@lightsparkdev/core 0.3.10 → 1.0.0

package/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @lightsparkdev/core
 
+## 1.0.0
+
+### Major Changes
+
+- 1f00a50: Change SigningKey hashing method depending on environment
+  BREAKING: NodeKeyCaches loadKey now requires signingKeyType as a parameter
+
+## 0.3.11
+
+### Patch Changes
+
+- 4ffd9a1: Upgrade prettier, fix lint configs, move ls-react-native-crypto-app to examples
+
 ## 0.3.10
 
 ### Patch Changes

package/dist/index.cjs

@@ -36,13 +36,20 @@ __export(src_exports, {
   LightsparkException: () => LightsparkException_default,
   LightsparkSigningException: () => LightsparkSigningException_default,
   NodeKeyCache: () => NodeKeyCache_default,
+  RSASigningKey: () => RSASigningKey,
   Requester: () => Requester_default,
+  Secp256k1SigningKey: () => Secp256k1SigningKey,
   ServerEnvironment: () => ServerEnvironment_default,
+  SigningKey: () => SigningKey,
+  SigningKeyType: () => SigningKeyType,
   StubAuthProvider: () => StubAuthProvider,
   apiDomainForEnvironment: () => apiDomainForEnvironment,
   b64decode: () => b64decode,
   b64encode: () => b64encode,
+  bytesToHex: () => bytesToHex,
   convertCurrencyAmount: () => convertCurrencyAmount,
+  createSha256Hash: () => createSha256Hash,
+  hexToBytes: () => hexToBytes,
   isBrowser: () => isBrowser,
   isNode: () => isNode,
   isType: () => isType,
@@ -348,6 +355,50 @@ var KeyOrAlias = {
 
 // src/crypto/NodeKeyCache.ts
 var import_auto_bind = __toESM(require("auto-bind"), 1);
+
+// src/crypto/SigningKey.ts
+var import_secp256k1 = __toESM(require("secp256k1"), 1);
+function isAlias(key) {
+  return "alias" in key;
+}
+var SigningKey = class {
+  type;
+  constructor(type) {
+    this.type = type;
+  }
+};
+var RSASigningKey = class extends SigningKey {
+  constructor(privateKey, cryptoImpl) {
+    super("RSASigningKey" /* RSASigningKey */);
+    this.privateKey = privateKey;
+    this.cryptoImpl = cryptoImpl;
+  }
+  async sign(data) {
+    const key = isAlias(this.privateKey) ? this.privateKey.alias : this.privateKey;
+    return this.cryptoImpl.sign(key, data);
+  }
+};
+var Secp256k1SigningKey = class extends SigningKey {
+  constructor(privateKey) {
+    super("Secp256k1SigningKey" /* Secp256k1SigningKey */);
+    this.privateKey = privateKey;
+  }
+  async sign(data) {
+    const keyBytes = new Uint8Array(hexToBytes(this.privateKey));
+    const hash = await createSha256Hash(data);
+    const signResult = import_secp256k1.default.ecdsaSign(hash, keyBytes);
+    return signResult.signature;
+  }
+};
+
+// src/crypto/types.ts
+var SigningKeyType = /* @__PURE__ */ ((SigningKeyType2) => {
+  SigningKeyType2["RSASigningKey"] = "RSASigningKey";
+  SigningKeyType2["Secp256k1SigningKey"] = "Secp256k1SigningKey";
+  return SigningKeyType2;
+})(SigningKeyType || {});
+
+// src/crypto/NodeKeyCache.ts
 var NodeKeyCache = class {
   constructor(cryptoImpl = DefaultCrypto) {
     this.cryptoImpl = cryptoImpl;
@@ -355,16 +406,35 @@ var NodeKeyCache = class {
     (0, import_auto_bind.default)(this);
   }
   idToKey;
-  async loadKey(id, keyOrAlias) {
+  async loadKey(id, keyOrAlias, signingKeyType) {
+    let signingKey;
     if (keyOrAlias.alias !== void 0) {
-      this.idToKey.set(id, keyOrAlias.alias);
-      return keyOrAlias.alias;
+      switch (signingKeyType) {
+        case "RSASigningKey" /* RSASigningKey */:
+          signingKey = new RSASigningKey(
+            { alias: keyOrAlias.alias },
+            this.cryptoImpl
+          );
+          break;
+        default:
+          throw new LightsparkSigningException_default(
+            `Aliases are not supported for signing key type ${signingKeyType}`
+          );
+      }
+      this.idToKey.set(id, signingKey);
+      return signingKey;
     }
-    const decoded = b64decode(this.stripPemTags(keyOrAlias.key));
     try {
-      const key = await this.cryptoImpl.importPrivateSigningKey(decoded);
-      this.idToKey.set(id, key);
-      return key;
+      if (signingKeyType === "Secp256k1SigningKey" /* Secp256k1SigningKey */) {
+        signingKey = new Secp256k1SigningKey(keyOrAlias.key);
+      } else {
+        const decoded = b64decode(this.stripPemTags(keyOrAlias.key));
+        const cryptoKeyOrAlias = await this.cryptoImpl.importPrivateSigningKey(decoded);
+        const key = typeof cryptoKeyOrAlias === "string" ? { alias: cryptoKeyOrAlias } : cryptoKeyOrAlias;
+        signingKey = new RSASigningKey(key, this.cryptoImpl);
+      }
+      this.idToKey.set(id, signingKey);
+      return signingKey;
     } catch (e) {
       console.log("Error importing key: ", e);
     }
@@ -564,7 +634,7 @@ var Requester = class {
     const encodedPayload = new TextEncoderImpl().encode(
       JSON.stringify(payload)
     );
-    const signedPayload = await this.cryptoImpl.sign(key, encodedPayload);
+    const signedPayload = await key.sign(encodedPayload);
     const encodedSignedPayload = b64encode(signedPayload);
     headers["X-Lightspark-Signing"] = JSON.stringify({
       v: "1",
@@ -591,6 +661,16 @@ var apiDomainForEnvironment = (environment) => {
 };
 var ServerEnvironment_default = ServerEnvironment;
 
+// src/utils/createHash.ts
+var createSha256Hash = async (data) => {
+  if (isBrowser) {
+    return new Uint8Array(await window.crypto.subtle.digest("SHA-256", data));
+  } else {
+    const { createHash } = await import("crypto");
+    return createHash("sha256").update(data).digest();
+  }
+};
+
 // src/utils/currency.ts
 var CONVERSION_MAP = {
   ["BITCOIN" /* BITCOIN */]: {
@@ -661,6 +741,20 @@ var convertCurrencyAmount = (from, toUnit) => {
   };
 };
 
+// src/utils/hex.ts
+var bytesToHex = (bytes) => {
+  return bytes.reduce((acc, byte) => {
+    return acc += ("0" + byte.toString(16)).slice(-2);
+  }, "");
+};
+var hexToBytes = (hex) => {
+  const bytes = [];
+  for (let c = 0; c < hex.length; c += 2) {
+    bytes.push(parseInt(hex.substr(c, 2), 16));
+  }
+  return Uint8Array.from(bytes);
+};
+
 // src/utils/types.ts
 var isType = (typename) => (node) => {
   return node?.__typename === typename;
@@ -673,13 +767,20 @@ var isType = (typename) => (node) => {
   LightsparkException,
   LightsparkSigningException,
   NodeKeyCache,
+  RSASigningKey,
   Requester,
+  Secp256k1SigningKey,
   ServerEnvironment,
+  SigningKey,
+  SigningKeyType,
   StubAuthProvider,
   apiDomainForEnvironment,
   b64decode,
   b64encode,
+  bytesToHex,
   convertCurrencyAmount,
+  createSha256Hash,
+  hexToBytes,
   isBrowser,
   isNode,
   isType,

package/dist/index.d.ts

@@ -66,12 +66,37 @@ declare const KeyOrAlias: {
     alias: (alias: string) => OnlyAlias;
 };
 
+interface Alias {
+    alias: string;
+}
+declare abstract class SigningKey {
+    readonly type: SigningKeyType;
+    constructor(type: SigningKeyType);
+    abstract sign(data: Uint8Array): Promise<ArrayBuffer>;
+}
+declare class RSASigningKey extends SigningKey {
+    private readonly privateKey;
+    private readonly cryptoImpl;
+    constructor(privateKey: CryptoKey | Alias, cryptoImpl: CryptoInterface);
+    sign(data: Uint8Array): Promise<ArrayBuffer>;
+}
+declare class Secp256k1SigningKey extends SigningKey {
+    private readonly privateKey;
+    constructor(privateKey: string);
+    sign(data: Uint8Array): Promise<Uint8Array>;
+}
+
+declare enum SigningKeyType {
+    RSASigningKey = "RSASigningKey",
+    Secp256k1SigningKey = "Secp256k1SigningKey"
+}
+
 declare class NodeKeyCache {
     private readonly cryptoImpl;
     private idToKey;
     constructor(cryptoImpl?: CryptoInterface);
-    loadKey(id: string, keyOrAlias: KeyOrAliasType): Promise<CryptoKey | string | null>;
-    getKey(id: string): CryptoKey | string | undefined;
+    loadKey(id: string, keyOrAlias: KeyOrAliasType, signingKeyType: SigningKeyType): Promise<SigningKey | null>;
+    getKey(id: string): SigningKey | undefined;
     hasKey(id: string): boolean;
     private stripPemTags;
 }
@@ -124,6 +149,8 @@ declare const b64decode: (encoded: string) => Uint8Array;
 declare const urlsafe_b64decode: (encoded: string) => Uint8Array;
 declare const b64encode: (data: ArrayBuffer) => string;
 
+declare const createSha256Hash: (data: Uint8Array) => Promise<Uint8Array>;
+
 /** Represents the value and unit for an amount of currency. **/
 type CurrencyAmount = {
     /** The original numeric value for this CurrencyAmount. **/
@@ -169,6 +196,9 @@ declare const convertCurrencyAmount: (from: CurrencyAmount, toUnit: CurrencyUnit
 declare const isBrowser: boolean;
 declare const isNode: boolean;
 
+declare const bytesToHex: (bytes: Uint8Array) => string;
+declare const hexToBytes: (hex: string) => Uint8Array;
+
 type Maybe<T> = T | null | undefined;
 type ExpandRecursively<T> = T extends object ? T extends infer O ? {
     [K in keyof O]: ExpandRecursively<O[K]>;
@@ -183,4 +213,4 @@ declare const isType: <T extends string>(typename: T) => <N extends {
     __typename: T;
 }>;
 
-export { AuthProvider, ById, CryptoInterface, DefaultCrypto, ExpandRecursively, GeneratedKeyPair, KeyOrAlias, KeyOrAliasType, LightsparkAuthException, LightsparkException, LightsparkSigningException, Maybe, NodeKeyCache, OmitTypename, Query, Requester, ServerEnvironment, StubAuthProvider, apiDomainForEnvironment, b64decode, b64encode, convertCurrencyAmount, isBrowser, isNode, isType, urlsafe_b64decode };
+export { AuthProvider, ById, CryptoInterface, DefaultCrypto, ExpandRecursively, GeneratedKeyPair, KeyOrAlias, KeyOrAliasType, LightsparkAuthException, LightsparkException, LightsparkSigningException, Maybe, NodeKeyCache, OmitTypename, Query, RSASigningKey, Requester, Secp256k1SigningKey, ServerEnvironment, SigningKey, SigningKeyType, StubAuthProvider, apiDomainForEnvironment, b64decode, b64encode, bytesToHex, convertCurrencyAmount, createSha256Hash, hexToBytes, isBrowser, isNode, isType, urlsafe_b64decode };

package/dist/index.js

@@ -296,6 +296,50 @@ var KeyOrAlias = {
 
 // src/crypto/NodeKeyCache.ts
 import autoBind from "auto-bind";
+
+// src/crypto/SigningKey.ts
+import secp256k1 from "secp256k1";
+function isAlias(key) {
+  return "alias" in key;
+}
+var SigningKey = class {
+  type;
+  constructor(type) {
+    this.type = type;
+  }
+};
+var RSASigningKey = class extends SigningKey {
+  constructor(privateKey, cryptoImpl) {
+    super("RSASigningKey" /* RSASigningKey */);
+    this.privateKey = privateKey;
+    this.cryptoImpl = cryptoImpl;
+  }
+  async sign(data) {
+    const key = isAlias(this.privateKey) ? this.privateKey.alias : this.privateKey;
+    return this.cryptoImpl.sign(key, data);
+  }
+};
+var Secp256k1SigningKey = class extends SigningKey {
+  constructor(privateKey) {
+    super("Secp256k1SigningKey" /* Secp256k1SigningKey */);
+    this.privateKey = privateKey;
+  }
+  async sign(data) {
+    const keyBytes = new Uint8Array(hexToBytes(this.privateKey));
+    const hash = await createSha256Hash(data);
+    const signResult = secp256k1.ecdsaSign(hash, keyBytes);
+    return signResult.signature;
+  }
+};
+
+// src/crypto/types.ts
+var SigningKeyType = /* @__PURE__ */ ((SigningKeyType2) => {
+  SigningKeyType2["RSASigningKey"] = "RSASigningKey";
+  SigningKeyType2["Secp256k1SigningKey"] = "Secp256k1SigningKey";
+  return SigningKeyType2;
+})(SigningKeyType || {});
+
+// src/crypto/NodeKeyCache.ts
 var NodeKeyCache = class {
   constructor(cryptoImpl = DefaultCrypto) {
     this.cryptoImpl = cryptoImpl;
@@ -303,16 +347,35 @@ var NodeKeyCache = class {
     autoBind(this);
   }
   idToKey;
-  async loadKey(id, keyOrAlias) {
+  async loadKey(id, keyOrAlias, signingKeyType) {
+    let signingKey;
     if (keyOrAlias.alias !== void 0) {
-      this.idToKey.set(id, keyOrAlias.alias);
-      return keyOrAlias.alias;
+      switch (signingKeyType) {
+        case "RSASigningKey" /* RSASigningKey */:
+          signingKey = new RSASigningKey(
+            { alias: keyOrAlias.alias },
+            this.cryptoImpl
+          );
+          break;
+        default:
+          throw new LightsparkSigningException_default(
+            `Aliases are not supported for signing key type ${signingKeyType}`
+          );
+      }
+      this.idToKey.set(id, signingKey);
+      return signingKey;
     }
-    const decoded = b64decode(this.stripPemTags(keyOrAlias.key));
     try {
-      const key = await this.cryptoImpl.importPrivateSigningKey(decoded);
-      this.idToKey.set(id, key);
-      return key;
+      if (signingKeyType === "Secp256k1SigningKey" /* Secp256k1SigningKey */) {
+        signingKey = new Secp256k1SigningKey(keyOrAlias.key);
+      } else {
+        const decoded = b64decode(this.stripPemTags(keyOrAlias.key));
+        const cryptoKeyOrAlias = await this.cryptoImpl.importPrivateSigningKey(decoded);
+        const key = typeof cryptoKeyOrAlias === "string" ? { alias: cryptoKeyOrAlias } : cryptoKeyOrAlias;
+        signingKey = new RSASigningKey(key, this.cryptoImpl);
+      }
+      this.idToKey.set(id, signingKey);
+      return signingKey;
     } catch (e) {
       console.log("Error importing key: ", e);
     }
@@ -512,7 +575,7 @@ var Requester = class {
     const encodedPayload = new TextEncoderImpl().encode(
       JSON.stringify(payload)
     );
-    const signedPayload = await this.cryptoImpl.sign(key, encodedPayload);
+    const signedPayload = await key.sign(encodedPayload);
     const encodedSignedPayload = b64encode(signedPayload);
     headers["X-Lightspark-Signing"] = JSON.stringify({
       v: "1",
@@ -539,6 +602,16 @@ var apiDomainForEnvironment = (environment) => {
 };
 var ServerEnvironment_default = ServerEnvironment;
 
+// src/utils/createHash.ts
+var createSha256Hash = async (data) => {
+  if (isBrowser) {
+    return new Uint8Array(await window.crypto.subtle.digest("SHA-256", data));
+  } else {
+    const { createHash } = await import("crypto");
+    return createHash("sha256").update(data).digest();
+  }
+};
+
 // src/utils/currency.ts
 var CONVERSION_MAP = {
   ["BITCOIN" /* BITCOIN */]: {
@@ -609,6 +682,20 @@ var convertCurrencyAmount = (from, toUnit) => {
   };
 };
 
+// src/utils/hex.ts
+var bytesToHex = (bytes) => {
+  return bytes.reduce((acc, byte) => {
+    return acc += ("0" + byte.toString(16)).slice(-2);
+  }, "");
+};
+var hexToBytes = (hex) => {
+  const bytes = [];
+  for (let c = 0; c < hex.length; c += 2) {
+    bytes.push(parseInt(hex.substr(c, 2), 16));
+  }
+  return Uint8Array.from(bytes);
+};
+
 // src/utils/types.ts
 var isType = (typename) => (node) => {
   return node?.__typename === typename;
@@ -620,13 +707,20 @@ export {
   LightsparkException_default as LightsparkException,
   LightsparkSigningException_default as LightsparkSigningException,
   NodeKeyCache_default as NodeKeyCache,
+  RSASigningKey,
   Requester_default as Requester,
+  Secp256k1SigningKey,
   ServerEnvironment_default as ServerEnvironment,
+  SigningKey,
+  SigningKeyType,
   StubAuthProvider,
   apiDomainForEnvironment,
   b64decode,
   b64encode,
+  bytesToHex,
   convertCurrencyAmount,
+  createSha256Hash,
+  hexToBytes,
   isBrowser,
   isNode,
   isType,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lightsparkdev/core",
-  "version": "0.3.10",
+  "version": "1.0.0",
   "description": "Lightspark JS SDK",
   "author": "Lightspark Inc.",
   "keywords": [
@@ -36,7 +36,7 @@
     }
   },
   "engines": {
-    "node": ">=14.16"
+    "node": ">=18.17.0"
   },
   "browser": {
     "crypto": false
@@ -68,6 +68,7 @@
     "dayjs": "^1.11.7",
     "graphql": "^16.6.0",
     "graphql-ws": "^5.11.3",
+    "secp256k1": "^5.0.0",
     "text-encoding": "^0.7.0",
     "ws": "^8.12.1",
     "zen-observable-ts": "^1.1.0"
@@ -76,13 +77,14 @@
     "@lightsparkdev/eslint-config": "*",
     "@lightsparkdev/tsconfig": "0.0.0",
     "@types/crypto-js": "^4.1.1",
+    "@types/secp256k1": "^4.0.3",
     "@types/ws": "^8.5.4",
     "eslint": "^8.3.0",
     "eslint-watch": "^8.0.0",
-    "jest": "^29.4.1",
-    "prettier": "2.8.7",
+    "jest": "^29.6.2",
+    "prettier": "3.0.2",
     "prettier-plugin-organize-imports": "^3.2.2",
-    "ts-jest": "^29.0.5",
+    "ts-jest": "^29.1.1",
     "tsc-absolute": "^1.0.1",
     "tsup": "^6.7.0",
     "typescript": "^4.9.5"

package/src/LightsparkException.ts

@@ -8,7 +8,7 @@ class LightsparkException extends Error {
   constructor(
     code: string,
     message: string,
-    extraInfo?: Record<string, unknown>
+    extraInfo?: Record<string, unknown>,
   ) {
     super(message);
     this.code = code;

package/src/ServerEnvironment.ts

@@ -4,7 +4,7 @@ enum ServerEnvironment {
 }
 
 export const apiDomainForEnvironment = (
-  environment: ServerEnvironment
+  environment: ServerEnvironment,
 ): string => {
   switch (environment) {
     case ServerEnvironment.DEV:

package/src/auth/AuthProvider.ts

@@ -7,6 +7,6 @@ export default interface AuthProvider {
   addAuthHeaders(headers: Headers): Promise<Headers>;
   isAuthorized(): Promise<boolean>;
   addWsConnectionParams(
-    params: WsConnectionParams
+    params: WsConnectionParams,
   ): Promise<WsConnectionParams>;
 }

package/src/crypto/NodeKeyCache.ts

@@ -4,11 +4,18 @@ import autoBind from "auto-bind";
 
 import { b64decode } from "../utils/base64.js";
 import type { CryptoInterface } from "./crypto.js";
-import { DefaultCrypto } from "./crypto.js";
+import { DefaultCrypto, LightsparkSigningException } from "./crypto.js";
 import type { KeyOrAliasType } from "./KeyOrAlias.js";
+import {
+  RSASigningKey,
+  Secp256k1SigningKey,
+  type SigningKey,
+} from "./SigningKey.js";
+import { SigningKeyType } from "./types.js";
 
 class NodeKeyCache {
-  private idToKey: Map<string, CryptoKey | string>;
+  private idToKey: Map<string, SigningKey>;
+
   constructor(private readonly cryptoImpl: CryptoInterface = DefaultCrypto) {
     this.idToKey = new Map();
     autoBind(this);
@@ -16,24 +23,52 @@ class NodeKeyCache {
 
   public async loadKey(
     id: string,
-    keyOrAlias: KeyOrAliasType
-  ): Promise<CryptoKey | string | null> {
+    keyOrAlias: KeyOrAliasType,
+    signingKeyType: SigningKeyType,
+  ): Promise<SigningKey | null> {
+    let signingKey: SigningKey;
+
     if (keyOrAlias.alias !== undefined) {
-      this.idToKey.set(id, keyOrAlias.alias);
-      return keyOrAlias.alias;
+      switch (signingKeyType) {
+        case SigningKeyType.RSASigningKey:
+          signingKey = new RSASigningKey(
+            { alias: keyOrAlias.alias },
+            this.cryptoImpl,
+          );
+          break;
+        default:
+          throw new LightsparkSigningException(
+            `Aliases are not supported for signing key type ${signingKeyType}`,
+          );
+      }
+
+      this.idToKey.set(id, signingKey);
+      return signingKey;
     }
-    const decoded = b64decode(this.stripPemTags(keyOrAlias.key));
+
     try {
-      const key = await this.cryptoImpl.importPrivateSigningKey(decoded);
-      this.idToKey.set(id, key);
-      return key;
+      if (signingKeyType === SigningKeyType.Secp256k1SigningKey) {
+        signingKey = new Secp256k1SigningKey(keyOrAlias.key);
+      } else {
+        const decoded = b64decode(this.stripPemTags(keyOrAlias.key));
+        const cryptoKeyOrAlias =
+          await this.cryptoImpl.importPrivateSigningKey(decoded);
+        const key =
+          typeof cryptoKeyOrAlias === "string"
+            ? { alias: cryptoKeyOrAlias }
+            : cryptoKeyOrAlias;
+        signingKey = new RSASigningKey(key, this.cryptoImpl);
+      }
+
+      this.idToKey.set(id, signingKey);
+      return signingKey;
     } catch (e) {
       console.log("Error importing key: ", e);
     }
     return null;
   }
 
-  public getKey(id: string): CryptoKey | string | undefined {
+  public getKey(id: string): SigningKey | undefined {
     return this.idToKey.get(id);
   }
 

package/src/crypto/SigningKey.ts

@@ -0,0 +1,54 @@
+import secp256k1 from "secp256k1";
+import {
+  createSha256Hash,
+  hexToBytes,
+  SigningKeyType,
+  type CryptoInterface,
+} from "../index.js";
+
+interface Alias {
+  alias: string;
+}
+
+function isAlias(key: CryptoKey | Alias): key is Alias {
+  return "alias" in key;
+}
+
+export abstract class SigningKey {
+  readonly type: SigningKeyType;
+
+  constructor(type: SigningKeyType) {
+    this.type = type;
+  }
+
+  abstract sign(data: Uint8Array): Promise<ArrayBuffer>;
+}
+
+export class RSASigningKey extends SigningKey {
+  constructor(
+    private readonly privateKey: CryptoKey | Alias,
+    private readonly cryptoImpl: CryptoInterface,
+  ) {
+    super(SigningKeyType.RSASigningKey);
+  }
+
+  async sign(data: Uint8Array) {
+    const key = isAlias(this.privateKey)
+      ? this.privateKey.alias
+      : this.privateKey;
+    return this.cryptoImpl.sign(key, data);
+  }
+}
+
+export class Secp256k1SigningKey extends SigningKey {
+  constructor(private readonly privateKey: string) {
+    super(SigningKeyType.Secp256k1SigningKey);
+  }
+
+  async sign(data: Uint8Array) {
+    const keyBytes = new Uint8Array(hexToBytes(this.privateKey));
+    const hash = await createSha256Hash(data);
+    const signResult = secp256k1.ecdsaSign(hash, keyBytes);
+    return signResult.signature;
+  }
+}

package/src/crypto/crypto.ts

@@ -14,21 +14,21 @@ export type CryptoInterface = {
   decryptSecretWithNodePassword: (
     cipher: string,
     encryptedSecret: string,
-    nodePassword: string
+    nodePassword: string,
   ) => Promise<ArrayBuffer | null>;
 
   generateSigningKeyPair: () => Promise<GeneratedKeyPair>;
 
   serializeSigningKey: (
     key: CryptoKey | string,
-    format: "pkcs8" | "spki"
+    format: "pkcs8" | "spki",
   ) => Promise<ArrayBuffer>;
 
   getNonce: () => Promise<number>;
 
   sign: (
     keyOrAlias: CryptoKey | string,
-    data: Uint8Array
+    data: Uint8Array,
   ) => Promise<ArrayBuffer>;
 
   importPrivateSigningKey: (keyData: Uint8Array) => Promise<CryptoKey | string>;
@@ -80,7 +80,7 @@ const deriveKey = async (
   salt: ArrayBuffer,
   iterations: number,
   algorithm: string,
-  bit_len: number
+  bit_len: number,
 ): Promise<[CryptoKey, ArrayBuffer]> => {
   const enc = new TextEncoder();
   const cryptoImpl = await getCrypto();
@@ -89,7 +89,7 @@ const deriveKey = async (
     enc.encode(password),
     "PBKDF2",
     false,
-    ["deriveBits", "deriveKey"]
+    ["deriveBits", "deriveKey"],
   );
 
   const derived = await cryptoImpl.subtle.deriveBits(
@@ -100,7 +100,7 @@ const deriveKey = async (
       hash: "SHA-256",
     },
     password_key,
-    bit_len
+    bit_len,
   );
 
   // Split the derived bytes into a 32 byte AES key and a 16 byte IV
@@ -109,7 +109,7 @@ const deriveKey = async (
     derived.slice(0, 32),
     { name: algorithm, length: 256 },
     false,
-    ["encrypt", "decrypt"]
+    ["encrypt", "decrypt"],
   );
 
   const iv = derived.slice(32);
@@ -120,7 +120,7 @@ const deriveKey = async (
 const decrypt = async (
   header_json: string,
   ciphertext: string,
-  password: string
+  password: string,
 ): Promise<ArrayBuffer> => {
   let decoded = b64decode(ciphertext);
 
@@ -139,7 +139,7 @@ const decrypt = async (
   if (header.v < 0 || header.v > 4) {
     throw new LightsparkException(
       "DecryptionError",
-      "Unknown version ".concat(header.v)
+      "Unknown version ".concat(header.v),
     );
   }
 
@@ -158,12 +158,12 @@ const decrypt = async (
       salt,
       header.i,
       algorithm,
-      256
+      256,
     );
     return await cryptoImpl.subtle.decrypt(
       { name: algorithm, iv: nonce.buffer },
       key,
-      cipherText
+      cipherText,
     );
   } else {
     const salt = decoded.slice(0, salt_len);
@@ -173,12 +173,12 @@ const decrypt = async (
       salt,
       header.i,
       algorithm,
-      bit_len
+      bit_len,
     );
     return await cryptoImpl.subtle.decrypt(
       { name: algorithm, iv },
       key,
-      encrypted
+      encrypted,
     );
   }
 };
@@ -186,7 +186,7 @@ const decrypt = async (
 async function decryptSecretWithNodePassword(
   cipher: string,
   encryptedSecret: string,
-  nodePassword: string
+  nodePassword: string,
 ): Promise<ArrayBuffer | null> {
   let decryptedValue: ArrayBuffer | null = null;
   try {
@@ -209,18 +209,18 @@ const generateSigningKeyPair = async (): Promise<GeneratedKeyPair> => {
       hash: "SHA-256",
     },
     /*extractable*/ true,
-    /*keyUsages*/ ["sign", "verify"]
+    /*keyUsages*/ ["sign", "verify"],
   );
 };
 
 const serializeSigningKey = async (
   key: CryptoKey | string,
-  format: "pkcs8" | "spki"
+  format: "pkcs8" | "spki",
 ): Promise<ArrayBuffer> => {
   const cryptoImpl = await getCrypto();
   return await cryptoImpl.subtle.exportKey(
     /*format*/ format,
-    /*key*/ key as CryptoKey
+    /*key*/ key as CryptoKey,
   );
 };
 
@@ -231,11 +231,11 @@ const getNonce = async () => {
 
 const sign = async (
   keyOrAlias: CryptoKey | string,
-  data: Uint8Array
+  data: Uint8Array,
 ): Promise<ArrayBuffer> => {
   if (typeof keyOrAlias === "string") {
     throw new LightsparkSigningException(
-      "Key alias not supported for default crypto."
+      "Key alias not supported for default crypto.",
     );
   }
   const cryptoImpl = await getCrypto();
@@ -245,12 +245,12 @@ const sign = async (
       saltLength: 32,
     },
     keyOrAlias as CryptoKey,
-    data
+    data,
   );
 };
 
 const importPrivateSigningKey = async (
-  keyData: Uint8Array
+  keyData: Uint8Array,
 ): Promise<CryptoKey | string> => {
   const cryptoImpl = await getCrypto();
   return await cryptoImpl.subtle.importKey(
@@ -261,7 +261,7 @@ const importPrivateSigningKey = async (
       hash: "SHA-256",
     },
     /*extractable*/ true,
-    /*keyUsages*/ ["sign"]
+    /*keyUsages*/ ["sign"],
   );
 };
 

package/src/crypto/index.ts

@@ -4,3 +4,5 @@ export * from "./crypto.js";
 export * from "./KeyOrAlias.js";
 export { default as LightsparkSigningException } from "./LightsparkSigningException.js";
 export { default as NodeKeyCache } from "./NodeKeyCache.js";
+export * from "./SigningKey.js";
+export * from "./types.js";

package/src/crypto/types.ts

@@ -0,0 +1,4 @@
+export enum SigningKeyType {
+  RSASigningKey = "RSASigningKey",
+  Secp256k1SigningKey = "Secp256k1SigningKey",
+}

package/src/requester/Requester.ts

@@ -33,7 +33,7 @@ class Requester {
     private readonly sdkUserAgent: string,
     private readonly authProvider: AuthProvider = new StubAuthProvider(),
     private readonly baseUrl: string = DEFAULT_BASE_URL,
-    private readonly cryptoImpl: CryptoInterface = DefaultCrypto
+    private readonly cryptoImpl: CryptoInterface = DefaultCrypto,
   ) {
     let websocketImpl;
     if (typeof WebSocket === "undefined" && typeof window === "undefined") {
@@ -58,14 +58,14 @@ class Requester {
       query.queryPayload,
       query.variables || {},
       query.signingNodeId,
-      !!query.skipAuth
+      !!query.skipAuth,
     );
     return query.constructObject(data);
   }
 
   public subscribe<T>(
     queryPayload: string,
-    variables: { [key: string]: unknown } = {}
+    variables: { [key: string]: unknown } = {},
   ) {
     const operationNameRegex = /^\s*(query|mutation|subscription)\s+(\w+)/i;
     const operationMatch = queryPayload.match(operationNameRegex);
@@ -76,7 +76,7 @@ class Requester {
     if (operationType == "mutation") {
       throw new LightsparkException(
         "InvalidQuery",
-        "Mutation queries should call makeRawRequest instead"
+        "Mutation queries should call makeRawRequest instead",
       );
     }
     // Undefined variables need to be null instead.
@@ -97,7 +97,7 @@ class Requester {
         next: (data) => observer.next(data as { data: T }),
         error: (err) => observer.error(err),
         complete: () => observer.complete(),
-      })
+      }),
     );
   }
 
@@ -105,7 +105,7 @@ class Requester {
     queryPayload: string,
     variables: { [key: string]: unknown } = {},
     signingNodeId: string | undefined = undefined,
-    skipAuth: boolean = false
+    skipAuth: boolean = false,
     /* eslint-disable-next-line @typescript-eslint/no-explicit-any -- LIG-3400 */
   ): Promise<any | null> {
     const operationNameRegex = /^\s*(query|mutation|subscription)\s+(\w+)/i;
@@ -117,7 +117,7 @@ class Requester {
     if (operationType == "subscription") {
       throw new LightsparkException(
         "InvalidQuery",
-        "Subscription queries should call subscribe instead"
+        "Subscription queries should call subscribe instead",
       );
     }
     // Undefined variables need to be null instead.
@@ -147,7 +147,7 @@ class Requester {
     bodyData = await this.addSigningDataIfNeeded(
       bodyData,
       headers,
-      signingNodeId
+      signingNodeId,
     );
 
     let urlWithProtocol = this.baseUrl;
@@ -165,7 +165,7 @@ class Requester {
     if (!response.ok) {
       throw new LightsparkException(
         "RequestFailed",
-        `Request ${operation} failed. ${response.statusText}`
+        `Request ${operation} failed. ${response.statusText}`,
       );
     }
     const responseJson = await response.json();
@@ -173,7 +173,7 @@ class Requester {
     if (!data) {
       throw new LightsparkException(
         "RequestFailed",
-        `Request ${operation} failed. ${JSON.stringify(responseJson.errors)}`
+        `Request ${operation} failed. ${JSON.stringify(responseJson.errors)}`,
       );
     }
     return data;
@@ -192,7 +192,7 @@ class Requester {
   private async addSigningDataIfNeeded(
     queryPayload: { query: string; variables: unknown; operationName: string },
     headers: { [key: string]: string },
-    signingNodeId: string | undefined
+    signingNodeId: string | undefined,
     /* eslint-disable-next-line @typescript-eslint/no-explicit-any -- LIG-3400 */
   ): Promise<any> {
     if (!signingNodeId) {
@@ -217,7 +217,7 @@ class Requester {
     const key = await this.nodeKeyCache.getKey(signingNodeId);
     if (!key) {
       throw new LightsparkSigningException(
-        "Missing node of encrypted_signing_private_key"
+        "Missing node of encrypted_signing_private_key",
       );
     }
 
@@ -226,11 +226,12 @@ class Requester {
       TextEncoderImpl = (await import("text-encoding")).TextEncoder;
     }
     const encodedPayload = new TextEncoderImpl().encode(
-      JSON.stringify(payload)
+      JSON.stringify(payload),
     );
-    const signedPayload = await this.cryptoImpl.sign(key, encodedPayload);
-    const encodedSignedPayload = b64encode(signedPayload);
 
+    const signedPayload = await key.sign(encodedPayload);
+
+    const encodedSignedPayload = b64encode(signedPayload);
     headers["X-Lightspark-Signing"] = JSON.stringify({
       v: "1",
       signature: encodedSignedPayload,

package/src/utils/base64.ts

@@ -16,7 +16,7 @@ const Base64 = {
 
       if (charCode > 0xff) {
         throw new Error(
-          "'btoa' failed: The string to be encoded contains characters outside of the Latin1 range."
+          "'btoa' failed: The string to be encoded contains characters outside of the Latin1 range.",
         );
       }
 
@@ -32,7 +32,7 @@ const Base64 = {
 
     if (str.length % 4 == 1) {
       throw new Error(
-        "'atob' failed: The string to be decoded is not correctly encoded."
+        "'atob' failed: The string to be decoded is not correctly encoded.",
       );
     }
     for (
@@ -59,6 +59,6 @@ export const urlsafe_b64decode = (encoded: string): Uint8Array => {
 
 export const b64encode = (data: ArrayBuffer): string => {
   return Base64.btoa(
-    String.fromCharCode.apply(null, Array.from(new Uint8Array(data)))
+    String.fromCharCode.apply(null, Array.from(new Uint8Array(data))),
   );
 };

package/src/utils/createHash.ts

@@ -0,0 +1,12 @@
+import { isBrowser } from "./environment.js";
+
+export const createSha256Hash = async (
+  data: Uint8Array,
+): Promise<Uint8Array> => {
+  if (isBrowser) {
+    return new Uint8Array(await window.crypto.subtle.digest("SHA-256", data));
+  } else {
+    const { createHash } = await import("crypto");
+    return createHash("sha256").update(data).digest();
+  }
+};

package/src/utils/currency.ts

@@ -101,7 +101,7 @@ const CONVERSION_MAP = {
 
 export const convertCurrencyAmount = (
   from: CurrencyAmount,
-  toUnit: CurrencyUnit
+  toUnit: CurrencyUnit,
 ): CurrencyAmount => {
   if (
     from.originalUnit === CurrencyUnit.FUTURE_VALUE ||
@@ -116,7 +116,7 @@ export const convertCurrencyAmount = (
   if (!conversionFn) {
     throw new LightsparkException(
       "CurrencyError",
-      `Cannot convert from ${from.originalUnit} to ${toUnit}`
+      `Cannot convert from ${from.originalUnit} to ${toUnit}`,
     );
   }
   return {

package/src/utils/hex.ts

@@ -0,0 +1,15 @@
+export const bytesToHex = (bytes: Uint8Array): string => {
+  return bytes.reduce((acc: string, byte: number) => {
+    return (acc += ("0" + byte.toString(16)).slice(-2));
+  }, "");
+};
+
+export const hexToBytes = (hex: string): Uint8Array => {
+  const bytes: number[] = [];
+
+  for (let c = 0; c < hex.length; c += 2) {
+    bytes.push(parseInt(hex.substr(c, 2), 16));
+  }
+
+  return Uint8Array.from(bytes);
+};

package/src/utils/index.ts

@@ -1,6 +1,8 @@
 // Copyright ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
 
 export * from "./base64.js";
+export * from "./createHash.js";
 export * from "./currency.js";
 export * from "./environment.js";
+export * from "./hex.js";
 export * from "./types.js";

package/src/utils/types.ts

@@ -17,7 +17,7 @@ export type OmitTypename<T> = Omit<T, "__typename">;
 export const isType =
   <T extends string>(typename: T) =>
   <N extends { __typename: string }>(
-    node: N | undefined | null
+    node: N | undefined | null,
   ): node is Extract<N, { __typename: T }> => {
     return node?.__typename === typename;
   };