@lindorm/okp 0.2.5 → 0.2.7

package/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [0.2.7](https://github.com/lindorm-io/monorepo/compare/@lindorm/okp@0.2.6...@lindorm/okp@0.2.7) (2026-03-13)
+
+**Note:** Version bump only for package @lindorm/okp
+
+## [0.2.6](https://github.com/lindorm-io/monorepo/compare/@lindorm/okp@0.2.5...@lindorm/okp@0.2.6) (2026-02-17)
+
+### Bug Fixes
+
+- **ec,oct,okp,rsa:** harden signing kits with validation and security fixes ([910f016](https://github.com/lindorm-io/monorepo/commit/910f01669aefcb4e6eb69c0297291fe2404232f8))
+
 ## [0.2.5](https://github.com/lindorm-io/monorepo/compare/@lindorm/okp@0.2.4...@lindorm/okp@0.2.5) (2025-09-18)
 
 **Note:** Version bump only for package @lindorm/okp

package/README.md

@@ -1,94 +1,77 @@
 # @lindorm/okp
 
-Simple **EdDSA / OKP (Octet-Key Pair) signing kit** built on top of Node’s `crypto` module and the
-[`@lindorm/kryptos`](../kryptos) key utilities.  The kit exposes a small `OkpKit` class which
-implements the generic `IKeyKit` contract used throughout the Lindorm cryptography packages.
-
----
+EdDSA signature kit built on Node's `crypto` module and [`@lindorm/kryptos`](../kryptos). Provides an `OkpKit` class that implements the `IKeyKit` contract used across the Lindorm cryptography packages.
 
 ## Installation
 
 ```bash
 npm install @lindorm/okp
-# or
-yarn add @lindorm/okp
 ```
 
-You will also need a compatible key instance:
-
-```ts
-import { KryptosKit } from '@lindorm/kryptos';
-
-const ED25519 = KryptosKit.generate.okp({ alg: 'Ed25519', use: 'sig' });
-```
-
----
-
-## Example
-
-```ts
-import { OkpKit } from '@lindorm/okp';
-import { randomBytes } from 'node:crypto';
+## Quick Start
 
-const kit = new OkpKit({ kryptos: ED25519, encoding: 'base64url' });
+```typescript
+import { OkpKit } from "@lindorm/okp";
+import { KryptosKit } from "@lindorm/kryptos";
 
-const data = randomBytes(32);
+const kryptos = KryptosKit.generate.sig.okp({ algorithm: "EdDSA", curve: "Ed25519" });
+const kit = new OkpKit({ kryptos });
 
-// Sign → Buffer
-const signature = kit.sign(data);
+// Sign
+const signature = kit.sign("hello world");
 
 // Verify
-if (kit.verify(data, signature)) {
-  console.log('✔️  valid');
-}
+kit.verify("hello world", signature); // true
 
-// Throw when invalid
-kit.assert(data, signature);
+// Assert (throws OkpError if invalid)
+kit.assert("hello world", signature);
 
-// Convert Buffer → string
-const asString = kit.format(signature);
+// Format Buffer to string
+kit.format(signature); // base64 string
 ```
 
-### DSA encoding
-
-`OkpKit` defaults to DER encoding (`dsa: 'der'`) but you can switch to IETF-style `ieee-p1363` if
-required:
+## Constructor Options
 
-```ts
-const kit = new OkpKit({ kryptos: ED25519, dsa: 'ieee-p1363' });
+```typescript
+new OkpKit({
+  kryptos, // IKryptos — must be an OKP key with a signing curve
+  dsa: "der", // DsaEncoding — "der" | "ieee-p1363" (default: "der")
+  encoding: "base64", // BufferEncoding — output encoding (default: "base64")
+});
 ```
 
----
+The constructor validates that the key is an OKP type with a supported signing curve (Ed25519, Ed448). Encryption curves (X25519, X448) are rejected with an `OkpError`.
 
 ## API
 
-```ts
+```typescript
 class OkpKit implements IKeyKit {
-  constructor(options: {
-    kryptos: IKryptosOkp;
-    dsa?: DsaEncoding;          // 'der' | 'ieee-p1363' (default 'der')
-    encoding?: BufferEncoding;  // default 'base64'
-  });
-
   sign(data: KeyData): Buffer;
   verify(data: KeyData, signature: KeyData): boolean;
-  assert(data: KeyData, signature: KeyData): void; // throws OkpError on mismatch
-  format(data: Buffer): string;                     // encode Buffer → string
+  assert(data: KeyData, signature: KeyData): void; // throws OkpError
+  format(data: Buffer): string;
 }
 ```
 
-`KeyData` can be `Buffer`, `string` or `Uint8Array`.
+`KeyData` is `Buffer | string`.
 
----
+## Supported Curves
 
-## TypeScript
+| Curve   | Algorithm | Use     |
+| ------- | --------- | ------- |
+| Ed25519 | EdDSA     | Signing |
+| Ed448   | EdDSA     | Signing |
 
-The package is written in TypeScript and ships with declaration files.  Runtime dependencies are
-limited to **Node.js built-ins** and other Lindorm utilities.
+X25519 and X448 are encryption curves and are not supported by `OkpKit`. Use the [`@lindorm/aes`](../aes) package for encryption with OKP keys.
 
----
+## Error Handling
 
-## License
+All errors are `OkpError` instances:
 
-AGPL-3.0-or-later – see the root [`LICENSE`](../../LICENSE).
+```typescript
+import { OkpError } from "@lindorm/okp";
+```
+
+## License
 
+AGPL-3.0-or-later

package/dist/classes/OkpKit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"OkpKit.d.ts","sourceRoot":"","sources":["../../src/classes/OkpKit.ts"],"names":[],"mappings":"AACA,OAAO,EAAe,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAE/D,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAOzC,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAc;IAClC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;gBAEnB,OAAO,EAAE,aAAa;IAWlC,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM;IAQ3B,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,GAAG,OAAO;IAUlD,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,GAAG,IAAI;IAU/C,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;CAGpC"}
+{"version":3,"file":"OkpKit.d.ts","sourceRoot":"","sources":["../../src/classes/OkpKit.ts"],"names":[],"mappings":"AACA,OAAO,EAAe,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAE/D,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAOzC,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAc;IAClC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;gBAEnB,OAAO,EAAE,aAAa;IAelC,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM;IAQ3B,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,GAAG,OAAO;IAUlD,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,GAAG,IAAI;IAU/C,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;CAGpC"}

package/dist/classes/OkpKit.js

@@ -14,6 +14,9 @@ class OkpKit {
         if (!kryptos_1.KryptosKit.isOkp(options.kryptos)) {
             throw new errors_1.OkpError("Invalid Kryptos instance");
         }
+        if (!kryptos_1.OKP_SIG_CURVES.includes(options.kryptos.curve)) {
+            throw new errors_1.OkpError("OkpKit only supports signing curves (Ed25519, Ed448)");
+        }
         this.kryptos = options.kryptos;
     }
     sign(data) {

package/dist/classes/OkpKit.js.map

@@ -1 +1 @@
-{"version":3,"file":"OkpKit.js","sourceRoot":"","sources":["../../src/classes/OkpKit.ts"],"names":[],"mappings":";;;AAAA,8CAA2D;AAE3D,sCAAqC;AAErC,8CAI0B;AAE1B,MAAa,MAAM;IACA,GAAG,CAAc;IACjB,QAAQ,CAAiB;IACzB,OAAO,CAAc;IAEtC,YAAmB,OAAsB;QACvC,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC;QAChC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,QAAQ,CAAC;QAE7C,IAAI,CAAC,oBAAU,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,iBAAQ,CAAC,0BAA0B,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACjC,CAAC;IAEM,IAAI,CAAC,IAAa;QACvB,OAAO,IAAA,4BAAkB,EAAC;YACxB,IAAI;YACJ,WAAW,EAAE,IAAI,CAAC,GAAG;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,IAAa,EAAE,SAAkB;QAC7C,OAAO,IAAA,4BAAkB,EAAC;YACxB,IAAI;YACJ,WAAW,EAAE,IAAI,CAAC,GAAG;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,IAAa,EAAE,SAAkB;QAC7C,OAAO,IAAA,4BAAkB,EAAC;YACxB,IAAI;YACJ,WAAW,EAAE,IAAI,CAAC,GAAG;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,IAAY;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;CACF;AA/CD,wBA+CC"}
+{"version":3,"file":"OkpKit.js","sourceRoot":"","sources":["../../src/classes/OkpKit.ts"],"names":[],"mappings":";;;AAAA,8CAAwF;AAExF,sCAAqC;AAErC,8CAI0B;AAE1B,MAAa,MAAM;IACA,GAAG,CAAc;IACjB,QAAQ,CAAiB;IACzB,OAAO,CAAc;IAEtC,YAAmB,OAAsB;QACvC,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC;QAChC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,QAAQ,CAAC;QAE7C,IAAI,CAAC,oBAAU,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,iBAAQ,CAAC,0BAA0B,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,CAAC,wBAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,KAAoB,CAAC,EAAE,CAAC;YACnE,MAAM,IAAI,iBAAQ,CAAC,sDAAsD,CAAC,CAAC;QAC7E,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACjC,CAAC;IAEM,IAAI,CAAC,IAAa;QACvB,OAAO,IAAA,4BAAkB,EAAC;YACxB,IAAI;YACJ,WAAW,EAAE,IAAI,CAAC,GAAG;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,IAAa,EAAE,SAAkB;QAC7C,OAAO,IAAA,4BAAkB,EAAC;YACxB,IAAI;YACJ,WAAW,EAAE,IAAI,CAAC,GAAG;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,IAAa,EAAE,SAAkB;QAC7C,OAAO,IAAA,4BAAkB,EAAC;YACxB,IAAI;YACJ,WAAW,EAAE,IAAI,CAAC,GAAG;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,IAAY;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;CACF;AAnDD,wBAmDC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lindorm/okp",
-  "version": "0.2.5",
+  "version": "0.2.7",
   "license": "AGPL-3.0-or-later",
   "author": "Jonn Nilsson",
   "repository": {
@@ -16,25 +16,23 @@
   "scripts": {
     "build": "rimraf dist && tsc -b ./tsconfig.build.json",
     "example": "ts-node example",
-    "integration": "compd --file docker-compose.yml jest --config jest.config.integration.js --watch",
-    "integration:focus": "compd --file docker-compose.yml jest --config jest.config.integration.js --watch $1",
     "prettier": "prettier --write ./src/*",
-    "test": "jest --watch --",
-    "test:ci": "npm run test:unit",
-    "test:integration": "jest --config jest.config.integration.js --",
-    "test:unit": "jest --config jest.config.js --",
-    "typecheck": "tsc --watch",
-    "typecheck:ci": "tsc",
+    "test": "jest --",
+    "test:ci": "jest",
+    "test:watch": "jest --watch --",
+    "typecheck": "tsc",
+    "typecheck:watch": "tsc --watch",
     "update": "ncu -i",
-    "update:auto": "ncu -u"
+    "update:auto": "ncu -u",
+    "verify": "npm run typecheck; npm run build; npm test"
   },
   "dependencies": {
-    "@lindorm/errors": "^0.1.12",
-    "@lindorm/is": "^0.1.11",
-    "@lindorm/kryptos": "^0.4.5"
+    "@lindorm/errors": "^0.1.14",
+    "@lindorm/is": "^0.1.13",
+    "@lindorm/kryptos": "^0.5.1"
   },
   "devDependencies": {
-    "@lindorm/types": "^0.3.3"
+    "@lindorm/types": "^0.4.0"
   },
-  "gitHead": "3302fa2c4d75f2832959018d9e089d11af4a35fc"
+  "gitHead": "e9f119d722596c1980328d88e588db4ab49dd04b"
 }