@lifeready/core 0.6.0-beta.1

package/lib/auth/password.service.d.ts

@@ -0,0 +1,78 @@
+import { HttpClient } from '@angular/common/http';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import { JWK } from 'node-jose';
+import { ProfileService } from '../users/profile.service';
+import { EncryptionService } from '../cryptography/encryption.service';
+import { KeyGraphService } from '../cryptography/key-graph.service';
+import { LifeReadyConfig } from '../life-ready.config';
+import { LrApolloService } from './../api/lr-apollo.service';
+import { PassKeyBundle } from './auth.types';
+import { WebCryptoService } from '../cryptography/web-crypto.service';
+import { Duration } from 'moment';
+import { IdleService } from '../auth/idle.service';
+import { KeyFactoryService as KFS } from '../cryptography/key-factory.service';
+export interface PasswordChangeConfig {
+    maxAuthAgeSeconds: number;
+    authTime: string | Date;
+    serverTime: string | Date;
+}
+export declare class PasswordCheck {
+    length?: number;
+    timeToCrack?: Duration;
+    passwordExposed?: number;
+}
+export declare class PasswordService {
+    private config;
+    private http;
+    private apollo;
+    private auth;
+    private profileService;
+    private keyFactory;
+    private encryptionService;
+    private keyGraph;
+    private webCryptoService;
+    private idleService;
+    private readonly CLIENT_NONCE_LENGTH;
+    constructor(config: LifeReadyConfig, http: HttpClient, apollo: LrApolloService, auth: AuthClass, profileService: ProfileService, keyFactory: KFS, encryptionService: EncryptionService, keyGraph: KeyGraphService, webCryptoService: WebCryptoService, idleService: IdleService);
+    checkPassword(password: string): Promise<PasswordCheck>;
+    getExposureCount(password: string): Promise<number>;
+    getPassIdpString(passIdp: JWK.Key): any;
+    createPassKeyBundle(password: string): Promise<PassKeyBundle>;
+    /**
+     * We need to allow for interruption of the process at any point. Each API call can be considered
+     * atomic and either succeeds or fails.
+     *
+     * The LR server APIs use semaphore tokens for locking critical operations, so concurrent calls will
+     * fail.
+     *
+     * We assume the worst case for IdP API calls. So we use the semaphore token from LR to prevent
+     * concurrent calls to IdP APIs, but we have to assume that the IdP API calls will either succeed or
+     * fail within a reasonable amount of time.
+     *
+     * Each location where the server state changes can be a potential point of interruption.
+     * Potential points of interruption are marked with: --Potential Failure Point--
+     *
+     * Places for timeout:
+     * - Login age too old at call to: verifyPassword()
+     * - Login age too old at call to: changePasswordMutation()
+     * - Semaphore token expires at call to: changePasswordComplete()
+     *
+     * Tests:
+     * - Potential Failure Point 1: should be able to restart the process, user remains signed in.
+     * - Potential Failure Point 2: should enter recovery flow
+     * - Potential Failure Point 3: should enter recovery flow
+     * - Potential Failure Point 4: should enter recovery flow
+     *
+     */
+    isLoginRequired(): Promise<boolean>;
+    changePassword(password: string, newPassword: string): Promise<void>;
+    changePasswordComplete(accessToken: string, useNewPassword: boolean, token?: string): Promise<any>;
+    private getVerifierPrK;
+    private verifyPassword;
+    private changePasswordMutation;
+    getChangePasswordConfig(): Promise<PasswordChangeConfig>;
+    passwordStrength(password: any): {
+        years: number;
+        bits: number;
+    };
+}

package/lib/auth/register.service.d.ts

@@ -0,0 +1,25 @@
+import { HttpClient } from '@angular/common/http';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import { EncryptionService } from '../cryptography/encryption.service';
+import { KeyFactoryService } from '../cryptography/key-factory.service';
+import { LifeReadyConfig } from '../life-ready.config';
+import { PasswordService } from './password.service';
+import { RegisterResult } from './auth.types';
+export declare class RegisterService {
+    private config;
+    private auth;
+    private http;
+    private keyFactory;
+    private encryptionService;
+    private passwordService;
+    constructor(config: LifeReadyConfig, auth: AuthClass, http: HttpClient, keyFactory: KeyFactoryService, encryptionService: EncryptionService, passwordService: PasswordService);
+    /**
+     * Request a verification code to be sent out to an email.
+     * @return Info needed to be submitted along with the verification code
+     */
+    verifyEmail(email: string): Promise<string>;
+    verifyPhone(phoneNumber: string): Promise<string>;
+    confirmVerificationCode(verificationId: string, verificationCode: string): Promise<string>;
+    register(email: string, password: string, verificationId: string, verificationToken: string, verificationType?: 'email' | 'phone'): Promise<RegisterResult>;
+    hibpBreachedAccounts(account: string): Promise<any>;
+}

package/lib/auth/two-factor.service.d.ts

@@ -0,0 +1,15 @@
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+export declare class TwoFactorService {
+    private auth;
+    constructor(auth: AuthClass);
+    getPreferredMFA(): Promise<string>;
+    setPreferredMFA(method: 'TOTP' | 'SMS' | 'NOMFA'): Promise<void>;
+    setPhoneNumber(phone: any): Promise<void>;
+    getSMSCode(): Promise<void>;
+    verifySMSCode(verificationCode: string): Promise<void>;
+    getSoftwareToken(): Promise<{
+        code: string;
+        codeUri: string;
+    }>;
+    verifySoftwareToken(totpCode: string): Promise<void>;
+}

package/lib/category/category-meta.service.d.ts

@@ -0,0 +1,23 @@
+import { HttpClient } from '@angular/common/http';
+import { CategoryService } from './category.service';
+import { AccessLevel, CurrentCategory, DefaultCategory } from './category.types';
+export declare class LoadedCategoryTree {
+    categories: CurrentCategory[];
+    missingCategories: string[][];
+}
+export declare class CategoryMetaService {
+    private http;
+    private categoryService;
+    private categories;
+    constructor(http: HttpClient, categoryService: CategoryService);
+    getCoreCategories(): Promise<DefaultCategory[]>;
+    loadCategories(categoryTrees: string[][], selectedCategoryId?: string, trustedPartyId?: string): Promise<LoadedCategoryTree>;
+    loadCategoriesForRole(categories: {
+        category: string[];
+        accessLevel: AccessLevel;
+    }[]): Promise<{
+        category: CurrentCategory;
+        accessLevel: AccessLevel;
+    }[]>;
+    private loadCategory;
+}

package/lib/category/category.gql.d.ts

@@ -0,0 +1,45 @@
+import { HasKeyGraph } from './../cryptography/cryptography.types';
+import { HasEdges } from '../_common/types';
+export declare const DEFAULT_BREADCRUMB_DEPTH = 5;
+export declare const DEFAULT_DESCENDANTS_DEPTH = 5;
+export declare enum DirectoryType {
+    Vault = "vault",
+    Category = "category",
+    Record = "record"
+}
+export declare const DefaultVaultFilter: string;
+export declare const CategoryFilter: string;
+export declare const RecordFilter: string;
+export declare const AccessFields = "\naccessRoles {\n  role\n  method\n  inheritedFrom {\n    id\n  }\n  trustedParty {\n    id\n  }\n  isIssuer\n}";
+export declare const CategoryFields: string;
+export declare const VaultFields = "\n  id\n  keyId\n  plainMeta\n  cipherMeta\n";
+export declare const GetRootDirectoryIdsQuery: import("graphql").DocumentNode;
+export declare const GetCategoriesQuery: import("graphql").DocumentNode;
+export declare const GetVaultsQuery: import("graphql").DocumentNode;
+export interface GetTrustedPartyCategoriesQueryType extends HasKeyGraph {
+    tp: {
+        sharedItems: {
+            list: HasEdges<any>;
+            records: HasEdges<any>;
+        };
+    };
+}
+export declare const GetTrustedPartyCategoriesQuery: import("graphql").DocumentNode;
+export interface GetMySharedCategoriesQueryType extends HasKeyGraph {
+    tp: {
+        myItems: {
+            list: HasEdges<any>;
+            records: HasEdges<any>;
+        };
+    };
+}
+export declare const GetMySharedCategoriesQuery: import("graphql").DocumentNode;
+export declare const parentCategoriesField: (depth?: number) => any;
+export declare const GetCategoryQuery: (depth?: number) => import("graphql").DocumentNode;
+export declare const GetCategoryKeyIdQuery: import("graphql").DocumentNode;
+export declare const CreateCategoryMutation: import("graphql").DocumentNode;
+export declare const CreateVaultMutation: import("graphql").DocumentNode;
+export declare const UpdateCategoryMutation: import("graphql").DocumentNode;
+export declare const DeleteCategoryMutation: import("graphql").DocumentNode;
+export declare const ArchiveDirectoryMutation: import("graphql").DocumentNode;
+export declare const UnarchiveDirectoryMutation: import("graphql").DocumentNode;

package/lib/category/category.service.d.ts

@@ -0,0 +1,67 @@
+import { LrApolloService } from '../api/lr-apollo.service';
+import { KeyMetaService } from '../cryptography/key-meta.service';
+import { Category, NewCategory, UpdatedCategory, VaultCategory, VaultRecord, Vault } from './category.types';
+import { KeyGraphService } from '../cryptography/key-graph.service';
+export declare class CategoryService {
+    private lrApollo;
+    private keyMetaService;
+    private keyGraph;
+    constructor(lrApollo: LrApolloService, keyMetaService: KeyMetaService, keyGraph: KeyGraphService);
+    getRootDirectoryIds(input?: {
+        archived: boolean;
+    }): Promise<string[]>;
+    getDefaultVault(): Promise<Vault>;
+    getCategories(input?: {
+        archived: boolean;
+    }): Promise<Category[]>;
+    getTrustedPartyCategories(trustedPartyId: string): Promise<{
+        categories: Category[];
+        records?: VaultRecord[];
+    }>;
+    getMySharedCategories(trustedPartyId: string): Promise<{
+        categories: Category[];
+        records?: VaultRecord[];
+    }>;
+    getCategory(categoryId: string): Promise<VaultCategory>;
+    private mapVaults;
+    private mapCategories;
+    private mapRecords;
+    createDefaultVault(): Promise<string>;
+    createCategory(newCategory: NewCategory): Promise<string>;
+    updateCategory(categoryId: string, keyId: string, updatedCategory: UpdatedCategory): Promise<void>;
+    setCategoryVisibility(categoryId: string, hide: boolean): Promise<void>;
+    deleteCategory(categoryId: string): Promise<void>;
+    archiveCategory(categoryId: string, recursive: boolean): Promise<void>;
+    unarchiveCategory(categoryId: string, recursive: boolean): Promise<void>;
+    archiveDirectory(directoryId: string, recursive: boolean): Promise<void>;
+    unarchiveDirectory(directoryId: string, recursive: boolean): Promise<void>;
+    mapVault(node: {
+        id: any;
+        keyId: any;
+        plainMeta: any;
+        cipherMeta: any;
+    }): Promise<Vault>;
+    mapParentCategories(category: {
+        parentCategories: any;
+    }): Promise<Category[]>;
+    mapCategory(node: {
+        id: any;
+        keyId: any;
+        plainMeta: any;
+        cipherMeta: any;
+        descendantDirectories: any;
+        accessRoles: any[];
+        archived: any;
+    }): Promise<Category>;
+    mapRecord(node: {
+        id: any;
+        keyId: any;
+        plainMeta: any;
+        cipherMeta: any;
+        created: any;
+        modified: any;
+        content: any;
+        accessRoles: any[];
+        archived: any;
+    }): Promise<VaultRecord>;
+}

package/lib/category/category.types.d.ts

@@ -0,0 +1,79 @@
+export declare enum AccessLevel {
+    Owner = "OWNER",
+    Admin = "ADMIN",
+    Writer = "WRITER",
+    Reader = "READER",
+    Deny = "DENY"
+}
+export declare class SharedAccess {
+    trustedPartyId: string;
+    accessLevel: AccessLevel;
+    isInherited: boolean;
+    inheritedFrom?: string;
+}
+export declare class DefaultCategory {
+    code: string;
+    name: string;
+    allowRecords: boolean;
+    allowCustomCategories: boolean;
+    archived: boolean;
+    subCategories?: DefaultCategory[];
+}
+export declare class VaultRecordType {
+    id: string;
+    name: string;
+}
+export declare class VaultRecord {
+    id: string;
+    keyId: string;
+    name: string;
+    recordType: VaultRecordType;
+    createdOn: string | Date;
+    lastModified: string | Date;
+    isArchived: boolean;
+    myAccessLevel: AccessLevel;
+    sharedAccess: SharedAccess[];
+}
+export declare class Category {
+    id: string;
+    keyId: string;
+    code?: string;
+    name: string;
+    isHidden: boolean;
+    isCustom: boolean;
+    isEmpty: boolean;
+    isArchived: boolean;
+    allRecordsCount: number;
+    allowRecords: boolean;
+    allowCustomCategories: boolean;
+    myAccessLevel: AccessLevel;
+    sharedAccess: SharedAccess[];
+}
+export declare class CurrentCategory extends Category {
+    parents: Category[];
+}
+export declare class VaultCategory {
+    category?: CurrentCategory;
+    subCategories?: Category[];
+    records?: VaultRecord[];
+}
+export declare class NewCategory {
+    name: string;
+    code?: string;
+    isCustom: boolean;
+    allowRecords: boolean;
+    allowCustomCategories: boolean;
+    categoryIds?: string[];
+}
+export declare class UpdatedCategory {
+    name: string;
+    code?: string;
+    isCustom: boolean;
+    allowRecords: boolean;
+    allowCustomCategories: boolean;
+}
+export declare class Vault {
+    id: string;
+    keyId: string;
+    name?: string;
+}

package/lib/cryptography/cryptography.types.d.ts

@@ -0,0 +1,83 @@
+import { JWK } from 'node-jose';
+export interface Key {
+    id: string;
+    pbk?: string;
+    jwk?: JWK.Key;
+}
+export interface PassKeyParams {
+    kid: string;
+    salt: string;
+    iterations: number;
+}
+export interface PassIdpParams {
+    salt: string;
+    iterations: number;
+}
+export interface LbopKeyParams {
+    kid: string;
+    salt: string;
+    iterations: number;
+}
+export interface PassIdpVerifier {
+    wrappedPrK: object;
+    pbk: object;
+}
+export interface LbopKeyVerifier {
+    wrappedKey: object;
+    key: object;
+}
+export interface PassKey {
+    id: string;
+    passKeyParams?: PassKeyParams;
+    passIdpParams?: PassIdpParams;
+    wrappedPassIdpVerifierPrk?: object;
+    created?: string;
+}
+export interface KeyLink {
+    keyId: string;
+    wrappingKeyId: string;
+    wrappedKey: string;
+}
+export interface PassKeyLink {
+    keyId: string;
+    passKeyId: string;
+    wrappedKey: string;
+}
+export declare enum NodeType {
+    Key = "key",
+    PassKey = "passKey"
+}
+export interface Node {
+    type: NodeType;
+    data: Key | PassKey;
+}
+export declare enum EdgeType {
+    KeyLink = "keyLink",
+    PassKeyLink = "passKeyLink"
+}
+export interface Edge {
+    type: EdgeType;
+    data: KeyLink | PassKeyLink;
+}
+export interface KeyGraphResponse {
+    keys?: Key[];
+    keyLinks?: KeyLink[];
+    passKeys?: PassKey[];
+    passKeyLinks?: PassKeyLink[];
+}
+export interface HasKeyGraph {
+    keyGraph?: KeyGraphResponse;
+}
+export declare type PayloadType = 'json' | 'ArrayBuffer';
+export interface DeriveKeyResult {
+    jwk: JWK.Key;
+}
+export interface DerivePassIdpParams extends PassIdpParams {
+    password: string;
+}
+export interface DerivePassKeyParams extends PassKeyParams {
+    password: string;
+}
+export interface DeriveLbopKeyParams extends PassKeyParams {
+    password: string;
+}

package/lib/cryptography/encryption.service.d.ts

@@ -0,0 +1,41 @@
+/// <reference types="node" />
+import { JWE, JWK } from 'node-jose';
+import { Key, PayloadType } from './cryptography.types';
+import { TimeService } from '../api/time.service';
+export declare enum JoseSerialization {
+    JSON = "JSON",
+    COMPACT = "COMPACT"
+}
+export interface VerifyOptions {
+    payloadType?: PayloadType;
+    returnOnlyPayload?: boolean;
+}
+export interface DecryptOptions {
+    payloadType?: PayloadType;
+    returnOnlyPayload?: boolean;
+    serializations?: JoseSerialization[];
+}
+export declare const VERIFY_OPTIONS_DEFAULT: VerifyOptions;
+export declare const DECRYPT_OPTIONS_DEFAULT: DecryptOptions;
+export declare function isSymmetricKey(key: JWK.Key): boolean;
+export declare function asJwk(key: JWK.Key | Key | any): JWK.Key | null;
+export declare class EncryptionService {
+    private timeService;
+    constructor(timeService: TimeService);
+    decrypt(key: JWK.Key | Key, // string is assumed to be key.id, will unwrap key.
+    jwe: object | string, // string will be JSON.parsed
+    options?: DecryptOptions): Promise<JWE.DecryptResult | any>;
+    encryptToString(key: JWK.Key, content: ArrayBuffer | string | object): Promise<string>;
+    encrypt(key: JWK.Key, content: ArrayBuffer | string | object): Promise<any>;
+    sign(key: JWK.Key, content: Buffer | string | object): Promise<any>;
+    signToString(key: JWK.Key, content: Buffer | string | object): Promise<string>;
+    verify(key: JWK.Key, jws: object, options?: VerifyOptions): Promise<any>;
+    encryptThenSign({ key, sigPrk, }: {
+        key: JWK.Key;
+        sigPrk: JWK.Key;
+    }, content: ArrayBuffer | string | object): Promise<{
+        cipher: string;
+        sig: string;
+    }>;
+    private decodePayload;
+}

package/lib/cryptography/key-factory.service.d.ts

@@ -0,0 +1,38 @@
+/// <reference types="node" />
+import { JWK } from 'node-jose';
+import { LbopKeyParams, PassIdpParams, PassKeyParams, DeriveKeyResult, DerivePassIdpParams, DerivePassKeyParams, DeriveLbopKeyParams } from './cryptography.types';
+import { WebCryptoService } from './web-crypto.service';
+export declare function sha256(message: any): Promise<string>;
+export declare class KeyFactoryService {
+    private webCryptoService;
+    constructor(webCryptoService: WebCryptoService);
+    private readonly crypto;
+    readonly MIN_PASS_IDP_PBKDF_ITER = 100000;
+    readonly MIN_PASS_KEY_PBKDF_ITER = 100000;
+    readonly MIN_LBOP_KEY_PBKDF_ITER = 100000;
+    readonly DEFAULT_PASS_IDP_PBKDF_ITER = 100000;
+    readonly DEFAULT_PASS_KEY_PBKDF_ITER = 100000;
+    readonly DEFAULT_LBOP_KEY_PBKDF_ITER = 100000;
+    static asKey(key: string | Buffer | object | JWK.RawKey, form?: 'json' | 'private' | 'pkcs8' | 'public' | 'spki' | 'pkix' | 'x509' | 'pem', extras?: Record<string, unknown>): Promise<JWK.Key>;
+    randomString(digits: number): string;
+    randomDigitsNoZeros(digits: number): string;
+    randomChoices<T>(array: T[], chooseN: number): T[];
+    createSalt(): string;
+    createKey(): Promise<JWK.Key>;
+    createSignKey(): Promise<JWK.Key>;
+    createPkcKey(): Promise<JWK.Key>;
+    createPkcSignKey(): Promise<JWK.Key>;
+    deriveKey({ password, salt, iterations, kid, }: {
+        password: string;
+        salt: string;
+        iterations: number;
+        kid?: string;
+    }): Promise<DeriveKeyResult>;
+    derivePassIdp(params: DerivePassIdpParams): Promise<DeriveKeyResult>;
+    derivePassKey(params: DerivePassKeyParams): Promise<DeriveKeyResult>;
+    deriveLbopKey(params: DeriveLbopKeyParams): Promise<DeriveKeyResult>;
+    createKid(): Promise<string>;
+    createPassIdpParams(): Promise<PassIdpParams>;
+    createPassKeyParams(): Promise<PassKeyParams>;
+    createLbopKeyParams(): Promise<LbopKeyParams>;
+}

package/lib/cryptography/key-graph.service.d.ts

@@ -0,0 +1,33 @@
+import { JWK } from 'node-jose';
+import { CurrentUserKey } from '../users/profile.types';
+import { Edge, Key, KeyGraphResponse, PassKey } from './cryptography.types';
+import { DecryptOptions, EncryptionService } from './encryption.service';
+import { KeyService } from './key.service';
+export interface GraphKey extends Key {
+    task?: Promise<any>;
+}
+export declare class KeyGraphService {
+    private encryptionService;
+    private keyService;
+    private graph;
+    constructor(encryptionService: EncryptionService, keyService: KeyService);
+    purgeKeys(): void;
+    populateKeys(userKey: CurrentUserKey): Promise<void>;
+    hasKey(keyId: string): boolean;
+    private getNode;
+    key(id: any): GraphKey;
+    passKey(id: any): PassKey;
+    addKeys(src: KeyGraphResponse): void;
+    tracePath(distances: any, keyId: string): Edge[];
+    getPath(knownKeyId: string, keyId: string): Edge[];
+    getJwkKey(keyOrId: string | Key, getKeyIdCallback?: () => Promise<string> | string): Promise<JWK.Key>;
+    getKey(keyOrId: string | Key, getKeyIdCallback?: () => Promise<string> | string): Promise<Key>;
+    private _unwrapLink;
+    private _unwrap;
+    unwrapWithPassKey(passKeyId: string, passKey: JWK.Key, keyId: string): Promise<Key>;
+    unwrapKey(masterKeyId: string, keyId: string): Promise<Key>;
+    decryptFromString<T>(keyOrId: string | Key, cipherData: string, options?: DecryptOptions): Promise<T>;
+    decryptFile(keyId: string, file: any): Promise<any>;
+    encryptToString(key: string | Key | JWK.Key, content: any): Promise<string>;
+    wrapKey<T>(wrappingKey: string | Key | JWK.Key, key: JWK.Key): Promise<string>;
+}

package/lib/cryptography/key-meta.service.d.ts

@@ -0,0 +1,44 @@
+import { JWK } from 'node-jose';
+import { LrApolloService } from '../api/lr-apollo.service';
+import { EncryptionService } from './encryption.service';
+import { KeyFactoryService } from './key-factory.service';
+import { KeyGraphService } from './key-graph.service';
+import { KeyService } from './key.service';
+export interface HasCipherMeta {
+    keyId: string;
+    cipherMeta: string;
+}
+export declare class WrappedContent {
+    key: JWK.Key;
+    cipherMeta: string;
+    wrappedKeys?: WrappingKey[];
+    rootKey?: WrappingKey;
+}
+export declare class WrappingKey {
+    directoryId?: string;
+    wrappingKeyId: string;
+    wrappedKey: string;
+}
+export declare class KeyMetaService {
+    private encryptionService;
+    private keyGraph;
+    private lrApollo;
+    private keyService;
+    private keyFactory;
+    constructor(encryptionService: EncryptionService, keyGraph: KeyGraphService, lrApollo: LrApolloService, keyService: KeyService, keyFactory: KeyFactoryService);
+    decryptMeta<T>(metaHaver: HasCipherMeta): Promise<T>;
+    doubleWrapContent(secureContent: any, categoryIds: string[], fileContent?: ArrayBuffer): Promise<{
+        rootKey: WrappingKey;
+        wrappedKeys: WrappingKey[];
+        doubleWrappedKey: string;
+        cipherMeta: string;
+        cipherFileContent: string;
+    }>;
+    reWrapContent(keyId: string, secureContent: any): Promise<{
+        doubleWrappedKey: string;
+        cipherMeta: string;
+    }>;
+    wrapContent(secureContent: any, categoryIds?: string[]): Promise<WrappedContent>;
+    wrapContentWithKey(secureContent: any, keyId: string): Promise<WrappedContent>;
+    private getCategoryKeyId;
+}

package/lib/cryptography/key.service.d.ts

@@ -0,0 +1,36 @@
+import { Key, PassKey } from './cryptography.types';
+import { PersistService } from '../api/persist.service';
+import { LifeReadyConfig } from '../life-ready.config';
+export declare class UserKeys {
+    passKey: PassKey;
+    masterKey: Key;
+    rootKey?: Key;
+    pxk?: Key;
+    sigPxk?: Key;
+}
+export declare class KeyService {
+    private config;
+    private persistService;
+    private readonly STORE_MASTER_KEY;
+    private keys;
+    private masterKey;
+    readonly MIN_PASS_IDP_PBKDF_ITER = 100000;
+    readonly MIN_PASS_KEY_PBKDF_ITER = 100000;
+    readonly MIN_LBOP_KEY_PBKDF_ITER = 100000;
+    readonly DEFAULT_PASS_IDP_PBKDF_ITER = 100000;
+    readonly DEFAULT_PASS_KEY_PBKDF_ITER = 100000;
+    readonly DEFAULT_LBOP_KEY_PBKDF_ITER = 100000;
+    constructor(config: LifeReadyConfig, persistService: PersistService);
+    resetKeys(): void;
+    purgeKeys(): void;
+    populateKeys(keys: UserKeys): void;
+    getCurrentPassKey(): Key;
+    getCurrentMasterKey(): Key;
+    getCurrentRootKey(): Key;
+    getCurrentPxk(): Key;
+    getCurrentSigPxk(): Key;
+    private expiresAfter;
+    persistMasterKey(masterKey: Key, expiresAfterSeconds: number): Promise<void>;
+    setMasterKeyExpiresAfterSeconds(seconds: number): Promise<void>;
+    loadMasterKey(masterKeyId: string): Promise<Key>;
+}

package/lib/cryptography/slip39.service.d.ts

@@ -0,0 +1,43 @@
+export declare class SecretShare {
+    assembly: number;
+    subAssembly: number;
+    mnemonics: string;
+    constructor(assembly?: number, subAssembly?: number, mnemonics?: string);
+}
+export declare class SubAssembly {
+    index: number;
+    threshold: number;
+    size: number;
+    constructor(index: number, threshold?: number, size?: number);
+    shares: SecretShare[];
+    clearShares(): void;
+    addShare(share: SecretShare): void;
+}
+export declare class Assembly {
+    threshold: number;
+    constructor(threshold?: number);
+    subAssemblies: SubAssembly[];
+    size(): number;
+    clearSubAssemblies(): void;
+    addSubAssembly(subAssembly: SubAssembly): void;
+}
+export declare class SubQuorum {
+    subAssemblyIndex: number;
+    shares: string[];
+    constructor(subAssemblyIndex: number);
+    clearShares(): void;
+    addShare(share: string): void;
+}
+export declare class Quorum {
+    subQuora: SubQuorum[];
+    constructor();
+    clearSubQuora(): void;
+    addSubQuorum(subQuorum: SubQuorum): void;
+    serialiseShares(): any[];
+}
+export declare class Slip39Service {
+    constructor();
+    generateShares(secret: any, passphrase: string, assembly: Assembly): Promise<void>;
+    private minimalSet;
+    recoverSecret(shares: string[], passphrase: string): Promise<string>;
+}

package/lib/cryptography/web-crypto.service.d.ts

@@ -0,0 +1,5 @@
+export declare class WebCryptoService {
+    crypto: Crypto;
+    toHex(buffer: ArrayBuffer): string;
+    stringDigest(algorithm: string, message: string): Promise<string>;
+}