@motebit/crypto-appattest 1.0.0 → 1.0.1

package/README.md

@@ -36,10 +36,11 @@ A verifier that dynamically fetches CA certificates has no sovereign story. The
 ## Related
 
 - [`@motebit/crypto`](https://www.npmjs.com/package/@motebit/crypto) — dispatcher (pure permissive-floor; zero deps)
-- [`@motebit/crypto-play-integrity`](https://www.npmjs.com/package/@motebit/crypto-play-integrity) — Android sibling
+- [`@motebit/crypto-android-keystore`](https://www.npmjs.com/package/@motebit/crypto-android-keystore) — Android sibling (canonical sovereign-verifiable Android primitive)
 - [`@motebit/crypto-tpm`](https://www.npmjs.com/package/@motebit/crypto-tpm) — TPM 2.0 sibling
 - [`@motebit/crypto-webauthn`](https://www.npmjs.com/package/@motebit/crypto-webauthn) — browser sibling
-- [`@motebit/verify`](https://www.npmjs.com/package/@motebit/verify) — canonical CLI bundling all four leaves with motebit defaults
+- [`@motebit/crypto-play-integrity`](https://www.npmjs.com/package/@motebit/crypto-play-integrity) — _(deprecated — see `crypto-android-keystore`)_
+- [`@motebit/verify`](https://www.npmjs.com/package/@motebit/verify) — canonical CLI bundling the platform leaves with motebit defaults
 
 ## License
 

package/dist/apple-root.d.ts

@@ -25,9 +25,16 @@
  * Apple App Attestation Root CA — the single pinned anchor this package
  * chains App Attest leaves to.
  *
- * Byte-for-byte match of Apple's published certificate. Canonical
- * fingerprint (SHA-256): `bf eb 88 ce 0c 59 eb b8 9e b1 9f ab 8d 8f 6d
- * 2b 6e 83 87 27 4e 71 83 9a 2c a7 9d 43 37 1d 7f d6`.
+ *   Source:     https://www.apple.com/certificateauthority/Apple_App_Attestation_Root_CA.pem
+ *   Subject:    CN=Apple App Attestation Root CA, O=Apple Inc., ST=California
+ *   SHA-256:    1cb9823ba28ba6ad2d33a006941de2ae4f513ef1d4e831b9f7e0fa7b6242c932
+ *   Public key: ECDSA P-384
+ *   Validity:   2020-03-18 → 2045-03-15
+ *
+ * Byte-for-byte match of Apple's published certificate. The fingerprint
+ * is the audit anchor — a third party that fetches the same Apple URL
+ * and computes its own SHA-256 should reach the byte-identical value
+ * above. Drift caught by `__tests__/apple-root.test.ts`.
  */
 export declare const APPLE_APPATTEST_ROOT_PEM = "-----BEGIN CERTIFICATE-----\nMIICITCCAaegAwIBAgIQC/O+DvHN0uD7jG5yH2IXmDAKBggqhkjOPQQDAzBSMSYw\nJAYDVQQDDB1BcHBsZSBBcHAgQXR0ZXN0YXRpb24gUm9vdCBDQTETMBEGA1UECgwK\nQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTAeFw0yMDAzMTgxODMyNTNa\nFw00NTAzMTUwMDAwMDBaMFIxJjAkBgNVBAMMHUFwcGxlIEFwcCBBdHRlc3RhdGlv\nbiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9y\nbmlhMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAERTHhmLW07ATaFQIEVwTtT4dyctdh\nNbJhFs/Ii2FdCgAHGbpphY3+d8qjuDngIN3WVhQUBHAoMeQ/cLiP1sOUtgjqK9au\nYen1mMEvRq9Sk3Jm5X8U62H+xTD3FE9TgS41o0IwQDAPBgNVHRMBAf8EBTADAQH/\nMB0GA1UdDgQWBBSskRBTM72+aEH/pwyp5frq5eWKoTAOBgNVHQ8BAf8EBAMCAQYw\nCgYIKoZIzj0EAwMDaAAwZQIwQgFGnByvsiVbpTKwSga0kP0e8EeDS4+sQmTvb7vn\n53O5+FRXgeLhpJ06ysC5PrOyAjEAp5U4xDgEgllF7En3VcE3iexZZtKeYnpqtijV\noyFraWVIyd/dganmrduC1bmTBGwD\n-----END CERTIFICATE-----\n";
 /**

package/dist/apple-root.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"apple-root.d.ts","sourceRoot":"","sources":["../src/apple-root.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,wBAAwB,izBAcpC,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,mBAAmB,oBAAoB,CAAC"}
+{"version":3,"file":"apple-root.d.ts","sourceRoot":"","sources":["../src/apple-root.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,wBAAwB,izBAcpC,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,mBAAmB,oBAAoB,CAAC"}

package/dist/apple-root.js

@@ -25,9 +25,16 @@
  * Apple App Attestation Root CA — the single pinned anchor this package
  * chains App Attest leaves to.
  *
- * Byte-for-byte match of Apple's published certificate. Canonical
- * fingerprint (SHA-256): `bf eb 88 ce 0c 59 eb b8 9e b1 9f ab 8d 8f 6d
- * 2b 6e 83 87 27 4e 71 83 9a 2c a7 9d 43 37 1d 7f d6`.
+ *   Source:     https://www.apple.com/certificateauthority/Apple_App_Attestation_Root_CA.pem
+ *   Subject:    CN=Apple App Attestation Root CA, O=Apple Inc., ST=California
+ *   SHA-256:    1cb9823ba28ba6ad2d33a006941de2ae4f513ef1d4e831b9f7e0fa7b6242c932
+ *   Public key: ECDSA P-384
+ *   Validity:   2020-03-18 → 2045-03-15
+ *
+ * Byte-for-byte match of Apple's published certificate. The fingerprint
+ * is the audit anchor — a third party that fetches the same Apple URL
+ * and computes its own SHA-256 should reach the byte-identical value
+ * above. Drift caught by `__tests__/apple-root.test.ts`.
  */
 export const APPLE_APPATTEST_ROOT_PEM = `-----BEGIN CERTIFICATE-----
 MIICITCCAaegAwIBAgIQC/O+DvHN0uD7jG5yH2IXmDAKBggqhkjOPQQDAzBSMSYw

package/dist/apple-root.js.map

@@ -1 +1 @@
-{"version":3,"file":"apple-root.js","sourceRoot":"","sources":["../src/apple-root.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;;;;;;;;;;;;;;CAcvC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,iBAAiB,CAAC"}
+{"version":3,"file":"apple-root.js","sourceRoot":"","sources":["../src/apple-root.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;;;;;;;;;;;;;;CAcvC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,iBAAiB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@motebit/crypto-appattest",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Apache-2.0 verifier for Apple App Attest hardware-attestation credentials — offline chain verification against the pinned Apple App Attest root CA. Plugs into @motebit/crypto's HardwareAttestationVerifiers dispatcher to validate iOS device-attested motebit identities.",
   "type": "module",
   "main": "./dist/index.js",
@@ -54,8 +54,8 @@
   "dependencies": {
     "@peculiar/x509": "^1.12.0",
     "cbor2": "^1.9.0",
-    "@motebit/protocol": "1.0.0",
-    "@motebit/crypto": "1.0.0"
+    "@motebit/protocol": "1.1.0",
+    "@motebit/crypto": "1.1.0"
   },
   "devDependencies": {
     "@noble/curves": "~1.9.0",