npm - @lightsparkdev/core - Versions diffs - 0.2.1 → 0.2.2 - Mend

@lightsparkdev/core 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

package/CHANGELOG.md +6 -0
package/dist/chunk-23X5L5S3.js +604 -0
package/dist/chunk-4OZ5E62P.js +608 -0
package/dist/chunk-5FD46UVI.js +600 -0
package/dist/chunk-BAQMCJ7C.js +630 -0
package/dist/chunk-GFTKZSHK.js +627 -0
package/dist/chunk-I3HKDOEE.js +627 -0
package/dist/chunk-J6LSW6XO.js +601 -0
package/dist/chunk-JUD4MOOQ.js +608 -0
package/dist/chunk-KX6HH6CX.js +629 -0
package/dist/chunk-MZCDWVLH.js +634 -0
package/dist/chunk-NY3BK66J.js +624 -0
package/dist/chunk-Q7UUXZNC.js +26 -0
package/dist/chunk-WT2HYC6Q.js +601 -0
package/dist/chunk-YYVOX4YM.js +600 -0
package/dist/chunk-ZUIUADXH.js +616 -0
package/dist/crypto-rn-2BYOHLMG.js +72 -0
package/dist/crypto-rn-2YV53C3B.js +72 -0
package/dist/crypto-rn-3HFXYG7I.js +75 -0
package/dist/crypto-rn-3HLWLVZS.js +76 -0
package/dist/crypto-rn-3N3JTBLE.js +83 -0
package/dist/crypto-rn-3OEMMMOD.js +74 -0
package/dist/crypto-rn-5EZSRY5Y.js +82 -0
package/dist/crypto-rn-5KM2YVOI.js +82 -0
package/dist/crypto-rn-6335R2CU.js +80 -0
package/dist/crypto-rn-6ZHSL7CX.js +72 -0
package/dist/crypto-rn-7DWXMO2Q.js +75 -0
package/dist/crypto-rn-7GTI374I.js +81 -0
package/dist/crypto-rn-AXDY3LDG.js +124 -0
package/dist/crypto-rn-BZ2KZ2YR.js +68 -0
package/dist/crypto-rn-CAPL7MYC.js +80 -0
package/dist/crypto-rn-CBAKEB7C.js +68 -0
package/dist/crypto-rn-CBWHV2F5.js +82 -0
package/dist/crypto-rn-CS36MQ4X.js +77 -0
package/dist/crypto-rn-E4RZNGIB.js +82 -0
package/dist/crypto-rn-H4NIT5CT.js +70 -0
package/dist/crypto-rn-IAC27WLZ.js +74 -0
package/dist/crypto-rn-LLY6FCWE.js +82 -0
package/dist/crypto-rn-MOWVVG3L.js +78 -0
package/dist/crypto-rn-OAPLHNM5.js +73 -0
package/dist/crypto-rn-PVAG5TVH.js +80 -0
package/dist/crypto-rn-QLVBL5DI.js +75 -0
package/dist/crypto-rn-TBKXR3SR.js +68 -0
package/dist/crypto-rn-TSQJA6A3.js +81 -0
package/dist/crypto-rn-U3XEJXIM.js +77 -0
package/dist/crypto-rn-UHTZEVAR.js +74 -0
package/dist/crypto-rn-V3ZNQSFI.js +79 -0
package/dist/crypto-rn-VGNP6VZW.js +75 -0
package/dist/crypto-rn-XMYCUEGV.js +72 -0
package/dist/crypto-rn-YPOTC5RI.js +73 -0
package/dist/index.cjs +91 -114
package/dist/index.d.ts +30 -17
package/dist/index.js +90 -104
package/package.json +2 -1
package/src/crypto/NodeKeyCache.ts +18 -15
package/src/crypto/crypto.ts +72 -78
package/src/requester/Requester.ts +9 -13
package/src/utils/base64.ts +51 -2

package/dist/index.js CHANGED Viewed

@@ -34,14 +34,44 @@ var StubAuthProvider = class {
 };
 // src/utils/base64.ts
+var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+var Base64 = {
+  btoa: (input = "") => {
+    let str = input;
+    let output = "";
+    for (let block = 0, charCode, i = 0, map = chars; str.charAt(i | 0) || (map = "=", i % 1); output += map.charAt(63 & block >> 8 - i % 1 * 8)) {
+      charCode = str.charCodeAt(i += 3 / 4);
+      if (charCode > 255) {
+        throw new Error(
+          "'btoa' failed: The string to be encoded contains characters outside of the Latin1 range."
+        );
+      }
+      block = block << 8 | charCode;
+    }
+    return output;
+  },
+  atob: (input = "") => {
+    let str = input.replace(/=+$/, "");
+    let output = "";
+    if (str.length % 4 == 1) {
+      throw new Error(
+        "'atob' failed: The string to be decoded is not correctly encoded."
+      );
+    }
+    for (let bc = 0, bs = 0, buffer, i = 0; buffer = str.charAt(i++); ~buffer && (bs = bc % 4 ? bs * 64 + buffer : buffer, bc++ % 4) ? output += String.fromCharCode(255 & bs >> (-2 * bc & 6)) : 0) {
+      buffer = chars.indexOf(buffer);
+    }
+    return output;
+  }
+};
 var b64decode = (encoded) => {
-  return Uint8Array.from(atob(encoded), (c) => c.charCodeAt(0));
+  return Uint8Array.from(Base64.atob(encoded), (c) => c.charCodeAt(0));
 };
 var urlsafe_b64decode = (encoded) => {
   return b64decode(encoded.replace(/_/g, "/").replace(/-/g, "+"));
 };
 var b64encode = (data) => {
-  return btoa(
+  return Base64.btoa(
     String.fromCharCode.apply(null, Array.from(new Uint8Array(data)))
   );
 };
@@ -55,8 +85,7 @@ var LightsparkSigningException = class extends LightsparkException_default {
 var LightsparkSigningException_default = LightsparkSigningException;
 // src/crypto/crypto.ts
-var ITERATIONS = 5e5;
-function getCrypto() {
+var getCrypto = () => {
   let cryptoImplPromise;
   if (typeof crypto !== "undefined") {
     cryptoImplPromise = Promise.resolve(crypto);
@@ -66,34 +95,26 @@ function getCrypto() {
     });
   }
   return cryptoImplPromise;
-}
-var getRandomValues = async (arr) => {
-  if (typeof crypto !== "undefined") {
-    return crypto.getRandomValues(arr);
-  } else {
-    const cryptoImpl2 = await getCrypto();
-    return cryptoImpl2.getRandomValues(arr);
-  }
 };
 var getRandomValues32 = async (arr) => {
   if (typeof crypto !== "undefined") {
     return crypto.getRandomValues(arr);
   } else {
-    const cryptoImpl2 = await getCrypto();
-    return cryptoImpl2.getRandomValues(arr);
+    const cryptoImpl = await getCrypto();
+    return cryptoImpl.getRandomValues(arr);
   }
 };
 var deriveKey = async (password, salt, iterations, algorithm, bit_len) => {
   const enc = new TextEncoder();
-  const cryptoImpl2 = await getCrypto();
-  const password_key = await cryptoImpl2.subtle.importKey(
+  const cryptoImpl = await getCrypto();
+  const password_key = await cryptoImpl.subtle.importKey(
     "raw",
     enc.encode(password),
     "PBKDF2",
     false,
     ["deriveBits", "deriveKey"]
   );
-  const derived = await cryptoImpl2.subtle.deriveBits(
+  const derived = await cryptoImpl.subtle.deriveBits(
     {
       name: "PBKDF2",
       salt,
@@ -103,7 +124,7 @@ var deriveKey = async (password, salt, iterations, algorithm, bit_len) => {
     password_key,
     bit_len
   );
-  const key = await cryptoImpl2.subtle.importKey(
+  const key = await cryptoImpl.subtle.importKey(
     "raw",
     derived.slice(0, 32),
     { name: algorithm, length: 256 },
@@ -113,25 +134,6 @@ var deriveKey = async (password, salt, iterations, algorithm, bit_len) => {
   const iv = derived.slice(32);
   return [key, iv];
 };
-var encrypt = async (plaintext, password, salt) => {
-  if (!salt) {
-    salt = new Uint8Array(16);
-    getRandomValues(salt);
-  }
-  const [key, iv] = await deriveKey(password, salt, ITERATIONS, "AES-GCM", 352);
-  const cryptoImpl2 = await getCrypto();
-  const encrypted = new Uint8Array(
-    await cryptoImpl2.subtle.encrypt({ name: "AES-GCM", iv }, key, plaintext)
-  );
-  const output = new Uint8Array(salt.byteLength + encrypted.byteLength);
-  output.set(salt);
-  output.set(encrypted, salt.byteLength);
-  const header = {
-    v: 4,
-    i: ITERATIONS
-  };
-  return [JSON.stringify(header), b64encode(output)];
-};
 var decrypt = async (header_json, ciphertext, password) => {
   var decoded = b64decode(ciphertext);
   var header;
@@ -150,7 +152,7 @@ var decrypt = async (header_json, ciphertext, password) => {
       "Unknown version ".concat(header.v)
     );
   }
-  const cryptoImpl2 = await getCrypto();
+  const cryptoImpl = await getCrypto();
   const algorithm = header.v < 2 ? "AES-CBC" : "AES-GCM";
   const bit_len = header.v < 4 ? 384 : 352;
   const salt_len = header.v < 4 ? 8 : 16;
@@ -165,7 +167,7 @@ var decrypt = async (header_json, ciphertext, password) => {
       algorithm,
       256
     );
-    return await cryptoImpl2.subtle.decrypt(
+    return await cryptoImpl.subtle.decrypt(
       { name: algorithm, iv: nonce.buffer },
       key,
       cipherText
@@ -180,7 +182,7 @@ var decrypt = async (header_json, ciphertext, password) => {
       algorithm,
       bit_len
     );
-    return await cryptoImpl2.subtle.decrypt(
+    return await cryptoImpl.subtle.decrypt(
       { name: algorithm, iv },
       key,
       encrypted
@@ -196,13 +198,9 @@ async function decryptSecretWithNodePassword(cipher, encryptedSecret, nodePasswo
   }
   return decryptedValue;
 }
-function decode(arrBuff) {
-  const dec = new TextDecoder();
-  return dec.decode(arrBuff);
-}
 var generateSigningKeyPair = async () => {
-  const cryptoImpl2 = await getCrypto();
-  return await cryptoImpl2.subtle.generateKey(
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.generateKey(
     /*algorithm:*/
     {
       name: "RSA-PSS",
@@ -217,74 +215,72 @@ var generateSigningKeyPair = async () => {
   );
 };
 var serializeSigningKey = async (key, format) => {
-  const cryptoImpl2 = await getCrypto();
-  return await cryptoImpl2.subtle.exportKey(
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.exportKey(
     /*format*/
     format,
     /*key*/
     key
   );
 };
-var encryptWithNodeKey = async (key, data) => {
-  const enc = new TextEncoder();
-  const encoded = enc.encode(data);
-  const encrypted = await cryptoImpl.subtle.encrypt(
-    /*algorithm:*/
+var getNonce = async () => {
+  const cryptoImpl = await getCrypto();
+  const nonceSt = await getRandomValues32(new Uint32Array(1));
+  return Number(nonceSt);
+};
+var sign = async (key, data) => {
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.sign(
     {
-      name: "RSA-OAEP"
+      name: "RSA-PSS",
+      saltLength: 32
     },
-    /*key*/
     key,
-    /*data*/
-    encoded
+    data
   );
-  return b64encode(encrypted);
 };
-var loadNodeEncryptionKey = async (rawPublicKey) => {
-  const encoded = b64decode(rawPublicKey);
-  const cryptoImpl2 = await getCrypto();
-  return await cryptoImpl2.subtle.importKey(
+var importPrivateSigningKey = async (keyData, format) => {
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.importKey(
     /*format*/
-    "spki",
+    format,
     /*keyData*/
-    encoded,
-    /*algorithm:*/
+    keyData,
+    /*algorithm*/
     {
-      name: "RSA-OAEP",
+      name: "RSA-PSS",
       hash: "SHA-256"
     },
     /*extractable*/
     true,
     /*keyUsages*/
-    ["encrypt"]
+    ["sign"]
   );
 };
-var getNonce = async () => {
-  const nonceSt = await getRandomValues32(new Uint32Array(1));
-  return Number(nonceSt);
+var DefaultCrypto = {
+  decryptSecretWithNodePassword,
+  generateSigningKeyPair,
+  serializeSigningKey,
+  getNonce,
+  sign,
+  importPrivateSigningKey
 };
 // src/crypto/NodeKeyCache.ts
 import autoBind from "auto-bind";
 var NodeKeyCache = class {
-  idToKey;
-  constructor() {
+  constructor(cryptoImpl = DefaultCrypto) {
+    this.cryptoImpl = cryptoImpl;
     this.idToKey = /* @__PURE__ */ new Map();
     autoBind(this);
   }
-  async loadKey(id, rawKey) {
-    const decoded = b64decode(rawKey);
+  idToKey;
+  async loadKey(id, rawKey, format = "pkcs8") {
+    const decoded = b64decode(this.stripPemTags(rawKey));
     try {
-      const cryptoImpl2 = await getCrypto();
-      const key = await cryptoImpl2.subtle.importKey(
-        "pkcs8",
+      const key = await this.cryptoImpl.importPrivateSigningKey(
         decoded,
-        {
-          name: "RSA-PSS",
-          hash: "SHA-256"
-        },
-        true,
-        ["sign"]
+        format
       );
       this.idToKey.set(id, key);
       return key;
@@ -299,6 +295,9 @@ var NodeKeyCache = class {
   hasKey(id) {
     return this.idToKey.has(id);
   }
+  stripPemTags(pem) {
+    return pem.replace(/-----BEGIN (.*)-----/, "").replace(/-----END (.*)----/, "");
+  }
 };
 var NodeKeyCache_default = NodeKeyCache;
@@ -320,12 +319,13 @@ var LIGHTSPARK_BETA_HEADER_KEY = "X-Lightspark-Beta";
 var LIGHTSPARK_BETA_HEADER_VALUE = "z2h0BBYxTA83cjW7fi8QwWtBPCzkQKiemcuhKY08LOo";
 dayjs.extend(utc);
 var Requester = class {
-  constructor(nodeKeyCache, schemaEndpoint, sdkUserAgent, authProvider = new StubAuthProvider(), baseUrl = DEFAULT_BASE_URL) {
+  constructor(nodeKeyCache, schemaEndpoint, sdkUserAgent, authProvider = new StubAuthProvider(), baseUrl = DEFAULT_BASE_URL, cryptoImpl = DefaultCrypto) {
     this.nodeKeyCache = nodeKeyCache;
     this.schemaEndpoint = schemaEndpoint;
     this.sdkUserAgent = sdkUserAgent;
     this.authProvider = authProvider;
     this.baseUrl = baseUrl;
+    this.cryptoImpl = cryptoImpl;
     let websocketImpl;
     if (typeof WebSocket === "undefined" && typeof window === "undefined") {
       websocketImpl = NodeWebSocket;
@@ -451,7 +451,7 @@ var Requester = class {
     const query = queryPayload.query;
     const variables = queryPayload.variables;
     const operationName = queryPayload.operationName;
-    const nonce = await getNonce();
+    const nonce = await this.cryptoImpl.getNonce();
     const expiration = dayjs.utc().add(1, "hour").format();
     const payload = {
       query,
@@ -466,16 +466,11 @@ var Requester = class {
         "Missing node of encrypted_signing_private_key"
       );
     }
+    if (typeof TextEncoder === "undefined") {
+      const TextEncoder2 = (await import("text-encoding")).TextEncoder;
+    }
     const encodedPayload = new TextEncoder().encode(JSON.stringify(payload));
-    const cryptoImpl2 = await getCrypto();
-    const signedPayload = await cryptoImpl2.subtle.sign(
-      {
-        name: "RSA-PSS",
-        saltLength: 32
-      },
-      key,
-      encodedPayload
-    );
+    const signedPayload = await this.cryptoImpl.sign(key, encodedPayload);
     const encodedSignedPayload = b64encode(signedPayload);
     headers["X-Lightspark-Signing"] = JSON.stringify({
       v: "1",
@@ -574,6 +569,7 @@ var isType = (typename) => (node) => {
   return node?.__typename === typename;
 };
 export {
+  DefaultCrypto,
   LightsparkAuthException_default as LightsparkAuthException,
   LightsparkException_default as LightsparkException,
   LightsparkSigningException_default as LightsparkSigningException,
@@ -585,18 +581,8 @@ export {
   b64decode,
   b64encode,
   convertCurrencyAmount,
-  decode,
-  decrypt,
-  decryptSecretWithNodePassword,
-  encrypt,
-  encryptWithNodeKey,
-  generateSigningKeyPair,
-  getCrypto,
-  getNonce,
   isBrowser,
   isNode,
   isType,
-  loadNodeEncryptionKey,
-  serializeSigningKey,
   urlsafe_b64decode
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lightsparkdev/core",
-  "version": "0.2.1",
+  "version": "0.2.2",
   "description": "Lightspark JS SDK",
   "author": "Lightspark Inc.",
   "keywords": [
@@ -52,6 +52,7 @@
     "dayjs": "^1.11.7",
     "graphql": "^16.6.0",
     "graphql-ws": "^5.11.3",
+    "text-encoding": "^0.7.0",
     "ws": "^8.12.1",
     "zen-observable-ts": "^1.1.0"
   },

package/src/crypto/NodeKeyCache.ts CHANGED Viewed

@@ -3,28 +3,25 @@
 import autoBind from "auto-bind";
 import { b64decode } from "../utils/base64.js";
-import { getCrypto } from "./crypto.js";
+import { CryptoInterface, DefaultCrypto } from "./crypto.js";
 class NodeKeyCache {
-  private idToKey: Map<string, CryptoKey>;
-  constructor() {
+  private idToKey: Map<string, CryptoKey | Uint8Array>;
+  constructor(private readonly cryptoImpl: CryptoInterface = DefaultCrypto) {
     this.idToKey = new Map();
     autoBind(this);
   }
-  public async loadKey(id: string, rawKey: string): Promise<CryptoKey | null> {
-    const decoded = b64decode(rawKey);
+  public async loadKey(
+    id: string,
+    rawKey: string,
+    format: "pkcs8" | "spki" = "pkcs8"
+  ): Promise<CryptoKey | Uint8Array | null> {
+    const decoded = b64decode(this.stripPemTags(rawKey));
     try {
-      const cryptoImpl = await getCrypto();
-      const key = await cryptoImpl.subtle.importKey(
-        "pkcs8",
+      const key = await this.cryptoImpl.importPrivateSigningKey(
         decoded,
-        {
-          name: "RSA-PSS",
-          hash: "SHA-256",
-        },
-        true,
-        ["sign"]
+        format
       );
       this.idToKey.set(id, key);
       return key;
@@ -34,13 +31,19 @@ class NodeKeyCache {
     return null;
   }
-  public getKey(id: string): CryptoKey | undefined {
+  public getKey(id: string): CryptoKey | Uint8Array | undefined {
     return this.idToKey.get(id);
   }
   public hasKey(id: string): boolean {
     return this.idToKey.has(id);
   }
+  private stripPemTags(pem: string): string {
+    return pem
+      .replace(/-----BEGIN (.*)-----/, "")
+      .replace(/-----END (.*)----/, "");
+  }
 }
 export default NodeKeyCache;

package/src/crypto/crypto.ts CHANGED Viewed

@@ -1,11 +1,36 @@
 // Copyright  ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
 import LightsparkException from "../LightsparkException.js";
-import { b64decode, b64encode } from "../utils/base64.js";
+import { b64decode } from "../utils/base64.js";
-const ITERATIONS = 500000;
+export type CryptoInterface = {
+  decryptSecretWithNodePassword: (
+    cipher: string,
+    encryptedSecret: string,
+    nodePassword: string
+  ) => Promise<ArrayBuffer | null>;
-export function getCrypto() {
+  generateSigningKeyPair: () => Promise<{
+    publicKey: CryptoKey | string;
+    privateKey: CryptoKey | string;
+  }>;
+  serializeSigningKey: (
+    key: CryptoKey | string,
+    format: "pkcs8" | "spki"
+  ) => Promise<ArrayBuffer>;
+  getNonce: () => Promise<number>;
+  sign: (key: CryptoKey | Uint8Array, data: Uint8Array) => Promise<ArrayBuffer>;
+  importPrivateSigningKey: (
+    keyData: Uint8Array,
+    format: "pkcs8" | "spki"
+  ) => Promise<CryptoKey | Uint8Array>;
+};
+const getCrypto = () => {
   let cryptoImplPromise: Promise<typeof crypto>;
   if (typeof crypto !== "undefined") {
     cryptoImplPromise = Promise.resolve(crypto);
@@ -15,15 +40,6 @@ export function getCrypto() {
     });
   }
   return cryptoImplPromise;
-}
-const getRandomValues = async (arr: Uint8Array): Promise<Uint8Array> => {
-  if (typeof crypto !== "undefined") {
-    return crypto.getRandomValues(arr);
-  } else {
-    const cryptoImpl = await getCrypto();
-    return cryptoImpl.getRandomValues(arr);
-  }
 };
 const getRandomValues32 = async (arr: Uint32Array): Promise<Uint32Array> => {
@@ -77,36 +93,7 @@ const deriveKey = async (
   return [key, iv];
 };
-export const encrypt = async (
-  plaintext: ArrayBuffer,
-  password: string,
-  salt?: Uint8Array
-): Promise<[string, string]> => {
-  if (!salt) {
-    salt = new Uint8Array(16);
-    getRandomValues(salt);
-  }
-  const [key, iv] = await deriveKey(password, salt, ITERATIONS, "AES-GCM", 352);
-  const cryptoImpl = await getCrypto();
-  const encrypted = new Uint8Array(
-    await cryptoImpl.subtle.encrypt({ name: "AES-GCM", iv }, key, plaintext)
-  );
-  const output = new Uint8Array(salt.byteLength + encrypted.byteLength);
-  output.set(salt);
-  output.set(encrypted, salt.byteLength);
-  const header = {
-    v: 4,
-    i: ITERATIONS,
-  };
-  return [JSON.stringify(header), b64encode(output)];
-};
-export const decrypt = async (
+const decrypt = async (
   header_json: string,
   ciphertext: string,
   password: string
@@ -172,7 +159,7 @@ export const decrypt = async (
   }
 };
-export async function decryptSecretWithNodePassword(
+async function decryptSecretWithNodePassword(
   cipher: string,
   encryptedSecret: string,
   nodePassword: string
@@ -188,12 +175,9 @@ export async function decryptSecretWithNodePassword(
   return decryptedValue;
 }
-export function decode(arrBuff: ArrayBuffer): string {
-  const dec = new TextDecoder();
-  return dec.decode(arrBuff);
-}
-export const generateSigningKeyPair = async (): Promise<CryptoKeyPair> => {
+const generateSigningKeyPair = async (): Promise<
+  CryptoKeyPair | { publicKey: string; privateKey: string }
+> => {
   const cryptoImpl = await getCrypto();
   return await cryptoImpl.subtle.generateKey(
     /*algorithm:*/ {
@@ -207,52 +191,62 @@ export const generateSigningKeyPair = async (): Promise<CryptoKeyPair> => {
   );
 };
-export const serializeSigningKey = async (
-  key: CryptoKey,
+const serializeSigningKey = async (
+  key: CryptoKey | string,
   format: "pkcs8" | "spki"
 ): Promise<ArrayBuffer> => {
   const cryptoImpl = await getCrypto();
-  return await cryptoImpl.subtle.exportKey(/*format*/ format, /*key*/ key);
+  return await cryptoImpl.subtle.exportKey(
+    /*format*/ format,
+    /*key*/ key as CryptoKey
+  );
 };
-export const encryptWithNodeKey = async (
-  key: CryptoKey,
-  data: string
-): Promise<string> => {
-  const enc = new TextEncoder();
-  const encoded = enc.encode(data);
-  // @ts-ignore
-  const encrypted = await cryptoImpl.subtle.encrypt(
-    /*algorithm:*/ {
-      name: "RSA-OAEP",
+const getNonce = async () => {
+  const cryptoImpl = await getCrypto();
+  const nonceSt = await getRandomValues32(new Uint32Array(1));
+  return Number(nonceSt);
+};
+const sign = async (
+  key: CryptoKey | Uint8Array,
+  data: Uint8Array
+): Promise<ArrayBuffer> => {
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.sign(
+    {
+      name: "RSA-PSS",
+      saltLength: 32,
     },
-    /*key*/ key,
-    /*data*/ encoded
+    key as CryptoKey,
+    data
   );
-  // @ts-ignore
-  return b64encode(encrypted);
 };
-export const loadNodeEncryptionKey = async (
-  rawPublicKey: string
-): Promise<CryptoKey> => {
-  const encoded = b64decode(rawPublicKey);
+const importPrivateSigningKey = async (
+  keyData: Uint8Array,
+  format: "pkcs8" | "spki"
+): Promise<CryptoKey | Uint8Array> => {
   const cryptoImpl = await getCrypto();
   return await cryptoImpl.subtle.importKey(
-    /*format*/ "spki",
-    /*keyData*/ encoded,
-    /*algorithm:*/ {
-      name: "RSA-OAEP",
+    /*format*/ format,
+    /*keyData*/ keyData,
+    /*algorithm*/ {
+      name: "RSA-PSS",
       hash: "SHA-256",
     },
     /*extractable*/ true,
-    /*keyUsages*/ ["encrypt"]
+    /*keyUsages*/ ["sign"]
   );
 };
-export const getNonce = async () => {
-  const nonceSt = await getRandomValues32(new Uint32Array(1));
-  return Number(nonceSt);
+export const DefaultCrypto = {
+  decryptSecretWithNodePassword,
+  generateSigningKeyPair,
+  serializeSigningKey,
+  getNonce,
+  sign,
+  importPrivateSigningKey,
 };
 export { default as LightsparkSigningException } from "./LightsparkSigningException.js";