@libp2p/keychain 4.1.6 → 5.0.0-1210884ed

package/dist/src/utils/export.js

@@ -0,0 +1,183 @@
+import { randomBytes } from '@libp2p/crypto';
+import { AES_GCM } from '@libp2p/crypto/ciphers';
+import { privateKeyToProtobuf } from '@libp2p/crypto/keys';
+import webcrypto from '@libp2p/crypto/webcrypto';
+import { InvalidParametersError, UnsupportedKeyTypeError } from '@libp2p/interface';
+import { pbkdf2Async } from '@noble/hashes/pbkdf2';
+import { sha512 } from '@noble/hashes/sha512';
+import * as asn1js from 'asn1js';
+import { base64 } from 'multiformats/bases/base64';
+import { toString as uint8ArrayToString } from 'uint8arrays/to-string';
+import { ITERATIONS, KEY_SIZE, SALT_LENGTH } from './constants.js';
+/**
+ * Exports the given PrivateKey as a base64 encoded string.
+ * The PrivateKey is encrypted via a password derived PBKDF2 key
+ * leveraging the aes-gcm cipher algorithm.
+ */
+export async function exporter(privateKey, password) {
+    const cipher = AES_GCM.create();
+    const encryptedKey = await cipher.encrypt(privateKey, password);
+    return base64.encode(encryptedKey);
+}
+/**
+ * Converts an exported private key into its representative object.
+ *
+ * Supported formats are 'pem' (RSA only) and 'libp2p-key'.
+ */
+export async function exportPrivateKey(key, password, format) {
+    if (key.type === 'RSA') {
+        return exportRSAPrivateKey(key, password, format);
+    }
+    if (key.type === 'Ed25519') {
+        return exportEd25519PrivateKey(key, password, format);
+    }
+    if (key.type === 'secp256k1') {
+        return exportSecp256k1PrivateKey(key, password, format);
+    }
+    throw new UnsupportedKeyTypeError();
+}
+/**
+ * Exports the key into a password protected `format`
+ */
+export async function exportEd25519PrivateKey(key, password, format = 'libp2p-key') {
+    if (format === 'libp2p-key') {
+        return exporter(privateKeyToProtobuf(key), password);
+    }
+    else {
+        throw new InvalidParametersError(`export format '${format}' is not supported`);
+    }
+}
+/**
+ * Exports the key into a password protected `format`
+ */
+export async function exportSecp256k1PrivateKey(key, password, format = 'libp2p-key') {
+    if (format === 'libp2p-key') {
+        return exporter(privateKeyToProtobuf(key), password);
+    }
+    else {
+        throw new InvalidParametersError('Export format is not supported');
+    }
+}
+/**
+ * Exports the key as libp2p-key - a aes-gcm encrypted value with the key
+ * derived from the password.
+ *
+ * To export it as a password protected PEM file, please use the `exportPEM`
+ * function from `@libp2p/rsa`.
+ */
+export async function exportRSAPrivateKey(key, password, format = 'pkcs-8') {
+    if (format === 'pkcs-8') {
+        return exportToPem(key, password);
+    }
+    else if (format === 'libp2p-key') {
+        return exporter(privateKeyToProtobuf(key), password);
+    }
+    else {
+        throw new InvalidParametersError('Export format is not supported');
+    }
+}
+export async function exportToPem(privateKey, password) {
+    const crypto = webcrypto.get();
+    // PrivateKeyInfo
+    const keyWrapper = new asn1js.Sequence({
+        value: [
+            // version (0)
+            new asn1js.Integer({ value: 0 }),
+            // privateKeyAlgorithm
+            new asn1js.Sequence({
+                value: [
+                    // rsaEncryption OID
+                    new asn1js.ObjectIdentifier({
+                        value: '1.2.840.113549.1.1.1'
+                    }),
+                    new asn1js.Null()
+                ]
+            }),
+            // PrivateKey
+            new asn1js.OctetString({
+                valueHex: privateKey.raw
+            })
+        ]
+    });
+    const keyBuf = keyWrapper.toBER();
+    const keyArr = new Uint8Array(keyBuf, 0, keyBuf.byteLength);
+    const salt = randomBytes(SALT_LENGTH);
+    const encryptionKey = await pbkdf2Async(sha512, password, salt, {
+        c: ITERATIONS,
+        dkLen: KEY_SIZE
+    });
+    const iv = randomBytes(16);
+    const cryptoKey = await crypto.subtle.importKey('raw', encryptionKey, 'AES-CBC', false, ['encrypt']);
+    const encrypted = await crypto.subtle.encrypt({
+        name: 'AES-CBC',
+        iv
+    }, cryptoKey, keyArr);
+    const pbkdf2Params = new asn1js.Sequence({
+        value: [
+            // salt
+            new asn1js.OctetString({ valueHex: salt }),
+            // iteration count
+            new asn1js.Integer({ value: ITERATIONS }),
+            // key length
+            new asn1js.Integer({ value: KEY_SIZE }),
+            // AlgorithmIdentifier
+            new asn1js.Sequence({
+                value: [
+                    // hmacWithSHA512
+                    new asn1js.ObjectIdentifier({ value: '1.2.840.113549.2.11' }),
+                    new asn1js.Null()
+                ]
+            })
+        ]
+    });
+    const encryptionAlgorithm = new asn1js.Sequence({
+        value: [
+            // pkcs5PBES2
+            new asn1js.ObjectIdentifier({
+                value: '1.2.840.113549.1.5.13'
+            }),
+            new asn1js.Sequence({
+                value: [
+                    // keyDerivationFunc
+                    new asn1js.Sequence({
+                        value: [
+                            // pkcs5PBKDF2
+                            new asn1js.ObjectIdentifier({
+                                value: '1.2.840.113549.1.5.12'
+                            }),
+                            // PBKDF2-params
+                            pbkdf2Params
+                        ]
+                    }),
+                    // encryptionScheme
+                    new asn1js.Sequence({
+                        value: [
+                            // aes256-CBC
+                            new asn1js.ObjectIdentifier({
+                                value: '2.16.840.1.101.3.4.1.42'
+                            }),
+                            // iv
+                            new asn1js.OctetString({
+                                valueHex: iv
+                            })
+                        ]
+                    })
+                ]
+            })
+        ]
+    });
+    const finalWrapper = new asn1js.Sequence({
+        value: [
+            encryptionAlgorithm,
+            new asn1js.OctetString({ valueHex: encrypted })
+        ]
+    });
+    const finalWrapperBuf = finalWrapper.toBER();
+    const finalWrapperArr = new Uint8Array(finalWrapperBuf, 0, finalWrapperBuf.byteLength);
+    return [
+        '-----BEGIN ENCRYPTED PRIVATE KEY-----',
+        ...uint8ArrayToString(finalWrapperArr, 'base64pad').split(/(.{64})/).filter(Boolean),
+        '-----END ENCRYPTED PRIVATE KEY-----'
+    ].join('\n');
+}
+//# sourceMappingURL=export.js.map

package/dist/src/utils/export.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"export.js","sourceRoot":"","sources":["../../../src/utils/export.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,wBAAwB,CAAA;AAChD,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC1D,OAAO,SAAS,MAAM,0BAA0B,CAAA;AAChD,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAA;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAClD,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAC7C,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAA;AAChC,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAA;AAClD,OAAO,EAAE,QAAQ,IAAI,kBAAkB,EAAE,MAAM,uBAAuB,CAAA;AACtE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAIlE;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAE,UAAsB,EAAE,QAAgB;IACtE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAA;IAC/B,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAA;IAC/D,OAAO,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;AACpC,CAAC;AAID;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAE,GAAe,EAAE,QAAgB,EAAE,MAAqB;IAC9F,IAAI,GAAG,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;QACvB,OAAO,mBAAmB,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAA;IACnD,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO,uBAAuB,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAA;IACvD,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC7B,OAAO,yBAAyB,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAA;IACzD,CAAC;IAED,MAAM,IAAI,uBAAuB,EAAE,CAAA;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAE,GAAsB,EAAE,QAAgB,EAAE,SAAuB,YAAY;IAC1H,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAA;IACtD,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,sBAAsB,CAAC,kBAAkB,MAAM,oBAAoB,CAAC,CAAA;IAChF,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAE,GAAwB,EAAE,QAAgB,EAAE,SAAuB,YAAY;IAC9H,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAA;IACtD,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,sBAAsB,CAAC,gCAAgC,CAAC,CAAA;IACpE,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAE,GAAkB,EAAE,QAAgB,EAAE,SAAuB,QAAQ;IAC9G,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,OAAO,WAAW,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IACnC,CAAC;SAAM,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;QACnC,OAAO,QAAQ,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAA;IACtD,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,sBAAsB,CAAC,gCAAgC,CAAC,CAAA;IACpE,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAE,UAAyB,EAAE,QAAgB;IAC5E,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,CAAA;IAE9B,iBAAiB;IACjB,MAAM,UAAU,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC;QACrC,KAAK,EAAE;YACL,cAAc;YACd,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;YAEhC,sBAAsB;YACtB,IAAI,MAAM,CAAC,QAAQ,CAAC;gBAClB,KAAK,EAAE;oBACP,oBAAoB;oBAClB,IAAI,MAAM,CAAC,gBAAgB,CAAC;wBAC1B,KAAK,EAAE,sBAAsB;qBAC9B,CAAC;oBACF,IAAI,MAAM,CAAC,IAAI,EAAE;iBAClB;aACF,CAAC;YAEF,aAAa;YACb,IAAI,MAAM,CAAC,WAAW,CAAC;gBACrB,QAAQ,EAAE,UAAU,CAAC,GAAG;aACzB,CAAC;SACH;KACF,CAAC,CAAA;IAEF,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,EAAE,CAAA;IACjC,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;IAC3D,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAA;IAErC,MAAM,aAAa,GAAG,MAAM,WAAW,CACrC,MAAM,EACN,QAAQ,EACR,IAAI,EAAE;QACJ,CAAC,EAAE,UAAU;QACb,KAAK,EAAE,QAAQ;KAChB,CACF,CAAA;IAED,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAA;IAC1B,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;IACpG,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QAC5C,IAAI,EAAE,SAAS;QACf,EAAE;KACH,EAAE,SAAS,EAAE,MAAM,CAAC,CAAA;IAErB,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC;QACvC,KAAK,EAAE;YACL,OAAO;YACP,IAAI,MAAM,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;YAE1C,kBAAkB;YAClB,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;YAEzC,aAAa;YACb,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YAEvC,sBAAsB;YACtB,IAAI,MAAM,CAAC,QAAQ,CAAC;gBAClB,KAAK,EAAE;oBACL,iBAAiB;oBACjB,IAAI,MAAM,CAAC,gBAAgB,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;oBAC7D,IAAI,MAAM,CAAC,IAAI,EAAE;iBAClB;aACF,CAAC;SACH;KACF,CAAC,CAAA;IAEF,MAAM,mBAAmB,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC;QAC9C,KAAK,EAAE;YACL,aAAa;YACb,IAAI,MAAM,CAAC,gBAAgB,CAAC;gBAC1B,KAAK,EAAE,uBAAuB;aAC/B,CAAC;YACF,IAAI,MAAM,CAAC,QAAQ,CAAC;gBAClB,KAAK,EAAE;oBACL,oBAAoB;oBACpB,IAAI,MAAM,CAAC,QAAQ,CAAC;wBAClB,KAAK,EAAE;4BACL,cAAc;4BACd,IAAI,MAAM,CAAC,gBAAgB,CAAC;gCAC1B,KAAK,EAAE,uBAAuB;6BAC/B,CAAC;4BACF,gBAAgB;4BAChB,YAAY;yBACb;qBACF,CAAC;oBAEF,mBAAmB;oBACnB,IAAI,MAAM,CAAC,QAAQ,CAAC;wBAClB,KAAK,EAAE;4BACL,aAAa;4BACb,IAAI,MAAM,CAAC,gBAAgB,CAAC;gCAC1B,KAAK,EAAE,yBAAyB;6BACjC,CAAC;4BACF,KAAK;4BACL,IAAI,MAAM,CAAC,WAAW,CAAC;gCACrB,QAAQ,EAAE,EAAE;6BACb,CAAC;yBACH;qBACF,CAAC;iBACH;aACF,CAAC;SACH;KACF,CAAC,CAAA;IAEF,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC;QACvC,KAAK,EAAE;YACL,mBAAmB;YACnB,IAAI,MAAM,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;SAChD;KACF,CAAC,CAAA;IAEF,MAAM,eAAe,GAAG,YAAY,CAAC,KAAK,EAAE,CAAA;IAC5C,MAAM,eAAe,GAAG,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC,EAAE,eAAe,CAAC,UAAU,CAAC,CAAA;IAEtF,OAAO;QACL,uCAAuC;QACvC,GAAG,kBAAkB,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;QACpF,qCAAqC;KACtC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACd,CAAC"}

package/dist/src/utils/import.d.ts

@@ -0,0 +1,15 @@
+import type { PrivateKey, RSAPrivateKey } from '@libp2p/interface';
+/**
+ * Converts an exported private key into its representative object.
+ *
+ * Supported formats are 'pem' (RSA only) and 'libp2p-key'.
+ */
+export declare function importPrivateKey(encryptedKey: string, password: string): Promise<PrivateKey>;
+/**
+ * Attempts to decrypt a base64 encoded PrivateKey string
+ * with the given password. The privateKey must have been exported
+ * using the same password and underlying cipher (aes-gcm)
+ */
+export declare function importer(privateKey: string, password: string): Promise<Uint8Array>;
+export declare function importFromPem(pem: string, password: string): Promise<RSAPrivateKey>;
+//# sourceMappingURL=import.d.ts.map

package/dist/src/utils/import.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"import.d.ts","sourceRoot":"","sources":["../../../src/utils/import.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAElE;;;;GAIG;AACH,wBAAsB,gBAAgB,CAAE,YAAY,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAanG;AAED;;;;GAIG;AACH,wBAAsB,QAAQ,CAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAIzF;AAED,wBAAsB,aAAa,CAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAiE1F"}

package/dist/src/utils/import.js

@@ -0,0 +1,137 @@
+import { AES_GCM } from '@libp2p/crypto/ciphers';
+import { privateKeyFromProtobuf, privateKeyFromRaw } from '@libp2p/crypto/keys';
+import webcrypto from '@libp2p/crypto/webcrypto';
+import { InvalidParametersError } from '@libp2p/interface';
+import { pbkdf2Async } from '@noble/hashes/pbkdf2';
+import { sha512 } from '@noble/hashes/sha512';
+import * as asn1js from 'asn1js';
+import { base64 } from 'multiformats/bases/base64';
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string';
+import { ITERATIONS, KEY_SIZE } from './constants.js';
+/**
+ * Converts an exported private key into its representative object.
+ *
+ * Supported formats are 'pem' (RSA only) and 'libp2p-key'.
+ */
+export async function importPrivateKey(encryptedKey, password) {
+    try {
+        const key = await importer(encryptedKey, password);
+        return privateKeyFromProtobuf(key);
+    }
+    catch {
+        // Ignore and try the old pem decrypt
+    }
+    if (!encryptedKey.includes('BEGIN')) {
+        throw new InvalidParametersError('Encrypted key was not a libp2p-key or a PEM file');
+    }
+    return importFromPem(encryptedKey, password);
+}
+/**
+ * Attempts to decrypt a base64 encoded PrivateKey string
+ * with the given password. The privateKey must have been exported
+ * using the same password and underlying cipher (aes-gcm)
+ */
+export async function importer(privateKey, password) {
+    const encryptedKey = base64.decode(privateKey);
+    const cipher = AES_GCM.create();
+    return cipher.decrypt(encryptedKey, password);
+}
+export async function importFromPem(pem, password) {
+    const crypto = webcrypto.get();
+    let plaintext;
+    if (pem.includes('-----BEGIN ENCRYPTED PRIVATE KEY-----')) {
+        const key = uint8ArrayFromString(pem
+            .replace('-----BEGIN ENCRYPTED PRIVATE KEY-----', '')
+            .replace('-----END ENCRYPTED PRIVATE KEY-----', '')
+            .replace(/\n/g, '')
+            .trim(), 'base64pad');
+        const { result } = asn1js.fromBER(key);
+        const { iv, salt, iterations, keySize, cipherText } = findEncryptedPEMData(result);
+        const encryptionKey = await pbkdf2Async(sha512, password, salt, {
+            c: iterations,
+            dkLen: keySize
+        });
+        const cryptoKey = await crypto.subtle.importKey('raw', encryptionKey, 'AES-CBC', false, ['decrypt']);
+        const decrypted = toUint8Array(await crypto.subtle.decrypt({
+            name: 'AES-CBC',
+            iv
+        }, cryptoKey, cipherText));
+        const { result: decryptedResult } = asn1js.fromBER(decrypted);
+        plaintext = findPEMData(decryptedResult);
+    }
+    else if (pem.includes('-----BEGIN PRIVATE KEY-----')) {
+        const key = uint8ArrayFromString(pem
+            .replace('-----BEGIN PRIVATE KEY-----', '')
+            .replace('-----END PRIVATE KEY-----', '')
+            .replace(/\n/g, '')
+            .trim(), 'base64pad');
+        const { result } = asn1js.fromBER(key);
+        plaintext = findPEMData(result);
+    }
+    else {
+        throw new InvalidParametersError('Could not parse private key from PEM data');
+    }
+    const key = privateKeyFromRaw(plaintext);
+    if (key.type !== 'RSA') {
+        throw new InvalidParametersError('Could not parse RSA private key from PEM data');
+    }
+    return key;
+}
+function findEncryptedPEMData(root) {
+    const encryptionAlgorithm = root.valueBlock.value[0];
+    const scheme = encryptionAlgorithm.valueBlock.value[0].toString();
+    if (scheme !== 'OBJECT IDENTIFIER : 1.2.840.113549.1.5.13') {
+        throw new InvalidParametersError('Only pkcs5PBES2 encrypted private keys are supported');
+    }
+    const keyDerivationFunc = encryptionAlgorithm.valueBlock.value[1].valueBlock.value[0];
+    const keyDerivationFuncName = keyDerivationFunc.valueBlock.value[0].toString();
+    if (keyDerivationFuncName !== 'OBJECT IDENTIFIER : 1.2.840.113549.1.5.12') {
+        throw new InvalidParametersError('Only pkcs5PBKDF2 key derivation functions are supported');
+    }
+    const pbkdf2Params = keyDerivationFunc.valueBlock.value[1];
+    const salt = toUint8Array(pbkdf2Params.valueBlock.value[0].getValue());
+    let iterations = ITERATIONS;
+    let keySize = KEY_SIZE;
+    if (pbkdf2Params.valueBlock.value.length === 3) {
+        iterations = Number(pbkdf2Params.valueBlock.value[1].toBigInt());
+        keySize = Number((pbkdf2Params.valueBlock.value[2]).toBigInt());
+    }
+    else if (pbkdf2Params.valueBlock.value.length === 2) {
+        throw new InvalidParametersError('Could not derive key size and iterations from PEM file - please use @libp2p/rsa to re-import your key');
+    }
+    const encryptionScheme = encryptionAlgorithm.valueBlock.value[1].valueBlock.value[1];
+    const encryptionSchemeName = encryptionScheme.valueBlock.value[0].toString();
+    if (encryptionSchemeName === 'OBJECT IDENTIFIER : 1.2.840.113549.3.7') {
+        // des-EDE3-CBC
+    }
+    else if (encryptionSchemeName === 'OBJECT IDENTIFIER : 1.3.14.3.2.7') {
+        // des-CBC
+    }
+    else if (encryptionSchemeName === 'OBJECT IDENTIFIER : 2.16.840.1.101.3.4.1.2') {
+        // aes128-CBC
+    }
+    else if (encryptionSchemeName === 'OBJECT IDENTIFIER : 2.16.840.1.101.3.4.1.22') {
+        // aes192-CBC
+    }
+    else if (encryptionSchemeName === 'OBJECT IDENTIFIER : 2.16.840.1.101.3.4.1.42') {
+        // aes256-CBC
+    }
+    else {
+        throw new InvalidParametersError('Only AES-CBC encryption schemes are supported');
+    }
+    const iv = toUint8Array(encryptionScheme.valueBlock.value[1].getValue());
+    return {
+        cipherText: toUint8Array(root.valueBlock.value[1].getValue()),
+        salt,
+        iterations,
+        keySize,
+        iv
+    };
+}
+function findPEMData(seq) {
+    return toUint8Array(seq.valueBlock.value[2].getValue());
+}
+function toUint8Array(buf) {
+    return new Uint8Array(buf, 0, buf.byteLength);
+}
+//# sourceMappingURL=import.js.map

package/dist/src/utils/import.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"import.js","sourceRoot":"","sources":["../../../src/utils/import.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,wBAAwB,CAAA;AAChD,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAC/E,OAAO,SAAS,MAAM,0BAA0B,CAAA;AAChD,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAA;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAClD,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAC7C,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAA;AAChC,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAA;AAClD,OAAO,EAAE,UAAU,IAAI,oBAAoB,EAAE,MAAM,yBAAyB,CAAA;AAC5E,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AAGrD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAE,YAAoB,EAAE,QAAgB;IAC5E,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;QAClD,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAA;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;IACvC,CAAC;IAED,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,sBAAsB,CAAC,kDAAkD,CAAC,CAAA;IACtF,CAAC;IAED,OAAO,aAAa,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;AAC9C,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAE,UAAkB,EAAE,QAAgB;IAClE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;IAC9C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAA;IAC/B,OAAO,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;AAC/C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAE,GAAW,EAAE,QAAgB;IAChE,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,CAAA;IAC9B,IAAI,SAAqB,CAAA;IAEzB,IAAI,GAAG,CAAC,QAAQ,CAAC,uCAAuC,CAAC,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,oBAAoB,CAC9B,GAAG;aACA,OAAO,CAAC,uCAAuC,EAAE,EAAE,CAAC;aACpD,OAAO,CAAC,qCAAqC,EAAE,EAAE,CAAC;aAClD,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;aAClB,IAAI,EAAE,EACT,WAAW,CACZ,CAAA;QAED,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAEtC,MAAM,EACJ,EAAE,EACF,IAAI,EACJ,UAAU,EACV,OAAO,EACP,UAAU,EACX,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAA;QAEhC,MAAM,aAAa,GAAG,MAAM,WAAW,CACrC,MAAM,EACN,QAAQ,EACR,IAAI,EAAE;YACJ,CAAC,EAAE,UAAU;YACb,KAAK,EAAE,OAAO;SACf,CACF,CAAA;QAED,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;QACpG,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;YACzD,IAAI,EAAE,SAAS;YACf,EAAE;SACH,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC,CAAA;QAE1B,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;QAC7D,SAAS,GAAG,WAAW,CAAC,eAAe,CAAC,CAAA;IAC1C,CAAC;SAAM,IAAI,GAAG,CAAC,QAAQ,CAAC,6BAA6B,CAAC,EAAE,CAAC;QACvD,MAAM,GAAG,GAAG,oBAAoB,CAC9B,GAAG;aACA,OAAO,CAAC,6BAA6B,EAAE,EAAE,CAAC;aAC1C,OAAO,CAAC,2BAA2B,EAAE,EAAE,CAAC;aACxC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;aAClB,IAAI,EAAE,EACT,WAAW,CACZ,CAAA;QAED,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAEtC,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAA;IACjC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,sBAAsB,CAAC,2CAA2C,CAAC,CAAA;IAC/E,CAAC;IAED,MAAM,GAAG,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAA;IAExC,IAAI,GAAG,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;QACvB,MAAM,IAAI,sBAAsB,CAAC,+CAA+C,CAAC,CAAA;IACnF,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAS,oBAAoB,CAAE,IAAS;IACtC,MAAM,mBAAmB,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IACpD,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;IAEjE,IAAI,MAAM,KAAK,2CAA2C,EAAE,CAAC;QAC3D,MAAM,IAAI,sBAAsB,CAAC,sDAAsD,CAAC,CAAA;IAC1F,CAAC;IAED,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IACrF,MAAM,qBAAqB,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;IAE9E,IAAI,qBAAqB,KAAK,2CAA2C,EAAE,CAAC;QAC1E,MAAM,IAAI,sBAAsB,CAAC,yDAAyD,CAAC,CAAA;IAC7F,CAAC;IAED,MAAM,YAAY,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAE1D,MAAM,IAAI,GAAG,YAAY,CAAC,YAAY,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;IAEtE,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,IAAI,OAAO,GAAG,QAAQ,CAAA;IAEtB,IAAI,YAAY,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/C,UAAU,GAAG,MAAM,CAAE,YAAY,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAoB,CAAC,QAAQ,EAAE,CAAC,CAAA;QACpF,OAAO,GAAG,MAAM,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;IACjE,CAAC;SAAM,IAAI,YAAY,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,sBAAsB,CAAC,uGAAuG,CAAC,CAAA;IAC3I,CAAC;IAED,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IACpF,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;IAE5E,IAAI,oBAAoB,KAAK,wCAAwC,EAAE,CAAC;QACtE,eAAe;IACjB,CAAC;SAAM,IAAI,oBAAoB,KAAK,kCAAkC,EAAE,CAAC;QACvE,UAAU;IACZ,CAAC;SAAM,IAAI,oBAAoB,KAAK,4CAA4C,EAAE,CAAC;QACjF,aAAa;IACf,CAAC;SAAM,IAAI,oBAAoB,KAAK,6CAA6C,EAAE,CAAC;QAClF,aAAa;IACf,CAAC;SAAM,IAAI,oBAAoB,KAAK,6CAA6C,EAAE,CAAC;QAClF,aAAa;IACf,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,sBAAsB,CAAC,+CAA+C,CAAC,CAAA;IACnF,CAAC;IAED,MAAM,EAAE,GAAG,YAAY,CAAC,gBAAgB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;IAExE,OAAO;QACL,UAAU,EAAE,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC7D,IAAI;QACJ,UAAU;QACV,OAAO;QACP,EAAE;KACH,CAAA;AACH,CAAC;AAED,SAAS,WAAW,CAAE,GAAQ;IAC5B,OAAO,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;AACzD,CAAC;AAED,SAAS,YAAY,CAAE,GAAgB;IACrC,OAAO,IAAI,UAAU,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,UAAU,CAAC,CAAA;AAC/C,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@libp2p/keychain",
-  "version": "4.1.6",
+  "version": "5.0.0-1210884ed",
   "description": "Key management and cryptographically protected messages",
   "license": "Apache-2.0 OR MIT",
   "homepage": "https://github.com/libp2p/js-libp2p/tree/main/packages/keychain#readme",
@@ -59,20 +59,20 @@
     "test:electron-main": "aegir test -t electron-main"
   },
   "dependencies": {
-    "@libp2p/crypto": "^4.1.9",
-    "@libp2p/interface": "^1.7.0",
-    "@libp2p/peer-id": "^4.2.4",
-    "interface-datastore": "^8.2.11",
+    "@libp2p/crypto": "5.0.0-1210884ed",
+    "@libp2p/interface": "2.0.0-1210884ed",
+    "@noble/hashes": "^1.5.0",
+    "asn1js": "^3.0.5",
+    "interface-datastore": "^8.3.0",
     "merge-options": "^3.0.4",
-    "multiformats": "^13.1.0",
+    "multiformats": "^13.2.2",
     "sanitize-filename": "^1.6.3",
     "uint8arrays": "^5.1.0"
   },
   "devDependencies": {
-    "@libp2p/logger": "^4.0.20",
-    "@libp2p/peer-id-factory": "^4.2.4",
+    "@libp2p/logger": "5.0.0-1210884ed",
     "aegir": "^44.0.1",
-    "datastore-core": "^9.2.9"
+    "datastore-core": "^10.0.0"
   },
   "sideEffects": false
 }

package/src/index.ts

@@ -51,10 +51,9 @@
  * A key benefit is that now the key chain can be used in browser with the [js-datastore-level](https://github.com/ipfs/js-datastore-level) implementation.
  */
 
-import { DefaultKeychain } from './keychain.js'
-import type { ComponentLogger, KeyType, PeerId } from '@libp2p/interface'
+import { Keychain as KeychainClass } from './keychain.js'
+import type { ComponentLogger, PrivateKey } from '@libp2p/interface'
 import type { Datastore } from 'interface-datastore'
-import type { Multibase } from 'multiformats/bases/interface.js'
 
 export interface DEKConfig {
   hash: string
@@ -87,73 +86,63 @@ export interface KeyInfo {
 
 export interface Keychain {
   /**
-   * Export an existing key as a PEM encrypted PKCS #8 string.
+   * Find a key by name
    *
    * @example
    *
    * ```TypeScript
-   * await libp2p.services.keychain.createKey('keyTest', 'RSA', 4096)
-   * const pemKey = await libp2p.services.keychain.exportKey('keyTest', 'password123')
-   * ```
-   */
-  exportKey(name: string, password: string): Promise<Multibase<'m'>>
-
-  /**
-   * Import a new key from a PEM encoded PKCS #8 string.
-   *
-   * @example
+   * import { generateKeyPair } from '@libp2p/crypto/keys'
    *
-   * ```TypeScript
-   * await libp2p.services.keychain.createKey('keyTest', 'RSA', 4096)
-   * const pemKey = await libp2p.services.keychain.exportKey('keyTest', 'password123')
-   * const keyInfo = await libp2p.services.keychain.importKey('keyTestImport', pemKey, 'password123')
+   * const key = await generateKeyPair('Ed25519')
+   * const keyInfo = await libp2p.keychain.importKey('my-key', key)
+   * const keyInfo2 = await libp2p.keychain.findKeyByName(keyInfo.name)
    * ```
    */
-  importKey(name: string, pem: string, password: string): Promise<KeyInfo>
+  findKeyByName(name: string): Promise<KeyInfo>
 
   /**
-   * Import a new key from a PeerId with a private key component
+   * Find a key by id
    *
    * @example
    *
    * ```TypeScript
-   * const keyInfo = await libp2p.services.keychain.importPeer('keyTestImport', peerIdFromString('12D3Foo...'))
-   * ```
-   */
-  importPeer(name: string, peerId: PeerId): Promise<KeyInfo>
-
-  /**
-   * Export an existing key as a PeerId
-   *
-   * @example
+   * import { generateKeyPair } from '@libp2p/crypto/keys'
    *
-   * ```TypeScript
-   * const peerId = await libp2p.services.keychain.exportPeerId('key-name')
+   * const key = await generateKeyPair('Ed25519')
+   * const keyInfo = await libp2p.keychain.importKey('my-key', key)
+   * const keyInfo2 = await libp2p.keychain.findKeyById(keyInfo.id)
    * ```
    */
-  exportPeerId(name: string): Promise<PeerId>
+  findKeyById (id: string): Promise<KeyInfo>
 
   /**
-   * Create a key in the keychain.
+   * Import a new private key.
    *
    * @example
    *
    * ```TypeScript
-   * const keyInfo = await libp2p.services.keychain.createKey('keyTest', 'RSA', 4096)
+   * import { generateKeyPair } from '@libp2p/crypto/keys'
+   *
+   * const key = await generateKeyPair('Ed25519')
+   * const keyInfo = await libp2p.keychain.importKey('my-key', key)
    * ```
    */
-  createKey(name: string, type: KeyType, size?: number): Promise<KeyInfo>
+  importKey(name: string, key: PrivateKey): Promise<KeyInfo>
 
   /**
-   * List all the keys.
+   * Export an existing private key.
    *
    * @example
    *
    * ```TypeScript
-   * const keyInfos = await libp2p.services.keychain.listKeys()
+   * import { generateKeyPair } from '@libp2p/crypto/keys'
+   *
+   * const key = await generateKeyPair('Ed25519')
+   * const keyInfo = await libp2p.keychain.importKey('my-key', key)
+   * const key = await libp2p.keychain.exportKey(keyInfo.id)
    * ```
    */
-  listKeys(): Promise<KeyInfo[]>
+  exportKey(name: string): Promise<PrivateKey>
 
   /**
    * Removes a key from the keychain.
@@ -168,7 +157,8 @@ export interface Keychain {
   removeKey(name: string): Promise<KeyInfo>
 
   /**
-   * Rename a key in the keychain.
+   * Rename a key in the keychain. This is done in a batch commit with rollback
+   * so errors thrown during the operation will not cause key loss.
    *
    * @example
    *
@@ -180,28 +170,15 @@ export interface Keychain {
   renameKey(oldName: string, newName: string): Promise<KeyInfo>
 
   /**
-   * Find a key by it's id.
-   *
-   * @example
-   *
-   * ```TypeScript
-   * const keyInfo = await libp2p.services.keychain.createKey('keyTest', 'RSA', 4096)
-   * const keyInfo2 = await libp2p.services.keychain.findKeyById(keyInfo.id)
-   * ```
-   */
-  findKeyById(id: string): Promise<KeyInfo>
-
-  /**
-   * Find a key by it's name.
+   * List all the keys.
    *
    * @example
    *
    * ```TypeScript
-   * const keyInfo = await libp2p.services.keychain.createKey('keyTest', 'RSA', 4096)
-   * const keyInfo2 = await libp2p.services.keychain.findKeyByName('keyTest')
+   * const keyInfos = await libp2p.keychain.listKeys()
    * ```
    */
-  findKeyByName(name: string): Promise<KeyInfo>
+  listKeys(): Promise<KeyInfo[]>
 
   /**
    * Rotate keychain password and re-encrypt all associated keys
@@ -217,6 +194,6 @@ export interface Keychain {
 
 export function keychain (init: KeychainInit = {}): (components: KeychainComponents) => Keychain {
   return (components: KeychainComponents) => {
-    return new DefaultKeychain(components, init)
+    return new KeychainClass(components, init)
   }
 }