
+    throw new CodeError('Cannot unmarshal public key - invalid key format', 'ERR_INVALID_KEY_FORMAT')
   }
 
   return {
@@ -131,7 +131,7 @@ function unmarshalPublicKey (curve: string, key: Uint8Array) {
   }
 }
 
-const unmarshalPrivateKey = (curve: string, key: ECDHKeyPair) => ({
+const unmarshalPrivateKey = (curve: string, key: ECDHKeyPair): JWKEncodedPrivateKey => ({
   ...unmarshalPublicKey(curve, key.public),
   d: uint8ArrayToString(key.private, 'base64url')
 })

package/src/keys/ecdh.ts

@@ -1,5 +1,5 @@
 import crypto from 'crypto'
-import errcode from 'err-code'
+import { CodeError } from '@libp2p/interfaces/errors'
 import type { ECDHKey, ECDHKeyPair } from './interface.js'
 
 const curves = {
@@ -13,7 +13,7 @@ const names = curveTypes.join(' / ')
 
 export async function generateEphmeralKeyPair (curve: string): Promise<ECDHKey> { // eslint-disable-line require-await
   if (curve !== 'P-256' && curve !== 'P-384' && curve !== 'P-521') {
-    throw errcode(new Error(`Unknown curve: ${curve}. Must be ${names}`), 'ERR_INVALID_CURVE')
+    throw new CodeError(`Unknown curve: ${curve}. Must be ${names}`, 'ERR_INVALID_CURVE')
   }
 
   const ecdh = crypto.createECDH(curves[curve])

package/src/keys/ed25519-browser.ts

@@ -1,4 +1,5 @@
 import * as ed from '@noble/ed25519'
+import type { Uint8ArrayKeyPair } from './interface'
 
 const PUBLIC_KEY_BYTE_LENGTH = 32
 const PRIVATE_KEY_BYTE_LENGTH = 64 // private key is actually 32 bytes but for historical reasons we concat private and public keys
@@ -7,7 +8,7 @@ const KEYS_BYTE_LENGTH = 32
 export { PUBLIC_KEY_BYTE_LENGTH as publicKeyLength }
 export { PRIVATE_KEY_BYTE_LENGTH as privateKeyLength }
 
-export async function generateKey () {
+export async function generateKey (): Promise<Uint8ArrayKeyPair> {
   // the actual private key (32 bytes)
   const privateKeyRaw = ed.utils.randomPrivateKey()
   const publicKey = await ed.getPublicKey(privateKeyRaw)
@@ -24,7 +25,7 @@ export async function generateKey () {
 /**
  * Generate keypair from a 32 byte uint8array
  */
-export async function generateKeyFromSeed (seed: Uint8Array) {
+export async function generateKeyFromSeed (seed: Uint8Array): Promise<Uint8ArrayKeyPair> {
   if (seed.length !== KEYS_BYTE_LENGTH) {
     throw new TypeError('"seed" must be 32 bytes in length.')
   } else if (!(seed instanceof Uint8Array)) {
@@ -43,17 +44,17 @@ export async function generateKeyFromSeed (seed: Uint8Array) {
   }
 }
 
-export async function hashAndSign (privateKey: Uint8Array, msg: Uint8Array) {
+export async function hashAndSign (privateKey: Uint8Array, msg: Uint8Array): Promise<Uint8Array> {
   const privateKeyRaw = privateKey.subarray(0, KEYS_BYTE_LENGTH)
 
   return await ed.sign(msg, privateKeyRaw)
 }
 
-export async function hashAndVerify (publicKey: Uint8Array, sig: Uint8Array, msg: Uint8Array) {
+export async function hashAndVerify (publicKey: Uint8Array, sig: Uint8Array, msg: Uint8Array): Promise<boolean> {
   return await ed.verify(sig, msg, publicKey)
 }
 
-function concatKeys (privateKeyRaw: Uint8Array, publicKey: Uint8Array) {
+function concatKeys (privateKeyRaw: Uint8Array, publicKey: Uint8Array): Uint8Array {
   const privateKey = new Uint8Array(PRIVATE_KEY_BYTE_LENGTH)
   for (let i = 0; i < KEYS_BYTE_LENGTH; i++) {
     privateKey[i] = privateKeyRaw[i]

package/src/keys/ed25519-class.ts

@@ -1,4 +1,4 @@
-import errcode from 'err-code'
+import { CodeError } from '@libp2p/interfaces/errors'
 import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
 import { sha256 } from 'multiformats/hashes/sha2'
 import { base58btc } from 'multiformats/bases/base58'
@@ -6,6 +6,7 @@ import { identity } from 'multiformats/hashes/identity'
 import * as crypto from './ed25519.js'
 import * as pbm from './keys.js'
 import { exporter } from './exporter.js'
+import type { Multibase } from 'multiformats'
 
 export class Ed25519PublicKey {
   private readonly _key: Uint8Array
@@ -14,26 +15,26 @@ export class Ed25519PublicKey {
     this._key = ensureKey(key, crypto.publicKeyLength)
   }
 
-  async verify (data: Uint8Array, sig: Uint8Array) { // eslint-disable-line require-await
+  async verify (data: Uint8Array, sig: Uint8Array): Promise<boolean> { // eslint-disable-line require-await
     return await crypto.hashAndVerify(this._key, sig, data)
   }
 
-  marshal () {
+  marshal (): Uint8Array {
     return this._key
   }
 
-  get bytes () {
+  get bytes (): Uint8Array {
     return pbm.PublicKey.encode({
       Type: pbm.KeyType.Ed25519,
       Data: this.marshal()
     }).subarray()
   }
 
-  equals (key: any) {
+  equals (key: any): boolean {
     return uint8ArrayEquals(this.bytes, key.bytes)
   }
 
-  async hash () {
+  async hash (): Promise<Uint8Array> {
     const { bytes } = await sha256.digest(this.bytes)
 
     return bytes
@@ -51,30 +52,30 @@ export class Ed25519PrivateKey {
     this._publicKey = ensureKey(publicKey, crypto.publicKeyLength)
   }
 
-  async sign (message: Uint8Array) { // eslint-disable-line require-await
+  async sign (message: Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
     return await crypto.hashAndSign(this._key, message)
   }
 
-  get public () {
+  get public (): Ed25519PublicKey {
     return new Ed25519PublicKey(this._publicKey)
   }
 
-  marshal () {
+  marshal (): Uint8Array {
     return this._key
   }
 
-  get bytes () {
+  get bytes (): Uint8Array {
     return pbm.PrivateKey.encode({
       Type: pbm.KeyType.Ed25519,
       Data: this.marshal()
     }).subarray()
   }
 
-  equals (key: any) {
+  equals (key: any): boolean {
     return uint8ArrayEquals(this.bytes, key.bytes)
   }
 
-  async hash () {
+  async hash (): Promise<Uint8Array> {
     const { bytes } = await sha256.digest(this.bytes)
 
     return bytes
@@ -89,24 +90,24 @@ export class Ed25519PrivateKey {
    *
    * @returns {Promise<string>}
    */
-  async id () {
-    const encoding = await identity.digest(this.public.bytes)
+  async id (): Promise<string> {
+    const encoding = identity.digest(this.public.bytes)
     return base58btc.encode(encoding.bytes).substring(1)
   }
 
   /**
    * Exports the key into a password protected `format`
    */
-  async export (password: string, format = 'libp2p-key') { // eslint-disable-line require-await
+  async export (password: string, format = 'libp2p-key'): Promise<Multibase<'m'>> {
     if (format === 'libp2p-key') {
       return await exporter(this.bytes, password)
     } else {
-      throw errcode(new Error(`export format '${format}' is not supported`), 'ERR_INVALID_EXPORT_FORMAT')
+      throw new CodeError(`export format '${format}' is not supported`, 'ERR_INVALID_EXPORT_FORMAT')
     }
   }
 }
 
-export function unmarshalEd25519PrivateKey (bytes: Uint8Array) {
+export function unmarshalEd25519PrivateKey (bytes: Uint8Array): Ed25519PrivateKey {
   // Try the old, redundant public key version
   if (bytes.length > crypto.privateKeyLength) {
     bytes = ensureKey(bytes, crypto.privateKeyLength + crypto.publicKeyLength)
@@ -121,25 +122,25 @@ export function unmarshalEd25519PrivateKey (bytes: Uint8Array) {
   return new Ed25519PrivateKey(privateKeyBytes, publicKeyBytes)
 }
 
-export function unmarshalEd25519PublicKey (bytes: Uint8Array) {
+export function unmarshalEd25519PublicKey (bytes: Uint8Array): Ed25519PublicKey {
   bytes = ensureKey(bytes, crypto.publicKeyLength)
   return new Ed25519PublicKey(bytes)
 }
 
-export async function generateKeyPair () {
+export async function generateKeyPair (): Promise<Ed25519PrivateKey> {
   const { privateKey, publicKey } = await crypto.generateKey()
   return new Ed25519PrivateKey(privateKey, publicKey)
 }
 
-export async function generateKeyPairFromSeed (seed: Uint8Array) {
+export async function generateKeyPairFromSeed (seed: Uint8Array): Promise<Ed25519PrivateKey> {
   const { privateKey, publicKey } = await crypto.generateKeyFromSeed(seed)
   return new Ed25519PrivateKey(privateKey, publicKey)
 }
 
-function ensureKey (key: Uint8Array, length: number) {
+function ensureKey (key: Uint8Array, length: number): Uint8Array {
   key = Uint8Array.from(key ?? [])
   if (key.length !== length) {
-    throw errcode(new Error(`Key must be a Uint8Array of length ${length}, got ${key.length}`), 'ERR_INVALID_KEY_TYPE')
+    throw new CodeError(`Key must be a Uint8Array of length ${length}, got ${key.length}`, 'ERR_INVALID_KEY_TYPE')
   }
   return key
 }

package/src/keys/ed25519.ts

@@ -2,6 +2,7 @@ import crypto from 'crypto'
 import { promisify } from 'util'
 import { toString as uint8arrayToString } from 'uint8arrays/to-string'
 import { fromString as uint8arrayFromString } from 'uint8arrays/from-string'
+import type { Uint8ArrayKeyPair } from './interface.js'
 
 const keypair = promisify(crypto.generateKeyPair)
 
@@ -13,13 +14,28 @@ const SIGNATURE_BYTE_LENGTH = 64
 export { PUBLIC_KEY_BYTE_LENGTH as publicKeyLength }
 export { PRIVATE_KEY_BYTE_LENGTH as privateKeyLength }
 
-function derivePublicKey (privateKey: Uint8Array) {
-  const hash = crypto.createHash('sha512')
-  hash.update(privateKey)
-  return hash.digest().subarray(32)
+function derivePublicKey (privateKey: Uint8Array): Uint8Array {
+  const keyObject = crypto.createPrivateKey({
+    format: 'jwk',
+    key: {
+      crv: 'Ed25519',
+      x: '',
+      d: uint8arrayToString(privateKey, 'base64url'),
+      kty: 'OKP'
+    }
+  })
+  const jwk = keyObject.export({
+    format: 'jwk'
+  })
+
+  if (jwk.x == null || jwk.x === '') {
+    throw new Error('Could not export JWK public key')
+  }
+
+  return uint8arrayFromString(jwk.x, 'base64url')
 }
 
-export async function generateKey () {
+export async function generateKey (): Promise<Uint8ArrayKeyPair> {
   const key = await keypair('ed25519', {
     publicKeyEncoding: { type: 'spki', format: 'jwk' },
     privateKeyEncoding: { type: 'pkcs8', format: 'jwk' }
@@ -39,7 +55,7 @@ export async function generateKey () {
 /**
  * Generate keypair from a 32 byte uint8array
  */
-export async function generateKeyFromSeed (seed: Uint8Array) {
+export async function generateKeyFromSeed (seed: Uint8Array): Promise<Uint8ArrayKeyPair> {
   if (seed.length !== KEYS_BYTE_LENGTH) {
     throw new TypeError('"seed" must be 32 bytes in length.')
   } else if (!(seed instanceof Uint8Array)) {
@@ -55,7 +71,7 @@ export async function generateKeyFromSeed (seed: Uint8Array) {
   }
 }
 
-export async function hashAndSign (key: Uint8Array, msg: Uint8Array) {
+export async function hashAndSign (key: Uint8Array, msg: Uint8Array): Promise<Buffer> {
   if (!(key instanceof Uint8Array)) {
     throw new TypeError('"key" must be a node.js Buffer, or Uint8Array.')
   }
@@ -86,7 +102,7 @@ export async function hashAndSign (key: Uint8Array, msg: Uint8Array) {
   return crypto.sign(null, msg, obj)
 }
 
-export async function hashAndVerify (key: Uint8Array, sig: Uint8Array, msg: Uint8Array) {
+export async function hashAndVerify (key: Uint8Array, sig: Uint8Array, msg: Uint8Array): Promise<boolean> {
   if (key.byteLength !== PUBLIC_KEY_BYTE_LENGTH) {
     throw new TypeError('"key" must be 32 bytes in length.')
   } else if (!(key instanceof Uint8Array)) {
@@ -111,7 +127,7 @@ export async function hashAndVerify (key: Uint8Array, sig: Uint8Array, msg: Uint
   return crypto.verify(null, msg, obj, sig)
 }
 
-function concatKeys (privateKeyRaw: Uint8Array, publicKey: Uint8Array) {
+function concatKeys (privateKeyRaw: Uint8Array, publicKey: Uint8Array): Uint8Array {
   const privateKey = new Uint8Array(PRIVATE_KEY_BYTE_LENGTH)
   for (let i = 0; i < KEYS_BYTE_LENGTH; i++) {
     privateKey[i] = privateKeyRaw[i]

package/src/keys/exporter.ts

@@ -1,3 +1,4 @@
+import type { Multibase } from 'multiformats'
 import { base64 } from 'multiformats/bases/base64'
 import * as ciphers from '../ciphers/aes-gcm.js'
 
@@ -6,7 +7,7 @@ import * as ciphers from '../ciphers/aes-gcm.js'
  * The PrivateKey is encrypted via a password derived PBKDF2 key
  * leveraging the aes-gcm cipher algorithm.
  */
-export async function exporter (privateKey: Uint8Array, password: string) {
+export async function exporter (privateKey: Uint8Array, password: string): Promise<Multibase<'m'>> {
   const cipher = ciphers.create()
   const encryptedKey = await cipher.encrypt(privateKey, password)
   return base64.encode(encryptedKey)

package/src/keys/importer.ts

@@ -6,7 +6,7 @@ import * as ciphers from '../ciphers/aes-gcm.js'
  * with the given password. The privateKey must have been exported
  * using the same password and underlying cipher (aes-gcm)
  */
-export async function importer (privateKey: string, password: string) {
+export async function importer (privateKey: string, password: string): Promise<Uint8Array> {
   const encryptedKey = base64.decode(privateKey)
   const cipher = ciphers.create()
   return await cipher.decrypt(encryptedKey, password)

package/src/keys/index.ts

@@ -3,7 +3,7 @@ import 'node-forge/lib/asn1.js'
 import 'node-forge/lib/pbe.js'
 // @ts-expect-error types are missing
 import forge from 'node-forge/lib/forge.js'
-import errcode from 'err-code'
+import { CodeError } from '@libp2p/interfaces/errors'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
 import { keyStretcher } from './key-stretcher.js'
 import generateEphemeralKeyPair from './ephemeral-keys.js'
@@ -25,12 +25,12 @@ export const supportedKeys = {
   secp256k1: Secp256k1
 }
 
-function unsupportedKey (type: string) {
+function unsupportedKey (type: string): CodeError<Record<string, never>> {
   const supported = Object.keys(supportedKeys).join(' / ')
-  return errcode(new Error(`invalid or unsupported key type ${type}. Must be ${supported}`), 'ERR_UNSUPPORTED_KEY_TYPE')
+  return new CodeError(`invalid or unsupported key type ${type}. Must be ${supported}`, 'ERR_UNSUPPORTED_KEY_TYPE')
 }
 
-function typeToKey (type: string) {
+function typeToKey (type: string): typeof RSA | typeof Ed25519 | typeof Secp256k1 {
   type = type.toLowerCase()
 
   if (type === 'rsa' || type === 'ed25519' || type === 'secp256k1') {
@@ -49,7 +49,7 @@ export async function generateKeyPair (type: KeyTypes, bits?: number): Promise<P
 // seed is a 32 byte uint8array
 export async function generateKeyPairFromSeed (type: KeyTypes, seed: Uint8Array, bits?: number): Promise<PrivateKey> { // eslint-disable-line require-await
   if (type.toLowerCase() !== 'ed25519') {
-    throw errcode(new Error('Seed key derivation is unimplemented for RSA or secp256k1'), 'ERR_UNSUPPORTED_KEY_DERIVATION_TYPE')
+    throw new CodeError('Seed key derivation is unimplemented for RSA or secp256k1', 'ERR_UNSUPPORTED_KEY_DERIVATION_TYPE')
   }
 
   return await Ed25519.generateKeyPairFromSeed(seed)
@@ -121,7 +121,7 @@ export async function importKey (encryptedKey: string, password: string): Promis
   // Only rsa supports pem right now
   const key = forge.pki.decryptRsaPrivateKey(encryptedKey, password)
   if (key === null) {
-    throw errcode(new Error('Cannot read the key, most likely the password is wrong or not a RSA key'), 'ERR_CANNOT_DECRYPT_PEM')
+    throw new CodeError('Cannot read the key, most likely the password is wrong or not a RSA key', 'ERR_CANNOT_DECRYPT_PEM')
   }
   let der = forge.asn1.toDer(forge.pki.privateKeyToAsn1(key))
   der = uint8ArrayFromString(der.getBytes(), 'ascii')

package/src/keys/interface.ts

@@ -18,3 +18,18 @@ export interface ECDHKey {
   key: Uint8Array
   genSharedKey: (theirPub: Uint8Array, forcePrivate?: ECDHKeyPair) => Promise<Uint8Array>
 }
+
+export interface JWKEncodedPublicKey { kty: string, crv: 'P-256' | 'P-384' | 'P-521', x: string, y: string, ext: boolean }
+
+export interface JWKEncodedPrivateKey extends JWKEncodedPublicKey { d: string}
+
+export interface EnhancedKey {
+  iv: Uint8Array
+  cipherKey: Uint8Array
+  macKey: Uint8Array
+}
+
+export interface EnhancedKeyPair {
+  k1: EnhancedKey
+  k2: EnhancedKey
+}

package/src/keys/jwk2pem.ts

@@ -3,14 +3,19 @@ import 'node-forge/lib/rsa.js'
 import forge from 'node-forge/lib/forge.js'
 import { base64urlToBigInteger } from '../util.js'
 
-function convert (key: any, types: string[]) {
+export interface JWK {
+  encrypt: (msg: string) => string
+  decrypt: (msg: string) => string
+}
+
+function convert (key: any, types: string[]): Array<typeof forge.jsbn.BigInteger> {
   return types.map(t => base64urlToBigInteger(key[t]))
 }
 
-export function jwk2priv (key: JsonWebKey) {
+export function jwk2priv (key: JsonWebKey): JWK {
   return forge.pki.setRsaPrivateKey(...convert(key, ['n', 'e', 'd', 'p', 'q', 'dp', 'dq', 'qi']))
 }
 
-export function jwk2pub (key: JsonWebKey) {
+export function jwk2pub (key: JsonWebKey): JWK {
   return forge.pki.setRsaPublicKey(...convert(key, ['n', 'e']))
 }