@majikah/majik-signature 0.0.3 → 0.0.5

package/dist/core/embed/majik-embed.d.ts

@@ -63,7 +63,7 @@ export declare class MajikSignatureEmbed {
      */
     static verify(file: Blob, publicKeys: MajikSignerPublicKeys, MajikSig: MajikSignatureStaticAdapter, options?: ExtractOptions & {
         expectedSignerId?: string;
-    }): Promise<EmbedVerifyResult>;
+    }, debug?: boolean): Promise<EmbedVerifyResult>;
     /**
      * Verify using a MajikKey instance instead of raw public keys.
      * Called from MajikSignature.verifyFile() — MajikSig passed to avoid
@@ -71,7 +71,7 @@ export declare class MajikSignatureEmbed {
      */
     static verifyWithKey(file: Blob, key: MajikKey, MajikSig: MajikSignatureStaticAdapter, options?: ExtractOptions & {
         expectedSignerId?: string;
-    }): Promise<EmbedVerifyResult>;
+    }, debug?: boolean): Promise<EmbedVerifyResult>;
     /**
      * Return a clean copy of the file with any embedded signature removed.
      */

package/dist/core/embed/majik-embed.js

@@ -28,6 +28,7 @@ import { MkvHandler } from "./handlers/mkv";
 import { OfficeHandler } from "./handlers/office";
 import { TextHandler } from "./handlers/text";
 import { FallbackHandler } from "./fallback";
+import { bytesToBase64, hashContent } from "../hash";
 // ─── Registry ─────────────────────────────────────────────────────────────────
 const DEFAULT_REGISTRY = new FormatHandlerRegistry()
     .register(new PdfHandler())
@@ -105,12 +106,14 @@ export class MajikSignatureEmbed {
      * Requires the MajikSignature static class passed in as `MajikSig` to
      * avoid a circular import. Called from MajikSignature.verifyFile().
      */
-    static async verify(file, publicKeys, MajikSig, options) {
+    static async verify(file, publicKeys, MajikSig, options, debug = false) {
         const bytes = await blobToBytes(file);
         const mimeType = options?.mimeType ?? detectMimeType(bytes, file.type);
         const handler = DEFAULT_REGISTRY.resolve(bytes, mimeType);
         const signatureJson = await handler.extract(bytes);
         if (!signatureJson) {
+            if (debug)
+                console.error("No embedded signature found");
             return {
                 valid: false,
                 reason: "No embedded signature found",
@@ -129,6 +132,12 @@ export class MajikSignatureEmbed {
             };
         }
         const originalBytes = await handler.strip(bytes);
+        if (debug) {
+            const recomputedHash = bytesToBase64(hashContent(originalBytes));
+            console.log("Verify-side hash:", recomputedHash);
+            console.log("Embedded hash:  ", parsedSig.contentHash);
+            console.log("match:", recomputedHash === parsedSig.contentHash);
+        }
         if (options?.expectedSignerId &&
             parsedSig.signerId !== options.expectedSignerId) {
             return {
@@ -146,9 +155,9 @@ export class MajikSignatureEmbed {
      * Called from MajikSignature.verifyFile() — MajikSig passed to avoid
      * circular import.
      */
-    static async verifyWithKey(file, key, MajikSig, options) {
+    static async verifyWithKey(file, key, MajikSig, options, debug = false) {
         const publicKeys = MajikSig.publicKeysFromMajikKey(key);
-        return MajikSignatureEmbed.verify(file, publicKeys, MajikSig, options);
+        return MajikSignatureEmbed.verify(file, publicKeys, MajikSig, options, debug);
     }
     /**
      * Return a clean copy of the file with any embedded signature removed.

package/dist/majik-signature.d.ts

@@ -142,7 +142,7 @@ export declare class MajikSignature {
     static verifyFile(file: Blob, keyOrPublicKeys: MajikKey | MajikSignerPublicKeys, options?: {
         expectedSignerId?: string;
         mimeType?: string;
-    }): Promise<VerificationResult & {
+    }, debug?: boolean): Promise<VerificationResult & {
         handler?: string;
     }>;
     /**

package/dist/majik-signature.js

@@ -410,13 +410,17 @@ export class MajikSignature {
      *   const result = await MajikSignature.verifyFile(signedBlob, key);
      *   if (result.valid) console.log("Signed by", result.signerId);
      */
-    static async verifyFile(file, keyOrPublicKeys, options) {
+    static async verifyFile(file, keyOrPublicKeys, options, debug = false) {
         if (MajikSignature._isMajikKey(keyOrPublicKeys)) {
+            if (debug)
+                console.log("Verifying with MajikKey");
             return MajikSignatureEmbed.verifyWithKey(file, keyOrPublicKeys, MajikSignature, // ← adapter
-            options);
+            options, debug);
         }
+        if (debug)
+            console.log("Verifying with public keys");
         return MajikSignatureEmbed.verify(file, keyOrPublicKeys, MajikSignature, // ← adapter
-        options);
+        options, debug);
     }
     /**
      * Embed this MajikSignature instance into a file.

package/package.json

@@ -2,7 +2,7 @@
   "name": "@majikah/majik-signature",
   "type": "module",
   "description": "Majik Signature is a hybrid post-quantum content signing and verification library for the Majikah ecosystem. Built on top of Majik Key, it provides tamper-proof, forgery-resistant digital signatures for any content format — using a dual-algorithm architecture that combines classical Ed25519 with post-quantum ML-DSA-87 (FIPS-204).",
-  "version": "0.0.3",
+  "version": "0.0.5",
   "license": "Apache-2.0",
   "author": "Zelijah",
   "main": "./dist/index.js",