@libp2p/keychain 0.6.1

package/dist/src/cms.d.ts

@@ -0,0 +1,33 @@
+import 'node-forge/lib/pkcs7.js';
+import 'node-forge/lib/pbe.js';
+import type { KeyChain } from './index.js';
+/**
+ * Cryptographic Message Syntax (aka PKCS #7)
+ *
+ * CMS describes an encapsulation syntax for data protection. It
+ * is used to digitally sign, digest, authenticate, or encrypt
+ * arbitrary message content.
+ *
+ * See RFC 5652 for all the details.
+ */
+export declare class CMS {
+    private readonly keychain;
+    /**
+     * Creates a new instance with a keychain
+     */
+    constructor(keychain: KeyChain, dek: string);
+    /**
+     * Creates some protected data.
+     *
+     * The output Uint8Array contains the PKCS #7 message in DER.
+     */
+    encrypt(name: string, plain: Uint8Array): Promise<Uint8Array>;
+    /**
+     * Reads some protected data.
+     *
+     * The keychain must contain one of the keys used to encrypt the data.  If none of the keys
+     * exists, an Error is returned with the property 'missingKeys'.  It is array of key ids.
+     */
+    decrypt(cmsData: Uint8Array): Promise<Uint8Array>;
+}
+//# sourceMappingURL=cms.d.ts.map

package/dist/src/cms.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cms.d.ts","sourceRoot":"","sources":["../../src/cms.ts"],"names":[],"mappings":"AAAA,OAAO,yBAAyB,CAAA;AAChC,OAAO,uBAAuB,CAAA;AAS9B,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AAM1C;;;;;;;;GAQG;AACH,qBAAa,GAAG;IACd,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAU;IAEnC;;OAEG;gBACU,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM;IAS5C;;;;OAIG;IACG,OAAO,CAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IA4BpE;;;;;OAKG;IACG,OAAO,CAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;CAsEzD"}

package/dist/src/cms.js

@@ -0,0 +1,129 @@
+import 'node-forge/lib/pkcs7.js';
+import 'node-forge/lib/pbe.js';
+// @ts-expect-error types are missing
+import forge from 'node-forge/lib/forge.js';
+import { certificateForKey, findAsync } from './util.js';
+import errCode from 'err-code';
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string';
+import { toString as uint8ArrayToString } from 'uint8arrays/to-string';
+import { codes } from './errors.js';
+import { logger } from '@libp2p/logger';
+const log = logger('libp2p:keychain:cms');
+const privates = new WeakMap();
+/**
+ * Cryptographic Message Syntax (aka PKCS #7)
+ *
+ * CMS describes an encapsulation syntax for data protection. It
+ * is used to digitally sign, digest, authenticate, or encrypt
+ * arbitrary message content.
+ *
+ * See RFC 5652 for all the details.
+ */
+export class CMS {
+    /**
+     * Creates a new instance with a keychain
+     */
+    constructor(keychain, dek) {
+        if (keychain == null) {
+            throw errCode(new Error('keychain is required'), codes.ERR_KEYCHAIN_REQUIRED);
+        }
+        this.keychain = keychain;
+        privates.set(this, { dek });
+    }
+    /**
+     * Creates some protected data.
+     *
+     * The output Uint8Array contains the PKCS #7 message in DER.
+     */
+    async encrypt(name, plain) {
+        if (!(plain instanceof Uint8Array)) {
+            throw errCode(new Error('Plain data must be a Uint8Array'), codes.ERR_INVALID_PARAMETERS);
+        }
+        const key = await this.keychain.findKeyByName(name);
+        const pem = await this.keychain.getPrivateKey(name);
+        const cached = privates.get(this);
+        if (cached == null) {
+            throw errCode(new Error('dek missing'), codes.ERR_INVALID_PARAMETERS);
+        }
+        const dek = cached.dek;
+        const privateKey = forge.pki.decryptRsaPrivateKey(pem, dek);
+        const certificate = await certificateForKey(key, privateKey);
+        // create a p7 enveloped message
+        const p7 = forge.pkcs7.createEnvelopedData();
+        p7.addRecipient(certificate);
+        p7.content = forge.util.createBuffer(plain);
+        p7.encrypt();
+        // convert message to DER
+        const der = forge.asn1.toDer(p7.toAsn1()).getBytes();
+        return uint8ArrayFromString(der, 'ascii');
+    }
+    /**
+     * Reads some protected data.
+     *
+     * The keychain must contain one of the keys used to encrypt the data.  If none of the keys
+     * exists, an Error is returned with the property 'missingKeys'.  It is array of key ids.
+     */
+    async decrypt(cmsData) {
+        if (!(cmsData instanceof Uint8Array)) {
+            throw errCode(new Error('CMS data is required'), codes.ERR_INVALID_PARAMETERS);
+        }
+        let cms;
+        try {
+            const buf = forge.util.createBuffer(uint8ArrayToString(cmsData, 'ascii'));
+            const obj = forge.asn1.fromDer(buf);
+            cms = forge.pkcs7.messageFromAsn1(obj);
+        }
+        catch (err) {
+            log.error(err);
+            throw errCode(new Error('Invalid CMS'), codes.ERR_INVALID_CMS);
+        }
+        // Find a recipient whose key we hold. We only deal with recipient certs
+        // issued by ipfs (O=ipfs).
+        const recipients = cms.recipients
+            // @ts-expect-error cms types not defined
+            .filter(r => r.issuer.find(a => a.shortName === 'O' && a.value === 'ipfs'))
+            // @ts-expect-error cms types not defined
+            .filter(r => r.issuer.find(a => a.shortName === 'CN'))
+            // @ts-expect-error cms types not defined
+            .map(r => {
+            return {
+                recipient: r,
+                // @ts-expect-error cms types not defined
+                keyId: r.issuer.find(a => a.shortName === 'CN').value
+            };
+        });
+        const r = await findAsync(recipients, async (recipient) => {
+            try {
+                const key = await this.keychain.findKeyById(recipient.keyId);
+                if (key != null) {
+                    return true;
+                }
+            }
+            catch (err) {
+                return false;
+            }
+            return false;
+        });
+        if (r == null) {
+            // @ts-expect-error cms types not defined
+            const missingKeys = recipients.map(r => r.keyId);
+            throw errCode(new Error(`Decryption needs one of the key(s): ${missingKeys.join(', ')}`), codes.ERR_MISSING_KEYS, {
+                missingKeys
+            });
+        }
+        const key = await this.keychain.findKeyById(r.keyId);
+        if (key == null) {
+            throw errCode(new Error('No key available to decrypto'), codes.ERR_NO_KEY);
+        }
+        const pem = await this.keychain.getPrivateKey(key.name);
+        const cached = privates.get(this);
+        if (cached == null) {
+            throw errCode(new Error('dek missing'), codes.ERR_INVALID_PARAMETERS);
+        }
+        const dek = cached.dek;
+        const privateKey = forge.pki.decryptRsaPrivateKey(pem, dek);
+        cms.decrypt(r.recipient, privateKey);
+        return uint8ArrayFromString(cms.content.getBytes(), 'ascii');
+    }
+}
+//# sourceMappingURL=cms.js.map

package/dist/src/cms.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cms.js","sourceRoot":"","sources":["../../src/cms.ts"],"names":[],"mappings":"AAAA,OAAO,yBAAyB,CAAA;AAChC,OAAO,uBAAuB,CAAA;AAC9B,qCAAqC;AACrC,OAAO,KAAK,MAAM,yBAAyB,CAAA;AAC3C,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AACxD,OAAO,OAAO,MAAM,UAAU,CAAA;AAC9B,OAAO,EAAE,UAAU,IAAI,oBAAoB,EAAE,MAAM,yBAAyB,CAAA;AAC5E,OAAO,EAAE,QAAQ,IAAI,kBAAkB,EAAE,MAAM,uBAAuB,CAAA;AACtE,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAA;AACnC,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAGvC,MAAM,GAAG,GAAG,MAAM,CAAC,qBAAqB,CAAC,CAAA;AAEzC,MAAM,QAAQ,GAAG,IAAI,OAAO,EAA2B,CAAA;AAEvD;;;;;;;;GAQG;AACH,MAAM,OAAO,GAAG;IAGd;;OAEG;IACH,YAAa,QAAkB,EAAE,GAAW;QAC1C,IAAI,QAAQ,IAAI,IAAI,EAAE;YACpB,MAAM,OAAO,CAAC,IAAI,KAAK,CAAC,sBAAsB,CAAC,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAA;SAC9E;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QACxB,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,GAAG,EAAE,CAAC,CAAA;IAC7B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CAAE,IAAY,EAAE,KAAiB;QAC5C,IAAI,CAAC,CAAC,KAAK,YAAY,UAAU,CAAC,EAAE;YAClC,MAAM,OAAO,CAAC,IAAI,KAAK,CAAC,iCAAiC,CAAC,EAAE,KAAK,CAAC,sBAAsB,CAAC,CAAA;SAC1F;QAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;QACnD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;QACnD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAEjC,IAAI,MAAM,IAAI,IAAI,EAAE;YAClB,MAAM,OAAO,CAAC,IAAI,KAAK,CAAC,aAAa,CAAC,EAAE,KAAK,CAAC,sBAAsB,CAAC,CAAA;SACtE;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAA;QACtB,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAC3D,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;QAE5D,gCAAgC;QAChC,MAAM,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAA;QAC5C,EAAE,CAAC,YAAY,CAAC,WAAW,CAAC,CAAA;QAC5B,EAAE,CAAC,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAA;QAC3C,EAAE,CAAC,OAAO,EAAE,CAAA;QAEZ,yBAAyB;QACzB,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAA;QACpD,OAAO,oBAAoB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IAC3C,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CAAE,OAAmB;QAChC,IAAI,CAAC,CAAC,OAAO,YAAY,UAAU,CAAC,EAAE;YACpC,MAAM,OAAO,CAAC,IAAI,KAAK,CAAC,sBAAsB,CAAC,EAAE,KAAK,CAAC,sBAAsB,CAAC,CAAA;SAC/E;QAED,IAAI,GAAQ,CAAA;QACZ,IAAI;YACF,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAA;YACzE,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YAEnC,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;SACvC;QAAC,OAAO,GAAQ,EAAE;YACjB,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YACd,MAAM,OAAO,CAAC,IAAI,KAAK,CAAC,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;SAC/D;QAED,wEAAwE;QACxE,2BAA2B;QAC3B,MAAM,UAAU,GAAQ,GAAG,CAAC,UAAU;YACpC,yCAAyC;aACxC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,GAAG,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,CAAC;YAC3E,yCAAyC;aACxC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC;YACtD,yCAAyC;aACxC,GAAG,CAAC,CAAC,CAAC,EAAE;YACP,OAAO;gBACL,SAAS,EAAE,CAAC;gBACZ,yCAAyC;gBACzC,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,KAAK;aACtD,CAAA;QACH,CAAC,CAAC,CAAA;QAEJ,MAAM,CAAC,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,SAAc,EAAE,EAAE;YAC7D,IAAI;gBACF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;gBAC5D,IAAI,GAAG,IAAI,IAAI,EAAE;oBACf,OAAO,IAAI,CAAA;iBACZ;aACF;YAAC,OAAO,GAAQ,EAAE;gBACjB,OAAO,KAAK,CAAA;aACb;YACD,OAAO,KAAK,CAAA;QACd,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,IAAI,IAAI,EAAE;YACb,yCAAyC;YACzC,MAAM,WAAW,GAAa,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;YAC1D,MAAM,OAAO,CAAC,IAAI,KAAK,CAAC,uCAAuC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,gBAAgB,EAAE;gBAChH,WAAW;aACZ,CAAC,CAAA;SACH;QAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;QAEpD,IAAI,GAAG,IAAI,IAAI,EAAE;YACf,MAAM,OAAO,CAAC,IAAI,KAAK,CAAC,8BAA8B,CAAC,EAAE,KAAK,CAAC,UAAU,CAAC,CAAA;SAC3E;QAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QACvD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAEjC,IAAI,MAAM,IAAI,IAAI,EAAE;YAClB,MAAM,OAAO,CAAC,IAAI,KAAK,CAAC,aAAa,CAAC,EAAE,KAAK,CAAC,sBAAsB,CAAC,CAAA;SACtE;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAA;QACtB,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAC3D,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,CAAA;QACpC,OAAO,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAA;IAC9D,CAAC;CACF"}

package/dist/src/errors.d.ts

@@ -0,0 +1,22 @@
+export declare enum codes {
+    ERR_KEYCHAIN_REQUIRED = "ERR_KEYCHAIN_REQUIRED",
+    ERR_INVALID_PARAMETERS = "ERR_INVALID_PARAMETERS",
+    ERR_INVALID_CMS = "ERR_INVALID_CMS",
+    ERR_MISSING_KEYS = "ERR_MISSING_KEYS",
+    ERR_NO_KEY = "ERR_NO_KEY",
+    ERR_INVALID_KEY_NAME = "ERR_INVALID_KEY_NAME",
+    ERR_INVALID_KEY_TYPE = "ERR_INVALID_KEY_TYPE",
+    ERR_KEY_ALREADY_EXISTS = "ERR_KEY_ALREADY_EXISTS",
+    ERR_INVALID_KEY_SIZE = "ERR_INVALID_KEY_SIZE",
+    ERR_KEY_NOT_FOUND = "ERR_KEY_NOT_FOUND",
+    ERR_OLD_KEY_NAME_INVALID = "ERR_OLD_KEY_NAME_INVALID",
+    ERR_NEW_KEY_NAME_INVALID = "ERR_NEW_KEY_NAME_INVALID",
+    ERR_PASSWORD_REQUIRED = "ERR_PASSWORD_REQUIRED",
+    ERR_PEM_REQUIRED = "ERR_PEM_REQUIRED",
+    ERR_CANNOT_READ_KEY = "ERR_CANNOT_READ_KEY",
+    ERR_MISSING_PRIVATE_KEY = "ERR_MISSING_PRIVATE_KEY",
+    ERR_INVALID_OLD_PASS_TYPE = "ERR_INVALID_OLD_PASS_TYPE",
+    ERR_INVALID_NEW_PASS_TYPE = "ERR_INVALID_NEW_PASS_TYPE",
+    ERR_INVALID_PASS_LENGTH = "ERR_INVALID_PASS_LENGTH"
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/src/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/errors.ts"],"names":[],"mappings":"AACA,oBAAY,KAAK;IACf,qBAAqB,0BAA0B;IAC/C,sBAAsB,2BAA2B;IACjD,eAAe,oBAAoB;IACnC,gBAAgB,qBAAqB;IACrC,UAAU,eAAe;IACzB,oBAAoB,yBAAyB;IAC7C,oBAAoB,yBAAyB;IAC7C,sBAAsB,2BAA2B;IACjD,oBAAoB,yBAAyB;IAC7C,iBAAiB,sBAAsB;IACvC,wBAAwB,6BAA6B;IACrD,wBAAwB,6BAA6B;IACrD,qBAAqB,0BAA0B;IAC/C,gBAAgB,qBAAqB;IACrC,mBAAmB,wBAAwB;IAC3C,uBAAuB,4BAA4B;IACnD,yBAAyB,8BAA8B;IACvD,yBAAyB,8BAA8B;IACvD,uBAAuB,4BAA4B;CACpD"}

package/dist/src/errors.js

@@ -0,0 +1,23 @@
+export var codes;
+(function (codes) {
+    codes["ERR_KEYCHAIN_REQUIRED"] = "ERR_KEYCHAIN_REQUIRED";
+    codes["ERR_INVALID_PARAMETERS"] = "ERR_INVALID_PARAMETERS";
+    codes["ERR_INVALID_CMS"] = "ERR_INVALID_CMS";
+    codes["ERR_MISSING_KEYS"] = "ERR_MISSING_KEYS";
+    codes["ERR_NO_KEY"] = "ERR_NO_KEY";
+    codes["ERR_INVALID_KEY_NAME"] = "ERR_INVALID_KEY_NAME";
+    codes["ERR_INVALID_KEY_TYPE"] = "ERR_INVALID_KEY_TYPE";
+    codes["ERR_KEY_ALREADY_EXISTS"] = "ERR_KEY_ALREADY_EXISTS";
+    codes["ERR_INVALID_KEY_SIZE"] = "ERR_INVALID_KEY_SIZE";
+    codes["ERR_KEY_NOT_FOUND"] = "ERR_KEY_NOT_FOUND";
+    codes["ERR_OLD_KEY_NAME_INVALID"] = "ERR_OLD_KEY_NAME_INVALID";
+    codes["ERR_NEW_KEY_NAME_INVALID"] = "ERR_NEW_KEY_NAME_INVALID";
+    codes["ERR_PASSWORD_REQUIRED"] = "ERR_PASSWORD_REQUIRED";
+    codes["ERR_PEM_REQUIRED"] = "ERR_PEM_REQUIRED";
+    codes["ERR_CANNOT_READ_KEY"] = "ERR_CANNOT_READ_KEY";
+    codes["ERR_MISSING_PRIVATE_KEY"] = "ERR_MISSING_PRIVATE_KEY";
+    codes["ERR_INVALID_OLD_PASS_TYPE"] = "ERR_INVALID_OLD_PASS_TYPE";
+    codes["ERR_INVALID_NEW_PASS_TYPE"] = "ERR_INVALID_NEW_PASS_TYPE";
+    codes["ERR_INVALID_PASS_LENGTH"] = "ERR_INVALID_PASS_LENGTH";
+})(codes || (codes = {}));
+//# sourceMappingURL=errors.js.map

package/dist/src/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/errors.ts"],"names":[],"mappings":"AACA,MAAM,CAAN,IAAY,KAoBX;AApBD,WAAY,KAAK;IACf,wDAA+C,CAAA;IAC/C,0DAAiD,CAAA;IACjD,4CAAmC,CAAA;IACnC,8CAAqC,CAAA;IACrC,kCAAyB,CAAA;IACzB,sDAA6C,CAAA;IAC7C,sDAA6C,CAAA;IAC7C,0DAAiD,CAAA;IACjD,sDAA6C,CAAA;IAC7C,gDAAuC,CAAA;IACvC,8DAAqD,CAAA;IACrD,8DAAqD,CAAA;IACrD,wDAA+C,CAAA;IAC/C,8CAAqC,CAAA;IACrC,oDAA2C,CAAA;IAC3C,4DAAmD,CAAA;IACnD,gEAAuD,CAAA;IACvD,gEAAuD,CAAA;IACvD,4DAAmD,CAAA;AACrD,CAAC,EApBW,KAAK,KAAL,KAAK,QAoBhB"}

package/dist/src/index.d.ts

@@ -0,0 +1,145 @@
+import { CMS } from './cms.js';
+import type { PeerId } from '@libp2p/interface-peer-id';
+import type { Datastore } from 'interface-datastore';
+import type { KeyTypes } from '@libp2p/crypto/keys';
+export interface DEKConfig {
+    hash: string;
+    salt: string;
+    iterationCount: number;
+    keyLength: number;
+}
+export interface KeyChainInit {
+    pass?: string;
+    dek?: DEKConfig;
+}
+/**
+ * Information about a key.
+ */
+export interface KeyInfo {
+    /**
+     * The universally unique key id
+     */
+    id: string;
+    /**
+     * The local key name.
+     */
+    name: string;
+}
+export interface KeyChainComponents {
+    datastore: Datastore;
+}
+/**
+ * Manages the lifecycle of a key. Keys are encrypted at rest using PKCS #8.
+ *
+ * A key in the store has two entries
+ * - '/info/*key-name*', contains the KeyInfo for the key
+ * - '/pkcs8/*key-name*', contains the PKCS #8 for the key
+ *
+ */
+export declare class KeyChain {
+    private readonly components;
+    private readonly init;
+    /**
+     * Creates a new instance of a key chain
+     */
+    constructor(components: KeyChainComponents, init: KeyChainInit);
+    /**
+     * Gets an object that can encrypt/decrypt protected data
+     * using the Cryptographic Message Syntax (CMS).
+     *
+     * CMS describes an encapsulation syntax for data protection. It
+     * is used to digitally sign, digest, authenticate, or encrypt
+     * arbitrary message content
+     */
+    get cms(): CMS;
+    /**
+     * Generates the options for a keychain.  A random salt is produced.
+     *
+     * @returns {object}
+     */
+    static generateOptions(): KeyChainInit;
+    /**
+     * Gets an object that can encrypt/decrypt protected data.
+     * The default options for a keychain.
+     *
+     * @returns {object}
+     */
+    static get options(): {
+        dek: {
+            keyLength: number;
+            iterationCount: number;
+            salt: string;
+            hash: string;
+        };
+    };
+    /**
+     * Create a new key.
+     *
+     * @param {string} name - The local key name; cannot already exist.
+     * @param {string} type - One of the key types; 'rsa'.
+     * @param {number} [size = 2048] - The key size in bits. Used for rsa keys only
+     */
+    createKey(name: string, type: KeyTypes, size?: number): Promise<KeyInfo>;
+    /**
+     * List all the keys.
+     *
+     * @returns {Promise<KeyInfo[]>}
+     */
+    listKeys(): Promise<any[]>;
+    /**
+     * Find a key by it's id
+     */
+    findKeyById(id: string): Promise<KeyInfo>;
+    /**
+     * Find a key by it's name.
+     *
+     * @param {string} name - The local key name.
+     * @returns {Promise<KeyInfo>}
+     */
+    findKeyByName(name: string): Promise<KeyInfo>;
+    /**
+     * Remove an existing key.
+     *
+     * @param {string} name - The local key name; must already exist.
+     * @returns {Promise<KeyInfo>}
+     */
+    removeKey(name: string): Promise<KeyInfo>;
+    /**
+     * Rename a key
+     *
+     * @param {string} oldName - The old local key name; must already exist.
+     * @param {string} newName - The new local key name; must not already exist.
+     * @returns {Promise<KeyInfo>}
+     */
+    renameKey(oldName: string, newName: string): Promise<KeyInfo>;
+    /**
+     * Export an existing key as a PEM encrypted PKCS #8 string
+     */
+    exportKey(name: string, password: string): Promise<string>;
+    /**
+     * Export an existing key as a PeerId
+     */
+    exportPeerId(name: string): Promise<PeerId>;
+    /**
+     * Import a new key from a PEM encoded PKCS #8 string
+     *
+     * @param {string} name - The local key name; must not already exist.
+     * @param {string} pem - The PEM encoded PKCS #8 string
+     * @param {string} password - The password.
+     * @returns {Promise<KeyInfo>}
+     */
+    importKey(name: string, pem: string, password: string): Promise<KeyInfo>;
+    /**
+     * Import a peer key
+     */
+    importPeer(name: string, peer: PeerId): Promise<KeyInfo>;
+    /**
+     * Gets the private key as PEM encoded PKCS #8 string
+     */
+    getPrivateKey(name: string): Promise<string>;
+    /**
+     * Rotate keychain password and re-encrypt all associated keys
+     */
+    rotateKeychainPass(oldPass: string, newPass: string): Promise<void>;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAM9B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAA;AAEvD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAEpD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAA;AAInD,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,GAAG,CAAC,EAAE,SAAS,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB;;OAEG;IACH,EAAE,EAAE,MAAM,CAAA;IAEV;;OAEG;IACH,IAAI,EAAE,MAAM,CAAA;CACb;AA6DD,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,SAAS,CAAA;CACrB;AAED;;;;;;;GAOG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAc;IAEnC;;OAEG;gBACU,UAAU,EAAE,kBAAkB,EAAE,IAAI,EAAE,YAAY;IA8B/D;;;;;;;OAOG;IACH,IAAI,GAAG,QAUN;IAED;;;;OAIG;IACH,MAAM,CAAC,eAAe,IAAK,YAAY;IAOvC;;;;;OAKG;IACH,MAAM,KAAK,OAAO;;;;;;;MAEjB;IAED;;;;;;OAMG;IACG,SAAS,CAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,SAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IA0D7E;;;;OAIG;IACG,QAAQ;IAad;;OAEG;IACG,WAAW,CAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAUhD;;;;;OAKG;IACG,aAAa,CAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAiBpD;;;;;OAKG;IACG,SAAS,CAAE,IAAI,EAAE,MAAM;IAc7B;;;;;;OAMG;IACG,SAAS,CAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAuCpE;;OAEG;IACG,SAAS,CAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;IA6B/C;;OAEG;IACG,YAAY,CAAE,IAAI,EAAE,MAAM;IAQhC;;;;;;;OAOG;IACG,SAAS,CAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAoD/E;;OAEG;IACG,UAAU,CAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA4C/D;;OAEG;IACG,aAAa,CAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAiBnD;;OAEG;IACG,kBAAkB,CAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAmD3D"}