@libp2p/peer-record 0.0.0

package/LICENSE

@@ -0,0 +1,4 @@
+This project is dual licensed under MIT and Apache-2.0.
+
+MIT: https://www.opensource.org/licenses/mit
+Apache-2.0: https://www.apache.org/licenses/license-2.0

package/README.md

@@ -0,0 +1,179 @@
+# libp2p-peer-record <!-- omit in toc -->
+
+> Peer records are signed records that contain the address information of network peers
+
+## Table of Contents <!-- omit in toc -->
+
+- [Description](#description)
+  - [Envelope](#envelope)
+- [Usage](#usage)
+- [Peer Record](#peer-record)
+  - [Usage](#usage-1)
+  - [Libp2p Flows](#libp2p-flows)
+    - [Self Record](#self-record)
+    - [Self record Updates](#self-record-updates)
+    - [Subsystem receiving a record](#subsystem-receiving-a-record)
+    - [Subsystem providing a record](#subsystem-providing-a-record)
+  - [Future Work](#future-work)
+- [Example](#example)
+- [Installation](#installation)
+- [License](#license)
+  - [Contribution](#contribution)
+
+## Description
+
+Libp2p nodes need to store data in a public location (e.g. a DHT), or rely on potentially untrustworthy intermediaries to relay information over its lifetime. Accordingly, libp2p nodes need to be able to verify that the data came from a specific peer and that it hasn't been tampered with.
+
+### Envelope
+
+Libp2p provides an all-purpose data container called **envelope**. It was created to enable the distribution of verifiable records, which we can prove originated from the addressed peer itself. The envelope includes a signature of the data, so that its authenticity is verified.
+
+This envelope stores a marshaled record implementing the [interface-record](https://github.com/libp2p/js-libp2p-interfaces/tree/master/src/record). These Records are designed to be serialized to bytes and placed inside of the envelopes before being shared with other peers.
+
+You can read further about the envelope in [libp2p/specs#217](https://github.com/libp2p/specs/pull/217).
+
+## Usage
+
+- create an envelope with an instance of an [interface-record](https://github.com/libp2p/js-libp2p-interfaces/tree/master/src/record) implementation and prepare it for being exchanged:
+
+```js
+// interface-record implementation example with the "libp2p-example" namespace
+const Record = require('libp2p-interfaces/src/record')
+const { fromString } = require('uint8arrays/from-string')
+
+class ExampleRecord extends Record {
+  constructor () {
+    super ('libp2p-example', fromString('0302', 'hex'))
+  }
+
+  marshal () {}
+
+  equals (other) {}
+}
+
+ExampleRecord.createFromProtobuf = () => {}
+```
+
+```js
+const Envelope = require('libp2p/src/record/envelop')
+const ExampleRecord = require('./example-record')
+
+const rec = new ExampleRecord()
+const e = await Envelope.seal(rec, peerId)
+const wireData = e.marshal()
+```
+
+- consume a received envelope (`wireData`) and transform it back to a record:
+
+```js
+const Envelope = require('libp2p/src/record/envelop')
+const ExampleRecord = require('./example-record')
+
+const domain = 'libp2p-example'
+let e
+
+try {
+  e = await Envelope.openAndCertify(wireData, domain)
+} catch (err) {}
+
+const rec = ExampleRecord.createFromProtobuf(e.payload)
+```
+
+## Peer Record
+
+All libp2p nodes keep a `PeerStore`, that among other information stores a set of known addresses for each peer, which can come from a variety of sources.
+
+Libp2p peer records were created to enable the distribution of verifiable address records, which we can prove originated from the addressed peer itself. With such guarantees, libp2p is able to prioritize addresses based on their authenticity, with the most strict strategy being to only dial certified addresses (no strategies have been implemented at the time of writing).
+
+A peer record contains the peers' publicly reachable listen addresses, and may be extended in the future to contain additional metadata relevant to routing. It also contains a `seqNumber` field, a timestamp per the spec, so that we can verify the most recent record.
+
+You can read further about the Peer Record in [libp2p/specs#217](https://github.com/libp2p/specs/pull/217).
+
+### Usage
+
+- create a new Peer Record
+
+```js
+const PeerRecord = require('libp2p/src/record/peer-record')
+
+const pr = new PeerRecord({
+  peerId: node.peerId,
+  multiaddrs: node.multiaddrs
+})
+```
+
+- create a Peer Record from a protobuf
+
+```js
+const PeerRecord = require('libp2p/src/record/peer-record')
+
+const pr = PeerRecord.createFromProtobuf(data)
+```
+
+### Libp2p Flows
+
+#### Self Record
+
+Once a libp2p node has started and is listening on a set of multiaddrs, its own peer record can be created.
+
+The identify service is responsible for creating the self record when the identify protocol kicks in for the first time. This record will be stored for future needs of the identify protocol when connecting with other peers.
+
+#### Self record Updates
+
+**_NOT_YET_IMPLEMENTED_**
+
+While creating peer records is fairly trivial, addresses are not static and might be modified at arbitrary times. This can happen via an Address Manager API, or even through AutoRelay/AutoNAT.
+
+When a libp2p node changes its listen addresses, the identify service will be informed. Once that happens, the identify service creates a new self record and stores it. With the new record, the identify push/delta protocol will be used to communicate this change to the connected peers.
+
+#### Subsystem receiving a record
+
+Considering that a node can discover other peers' addresses from a variety of sources, Libp2p Peerstore can differentiate the addresses that were obtained through a signed peer record.
+
+Once a record is received and its signature properly validated, its envelope is stored in the AddressBook in its byte representation. The `seqNumber` remains unmarshalled so that we can quickly compare it against incoming records to determine the most recent record.
+
+The AddressBook Addresses will be updated with the content of the envelope with a certified property. This allows other subsystems to identify the known certified addresses of a peer.
+
+#### Subsystem providing a record
+
+Libp2p subsystems that exchange other peers information will provide the envelope that they received by those peers. As a result, other peers can verify if the envelope was really created by the addressed peer.
+
+When a subsystem wants to provide a record, it will get it from the AddressBook, if it exists. Other subsystems are also able to provide the self record, since it is also stored in the AddressBook.
+
+### Future Work
+
+- Persistence only considering certified addresses?
+- Peers may not know their own addresses. It's often impossible to automatically infer one's own public address, and peers may need to rely on third party peers to inform them of their observed public addresses.
+- A peer may inadvertently or maliciously sign an address that they do not control. In other words, a signature isn't a guarantee that a given address is valid.
+- Some addresses may be ambiguous. For example, addresses on a private subnet are valid within that subnet but are useless on the public internet.
+- Once all these pieces are in place, we will also need a way to prioritize addresses based on their authenticity, that is, the dialer can prioritize self-certified addresses over addresses from an unknown origin.
+  - Modular dialer? (taken from go PR notes)
+    - With the modular dialer, users should easily be able to configure precedence. With dialer v1, anything we do to prioritise dials is gonna be spaghetti and adhoc. With the modular dialer, you’d be able to specify the order of dials when instantiating the pipeline.
+    - Multiple parallel dials. We already have the issue where new addresses aren't added to existing dials.
+
+## Example
+
+```JavaScript
+import { trackedMap } from '@libp2p/tracked-map'
+
+const map = trackedMap<string, string>({ metrics })
+
+map.set('key', 'value')
+```
+
+## Installation
+
+```console
+$ npm i @libp2p/peer-record
+```
+
+## License
+
+Licensed under either of
+
+ * Apache 2.0, ([LICENSE-APACHE](LICENSE-APACHE) / http://www.apache.org/licenses/LICENSE-2.0)
+ * MIT ([LICENSE-MIT](LICENSE-MIT) / http://opensource.org/licenses/MIT)
+
+### Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

package/dist/src/envelope/envelope.d.ts

@@ -0,0 +1,77 @@
+import * as $protobuf from "protobufjs";
+/** Properties of an Envelope. */
+export interface IEnvelope {
+
+    /** Envelope publicKey */
+    publicKey?: (Uint8Array|null);
+
+    /** Envelope payloadType */
+    payloadType?: (Uint8Array|null);
+
+    /** Envelope payload */
+    payload?: (Uint8Array|null);
+
+    /** Envelope signature */
+    signature?: (Uint8Array|null);
+}
+
+/** Represents an Envelope. */
+export class Envelope implements IEnvelope {
+
+    /**
+     * Constructs a new Envelope.
+     * @param [p] Properties to set
+     */
+    constructor(p?: IEnvelope);
+
+    /** Envelope publicKey. */
+    public publicKey: Uint8Array;
+
+    /** Envelope payloadType. */
+    public payloadType: Uint8Array;
+
+    /** Envelope payload. */
+    public payload: Uint8Array;
+
+    /** Envelope signature. */
+    public signature: Uint8Array;
+
+    /**
+     * Encodes the specified Envelope message. Does not implicitly {@link Envelope.verify|verify} messages.
+     * @param m Envelope message or plain object to encode
+     * @param [w] Writer to encode to
+     * @returns Writer
+     */
+    public static encode(m: IEnvelope, w?: $protobuf.Writer): $protobuf.Writer;
+
+    /**
+     * Decodes an Envelope message from the specified reader or buffer.
+     * @param r Reader or buffer to decode from
+     * @param [l] Message length if known beforehand
+     * @returns Envelope
+     * @throws {Error} If the payload is not a reader or valid buffer
+     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+     */
+    public static decode(r: ($protobuf.Reader|Uint8Array), l?: number): Envelope;
+
+    /**
+     * Creates an Envelope message from a plain object. Also converts values to their respective internal types.
+     * @param d Plain object
+     * @returns Envelope
+     */
+    public static fromObject(d: { [k: string]: any }): Envelope;
+
+    /**
+     * Creates a plain object from an Envelope message. Also converts values to other types if specified.
+     * @param m Envelope
+     * @param [o] Conversion options
+     * @returns Plain object
+     */
+    public static toObject(m: Envelope, o?: $protobuf.IConversionOptions): { [k: string]: any };
+
+    /**
+     * Converts this Envelope to JSON.
+     * @returns JSON object
+     */
+    public toJSON(): { [k: string]: any };
+}

package/dist/src/envelope/envelope.js

@@ -0,0 +1,241 @@
+/*eslint-disable*/
+import $protobuf from "protobufjs/minimal.js";
+
+// Common aliases
+const $Reader = $protobuf.Reader, $Writer = $protobuf.Writer, $util = $protobuf.util;
+
+// Exported root namespace
+const $root = $protobuf.roots["libp2p-peer-record-envelope"] || ($protobuf.roots["libp2p-peer-record-envelope"] = {});
+
+export const Envelope = $root.Envelope = (() => {
+
+    /**
+     * Properties of an Envelope.
+     * @exports IEnvelope
+     * @interface IEnvelope
+     * @property {Uint8Array|null} [publicKey] Envelope publicKey
+     * @property {Uint8Array|null} [payloadType] Envelope payloadType
+     * @property {Uint8Array|null} [payload] Envelope payload
+     * @property {Uint8Array|null} [signature] Envelope signature
+     */
+
+    /**
+     * Constructs a new Envelope.
+     * @exports Envelope
+     * @classdesc Represents an Envelope.
+     * @implements IEnvelope
+     * @constructor
+     * @param {IEnvelope=} [p] Properties to set
+     */
+    function Envelope(p) {
+        if (p)
+            for (var ks = Object.keys(p), i = 0; i < ks.length; ++i)
+                if (p[ks[i]] != null)
+                    this[ks[i]] = p[ks[i]];
+    }
+
+    /**
+     * Envelope publicKey.
+     * @member {Uint8Array} publicKey
+     * @memberof Envelope
+     * @instance
+     */
+    Envelope.prototype.publicKey = $util.newBuffer([]);
+
+    /**
+     * Envelope payloadType.
+     * @member {Uint8Array} payloadType
+     * @memberof Envelope
+     * @instance
+     */
+    Envelope.prototype.payloadType = $util.newBuffer([]);
+
+    /**
+     * Envelope payload.
+     * @member {Uint8Array} payload
+     * @memberof Envelope
+     * @instance
+     */
+    Envelope.prototype.payload = $util.newBuffer([]);
+
+    /**
+     * Envelope signature.
+     * @member {Uint8Array} signature
+     * @memberof Envelope
+     * @instance
+     */
+    Envelope.prototype.signature = $util.newBuffer([]);
+
+    /**
+     * Encodes the specified Envelope message. Does not implicitly {@link Envelope.verify|verify} messages.
+     * @function encode
+     * @memberof Envelope
+     * @static
+     * @param {IEnvelope} m Envelope message or plain object to encode
+     * @param {$protobuf.Writer} [w] Writer to encode to
+     * @returns {$protobuf.Writer} Writer
+     */
+    Envelope.encode = function encode(m, w) {
+        if (!w)
+            w = $Writer.create();
+        if (m.publicKey != null && Object.hasOwnProperty.call(m, "publicKey"))
+            w.uint32(10).bytes(m.publicKey);
+        if (m.payloadType != null && Object.hasOwnProperty.call(m, "payloadType"))
+            w.uint32(18).bytes(m.payloadType);
+        if (m.payload != null && Object.hasOwnProperty.call(m, "payload"))
+            w.uint32(26).bytes(m.payload);
+        if (m.signature != null && Object.hasOwnProperty.call(m, "signature"))
+            w.uint32(42).bytes(m.signature);
+        return w;
+    };
+
+    /**
+     * Decodes an Envelope message from the specified reader or buffer.
+     * @function decode
+     * @memberof Envelope
+     * @static
+     * @param {$protobuf.Reader|Uint8Array} r Reader or buffer to decode from
+     * @param {number} [l] Message length if known beforehand
+     * @returns {Envelope} Envelope
+     * @throws {Error} If the payload is not a reader or valid buffer
+     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+     */
+    Envelope.decode = function decode(r, l) {
+        if (!(r instanceof $Reader))
+            r = $Reader.create(r);
+        var c = l === undefined ? r.len : r.pos + l, m = new $root.Envelope();
+        while (r.pos < c) {
+            var t = r.uint32();
+            switch (t >>> 3) {
+            case 1:
+                m.publicKey = r.bytes();
+                break;
+            case 2:
+                m.payloadType = r.bytes();
+                break;
+            case 3:
+                m.payload = r.bytes();
+                break;
+            case 5:
+                m.signature = r.bytes();
+                break;
+            default:
+                r.skipType(t & 7);
+                break;
+            }
+        }
+        return m;
+    };
+
+    /**
+     * Creates an Envelope message from a plain object. Also converts values to their respective internal types.
+     * @function fromObject
+     * @memberof Envelope
+     * @static
+     * @param {Object.<string,*>} d Plain object
+     * @returns {Envelope} Envelope
+     */
+    Envelope.fromObject = function fromObject(d) {
+        if (d instanceof $root.Envelope)
+            return d;
+        var m = new $root.Envelope();
+        if (d.publicKey != null) {
+            if (typeof d.publicKey === "string")
+                $util.base64.decode(d.publicKey, m.publicKey = $util.newBuffer($util.base64.length(d.publicKey)), 0);
+            else if (d.publicKey.length)
+                m.publicKey = d.publicKey;
+        }
+        if (d.payloadType != null) {
+            if (typeof d.payloadType === "string")
+                $util.base64.decode(d.payloadType, m.payloadType = $util.newBuffer($util.base64.length(d.payloadType)), 0);
+            else if (d.payloadType.length)
+                m.payloadType = d.payloadType;
+        }
+        if (d.payload != null) {
+            if (typeof d.payload === "string")
+                $util.base64.decode(d.payload, m.payload = $util.newBuffer($util.base64.length(d.payload)), 0);
+            else if (d.payload.length)
+                m.payload = d.payload;
+        }
+        if (d.signature != null) {
+            if (typeof d.signature === "string")
+                $util.base64.decode(d.signature, m.signature = $util.newBuffer($util.base64.length(d.signature)), 0);
+            else if (d.signature.length)
+                m.signature = d.signature;
+        }
+        return m;
+    };
+
+    /**
+     * Creates a plain object from an Envelope message. Also converts values to other types if specified.
+     * @function toObject
+     * @memberof Envelope
+     * @static
+     * @param {Envelope} m Envelope
+     * @param {$protobuf.IConversionOptions} [o] Conversion options
+     * @returns {Object.<string,*>} Plain object
+     */
+    Envelope.toObject = function toObject(m, o) {
+        if (!o)
+            o = {};
+        var d = {};
+        if (o.defaults) {
+            if (o.bytes === String)
+                d.publicKey = "";
+            else {
+                d.publicKey = [];
+                if (o.bytes !== Array)
+                    d.publicKey = $util.newBuffer(d.publicKey);
+            }
+            if (o.bytes === String)
+                d.payloadType = "";
+            else {
+                d.payloadType = [];
+                if (o.bytes !== Array)
+                    d.payloadType = $util.newBuffer(d.payloadType);
+            }
+            if (o.bytes === String)
+                d.payload = "";
+            else {
+                d.payload = [];
+                if (o.bytes !== Array)
+                    d.payload = $util.newBuffer(d.payload);
+            }
+            if (o.bytes === String)
+                d.signature = "";
+            else {
+                d.signature = [];
+                if (o.bytes !== Array)
+                    d.signature = $util.newBuffer(d.signature);
+            }
+        }
+        if (m.publicKey != null && m.hasOwnProperty("publicKey")) {
+            d.publicKey = o.bytes === String ? $util.base64.encode(m.publicKey, 0, m.publicKey.length) : o.bytes === Array ? Array.prototype.slice.call(m.publicKey) : m.publicKey;
+        }
+        if (m.payloadType != null && m.hasOwnProperty("payloadType")) {
+            d.payloadType = o.bytes === String ? $util.base64.encode(m.payloadType, 0, m.payloadType.length) : o.bytes === Array ? Array.prototype.slice.call(m.payloadType) : m.payloadType;
+        }
+        if (m.payload != null && m.hasOwnProperty("payload")) {
+            d.payload = o.bytes === String ? $util.base64.encode(m.payload, 0, m.payload.length) : o.bytes === Array ? Array.prototype.slice.call(m.payload) : m.payload;
+        }
+        if (m.signature != null && m.hasOwnProperty("signature")) {
+            d.signature = o.bytes === String ? $util.base64.encode(m.signature, 0, m.signature.length) : o.bytes === Array ? Array.prototype.slice.call(m.signature) : m.signature;
+        }
+        return d;
+    };
+
+    /**
+     * Converts this Envelope to JSON.
+     * @function toJSON
+     * @memberof Envelope
+     * @instance
+     * @returns {Object.<string,*>} JSON object
+     */
+    Envelope.prototype.toJSON = function toJSON() {
+        return this.constructor.toObject(this, $protobuf.util.toJSONOptions);
+    };
+
+    return Envelope;
+})();
+
+export { $root as default };

package/dist/src/envelope/index.d.ts

@@ -0,0 +1,47 @@
+import { PeerId } from '@libp2p/peer-id';
+import type { Record, Envelope } from '@libp2p/interfaces/record';
+export interface EnvelopeOptions {
+    peerId: PeerId;
+    payloadType: Uint8Array;
+    payload: Uint8Array;
+    signature: Uint8Array;
+}
+export declare class RecordEnvelope implements Envelope {
+    /**
+     * Unmarshal a serialized Envelope protobuf message
+     */
+    static createFromProtobuf: (data: Uint8Array) => Promise<RecordEnvelope>;
+    /**
+     * Seal marshals the given Record, places the marshaled bytes inside an Envelope
+     * and signs it with the given peerId's private key
+     */
+    static seal: (record: Record, peerId: PeerId) => Promise<RecordEnvelope>;
+    /**
+     * Open and certify a given marshalled envelope.
+     * Data is unmarshalled and the signature validated for the given domain.
+     */
+    static openAndCertify: (data: Uint8Array, domain: string) => Promise<RecordEnvelope>;
+    peerId: PeerId;
+    payloadType: Uint8Array;
+    payload: Uint8Array;
+    signature: Uint8Array;
+    marshaled?: Uint8Array;
+    /**
+     * The Envelope is responsible for keeping an arbitrary signed record
+     * by a libp2p peer.
+     */
+    constructor(options: EnvelopeOptions);
+    /**
+     * Marshal the envelope content
+     */
+    marshal(): Uint8Array;
+    /**
+     * Verifies if the other Envelope is identical to this one
+     */
+    equals(other: Envelope): boolean;
+    /**
+     * Validate envelope data signature for the given domain
+     */
+    validate(domain: string): Promise<boolean>;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/src/envelope/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/envelope/index.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AACxC,OAAO,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAA;AAEjE,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAA;IACd,WAAW,EAAE,UAAU,CAAA;IACvB,OAAO,EAAE,UAAU,CAAA;IACnB,SAAS,EAAE,UAAU,CAAA;CACtB;AAED,qBAAa,cAAe,YAAW,QAAQ;IAC7C;;OAEG;IACH,MAAM,CAAC,kBAAkB,SAAgB,UAAU,6BAUlD;IAED;;;OAGG;IACH,MAAM,CAAC,IAAI,WAAkB,MAAM,UAAU,MAAM,6BAoBlD;IAED;;;OAGG;IACH,MAAM,CAAC,cAAc,SAAgB,UAAU,UAAU,MAAM,6BAS9D;IAEM,MAAM,EAAE,MAAM,CAAA;IACd,WAAW,EAAE,UAAU,CAAA;IACvB,OAAO,EAAE,UAAU,CAAA;IACnB,SAAS,EAAE,UAAU,CAAA;IACrB,SAAS,CAAC,EAAE,UAAU,CAAA;IAE7B;;;OAGG;gBACU,OAAO,EAAE,eAAe;IASrC;;OAEG;IACH,OAAO;IAaP;;OAEG;IACH,MAAM,CAAE,KAAK,EAAE,QAAQ;IAIvB;;OAEG;IACH,QAAQ,CAAE,MAAM,EAAE,MAAM;CAWzB"}

package/dist/src/envelope/index.js

@@ -0,0 +1,126 @@
+var _a;
+import errCode from 'err-code';
+import { concat as uint8arraysConcat } from 'uint8arrays/concat';
+import { fromString as uint8arraysFromString } from 'uint8arrays/from-string';
+import { unmarshalPrivateKey, unmarshalPublicKey } from '@libp2p/crypto/keys';
+import varint from 'varint';
+import { equals as uint8arraysEquals } from 'uint8arrays/equals';
+import { codes } from '../errors.js';
+import { Envelope as Protobuf } from './envelope.js';
+import { PeerId } from '@libp2p/peer-id';
+export class RecordEnvelope {
+    /**
+     * The Envelope is responsible for keeping an arbitrary signed record
+     * by a libp2p peer.
+     */
+    constructor(options) {
+        const { peerId, payloadType, payload, signature } = options;
+        this.peerId = peerId;
+        this.payloadType = payloadType;
+        this.payload = payload;
+        this.signature = signature;
+    }
+    /**
+     * Marshal the envelope content
+     */
+    marshal() {
+        if (this.marshaled == null) {
+            this.marshaled = Protobuf.encode({
+                publicKey: this.peerId.publicKey,
+                payloadType: this.payloadType,
+                payload: this.payload,
+                signature: this.signature
+            }).finish();
+        }
+        return this.marshaled;
+    }
+    /**
+     * Verifies if the other Envelope is identical to this one
+     */
+    equals(other) {
+        return uint8arraysEquals(this.marshal(), other.marshal());
+    }
+    /**
+     * Validate envelope data signature for the given domain
+     */
+    validate(domain) {
+        const signData = formatSignaturePayload(domain, this.payloadType, this.payload);
+        if (this.peerId.publicKey == null) {
+            throw new Error('Missing public key');
+        }
+        const key = unmarshalPublicKey(this.peerId.publicKey);
+        return key.verify(signData, this.signature);
+    }
+}
+_a = RecordEnvelope;
+/**
+ * Unmarshal a serialized Envelope protobuf message
+ */
+RecordEnvelope.createFromProtobuf = async (data) => {
+    const envelopeData = Protobuf.decode(data);
+    const peerId = await PeerId.fromKeys(envelopeData.publicKey);
+    return new RecordEnvelope({
+        peerId,
+        payloadType: envelopeData.payloadType,
+        payload: envelopeData.payload,
+        signature: envelopeData.signature
+    });
+};
+/**
+ * Seal marshals the given Record, places the marshaled bytes inside an Envelope
+ * and signs it with the given peerId's private key
+ */
+RecordEnvelope.seal = async (record, peerId) => {
+    const domain = record.domain;
+    const payloadType = record.codec;
+    const payload = record.marshal();
+    const signData = formatSignaturePayload(domain, payloadType, payload);
+    if (peerId.privateKey == null) {
+        throw new Error('Missing private key');
+    }
+    const key = await unmarshalPrivateKey(peerId.privateKey);
+    const signature = await key.sign(signData);
+    return new RecordEnvelope({
+        peerId,
+        payloadType,
+        payload,
+        signature
+    });
+};
+/**
+ * Open and certify a given marshalled envelope.
+ * Data is unmarshalled and the signature validated for the given domain.
+ */
+RecordEnvelope.openAndCertify = async (data, domain) => {
+    const envelope = await RecordEnvelope.createFromProtobuf(data);
+    const valid = await envelope.validate(domain);
+    if (!valid) {
+        throw errCode(new Error('envelope signature is not valid for the given domain'), codes.ERR_SIGNATURE_NOT_VALID);
+    }
+    return envelope;
+};
+/**
+ * Helper function that prepares a Uint8Array to sign or verify a signature
+ */
+const formatSignaturePayload = (domain, payloadType, payload) => {
+    // When signing, a peer will prepare a Uint8Array by concatenating the following:
+    // - The length of the domain separation string string in bytes
+    // - The domain separation string, encoded as UTF-8
+    // - The length of the payload_type field in bytes
+    // - The value of the payload_type field
+    // - The length of the payload field in bytes
+    // - The value of the payload field
+    const domainUint8Array = uint8arraysFromString(domain);
+    const domainLength = varint.encode(domainUint8Array.byteLength);
+    const payloadTypeLength = varint.encode(payloadType.length);
+    const payloadLength = varint.encode(payload.length);
+    return uint8arraysConcat([
+        new Uint8Array(domainLength),
+        domainUint8Array,
+        new Uint8Array(payloadTypeLength),
+        payloadType,
+        new Uint8Array(payloadLength),
+        payload
+    ]);
+};
+//# sourceMappingURL=index.js.map

package/dist/src/envelope/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/envelope/index.ts"],"names":[],"mappings":";AAAA,OAAO,OAAO,MAAM,UAAU,CAAA;AAC9B,OAAO,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAChE,OAAO,EAAE,UAAU,IAAI,qBAAqB,EAAE,MAAK,yBAAyB,CAAA;AAC5E,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAA;AAC7E,OAAO,MAAM,MAAM,QAAQ,CAAA;AAC3B,OAAO,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAChE,OAAO,EAAE,KAAK,EAAE,MAAM,cAAc,CAAA;AACpC,OAAO,EAAE,QAAQ,IAAI,QAAQ,EAAE,MAAM,eAAe,CAAA;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAUxC,MAAM,OAAO,cAAc;IA+DzB;;;OAGG;IACH,YAAa,OAAwB;QACnC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;QAE3D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;IAC5B,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,EAAE;YAC1B,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAC/B,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAChC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,CAAC,CAAC,MAAM,EAAE,CAAA;SACZ;QAED,OAAO,IAAI,CAAC,SAAS,CAAA;IACvB,CAAC;IAED;;OAEG;IACH,MAAM,CAAE,KAAe;QACrB,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;IAC3D,CAAC;IAED;;OAEG;IACH,QAAQ,CAAE,MAAc;QACtB,MAAM,QAAQ,GAAG,sBAAsB,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,CAAA;QAE/E,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,IAAI,EAAE;YACjC,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;SACtC;QAED,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAErD,OAAO,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;IAC7C,CAAC;;;AA/GD;;GAEG;AACI,iCAAkB,GAAG,KAAK,EAAE,IAAgB,EAAE,EAAE;IACrD,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC1C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,CAAA;IAE5D,OAAO,IAAI,cAAc,CAAC;QACxB,MAAM;QACN,WAAW,EAAE,YAAY,CAAC,WAAW;QACrC,OAAO,EAAE,YAAY,CAAC,OAAO;QAC7B,SAAS,EAAE,YAAY,CAAC,SAAS;KAClC,CAAC,CAAA;AACJ,CAAC,CAAA;AAED;;;GAGG;AACI,mBAAI,GAAG,KAAK,EAAE,MAAc,EAAE,MAAc,EAAE,EAAE;IACrD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;IAC5B,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAA;IAChC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAA;IAEhC,MAAM,QAAQ,GAAG,sBAAsB,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,CAAA;IAErE,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,EAAE;QAC7B,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;KACvC;IAED,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;IACxD,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IAE1C,OAAO,IAAI,cAAc,CAAC;QACxB,MAAM;QACN,WAAW;QACX,OAAO;QACP,SAAS;KACV,CAAC,CAAA;AACJ,CAAC,CAAA;AAED;;;GAGG;AACI,6BAAc,GAAG,KAAK,EAAE,IAAgB,EAAE,MAAc,EAAE,EAAE;IACjE,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAA;IAC9D,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;IAE7C,IAAI,CAAC,KAAK,EAAE;QACV,MAAM,OAAO,CAAC,IAAI,KAAK,CAAC,sDAAsD,CAAC,EAAE,KAAK,CAAC,uBAAuB,CAAC,CAAA;KAChH;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC,CAAA;AA4DH;;GAEG;AACH,MAAM,sBAAsB,GAAG,CAAC,MAAc,EAAE,WAAuB,EAAE,OAAmB,EAAE,EAAE;IAC9F,iFAAiF;IACjF,+DAA+D;IAC/D,mDAAmD;IACnD,kDAAkD;IAClD,wCAAwC;IACxC,6CAA6C;IAC7C,mCAAmC;IAEnC,MAAM,gBAAgB,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAA;IACtD,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;IAC/D,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;IAC3D,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;IAEnD,OAAO,iBAAiB,CAAC;QACvB,IAAI,UAAU,CAAC,YAAY,CAAC;QAC5B,gBAAgB;QAChB,IAAI,UAAU,CAAC,iBAAiB,CAAC;QACjC,WAAW;QACX,IAAI,UAAU,CAAC,aAAa,CAAC;QAC7B,OAAO;KACR,CAAC,CAAA;AACJ,CAAC,CAAA"}