@mysten/seal 0.1.0 → 0.3.0

package/dist/cjs/aes.js

@@ -1,111 +0,0 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var aes_exports = {};
-__export(aes_exports, {
-  AesGcm256: () => AesGcm256,
-  Plain: () => Plain,
-  iv: () => iv
-});
-module.exports = __toCommonJS(aes_exports);
-const iv = Uint8Array.from([
-  138,
-  55,
-  153,
-  253,
-  198,
-  46,
-  121,
-  219,
-  160,
-  128,
-  89,
-  7,
-  214,
-  156,
-  148,
-  220
-]);
-async function generateAesKey() {
-  const key = await crypto.subtle.generateKey(
-    {
-      name: "AES-GCM",
-      length: 256
-    },
-    true,
-    ["encrypt", "decrypt"]
-  );
-  return await crypto.subtle.exportKey("raw", key).then((keyData) => new Uint8Array(keyData));
-}
-class AesGcm256 {
-  constructor(msg, aad) {
-    this.plaintext = new Uint8Array(msg);
-    this.aad = aad;
-  }
-  generateKey() {
-    return generateAesKey();
-  }
-  async encrypt(key) {
-    const aesCryptoKey = await crypto.subtle.importKey("raw", key, "AES-GCM", false, ["encrypt"]);
-    const blob = new Uint8Array(
-      await crypto.subtle.encrypt(
-        {
-          name: "AES-GCM",
-          iv,
-          additionalData: this.aad
-        },
-        aesCryptoKey,
-        this.plaintext
-      )
-    );
-    return {
-      Aes256Gcm: {
-        blob,
-        aad: this.aad ?? []
-      }
-    };
-  }
-  static async decrypt(key, ciphertext) {
-    if (!("Aes256Gcm" in ciphertext)) {
-      throw new Error("Invalid ciphertext");
-    }
-    const aesCryptoKey = await crypto.subtle.importKey("raw", key, "AES-GCM", false, ["decrypt"]);
-    return new Uint8Array(
-      await crypto.subtle.decrypt(
-        {
-          name: "AES-GCM",
-          iv,
-          additionalData: new Uint8Array(ciphertext.Aes256Gcm.aad ?? [])
-        },
-        aesCryptoKey,
-        new Uint8Array(ciphertext.Aes256Gcm.blob)
-      )
-    );
-  }
-}
-class Plain {
-  async encrypt(_key) {
-    return {
-      Plain: {}
-    };
-  }
-  generateKey() {
-    return generateAesKey();
-  }
-}
-//# sourceMappingURL=aes.js.map

package/dist/cjs/aes.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../src/aes.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { CiphertextType } from './types.js';\n\n// Use a fixed IV for AES.\nexport const iv = Uint8Array.from([\n\t138, 55, 153, 253, 198, 46, 121, 219, 160, 128, 89, 7, 214, 156, 148, 220,\n]);\n\nasync function generateAesKey(): Promise<Uint8Array> {\n\tconst key = await crypto.subtle.generateKey(\n\t\t{\n\t\t\tname: 'AES-GCM',\n\t\t\tlength: 256,\n\t\t},\n\t\ttrue,\n\t\t['encrypt', 'decrypt'],\n\t);\n\treturn await crypto.subtle.exportKey('raw', key).then((keyData) => new Uint8Array(keyData));\n}\n\nexport interface EncryptionInput {\n\tencrypt(key: Uint8Array): Promise<CiphertextType>;\n\tgenerateKey(): Promise<Uint8Array>;\n}\n\nexport class AesGcm256 implements EncryptionInput {\n\treadonly plaintext: Uint8Array;\n\treadonly aad: Uint8Array;\n\n\tconstructor(msg: Uint8Array, aad: Uint8Array) {\n\t\tthis.plaintext = new Uint8Array(msg);\n\t\tthis.aad = aad;\n\t}\n\n\tgenerateKey(): Promise<Uint8Array> {\n\t\treturn generateAesKey();\n\t}\n\n\tasync encrypt(key: Uint8Array): Promise<CiphertextType> {\n\t\tconst aesCryptoKey = await crypto.subtle.importKey('raw', key, 'AES-GCM', false, ['encrypt']);\n\n\t\tconst blob = new Uint8Array(\n\t\t\tawait crypto.subtle.encrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv,\n\t\t\t\t\tadditionalData: this.aad,\n\t\t\t\t},\n\t\t\t\taesCryptoKey,\n\t\t\t\tthis.plaintext,\n\t\t\t),\n\t\t);\n\n\t\treturn {\n\t\t\tAes256Gcm: {\n\t\t\t\tblob,\n\t\t\t\taad: this.aad ?? [],\n\t\t\t},\n\t\t};\n\t}\n\n\tstatic async decrypt(key: Uint8Array, ciphertext: CiphertextType): Promise<Uint8Array> {\n\t\tif (!('Aes256Gcm' in ciphertext)) {\n\t\t\tthrow new Error('Invalid ciphertext');\n\t\t}\n\n\t\tconst aesCryptoKey = await crypto.subtle.importKey('raw', key, 'AES-GCM', false, ['decrypt']);\n\n\t\t// TODO: add test to check if aad is wrong does throw an error.\n\t\treturn new Uint8Array(\n\t\t\tawait crypto.subtle.decrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv,\n\t\t\t\t\tadditionalData: new Uint8Array(ciphertext.Aes256Gcm.aad ?? []),\n\t\t\t\t},\n\t\t\t\taesCryptoKey,\n\t\t\t\tnew Uint8Array(ciphertext.Aes256Gcm.blob),\n\t\t\t),\n\t\t);\n\t}\n}\n\nexport class Plain implements EncryptionInput {\n\tasync encrypt(_key: Uint8Array): Promise<CiphertextType> {\n\t\treturn {\n\t\t\tPlain: {},\n\t\t};\n\t}\n\n\tgenerateKey(): Promise<Uint8Array> {\n\t\treturn generateAesKey();\n\t}\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAMO,MAAM,KAAK,WAAW,KAAK;AAAA,EACjC;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAG;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AACvE,CAAC;AAED,eAAe,iBAAsC;AACpD,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC/B;AAAA,MACC,MAAM;AAAA,MACN,QAAQ;AAAA,IACT;AAAA,IACA;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,EACtB;AACA,SAAO,MAAM,OAAO,OAAO,UAAU,OAAO,GAAG,EAAE,KAAK,CAAC,YAAY,IAAI,WAAW,OAAO,CAAC;AAC3F;AAOO,MAAM,UAAqC;AAAA,EAIjD,YAAY,KAAiB,KAAiB;AAC7C,SAAK,YAAY,IAAI,WAAW,GAAG;AACnC,SAAK,MAAM;AAAA,EACZ;AAAA,EAEA,cAAmC;AAClC,WAAO,eAAe;AAAA,EACvB;AAAA,EAEA,MAAM,QAAQ,KAA0C;AACvD,UAAM,eAAe,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,WAAW,OAAO,CAAC,SAAS,CAAC;AAE5F,UAAM,OAAO,IAAI;AAAA,MAChB,MAAM,OAAO,OAAO;AAAA,QACnB;AAAA,UACC,MAAM;AAAA,UACN;AAAA,UACA,gBAAgB,KAAK;AAAA,QACtB;AAAA,QACA;AAAA,QACA,KAAK;AAAA,MACN;AAAA,IACD;AAEA,WAAO;AAAA,MACN,WAAW;AAAA,QACV;AAAA,QACA,KAAK,KAAK,OAAO,CAAC;AAAA,MACnB;AAAA,IACD;AAAA,EACD;AAAA,EAEA,aAAa,QAAQ,KAAiB,YAAiD;AACtF,QAAI,EAAE,eAAe,aAAa;AACjC,YAAM,IAAI,MAAM,oBAAoB;AAAA,IACrC;AAEA,UAAM,eAAe,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,WAAW,OAAO,CAAC,SAAS,CAAC;AAG5F,WAAO,IAAI;AAAA,MACV,MAAM,OAAO,OAAO;AAAA,QACnB;AAAA,UACC,MAAM;AAAA,UACN;AAAA,UACA,gBAAgB,IAAI,WAAW,WAAW,UAAU,OAAO,CAAC,CAAC;AAAA,QAC9D;AAAA,QACA;AAAA,QACA,IAAI,WAAW,WAAW,UAAU,IAAI;AAAA,MACzC;AAAA,IACD;AAAA,EACD;AACD;AAEO,MAAM,MAAiC;AAAA,EAC7C,MAAM,QAAQ,MAA2C;AACxD,WAAO;AAAA,MACN,OAAO,CAAC;AAAA,IACT;AAAA,EACD;AAAA,EAEA,cAAmC;AAClC,WAAO,eAAe;AAAA,EACvB;AACD;",
-  "names": []
-}

package/dist/cjs/key-store.d.ts

@@ -1,49 +0,0 @@
-import { G1Element } from './bls12381.js';
-import type { KeyServer } from './key-server.js';
-import type { SessionKey } from './session-key.js';
-import type { EncryptedObject } from './types.js';
-/**
- * A class to cache user secret keys after they have been fetched from key servers.
- */
-export declare class KeyStore {
-    private readonly keys_map;
-    constructor();
-    private createMapKey;
-    /** @internal */
-    addKey(fullId: Uint8Array, objectId: Uint8Array, key: G1Element): void;
-    /**
-     * Get a key from this KeyStore or undefined if the key is not found.
-     *
-     * @param fullId The full ID used to derive the key.
-     * @param objectId The object ID of the key server holding the key.
-     */
-    private getKey;
-    /**
-     * Check if the key store has a key for the given full ID and object ID.
-     *
-     * @param fullId The full ID used to derive the key.
-     * @param objectId The object ID of the key server holding the key.
-     */
-    private hasKey;
-    /**
-     * Look up URLs of key servers and fetch key from servers with request signature,
-     * cert and ephPk, then updates the caching keys_map.
-     */
-    fetchKeys({ keyServers, threshold: _threshold, packageId, ids, txBytes, sessionKey, }: {
-        keyServers: KeyServer[];
-        threshold: number;
-        packageId: Uint8Array;
-        ids: Uint8Array[];
-        txBytes: Uint8Array;
-        sessionKey: SessionKey;
-    }): Promise<void>;
-    /**
-     * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.
-     * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers
-     * otherwise, this will throw an error.
-     *
-     * @param encryptedObject - EncryptedObject.
-     * @returns - The decrypted plaintext corresponding to ciphertext.
-     */
-    decrypt(encryptedObject: typeof EncryptedObject.$inferType): Promise<Uint8Array>;
-}

package/dist/cjs/key-store.js

@@ -1,203 +0,0 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var key_store_exports = {};
-__export(key_store_exports, {
-  KeyStore: () => KeyStore
-});
-module.exports = __toCommonJS(key_store_exports);
-var import_bcs = require("@mysten/bcs");
-var import_shamir_secret_sharing = require("shamir-secret-sharing");
-var import_aes = require("./aes.js");
-var import_bls12381 = require("./bls12381.js");
-var import_elgamal = require("./elgamal.js");
-var import_ibe = require("./ibe.js");
-var import_key_server = require("./key-server.js");
-var import_utils = require("./utils.js");
-class KeyStore {
-  constructor() {
-    this.keys_map = /* @__PURE__ */ new Map();
-  }
-  createMapKey(fullId, objectId) {
-    return (0, import_bcs.toHex)(fullId) + ":" + (0, import_bcs.toHex)(objectId);
-  }
-  /** @internal */
-  addKey(fullId, objectId, key) {
-    this.keys_map.set(this.createMapKey(fullId, objectId), key);
-  }
-  /**
-   * Get a key from this KeyStore or undefined if the key is not found.
-   *
-   * @param fullId The full ID used to derive the key.
-   * @param objectId The object ID of the key server holding the key.
-   */
-  getKey(fullId, objectId) {
-    return this.keys_map.get(this.createMapKey(fullId, objectId));
-  }
-  /**
-   * Check if the key store has a key for the given full ID and object ID.
-   *
-   * @param fullId The full ID used to derive the key.
-   * @param objectId The object ID of the key server holding the key.
-   */
-  hasKey(fullId, objectId) {
-    return this.keys_map.has(this.createMapKey(fullId, objectId));
-  }
-  /**
-   * Look up URLs of key servers and fetch key from servers with request signature,
-   * cert and ephPk, then updates the caching keys_map.
-   */
-  async fetchKeys({
-    keyServers,
-    threshold: _threshold,
-    packageId,
-    ids,
-    txBytes,
-    sessionKey
-  }) {
-    if (ids.length !== 1) {
-      throw new Error("Only one ID is supported");
-    }
-    const fullId = (0, import_utils.createFullId)(import_ibe.DST, packageId, ids[0]);
-    const remainingKeyServers = keyServers.filter((ks) => !this.hasKey(fullId, ks.objectId));
-    if (remainingKeyServers.length === 0) {
-      return;
-    }
-    const cert = sessionKey.getCertificate();
-    const signedRequest = await sessionKey.createRequestParams(txBytes);
-    await Promise.all(
-      remainingKeyServers.map(async (server) => {
-        if (server.keyType !== import_key_server.KeyServerType.BonehFranklinBLS12381) {
-          console.warn("Server has invalid key type: " + server.keyType);
-          return;
-        }
-        const res = await fetchKey(
-          server.url,
-          signedRequest.request_signature,
-          txBytes,
-          signedRequest.decryption_key,
-          cert
-        );
-        const key = import_bls12381.G1Element.fromBytes(res.key);
-        if (!import_ibe.BonehFranklinBLS12381Services.verifyUserSecretKey(
-          key,
-          fullId,
-          import_bls12381.G2Element.fromBytes(server.pk)
-        )) {
-          console.warn("Received invalid key from key server " + server.objectId);
-          return;
-        }
-        this.addKey(fullId, server.objectId, key);
-      })
-    );
-  }
-  /**
-   * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.
-   * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers
-   * otherwise, this will throw an error.
-   *
-   * @param encryptedObject - EncryptedObject.
-   * @returns - The decrypted plaintext corresponding to ciphertext.
-   */
-  async decrypt(encryptedObject) {
-    if (!encryptedObject.encrypted_shares.BonehFranklinBLS12381) {
-      throw new Error("Encryption mode not supported");
-    }
-    const fullId = (0, import_utils.createFullId)(
-      import_ibe.DST,
-      encryptedObject.package_id,
-      new Uint8Array(encryptedObject.id)
-    );
-    const in_keystore = encryptedObject.services.map((_, i) => i).filter((i) => this.hasKey(fullId, encryptedObject.services[i][0]));
-    if (in_keystore.length < encryptedObject.threshold) {
-      throw new Error("Not enough shares. Please fetch more keys.");
-    }
-    const encryptedShares = encryptedObject.encrypted_shares.BonehFranklinBLS12381.shares;
-    if (encryptedShares.length !== encryptedObject.services.length) {
-      throw new Error("Invalid input");
-    }
-    const nonce = import_bls12381.G2Element.fromBytes(
-      encryptedObject.encrypted_shares.BonehFranklinBLS12381.encapsulation
-    );
-    const shares = in_keystore.map((i) => {
-      const [objectId, index] = encryptedObject.services[i];
-      const info = new Uint8Array([index]);
-      let share = import_ibe.BonehFranklinBLS12381Services.decrypt(
-        nonce,
-        this.getKey(fullId, objectId),
-        encryptedShares[i],
-        info
-      );
-      return { index, share };
-    });
-    const key = await combine(shares);
-    if (encryptedObject.ciphertext.Aes256Gcm) {
-      try {
-        return import_aes.AesGcm256.decrypt(key, encryptedObject.ciphertext);
-      } catch {
-        throw new Error("Decryption failed");
-      }
-    } else if (encryptedObject.ciphertext.Plain) {
-      return key;
-    } else {
-      throw new Error("Invalid encrypted object");
-    }
-  }
-}
-async function fetchKey(url, requestSig, txBytes, enc_key, certificate) {
-  const enc_key_pk = (0, import_elgamal.toPublicKey)(enc_key);
-  const enc_verification_key = (0, import_elgamal.toVerificationKey)(enc_key);
-  const body = {
-    ptb: (0, import_bcs.toBase64)(txBytes.slice(1)),
-    // removes the byte of the transaction type version
-    enc_key: (0, import_bcs.toBase64)(enc_key_pk),
-    enc_verification_key: (0, import_bcs.toBase64)(enc_verification_key),
-    request_signature: requestSig,
-    // already b64
-    certificate
-  };
-  const response = await fetch(url + "/v1/fetch_key", {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json"
-    },
-    body: JSON.stringify(body)
-  });
-  const resp = await response.json();
-  const key = (0, import_elgamal.elgamalDecrypt)(enc_key, resp.decryption_keys[0].encrypted_key.map(import_bcs.fromBase64));
-  return {
-    fullId: resp.decryption_keys[0].fullId,
-    key
-  };
-}
-async function combine(shares) {
-  if (shares.length === 0) {
-    throw new Error("Invalid input");
-  } else if (shares.length === 1) {
-    return Promise.resolve(shares[0].share);
-  }
-  return (0, import_shamir_secret_sharing.combine)(
-    shares.map(({ index, share }) => {
-      const packedShare = new Uint8Array(share.length + 1);
-      packedShare.set(share, 0);
-      packedShare[share.length] = index;
-      return packedShare;
-    })
-  );
-}
-//# sourceMappingURL=key-store.js.map

package/dist/cjs/key-store.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../src/key-store.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromBase64, toBase64, toHex } from '@mysten/bcs';\nimport { combine as externalCombine } from 'shamir-secret-sharing';\n\nimport { AesGcm256 } from './aes.js';\nimport { G1Element, G2Element } from './bls12381.js';\nimport { elgamalDecrypt, toPublicKey, toVerificationKey } from './elgamal.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport type { KeyServer } from './key-server.js';\nimport { KeyServerType } from './key-server.js';\nimport type { Certificate, SessionKey } from './session-key.js';\nimport type { EncryptedObject } from './types.js';\nimport { createFullId } from './utils.js';\n\n/**\n * A class to cache user secret keys after they have been fetched from key servers.\n */\nexport class KeyStore {\n\t// A caching map for: fullId:object_id -> partial key.\n\tprivate readonly keys_map: Map<string, G1Element>;\n\n\tconstructor() {\n\t\tthis.keys_map = new Map();\n\t}\n\n\tprivate createMapKey(fullId: Uint8Array, objectId: Uint8Array): string {\n\t\treturn toHex(fullId) + ':' + toHex(objectId);\n\t}\n\n\t/** @internal */\n\taddKey(fullId: Uint8Array, objectId: Uint8Array, key: G1Element) {\n\t\tthis.keys_map.set(this.createMapKey(fullId, objectId), key);\n\t}\n\n\t/**\n\t * Get a key from this KeyStore or undefined if the key is not found.\n\t *\n\t * @param fullId The full ID used to derive the key.\n\t * @param objectId The object ID of the key server holding the key.\n\t */\n\tprivate getKey(fullId: Uint8Array, objectId: Uint8Array): G1Element | undefined {\n\t\treturn this.keys_map.get(this.createMapKey(fullId, objectId));\n\t}\n\n\t/**\n\t * Check if the key store has a key for the given full ID and object ID.\n\t *\n\t * @param fullId The full ID used to derive the key.\n\t * @param objectId The object ID of the key server holding the key.\n\t */\n\tprivate hasKey(fullId: Uint8Array, objectId: Uint8Array): boolean {\n\t\treturn this.keys_map.has(this.createMapKey(fullId, objectId));\n\t}\n\n\t/**\n\t * Look up URLs of key servers and fetch key from servers with request signature,\n\t * cert and ephPk, then updates the caching keys_map.\n\t */\n\tasync fetchKeys({\n\t\tkeyServers,\n\t\tthreshold: _threshold,\n\t\tpackageId,\n\t\tids,\n\t\ttxBytes,\n\t\tsessionKey,\n\t}: {\n\t\tkeyServers: KeyServer[];\n\t\tthreshold: number;\n\t\tpackageId: Uint8Array;\n\t\tids: Uint8Array[];\n\t\ttxBytes: Uint8Array;\n\t\tsessionKey: SessionKey;\n\t}) {\n\t\t// TODO: support multiple ids.\n\t\tif (ids.length !== 1) {\n\t\t\tthrow new Error('Only one ID is supported');\n\t\t}\n\t\tconst fullId = createFullId(DST, packageId, ids[0]);\n\t\tconst remainingKeyServers = keyServers.filter((ks) => !this.hasKey(fullId, ks.objectId));\n\t\tif (remainingKeyServers.length === 0) {\n\t\t\treturn;\n\t\t}\n\n\t\tconst cert = sessionKey.getCertificate();\n\t\tconst signedRequest = await sessionKey.createRequestParams(txBytes);\n\n\t\t// TODO: wait for t valid keys, either from completed promises (not failures) or from the cache.\n\t\t// TODO: detect an expired session key and raise an error.\n\t\tawait Promise.all(\n\t\t\tremainingKeyServers.map(async (server) => {\n\t\t\t\tif (server.keyType !== KeyServerType.BonehFranklinBLS12381) {\n\t\t\t\t\tconsole.warn('Server has invalid key type: ' + server.keyType);\n\t\t\t\t\treturn;\n\t\t\t\t}\n\t\t\t\tconst res = await fetchKey(\n\t\t\t\t\tserver.url,\n\t\t\t\t\tsignedRequest.request_signature,\n\t\t\t\t\ttxBytes,\n\t\t\t\t\tsignedRequest.decryption_key,\n\t\t\t\t\tcert,\n\t\t\t\t);\n\n\t\t\t\tconst key = G1Element.fromBytes(res.key);\n\t\t\t\tif (\n\t\t\t\t\t!BonehFranklinBLS12381Services.verifyUserSecretKey(\n\t\t\t\t\t\tkey,\n\t\t\t\t\t\tfullId,\n\t\t\t\t\t\tG2Element.fromBytes(server.pk),\n\t\t\t\t\t)\n\t\t\t\t) {\n\t\t\t\t\tconsole.warn('Received invalid key from key server ' + server.objectId);\n\t\t\t\t\treturn;\n\t\t\t\t}\n\n\t\t\t\tthis.addKey(fullId, server.objectId, key);\n\t\t\t}),\n\t\t);\n\t}\n\n\t/**\n\t * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.\n\t * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers\n\t * otherwise, this will throw an error.\n\t *\n\t * @param encryptedObject - EncryptedObject.\n\t * @returns - The decrypted plaintext corresponding to ciphertext.\n\t */\n\tasync decrypt(encryptedObject: typeof EncryptedObject.$inferType): Promise<Uint8Array> {\n\t\tif (!encryptedObject.encrypted_shares.BonehFranklinBLS12381) {\n\t\t\tthrow new Error('Encryption mode not supported');\n\t\t}\n\n\t\tconst fullId = createFullId(\n\t\t\tDST,\n\t\t\tencryptedObject.package_id,\n\t\t\tnew Uint8Array(encryptedObject.id),\n\t\t);\n\n\t\t// Get the indices of the service whose keys are in the keystore.\n\t\tconst in_keystore = encryptedObject.services\n\t\t\t.map((_, i) => i)\n\t\t\t.filter((i) => this.hasKey(fullId, encryptedObject.services[i][0]));\n\t\tif (in_keystore.length < encryptedObject.threshold) {\n\t\t\tthrow new Error('Not enough shares. Please fetch more keys.');\n\t\t}\n\n\t\tconst encryptedShares = encryptedObject.encrypted_shares.BonehFranklinBLS12381.shares;\n\t\tif (encryptedShares.length !== encryptedObject.services.length) {\n\t\t\tthrow new Error('Invalid input');\n\t\t}\n\n\t\tconst nonce = G2Element.fromBytes(\n\t\t\tencryptedObject.encrypted_shares.BonehFranklinBLS12381.encapsulation,\n\t\t);\n\n\t\t// Decrypt each share.\n\t\tconst shares = in_keystore.map((i: number) => {\n\t\t\tconst [objectId, index] = encryptedObject.services[i];\n\t\t\t// Use the index as the unique info parameter to allow for multiple shares per key server.\n\t\t\tconst info = new Uint8Array([index]);\n\t\t\tlet share = BonehFranklinBLS12381Services.decrypt(\n\t\t\t\tnonce,\n\t\t\t\tthis.getKey(fullId, objectId)!,\n\t\t\t\tencryptedShares[i],\n\t\t\t\tinfo,\n\t\t\t);\n\t\t\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share.\n\t\t\treturn { index, share };\n\t\t});\n\n\t\t// Combine the decrypted shares into the key.\n\t\tconst key = await combine(shares);\n\n\t\tif (encryptedObject.ciphertext.Aes256Gcm) {\n\t\t\ttry {\n\t\t\t\t// Decrypt the ciphertext with the key.\n\t\t\t\treturn AesGcm256.decrypt(key, encryptedObject.ciphertext);\n\t\t\t} catch {\n\t\t\t\tthrow new Error('Decryption failed');\n\t\t\t}\n\t\t} else if (encryptedObject.ciphertext.Plain) {\n\t\t\t// In case `Plain` mode is used, return the key.\n\t\t\treturn key;\n\t\t} else {\n\t\t\tthrow new Error('Invalid encrypted object');\n\t\t}\n\t}\n}\n\n/**\n * Helper function to request a Seal key from URL with requestSig, txBytes, ephemeral pubkey.\n * Then decrypt the Seal key with ephemeral secret key.\n */\nasync function fetchKey(\n\turl: string,\n\trequestSig: string,\n\ttxBytes: Uint8Array,\n\tenc_key: Uint8Array,\n\tcertificate: Certificate,\n): Promise<{ fullId: Uint8Array; key: Uint8Array }> {\n\tconst enc_key_pk = toPublicKey(enc_key);\n\tconst enc_verification_key = toVerificationKey(enc_key);\n\tconst body = {\n\t\tptb: toBase64(txBytes.slice(1)), // removes the byte of the transaction type version\n\t\tenc_key: toBase64(enc_key_pk),\n\t\tenc_verification_key: toBase64(enc_verification_key),\n\t\trequest_signature: requestSig, // already b64\n\t\tcertificate,\n\t};\n\tconst response = await fetch(url + '/v1/fetch_key', {\n\t\tmethod: 'POST',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t},\n\t\tbody: JSON.stringify(body),\n\t});\n\tconst resp = await response.json();\n\t// TODO: handle the different error responses.\n\t// TODO: handle multiple decryption keys.\n\tconst key = elgamalDecrypt(enc_key, resp.decryption_keys[0].encrypted_key.map(fromBase64));\n\treturn {\n\t\tfullId: resp.decryption_keys[0].fullId,\n\t\tkey,\n\t};\n}\n\nasync function combine(shares: { index: number; share: Uint8Array }[]): Promise<Uint8Array> {\n\tif (shares.length === 0) {\n\t\tthrow new Error('Invalid input');\n\t} else if (shares.length === 1) {\n\t\t// The Shamir secret sharing library expects at least two shares.\n\t\t// If there is only one and the threshold is 1, the reconstructed secret is the same as the share.\n\t\treturn Promise.resolve(shares[0].share);\n\t}\n\n\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share\n\treturn externalCombine(\n\t\tshares.map(({ index, share }) => {\n\t\t\tconst packedShare = new Uint8Array(share.length + 1);\n\t\t\tpackedShare.set(share, 0);\n\t\t\tpackedShare[share.length] = index;\n\t\t\treturn packedShare;\n\t\t}),\n\t);\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA4C;AAC5C,mCAA2C;AAE3C,iBAA0B;AAC1B,sBAAqC;AACrC,qBAA+D;AAC/D,iBAAmD;AAEnD,wBAA8B;AAG9B,mBAA6B;AAKtB,MAAM,SAAS;AAAA,EAIrB,cAAc;AACb,SAAK,WAAW,oBAAI,IAAI;AAAA,EACzB;AAAA,EAEQ,aAAa,QAAoB,UAA8B;AACtE,eAAO,kBAAM,MAAM,IAAI,UAAM,kBAAM,QAAQ;AAAA,EAC5C;AAAA;AAAA,EAGA,OAAO,QAAoB,UAAsB,KAAgB;AAChE,SAAK,SAAS,IAAI,KAAK,aAAa,QAAQ,QAAQ,GAAG,GAAG;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,OAAO,QAAoB,UAA6C;AAC/E,WAAO,KAAK,SAAS,IAAI,KAAK,aAAa,QAAQ,QAAQ,CAAC;AAAA,EAC7D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,OAAO,QAAoB,UAA+B;AACjE,WAAO,KAAK,SAAS,IAAI,KAAK,aAAa,QAAQ,QAAQ,CAAC;AAAA,EAC7D;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,UAAU;AAAA,IACf;AAAA,IACA,WAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAOG;AAEF,QAAI,IAAI,WAAW,GAAG;AACrB,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC3C;AACA,UAAM,aAAS,2BAAa,gBAAK,WAAW,IAAI,CAAC,CAAC;AAClD,UAAM,sBAAsB,WAAW,OAAO,CAAC,OAAO,CAAC,KAAK,OAAO,QAAQ,GAAG,QAAQ,CAAC;AACvF,QAAI,oBAAoB,WAAW,GAAG;AACrC;AAAA,IACD;AAEA,UAAM,OAAO,WAAW,eAAe;AACvC,UAAM,gBAAgB,MAAM,WAAW,oBAAoB,OAAO;AAIlE,UAAM,QAAQ;AAAA,MACb,oBAAoB,IAAI,OAAO,WAAW;AACzC,YAAI,OAAO,YAAY,gCAAc,uBAAuB;AAC3D,kBAAQ,KAAK,kCAAkC,OAAO,OAAO;AAC7D;AAAA,QACD;AACA,cAAM,MAAM,MAAM;AAAA,UACjB,OAAO;AAAA,UACP,cAAc;AAAA,UACd;AAAA,UACA,cAAc;AAAA,UACd;AAAA,QACD;AAEA,cAAM,MAAM,0BAAU,UAAU,IAAI,GAAG;AACvC,YACC,CAAC,yCAA8B;AAAA,UAC9B;AAAA,UACA;AAAA,UACA,0BAAU,UAAU,OAAO,EAAE;AAAA,QAC9B,GACC;AACD,kBAAQ,KAAK,0CAA0C,OAAO,QAAQ;AACtE;AAAA,QACD;AAEA,aAAK,OAAO,QAAQ,OAAO,UAAU,GAAG;AAAA,MACzC,CAAC;AAAA,IACF;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,iBAAyE;AACtF,QAAI,CAAC,gBAAgB,iBAAiB,uBAAuB;AAC5D,YAAM,IAAI,MAAM,+BAA+B;AAAA,IAChD;AAEA,UAAM,aAAS;AAAA,MACd;AAAA,MACA,gBAAgB;AAAA,MAChB,IAAI,WAAW,gBAAgB,EAAE;AAAA,IAClC;AAGA,UAAM,cAAc,gBAAgB,SAClC,IAAI,CAAC,GAAG,MAAM,CAAC,EACf,OAAO,CAAC,MAAM,KAAK,OAAO,QAAQ,gBAAgB,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;AACnE,QAAI,YAAY,SAAS,gBAAgB,WAAW;AACnD,YAAM,IAAI,MAAM,4CAA4C;AAAA,IAC7D;AAEA,UAAM,kBAAkB,gBAAgB,iBAAiB,sBAAsB;AAC/E,QAAI,gBAAgB,WAAW,gBAAgB,SAAS,QAAQ;AAC/D,YAAM,IAAI,MAAM,eAAe;AAAA,IAChC;AAEA,UAAM,QAAQ,0BAAU;AAAA,MACvB,gBAAgB,iBAAiB,sBAAsB;AAAA,IACxD;AAGA,UAAM,SAAS,YAAY,IAAI,CAAC,MAAc;AAC7C,YAAM,CAAC,UAAU,KAAK,IAAI,gBAAgB,SAAS,CAAC;AAEpD,YAAM,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC;AACnC,UAAI,QAAQ,yCAA8B;AAAA,QACzC;AAAA,QACA,KAAK,OAAO,QAAQ,QAAQ;AAAA,QAC5B,gBAAgB,CAAC;AAAA,QACjB;AAAA,MACD;AAEA,aAAO,EAAE,OAAO,MAAM;AAAA,IACvB,CAAC;AAGD,UAAM,MAAM,MAAM,QAAQ,MAAM;AAEhC,QAAI,gBAAgB,WAAW,WAAW;AACzC,UAAI;AAEH,eAAO,qBAAU,QAAQ,KAAK,gBAAgB,UAAU;AAAA,MACzD,QAAQ;AACP,cAAM,IAAI,MAAM,mBAAmB;AAAA,MACpC;AAAA,IACD,WAAW,gBAAgB,WAAW,OAAO;AAE5C,aAAO;AAAA,IACR,OAAO;AACN,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC3C;AAAA,EACD;AACD;AAMA,eAAe,SACd,KACA,YACA,SACA,SACA,aACmD;AACnD,QAAM,iBAAa,4BAAY,OAAO;AACtC,QAAM,2BAAuB,kCAAkB,OAAO;AACtD,QAAM,OAAO;AAAA,IACZ,SAAK,qBAAS,QAAQ,MAAM,CAAC,CAAC;AAAA;AAAA,IAC9B,aAAS,qBAAS,UAAU;AAAA,IAC5B,0BAAsB,qBAAS,oBAAoB;AAAA,IACnD,mBAAmB;AAAA;AAAA,IACnB;AAAA,EACD;AACA,QAAM,WAAW,MAAM,MAAM,MAAM,iBAAiB;AAAA,IACnD,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,IACjB;AAAA,IACA,MAAM,KAAK,UAAU,IAAI;AAAA,EAC1B,CAAC;AACD,QAAM,OAAO,MAAM,SAAS,KAAK;AAGjC,QAAM,UAAM,+BAAe,SAAS,KAAK,gBAAgB,CAAC,EAAE,cAAc,IAAI,qBAAU,CAAC;AACzF,SAAO;AAAA,IACN,QAAQ,KAAK,gBAAgB,CAAC,EAAE;AAAA,IAChC;AAAA,EACD;AACD;AAEA,eAAe,QAAQ,QAAqE;AAC3F,MAAI,OAAO,WAAW,GAAG;AACxB,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC,WAAW,OAAO,WAAW,GAAG;AAG/B,WAAO,QAAQ,QAAQ,OAAO,CAAC,EAAE,KAAK;AAAA,EACvC;AAGA,aAAO,6BAAAA;AAAA,IACN,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,MAAM;AAChC,YAAM,cAAc,IAAI,WAAW,MAAM,SAAS,CAAC;AACnD,kBAAY,IAAI,OAAO,CAAC;AACxB,kBAAY,MAAM,MAAM,IAAI;AAC5B,aAAO;AAAA,IACR,CAAC;AAAA,EACF;AACD;",
-  "names": ["externalCombine"]
-}

package/dist/esm/aes.d.ts

@@ -1,18 +0,0 @@
-import type { CiphertextType } from './types.js';
-export declare const iv: Uint8Array<ArrayBuffer>;
-export interface EncryptionInput {
-    encrypt(key: Uint8Array): Promise<CiphertextType>;
-    generateKey(): Promise<Uint8Array>;
-}
-export declare class AesGcm256 implements EncryptionInput {
-    readonly plaintext: Uint8Array;
-    readonly aad: Uint8Array;
-    constructor(msg: Uint8Array, aad: Uint8Array);
-    generateKey(): Promise<Uint8Array>;
-    encrypt(key: Uint8Array): Promise<CiphertextType>;
-    static decrypt(key: Uint8Array, ciphertext: CiphertextType): Promise<Uint8Array>;
-}
-export declare class Plain implements EncryptionInput {
-    encrypt(_key: Uint8Array): Promise<CiphertextType>;
-    generateKey(): Promise<Uint8Array>;
-}

package/dist/esm/aes.js

@@ -1,91 +0,0 @@
-const iv = Uint8Array.from([
-  138,
-  55,
-  153,
-  253,
-  198,
-  46,
-  121,
-  219,
-  160,
-  128,
-  89,
-  7,
-  214,
-  156,
-  148,
-  220
-]);
-async function generateAesKey() {
-  const key = await crypto.subtle.generateKey(
-    {
-      name: "AES-GCM",
-      length: 256
-    },
-    true,
-    ["encrypt", "decrypt"]
-  );
-  return await crypto.subtle.exportKey("raw", key).then((keyData) => new Uint8Array(keyData));
-}
-class AesGcm256 {
-  constructor(msg, aad) {
-    this.plaintext = new Uint8Array(msg);
-    this.aad = aad;
-  }
-  generateKey() {
-    return generateAesKey();
-  }
-  async encrypt(key) {
-    const aesCryptoKey = await crypto.subtle.importKey("raw", key, "AES-GCM", false, ["encrypt"]);
-    const blob = new Uint8Array(
-      await crypto.subtle.encrypt(
-        {
-          name: "AES-GCM",
-          iv,
-          additionalData: this.aad
-        },
-        aesCryptoKey,
-        this.plaintext
-      )
-    );
-    return {
-      Aes256Gcm: {
-        blob,
-        aad: this.aad ?? []
-      }
-    };
-  }
-  static async decrypt(key, ciphertext) {
-    if (!("Aes256Gcm" in ciphertext)) {
-      throw new Error("Invalid ciphertext");
-    }
-    const aesCryptoKey = await crypto.subtle.importKey("raw", key, "AES-GCM", false, ["decrypt"]);
-    return new Uint8Array(
-      await crypto.subtle.decrypt(
-        {
-          name: "AES-GCM",
-          iv,
-          additionalData: new Uint8Array(ciphertext.Aes256Gcm.aad ?? [])
-        },
-        aesCryptoKey,
-        new Uint8Array(ciphertext.Aes256Gcm.blob)
-      )
-    );
-  }
-}
-class Plain {
-  async encrypt(_key) {
-    return {
-      Plain: {}
-    };
-  }
-  generateKey() {
-    return generateAesKey();
-  }
-}
-export {
-  AesGcm256,
-  Plain,
-  iv
-};
-//# sourceMappingURL=aes.js.map

package/dist/esm/aes.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../src/aes.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { CiphertextType } from './types.js';\n\n// Use a fixed IV for AES.\nexport const iv = Uint8Array.from([\n\t138, 55, 153, 253, 198, 46, 121, 219, 160, 128, 89, 7, 214, 156, 148, 220,\n]);\n\nasync function generateAesKey(): Promise<Uint8Array> {\n\tconst key = await crypto.subtle.generateKey(\n\t\t{\n\t\t\tname: 'AES-GCM',\n\t\t\tlength: 256,\n\t\t},\n\t\ttrue,\n\t\t['encrypt', 'decrypt'],\n\t);\n\treturn await crypto.subtle.exportKey('raw', key).then((keyData) => new Uint8Array(keyData));\n}\n\nexport interface EncryptionInput {\n\tencrypt(key: Uint8Array): Promise<CiphertextType>;\n\tgenerateKey(): Promise<Uint8Array>;\n}\n\nexport class AesGcm256 implements EncryptionInput {\n\treadonly plaintext: Uint8Array;\n\treadonly aad: Uint8Array;\n\n\tconstructor(msg: Uint8Array, aad: Uint8Array) {\n\t\tthis.plaintext = new Uint8Array(msg);\n\t\tthis.aad = aad;\n\t}\n\n\tgenerateKey(): Promise<Uint8Array> {\n\t\treturn generateAesKey();\n\t}\n\n\tasync encrypt(key: Uint8Array): Promise<CiphertextType> {\n\t\tconst aesCryptoKey = await crypto.subtle.importKey('raw', key, 'AES-GCM', false, ['encrypt']);\n\n\t\tconst blob = new Uint8Array(\n\t\t\tawait crypto.subtle.encrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv,\n\t\t\t\t\tadditionalData: this.aad,\n\t\t\t\t},\n\t\t\t\taesCryptoKey,\n\t\t\t\tthis.plaintext,\n\t\t\t),\n\t\t);\n\n\t\treturn {\n\t\t\tAes256Gcm: {\n\t\t\t\tblob,\n\t\t\t\taad: this.aad ?? [],\n\t\t\t},\n\t\t};\n\t}\n\n\tstatic async decrypt(key: Uint8Array, ciphertext: CiphertextType): Promise<Uint8Array> {\n\t\tif (!('Aes256Gcm' in ciphertext)) {\n\t\t\tthrow new Error('Invalid ciphertext');\n\t\t}\n\n\t\tconst aesCryptoKey = await crypto.subtle.importKey('raw', key, 'AES-GCM', false, ['decrypt']);\n\n\t\t// TODO: add test to check if aad is wrong does throw an error.\n\t\treturn new Uint8Array(\n\t\t\tawait crypto.subtle.decrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv,\n\t\t\t\t\tadditionalData: new Uint8Array(ciphertext.Aes256Gcm.aad ?? []),\n\t\t\t\t},\n\t\t\t\taesCryptoKey,\n\t\t\t\tnew Uint8Array(ciphertext.Aes256Gcm.blob),\n\t\t\t),\n\t\t);\n\t}\n}\n\nexport class Plain implements EncryptionInput {\n\tasync encrypt(_key: Uint8Array): Promise<CiphertextType> {\n\t\treturn {\n\t\t\tPlain: {},\n\t\t};\n\t}\n\n\tgenerateKey(): Promise<Uint8Array> {\n\t\treturn generateAesKey();\n\t}\n}\n"],
-  "mappings": "AAMO,MAAM,KAAK,WAAW,KAAK;AAAA,EACjC;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAG;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AACvE,CAAC;AAED,eAAe,iBAAsC;AACpD,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC/B;AAAA,MACC,MAAM;AAAA,MACN,QAAQ;AAAA,IACT;AAAA,IACA;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,EACtB;AACA,SAAO,MAAM,OAAO,OAAO,UAAU,OAAO,GAAG,EAAE,KAAK,CAAC,YAAY,IAAI,WAAW,OAAO,CAAC;AAC3F;AAOO,MAAM,UAAqC;AAAA,EAIjD,YAAY,KAAiB,KAAiB;AAC7C,SAAK,YAAY,IAAI,WAAW,GAAG;AACnC,SAAK,MAAM;AAAA,EACZ;AAAA,EAEA,cAAmC;AAClC,WAAO,eAAe;AAAA,EACvB;AAAA,EAEA,MAAM,QAAQ,KAA0C;AACvD,UAAM,eAAe,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,WAAW,OAAO,CAAC,SAAS,CAAC;AAE5F,UAAM,OAAO,IAAI;AAAA,MAChB,MAAM,OAAO,OAAO;AAAA,QACnB;AAAA,UACC,MAAM;AAAA,UACN;AAAA,UACA,gBAAgB,KAAK;AAAA,QACtB;AAAA,QACA;AAAA,QACA,KAAK;AAAA,MACN;AAAA,IACD;AAEA,WAAO;AAAA,MACN,WAAW;AAAA,QACV;AAAA,QACA,KAAK,KAAK,OAAO,CAAC;AAAA,MACnB;AAAA,IACD;AAAA,EACD;AAAA,EAEA,aAAa,QAAQ,KAAiB,YAAiD;AACtF,QAAI,EAAE,eAAe,aAAa;AACjC,YAAM,IAAI,MAAM,oBAAoB;AAAA,IACrC;AAEA,UAAM,eAAe,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,WAAW,OAAO,CAAC,SAAS,CAAC;AAG5F,WAAO,IAAI;AAAA,MACV,MAAM,OAAO,OAAO;AAAA,QACnB;AAAA,UACC,MAAM;AAAA,UACN;AAAA,UACA,gBAAgB,IAAI,WAAW,WAAW,UAAU,OAAO,CAAC,CAAC;AAAA,QAC9D;AAAA,QACA;AAAA,QACA,IAAI,WAAW,WAAW,UAAU,IAAI;AAAA,MACzC;AAAA,IACD;AAAA,EACD;AACD;AAEO,MAAM,MAAiC;AAAA,EAC7C,MAAM,QAAQ,MAA2C;AACxD,WAAO;AAAA,MACN,OAAO,CAAC;AAAA,IACT;AAAA,EACD;AAAA,EAEA,cAAmC;AAClC,WAAO,eAAe;AAAA,EACvB;AACD;",
-  "names": []
-}

package/dist/esm/key-store.d.ts

@@ -1,49 +0,0 @@
-import { G1Element } from './bls12381.js';
-import type { KeyServer } from './key-server.js';
-import type { SessionKey } from './session-key.js';
-import type { EncryptedObject } from './types.js';
-/**
- * A class to cache user secret keys after they have been fetched from key servers.
- */
-export declare class KeyStore {
-    private readonly keys_map;
-    constructor();
-    private createMapKey;
-    /** @internal */
-    addKey(fullId: Uint8Array, objectId: Uint8Array, key: G1Element): void;
-    /**
-     * Get a key from this KeyStore or undefined if the key is not found.
-     *
-     * @param fullId The full ID used to derive the key.
-     * @param objectId The object ID of the key server holding the key.
-     */
-    private getKey;
-    /**
-     * Check if the key store has a key for the given full ID and object ID.
-     *
-     * @param fullId The full ID used to derive the key.
-     * @param objectId The object ID of the key server holding the key.
-     */
-    private hasKey;
-    /**
-     * Look up URLs of key servers and fetch key from servers with request signature,
-     * cert and ephPk, then updates the caching keys_map.
-     */
-    fetchKeys({ keyServers, threshold: _threshold, packageId, ids, txBytes, sessionKey, }: {
-        keyServers: KeyServer[];
-        threshold: number;
-        packageId: Uint8Array;
-        ids: Uint8Array[];
-        txBytes: Uint8Array;
-        sessionKey: SessionKey;
-    }): Promise<void>;
-    /**
-     * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.
-     * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers
-     * otherwise, this will throw an error.
-     *
-     * @param encryptedObject - EncryptedObject.
-     * @returns - The decrypted plaintext corresponding to ciphertext.
-     */
-    decrypt(encryptedObject: typeof EncryptedObject.$inferType): Promise<Uint8Array>;
-}