@mysten/signers 0.3.8 → 0.4.0

package/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @mysten/signers
 
+## 0.4.0
+
+### Minor Changes
+
+- ea1ac70: Update dependencies and improve support for typescript 5.9
+
+### Patch Changes
+
+- Updated dependencies [3c1741f]
+- Updated dependencies [ea1ac70]
+  - @mysten/sui@1.38.0
+  - @mysten/ledgerjs-hw-app-sui@0.6.0
+
+## 0.3.9
+
+### Patch Changes
+
+- Updated dependencies [c689b98]
+- Updated dependencies [5b9ff1a]
+  - @mysten/sui@1.37.6
+
 ## 0.3.8
 
 ### Patch Changes

package/dist/cjs/aws/aws-kms-signer.d.ts

@@ -45,7 +45,7 @@ export declare class AwsKmsSigner extends Signer {
      * @returns A promise that resolves to the signature as a Uint8Array.
      * @throws Will throw an error if the public key is not initialized or if signing fails.
      */
-    sign(bytes: Uint8Array): Promise<Uint8Array>;
+    sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
     /**
      * Synchronous signing is not supported by AWS KMS.
      * @throws Always throws an error indicating synchronous signing is unsupported.

package/dist/cjs/aws/aws-kms-signer.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/aws/aws-kms-signer.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { fromBase64, toBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature } from '../utils/utils.js';\nimport type { AwsClientOptions } from './aws-client.js';\nimport { AwsKmsClient } from './aws-client.js';\n\n/**\n * Configuration options for initializing the AwsKmsSigner.\n */\nexport interface AwsKmsSignerOptions {\n\t/** AWS KMS Key ID used for signing */\n\tkmsKeyId: string;\n\t/** Options for setting up the AWS KMS client */\n\tclient: AwsKmsClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using AWS-managed cryptographic keys.\n */\nexport class AwsKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** AWS KMS client instance */\n\t#client: AwsKmsClient;\n\t/** AWS KMS Key ID used for signing */\n\t#kmsKeyId: string;\n\n\t/**\n\t * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await AwsKmsSigner.fromKeyId(keyId, options);\n\t * ```\n\t * @throws Will throw an error if required AWS credentials or region are not provided.\n\t */\n\tconstructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!kmsKeyId) throw new Error('KMS Key ID is required');\n\n\t\tthis.#client = client;\n\t\tthis.#kmsKeyId = kmsKeyId;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns AWS supports only Secp256k1 and Secp256r1 schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using AWS KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array> {\n\t\tconst signResponse = await this.#client.runCommand('Sign', {\n\t\t\tKeyId: this.#kmsKeyId,\n\t\t\tMessage: toBase64(bytes),\n\t\t\tMessageType: 'RAW',\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256',\n\t\t});\n\n\t\t// Concatenate the signature components into a compact form\n\t\treturn getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by AWS KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t */\n\tsignData(): never {\n\t\tthrow new Error('KMS Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from AWS KMS.\n\t * It is recommended to initialize an `AwsKmsSigner` instance using this function.\n\t * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromKeyId(keyId: string, options: AwsClientOptions) {\n\t\tconst client = new AwsKmsClient(options);\n\n\t\tconst pubKey = await client.getPublicKey(keyId);\n\n\t\treturn new AwsKmsSigner({\n\t\t\tkmsKeyId: keyId,\n\t\t\tclient,\n\t\t\tpublicKey: pubKey,\n\t\t});\n\t}\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,0BAAiD;AACjD,mBAAqC;AAErC,IAAAA,gBAAyC;AAEzC,wBAA6B;AAR7B;AA0BO,MAAM,gBAAN,MAAM,sBAAqB,2BAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAexC,YAAY,EAAE,UAAU,QAAQ,UAAU,GAAwB;AACjE,UAAM;AAfP;AAEA;AAAA;AAEA;AAAA;AAYC,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,wBAAwB;AAEvD,uBAAK,SAAU;AACf,uBAAK,WAAY;AACjB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,6CAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAwC;AAClD,UAAM,eAAe,MAAM,mBAAK,SAAQ,WAAW,QAAQ;AAAA,MAC1D,OAAO,mBAAK;AAAA,MACZ,aAAS,uBAAS,KAAK;AAAA,MACvB,aAAa;AAAA,MACb,kBAAkB;AAAA,IACnB,CAAC;AAGD,eAAO,4CAAyB,yBAAW,aAAa,SAAS,GAAG,KAAK,aAAa,CAAC;AAAA,EACxF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,UAAU,OAAe,SAA2B;AAChE,UAAM,SAAS,IAAI,+BAAa,OAAO;AAEvC,UAAM,SAAS,MAAM,OAAO,aAAa,KAAK;AAE9C,WAAO,IAAI,cAAa;AAAA,MACvB,UAAU;AAAA,MACV;AAAA,MACA,WAAW;AAAA,IACZ,CAAC;AAAA,EACF;AACD;AAlFC;AAEA;AAEA;AALM,IAAM,eAAN;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { fromBase64, toBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature } from '../utils/utils.js';\nimport type { AwsClientOptions } from './aws-client.js';\nimport { AwsKmsClient } from './aws-client.js';\n\n/**\n * Configuration options for initializing the AwsKmsSigner.\n */\nexport interface AwsKmsSignerOptions {\n\t/** AWS KMS Key ID used for signing */\n\tkmsKeyId: string;\n\t/** Options for setting up the AWS KMS client */\n\tclient: AwsKmsClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using AWS-managed cryptographic keys.\n */\nexport class AwsKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** AWS KMS client instance */\n\t#client: AwsKmsClient;\n\t/** AWS KMS Key ID used for signing */\n\t#kmsKeyId: string;\n\n\t/**\n\t * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await AwsKmsSigner.fromKeyId(keyId, options);\n\t * ```\n\t * @throws Will throw an error if required AWS credentials or region are not provided.\n\t */\n\tconstructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!kmsKeyId) throw new Error('KMS Key ID is required');\n\n\t\tthis.#client = client;\n\t\tthis.#kmsKeyId = kmsKeyId;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns AWS supports only Secp256k1 and Secp256r1 schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using AWS KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst signResponse = await this.#client.runCommand('Sign', {\n\t\t\tKeyId: this.#kmsKeyId,\n\t\t\tMessage: toBase64(bytes),\n\t\t\tMessageType: 'RAW',\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256',\n\t\t});\n\n\t\t// Concatenate the signature components into a compact form\n\t\treturn getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by AWS KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t */\n\tsignData(): never {\n\t\tthrow new Error('KMS Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from AWS KMS.\n\t * It is recommended to initialize an `AwsKmsSigner` instance using this function.\n\t * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromKeyId(keyId: string, options: AwsClientOptions) {\n\t\tconst client = new AwsKmsClient(options);\n\n\t\tconst pubKey = await client.getPublicKey(keyId);\n\n\t\treturn new AwsKmsSigner({\n\t\t\tkmsKeyId: keyId,\n\t\t\tclient,\n\t\t\tpublicKey: pubKey,\n\t\t});\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,0BAAiD;AACjD,mBAAqC;AAErC,IAAAA,gBAAyC;AAEzC,wBAA6B;AAR7B;AA0BO,MAAM,gBAAN,MAAM,sBAAqB,2BAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAexC,YAAY,EAAE,UAAU,QAAQ,UAAU,GAAwB;AACjE,UAAM;AAfP;AAEA;AAAA;AAEA;AAAA;AAYC,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,wBAAwB;AAEvD,uBAAK,SAAU;AACf,uBAAK,WAAY;AACjB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,6CAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,eAAe,MAAM,mBAAK,SAAQ,WAAW,QAAQ;AAAA,MAC1D,OAAO,mBAAK;AAAA,MACZ,aAAS,uBAAS,KAAK;AAAA,MACvB,aAAa;AAAA,MACb,kBAAkB;AAAA,IACnB,CAAC;AAGD,eAAO,4CAAyB,yBAAW,aAAa,SAAS,GAAG,KAAK,aAAa,CAAC;AAAA,EACxF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,UAAU,OAAe,SAA2B;AAChE,UAAM,SAAS,IAAI,+BAAa,OAAO;AAEvC,UAAM,SAAS,MAAM,OAAO,aAAa,KAAK;AAE9C,WAAO,IAAI,cAAa;AAAA,MACvB,UAAU;AAAA,MACV;AAAA,MACA,WAAW;AAAA,IACZ,CAAC;AAAA,EACF;AACD;AAlFC;AAEA;AAEA;AALM,IAAM,eAAN;",
   "names": ["import_utils"]
 }

package/dist/cjs/gcp/gcp-kms-client.d.ts

@@ -45,7 +45,7 @@ export declare class GcpKmsSigner extends Signer {
      * @returns A promise that resolves to the signature as a Uint8Array.
      * @throws Will throw an error if the public key is not initialized or if signing fails.
      */
-    sign(bytes: Uint8Array): Promise<Uint8Array>;
+    sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
     /**
      * Synchronous signing is not supported by GCP KMS.
      * @throws Always throws an error indicating synchronous signing is unsupported.

package/dist/cjs/gcp/gcp-kms-client.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/gcp/gcp-kms-client.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { KeyManagementServiceClient } from '@google-cloud/kms';\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { fromBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature, publicKeyFromDER } from '../utils/utils.js';\n\n/**\n * Configuration options for initializing the GcpKmsSigner.\n */\nexport interface GcpKmsSignerOptions {\n\t/** The version name generated from `client.cryptoKeyVersionPath()` */\n\tversionName: string;\n\t/** Options for setting up the GCP KMS client */\n\tclient: KeyManagementServiceClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * GCP KMS Signer integrates GCP Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using GCP-managed cryptographic keys.\n */\nexport class GcpKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** GCP KMS client instance */\n\t#client: KeyManagementServiceClient;\n\t/** GCP KMS version name (generated from `client.cryptoKeyVersionPath()`) */\n\t#versionName: string;\n\n\t/**\n\t * Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`\n\t * or `fromVersionName` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await GcpKmsSigner.fromVersionName(versionName);\n\t * ```\n\t * @throws Will throw an error if required GCP credentials are not provided.\n\t */\n\tconstructor({ versionName, client, publicKey }: GcpKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!versionName) throw new Error('Version name is required');\n\n\t\tthis.#client = client;\n\t\tthis.#versionName = versionName;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using GCP KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array> {\n\t\tconst [signResponse] = await this.#client.asymmetricSign({\n\t\t\tname: this.#versionName,\n\t\t\tdata: bytes,\n\t\t});\n\n\t\tif (!signResponse.signature) {\n\t\t\tthrow new Error('No signature returned from GCP KMS');\n\t\t}\n\n\t\treturn getConcatenatedSignature(signResponse.signature as Uint8Array, this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by GCP KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t */\n\tsignData(): never {\n\t\tthrow new Error('GCP Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Creates a GCP KMS signer from the provided options.\n\t * Expects the credentials file to be set as an env variable\n\t * (GOOGLE_APPLICATION_CREDENTIALS).\n\t */\n\tstatic async fromOptions(options: {\n\t\tprojectId: string;\n\t\tlocation: string;\n\t\tkeyRing: string;\n\t\tcryptoKey: string;\n\t\tcryptoKeyVersion: string;\n\t}) {\n\t\tconst client = new KeyManagementServiceClient();\n\n\t\tconst versionName = client.cryptoKeyVersionPath(\n\t\t\toptions.projectId,\n\t\t\toptions.location,\n\t\t\toptions.keyRing,\n\t\t\toptions.cryptoKey,\n\t\t\toptions.cryptoKeyVersion,\n\t\t);\n\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n\n\tstatic async fromVersionName(versionName: string) {\n\t\tconst client = new KeyManagementServiceClient();\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n}\n\n/**\n * Retrieves the public key associated with the given version name.\n */\nasync function getPublicKey(\n\tclient: KeyManagementServiceClient,\n\tversionName: string,\n): Promise<PublicKey> {\n\tconst [publicKey] = await client.getPublicKey({ name: versionName });\n\n\tconst { algorithm, pem } = publicKey;\n\n\tif (!pem) throw new Error('No PEM key returned from GCP KMS');\n\n\tconst base64 = pem\n\t\t.replace('-----BEGIN PUBLIC KEY-----', '')\n\t\t.replace('-----END PUBLIC KEY-----', '')\n\t\t.replace(/\\s/g, '');\n\n\tconst compressedKey = publicKeyFromDER(fromBase64(base64));\n\n\tswitch (algorithm) {\n\t\tcase 'EC_SIGN_SECP256K1_SHA256':\n\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\tcase 'EC_SIGN_P256_SHA256':\n\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported algorithm: ${algorithm}`);\n\t}\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,iBAA2C;AAE3C,0BAAiD;AACjD,uBAAmC;AACnC,uBAAmC;AACnC,mBAA2B;AAE3B,IAAAA,gBAA2D;AAT3D;AA2BO,MAAM,gBAAN,MAAM,sBAAqB,2BAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBxC,YAAY,EAAE,aAAa,QAAQ,UAAU,GAAwB;AACpE,UAAM;AAhBP;AAEA;AAAA;AAEA;AAAA;AAaC,QAAI,CAAC,YAAa,OAAM,IAAI,MAAM,0BAA0B;AAE5D,uBAAK,SAAU;AACf,uBAAK,cAAe;AACpB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,6CAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAwC;AAClD,UAAM,CAAC,YAAY,IAAI,MAAM,mBAAK,SAAQ,eAAe;AAAA,MACxD,MAAM,mBAAK;AAAA,MACX,MAAM;AAAA,IACP,CAAC;AAED,QAAI,CAAC,aAAa,WAAW;AAC5B,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACrD;AAEA,eAAO,wCAAyB,aAAa,WAAyB,KAAK,aAAa,CAAC;AAAA,EAC1F;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,YAAY,SAMtB;AACF,UAAM,SAAS,IAAI,sCAA2B;AAE9C,UAAM,cAAc,OAAO;AAAA,MAC1B,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IACT;AAEA,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA;AAAA,MACA,WAAW,MAAM,aAAa,QAAQ,WAAW;AAAA,IAClD,CAAC;AAAA,EACF;AAAA,EAEA,aAAa,gBAAgB,aAAqB;AACjD,UAAM,SAAS,IAAI,sCAA2B;AAC9C,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA;AAAA,MACA,WAAW,MAAM,aAAa,QAAQ,WAAW;AAAA,IAClD,CAAC;AAAA,EACF;AACD;AAzGC;AAEA;AAEA;AALM,IAAM,eAAN;AA+GP,eAAe,aACd,QACA,aACqB;AACrB,QAAM,CAAC,SAAS,IAAI,MAAM,OAAO,aAAa,EAAE,MAAM,YAAY,CAAC;AAEnE,QAAM,EAAE,WAAW,IAAI,IAAI;AAE3B,MAAI,CAAC,IAAK,OAAM,IAAI,MAAM,kCAAkC;AAE5D,QAAM,SAAS,IACb,QAAQ,8BAA8B,EAAE,EACxC,QAAQ,4BAA4B,EAAE,EACtC,QAAQ,OAAO,EAAE;AAEnB,QAAM,oBAAgB,oCAAiB,yBAAW,MAAM,CAAC;AAEzD,UAAQ,WAAW;AAAA,IAClB,KAAK;AACJ,aAAO,IAAI,oCAAmB,aAAa;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,oCAAmB,aAAa;AAAA,IAC5C;AACC,YAAM,IAAI,MAAM,0BAA0B,SAAS,EAAE;AAAA,EACvD;AACD;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { KeyManagementServiceClient } from '@google-cloud/kms';\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { fromBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature, publicKeyFromDER } from '../utils/utils.js';\n\n/**\n * Configuration options for initializing the GcpKmsSigner.\n */\nexport interface GcpKmsSignerOptions {\n\t/** The version name generated from `client.cryptoKeyVersionPath()` */\n\tversionName: string;\n\t/** Options for setting up the GCP KMS client */\n\tclient: KeyManagementServiceClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * GCP KMS Signer integrates GCP Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using GCP-managed cryptographic keys.\n */\nexport class GcpKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** GCP KMS client instance */\n\t#client: KeyManagementServiceClient;\n\t/** GCP KMS version name (generated from `client.cryptoKeyVersionPath()`) */\n\t#versionName: string;\n\n\t/**\n\t * Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`\n\t * or `fromVersionName` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await GcpKmsSigner.fromVersionName(versionName);\n\t * ```\n\t * @throws Will throw an error if required GCP credentials are not provided.\n\t */\n\tconstructor({ versionName, client, publicKey }: GcpKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!versionName) throw new Error('Version name is required');\n\n\t\tthis.#client = client;\n\t\tthis.#versionName = versionName;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using GCP KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst [signResponse] = await this.#client.asymmetricSign({\n\t\t\tname: this.#versionName,\n\t\t\tdata: bytes,\n\t\t});\n\n\t\tif (!signResponse.signature) {\n\t\t\tthrow new Error('No signature returned from GCP KMS');\n\t\t}\n\n\t\treturn getConcatenatedSignature(signResponse.signature as Uint8Array, this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by GCP KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t */\n\tsignData(): never {\n\t\tthrow new Error('GCP Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Creates a GCP KMS signer from the provided options.\n\t * Expects the credentials file to be set as an env variable\n\t * (GOOGLE_APPLICATION_CREDENTIALS).\n\t */\n\tstatic async fromOptions(options: {\n\t\tprojectId: string;\n\t\tlocation: string;\n\t\tkeyRing: string;\n\t\tcryptoKey: string;\n\t\tcryptoKeyVersion: string;\n\t}) {\n\t\tconst client = new KeyManagementServiceClient();\n\n\t\tconst versionName = client.cryptoKeyVersionPath(\n\t\t\toptions.projectId,\n\t\t\toptions.location,\n\t\t\toptions.keyRing,\n\t\t\toptions.cryptoKey,\n\t\t\toptions.cryptoKeyVersion,\n\t\t);\n\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n\n\tstatic async fromVersionName(versionName: string) {\n\t\tconst client = new KeyManagementServiceClient();\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n}\n\n/**\n * Retrieves the public key associated with the given version name.\n */\nasync function getPublicKey(\n\tclient: KeyManagementServiceClient,\n\tversionName: string,\n): Promise<PublicKey> {\n\tconst [publicKey] = await client.getPublicKey({ name: versionName });\n\n\tconst { algorithm, pem } = publicKey;\n\n\tif (!pem) throw new Error('No PEM key returned from GCP KMS');\n\n\tconst base64 = pem\n\t\t.replace('-----BEGIN PUBLIC KEY-----', '')\n\t\t.replace('-----END PUBLIC KEY-----', '')\n\t\t.replace(/\\s/g, '');\n\n\tconst compressedKey = publicKeyFromDER(fromBase64(base64));\n\n\tswitch (algorithm) {\n\t\tcase 'EC_SIGN_SECP256K1_SHA256':\n\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\tcase 'EC_SIGN_P256_SHA256':\n\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported algorithm: ${algorithm}`);\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,iBAA2C;AAE3C,0BAAiD;AACjD,uBAAmC;AACnC,uBAAmC;AACnC,mBAA2B;AAE3B,IAAAA,gBAA2D;AAT3D;AA2BO,MAAM,gBAAN,MAAM,sBAAqB,2BAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBxC,YAAY,EAAE,aAAa,QAAQ,UAAU,GAAwB;AACpE,UAAM;AAhBP;AAEA;AAAA;AAEA;AAAA;AAaC,QAAI,CAAC,YAAa,OAAM,IAAI,MAAM,0BAA0B;AAE5D,uBAAK,SAAU;AACf,uBAAK,cAAe;AACpB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,6CAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,CAAC,YAAY,IAAI,MAAM,mBAAK,SAAQ,eAAe;AAAA,MACxD,MAAM,mBAAK;AAAA,MACX,MAAM;AAAA,IACP,CAAC;AAED,QAAI,CAAC,aAAa,WAAW;AAC5B,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACrD;AAEA,eAAO,wCAAyB,aAAa,WAAyB,KAAK,aAAa,CAAC;AAAA,EAC1F;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,YAAY,SAMtB;AACF,UAAM,SAAS,IAAI,sCAA2B;AAE9C,UAAM,cAAc,OAAO;AAAA,MAC1B,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IACT;AAEA,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA;AAAA,MACA,WAAW,MAAM,aAAa,QAAQ,WAAW;AAAA,IAClD,CAAC;AAAA,EACF;AAAA,EAEA,aAAa,gBAAgB,aAAqB;AACjD,UAAM,SAAS,IAAI,sCAA2B;AAC9C,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA;AAAA,MACA,WAAW,MAAM,aAAa,QAAQ,WAAW;AAAA,IAClD,CAAC;AAAA,EACF;AACD;AAzGC;AAEA;AAEA;AALM,IAAM,eAAN;AA+GP,eAAe,aACd,QACA,aACqB;AACrB,QAAM,CAAC,SAAS,IAAI,MAAM,OAAO,aAAa,EAAE,MAAM,YAAY,CAAC;AAEnE,QAAM,EAAE,WAAW,IAAI,IAAI;AAE3B,MAAI,CAAC,IAAK,OAAM,IAAI,MAAM,kCAAkC;AAE5D,QAAM,SAAS,IACb,QAAQ,8BAA8B,EAAE,EACxC,QAAQ,4BAA4B,EAAE,EACtC,QAAQ,OAAO,EAAE;AAEnB,QAAM,oBAAgB,oCAAiB,yBAAW,MAAM,CAAC;AAEzD,UAAQ,WAAW;AAAA,IAClB,KAAK;AACJ,aAAO,IAAI,oCAAmB,aAAa;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,oCAAmB,aAAa;AAAA,IAC5C;AACC,YAAM,IAAI,MAAM,0BAA0B,SAAS,EAAE;AAAA,EACvD;AACD;",
   "names": ["import_utils"]
 }

package/dist/cjs/ledger/index.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/ledger/index.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type SuiLedgerClient from '@mysten/ledgerjs-hw-app-sui';\nimport type { SuiClient } from '@mysten/sui/client';\nimport type { SignatureWithBytes } from '@mysten/sui/cryptography';\nimport { messageWithIntent, Signer, toSerializedSignature } from '@mysten/sui/cryptography';\nimport { Ed25519PublicKey } from '@mysten/sui/keypairs/ed25519';\nimport { Transaction } from '@mysten/sui/transactions';\nimport { toBase64 } from '@mysten/sui/utils';\n\nimport { SuiMoveObject } from './bcs.js';\nimport { bcs } from '@mysten/sui/bcs';\n\n/**\n * Configuration options for initializing the LedgerSigner.\n */\nexport interface LedgerSignerOptions {\n\tpublicKey: Ed25519PublicKey;\n\tderivationPath: string;\n\tledgerClient: SuiLedgerClient;\n\tsuiClient: SuiClient;\n}\n\n/**\n * Ledger integrates with the Sui blockchain to provide signing capabilities using Ledger devices.\n */\nexport class LedgerSigner extends Signer {\n\t#derivationPath: string;\n\t#publicKey: Ed25519PublicKey;\n\t#ledgerClient: SuiLedgerClient;\n\t#suiClient: SuiClient;\n\n\t/**\n\t * Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.\n\t * @example\n\t * ```\n\t * const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);\n\t * ```\n\t */\n\tconstructor({ publicKey, derivationPath, ledgerClient, suiClient }: LedgerSignerOptions) {\n\t\tsuper();\n\t\tthis.#publicKey = publicKey;\n\t\tthis.#derivationPath = derivationPath;\n\t\tthis.#ledgerClient = ledgerClient;\n\t\tthis.#suiClient = suiClient;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t */\n\toverride getKeyScheme() {\n\t\treturn 'ED25519' as const;\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Ed25519PublicKey instance.\n\t */\n\toverride getPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the provided transaction bytes.\n\t * @returns The signed transaction bytes and signature.\n\t */\n\toverride async signTransaction(bytes: Uint8Array): Promise<SignatureWithBytes> {\n\t\tconst transactionOptions = await this.#getClearSigningOptions(bytes).catch(() => ({\n\t\t\t// Fail gracefully so network errors or serialization issues don't break transaction signing:\n\t\t\tbcsObjects: [],\n\t\t}));\n\n\t\tconst intentMessage = messageWithIntent('TransactionData', bytes);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t\ttransactionOptions,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Signs the provided personal message.\n\t * @returns The signed message bytes and signature.\n\t */\n\toverride async signPersonalMessage(bytes: Uint8Array): Promise<SignatureWithBytes> {\n\t\tconst intentMessage = messageWithIntent(\n\t\t\t'PersonalMessage',\n\t\t\tbcs.byteVector().serialize(bytes).toBytes(),\n\t\t);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from a Ledger device.\n\t * It is recommended to initialize an `LedgerSigner` instance using this function.\n\t * @returns A promise that resolves once a `LedgerSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromDerivationPath(\n\t\tderivationPath: string,\n\t\tledgerClient: SuiLedgerClient,\n\t\tsuiClient: SuiClient,\n\t) {\n\t\tconst { publicKey } = await ledgerClient.getPublicKey(derivationPath);\n\t\tif (!publicKey) {\n\t\t\tthrow new Error('Failed to get public key from Ledger.');\n\t\t}\n\n\t\treturn new LedgerSigner({\n\t\t\tderivationPath,\n\t\t\tpublicKey: new Ed25519PublicKey(publicKey),\n\t\t\tledgerClient,\n\t\t\tsuiClient,\n\t\t});\n\t}\n\n\tasync #getClearSigningOptions(transactionBytes: Uint8Array) {\n\t\tconst transaction = Transaction.from(transactionBytes);\n\t\tconst data = transaction.getData();\n\n\t\tconst gasObjectIds = data.gasData.payment?.map((object) => object.objectId) ?? [];\n\t\tconst inputObjectIds = data.inputs\n\t\t\t.map((input) => {\n\t\t\t\treturn input.$kind === 'Object' && input.Object.$kind === 'ImmOrOwnedObject'\n\t\t\t\t\t? input.Object.ImmOrOwnedObject.objectId\n\t\t\t\t\t: null;\n\t\t\t})\n\t\t\t.filter((objectId): objectId is string => !!objectId);\n\n\t\tconst objects = await this.#suiClient.multiGetObjects({\n\t\t\tids: [...gasObjectIds, ...inputObjectIds],\n\t\t\toptions: {\n\t\t\t\tshowBcs: true,\n\t\t\t\tshowPreviousTransaction: true,\n\t\t\t\tshowStorageRebate: true,\n\t\t\t\tshowOwner: true,\n\t\t\t},\n\t\t});\n\n\t\t// NOTE: We should probably get rid of this manual serialization logic in favor of using the\n\t\t// already serialized object bytes from the GraphQL API once there is more mainstream support\n\t\t// for it + we can enforce the transport type on the Sui client.\n\t\tconst bcsObjects = objects\n\t\t\t.map((object) => {\n\t\t\t\tif (object.error || !object.data || object.data.bcs?.dataType !== 'moveObject') {\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\n\t\t\t\treturn SuiMoveObject.serialize({\n\t\t\t\t\tdata: {\n\t\t\t\t\t\tMoveObject: {\n\t\t\t\t\t\t\ttype: object.data.bcs.type,\n\t\t\t\t\t\t\thasPublicTransfer: object.data.bcs.hasPublicTransfer,\n\t\t\t\t\t\t\tversion: object.data.bcs.version,\n\t\t\t\t\t\t\tcontents: object.data.bcs.bcsBytes,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\towner: object.data.owner!,\n\t\t\t\t\tpreviousTransaction: object.data.previousTransaction!,\n\t\t\t\t\tstorageRebate: object.data.storageRebate!,\n\t\t\t\t}).toBytes();\n\t\t\t})\n\t\t\t.filter((bcsBytes): bcsBytes is Uint8Array => !!bcsBytes);\n\n\t\treturn { bcsObjects };\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride sign(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride signWithIntent(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,0BAAiE;AACjE,qBAAiC;AACjC,0BAA4B;AAC5B,mBAAyB;AAEzB,iBAA8B;AAC9B,IAAAA,cAAoB;AAZpB;AA2BO,MAAM,gBAAN,MAAM,sBAAqB,2BAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaxC,YAAY,EAAE,WAAW,gBAAgB,cAAc,UAAU,GAAwB;AACxF,UAAM;AAdD;AACN;AACA;AACA;AACA;AAWC,uBAAK,YAAa;AAClB,uBAAK,iBAAkB;AACvB,uBAAK,eAAgB;AACrB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKS,eAAe;AACvB,WAAO;AAAA,EACR;AAAA;AAAA;AAAA;AAAA;AAAA,EAMS,eAAe;AACvB,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAe,gBAAgB,OAAgD;AAC9E,UAAM,qBAAqB,MAAM,sBAAK,oDAAL,WAA6B,OAAO,MAAM,OAAO;AAAA;AAAA,MAEjF,YAAY,CAAC;AAAA,IACd,EAAE;AAEF,UAAM,oBAAgB,uCAAkB,mBAAmB,KAAK;AAChE,UAAM,EAAE,UAAU,IAAI,MAAM,mBAAK,eAAc;AAAA,MAC9C,mBAAK;AAAA,MACL;AAAA,MACA;AAAA,IACD;AAEA,WAAO;AAAA,MACN,WAAO,uBAAS,KAAK;AAAA,MACrB,eAAW,2CAAsB;AAAA,QAChC;AAAA,QACA,iBAAiB,KAAK,aAAa;AAAA,QACnC,WAAW,mBAAK;AAAA,MACjB,CAAC;AAAA,IACF;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAe,oBAAoB,OAAgD;AAClF,UAAM,oBAAgB;AAAA,MACrB;AAAA,MACA,gBAAI,WAAW,EAAE,UAAU,KAAK,EAAE,QAAQ;AAAA,IAC3C;AACA,UAAM,EAAE,UAAU,IAAI,MAAM,mBAAK,eAAc;AAAA,MAC9C,mBAAK;AAAA,MACL;AAAA,IACD;AAEA,WAAO;AAAA,MACN,WAAO,uBAAS,KAAK;AAAA,MACrB,eAAW,2CAAsB;AAAA,QAChC;AAAA,QACA,iBAAiB,KAAK,aAAa;AAAA,QACnC,WAAW,mBAAK;AAAA,MACjB,CAAC;AAAA,IACF;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,mBACZ,gBACA,cACA,WACC;AACD,UAAM,EAAE,UAAU,IAAI,MAAM,aAAa,aAAa,cAAc;AACpE,QAAI,CAAC,WAAW;AACf,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACxD;AAEA,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA,WAAW,IAAI,gCAAiB,SAAS;AAAA,MACzC;AAAA,MACA;AAAA,IACD,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAyDS,OAAc;AACtB,UAAM,IAAI,MAAM,iDAAiD;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMS,iBAAwB;AAChC,UAAM,IAAI,MAAM,iDAAiD;AAAA,EAClE;AACD;AA/KC;AACA;AACA;AACA;AAJM;AA8GA,4BAAuB,eAAC,kBAA8B;AAC3D,QAAM,cAAc,gCAAY,KAAK,gBAAgB;AACrD,QAAM,OAAO,YAAY,QAAQ;AAEjC,QAAM,eAAe,KAAK,QAAQ,SAAS,IAAI,CAAC,WAAW,OAAO,QAAQ,KAAK,CAAC;AAChF,QAAM,iBAAiB,KAAK,OAC1B,IAAI,CAAC,UAAU;AACf,WAAO,MAAM,UAAU,YAAY,MAAM,OAAO,UAAU,qBACvD,MAAM,OAAO,iBAAiB,WAC9B;AAAA,EACJ,CAAC,EACA,OAAO,CAAC,aAAiC,CAAC,CAAC,QAAQ;AAErD,QAAM,UAAU,MAAM,mBAAK,YAAW,gBAAgB;AAAA,IACrD,KAAK,CAAC,GAAG,cAAc,GAAG,cAAc;AAAA,IACxC,SAAS;AAAA,MACR,SAAS;AAAA,MACT,yBAAyB;AAAA,MACzB,mBAAmB;AAAA,MACnB,WAAW;AAAA,IACZ;AAAA,EACD,CAAC;AAKD,QAAM,aAAa,QACjB,IAAI,CAAC,WAAW;AAChB,QAAI,OAAO,SAAS,CAAC,OAAO,QAAQ,OAAO,KAAK,KAAK,aAAa,cAAc;AAC/E,aAAO;AAAA,IACR;AAEA,WAAO,yBAAc,UAAU;AAAA,MAC9B,MAAM;AAAA,QACL,YAAY;AAAA,UACX,MAAM,OAAO,KAAK,IAAI;AAAA,UACtB,mBAAmB,OAAO,KAAK,IAAI;AAAA,UACnC,SAAS,OAAO,KAAK,IAAI;AAAA,UACzB,UAAU,OAAO,KAAK,IAAI;AAAA,QAC3B;AAAA,MACD;AAAA,MACA,OAAO,OAAO,KAAK;AAAA,MACnB,qBAAqB,OAAO,KAAK;AAAA,MACjC,eAAe,OAAO,KAAK;AAAA,IAC5B,CAAC,EAAE,QAAQ;AAAA,EACZ,CAAC,EACA,OAAO,CAAC,aAAqC,CAAC,CAAC,QAAQ;AAEzD,SAAO,EAAE,WAAW;AACrB;AA/JM,IAAM,eAAN;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type SuiLedgerClient from '@mysten/ledgerjs-hw-app-sui';\nimport type { SuiClient } from '@mysten/sui/client';\nimport type { SignatureWithBytes } from '@mysten/sui/cryptography';\nimport { messageWithIntent, Signer, toSerializedSignature } from '@mysten/sui/cryptography';\nimport { Ed25519PublicKey } from '@mysten/sui/keypairs/ed25519';\nimport { Transaction } from '@mysten/sui/transactions';\nimport { toBase64 } from '@mysten/sui/utils';\n\nimport { SuiMoveObject } from './bcs.js';\nimport { bcs } from '@mysten/sui/bcs';\n\n/**\n * Configuration options for initializing the LedgerSigner.\n */\nexport interface LedgerSignerOptions {\n\tpublicKey: Ed25519PublicKey;\n\tderivationPath: string;\n\tledgerClient: SuiLedgerClient;\n\tsuiClient: SuiClient;\n}\n\n/**\n * Ledger integrates with the Sui blockchain to provide signing capabilities using Ledger devices.\n */\nexport class LedgerSigner extends Signer {\n\t#derivationPath: string;\n\t#publicKey: Ed25519PublicKey;\n\t#ledgerClient: SuiLedgerClient;\n\t#suiClient: SuiClient;\n\n\t/**\n\t * Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.\n\t * @example\n\t * ```\n\t * const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);\n\t * ```\n\t */\n\tconstructor({ publicKey, derivationPath, ledgerClient, suiClient }: LedgerSignerOptions) {\n\t\tsuper();\n\t\tthis.#publicKey = publicKey;\n\t\tthis.#derivationPath = derivationPath;\n\t\tthis.#ledgerClient = ledgerClient;\n\t\tthis.#suiClient = suiClient;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t */\n\toverride getKeyScheme() {\n\t\treturn 'ED25519' as const;\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Ed25519PublicKey instance.\n\t */\n\toverride getPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the provided transaction bytes.\n\t * @returns The signed transaction bytes and signature.\n\t */\n\toverride async signTransaction(bytes: Uint8Array): Promise<SignatureWithBytes> {\n\t\tconst transactionOptions = await this.#getClearSigningOptions(bytes).catch(() => ({\n\t\t\t// Fail gracefully so network errors or serialization issues don't break transaction signing:\n\t\t\tbcsObjects: [],\n\t\t}));\n\n\t\tconst intentMessage = messageWithIntent('TransactionData', bytes);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t\ttransactionOptions,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Signs the provided personal message.\n\t * @returns The signed message bytes and signature.\n\t */\n\toverride async signPersonalMessage(bytes: Uint8Array): Promise<SignatureWithBytes> {\n\t\tconst intentMessage = messageWithIntent(\n\t\t\t'PersonalMessage',\n\t\t\tbcs.byteVector().serialize(bytes).toBytes(),\n\t\t);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from a Ledger device.\n\t * It is recommended to initialize an `LedgerSigner` instance using this function.\n\t * @returns A promise that resolves once a `LedgerSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromDerivationPath(\n\t\tderivationPath: string,\n\t\tledgerClient: SuiLedgerClient,\n\t\tsuiClient: SuiClient,\n\t) {\n\t\tconst { publicKey } = await ledgerClient.getPublicKey(derivationPath);\n\t\tif (!publicKey) {\n\t\t\tthrow new Error('Failed to get public key from Ledger.');\n\t\t}\n\n\t\treturn new LedgerSigner({\n\t\t\tderivationPath,\n\t\t\tpublicKey: new Ed25519PublicKey(publicKey),\n\t\t\tledgerClient,\n\t\t\tsuiClient,\n\t\t});\n\t}\n\n\tasync #getClearSigningOptions(transactionBytes: Uint8Array) {\n\t\tconst transaction = Transaction.from(transactionBytes);\n\t\tconst data = transaction.getData();\n\n\t\tconst gasObjectIds = data.gasData.payment?.map((object) => object.objectId) ?? [];\n\t\tconst inputObjectIds = data.inputs\n\t\t\t.map((input) => {\n\t\t\t\treturn input.$kind === 'Object' && input.Object.$kind === 'ImmOrOwnedObject'\n\t\t\t\t\t? input.Object.ImmOrOwnedObject.objectId\n\t\t\t\t\t: null;\n\t\t\t})\n\t\t\t.filter((objectId): objectId is string => !!objectId);\n\n\t\tconst objects = await this.#suiClient.multiGetObjects({\n\t\t\tids: [...gasObjectIds, ...inputObjectIds],\n\t\t\toptions: {\n\t\t\t\tshowBcs: true,\n\t\t\t\tshowPreviousTransaction: true,\n\t\t\t\tshowStorageRebate: true,\n\t\t\t\tshowOwner: true,\n\t\t\t},\n\t\t});\n\n\t\t// NOTE: We should probably get rid of this manual serialization logic in favor of using the\n\t\t// already serialized object bytes from the GraphQL API once there is more mainstream support\n\t\t// for it + we can enforce the transport type on the Sui client.\n\t\tconst bcsObjects = objects\n\t\t\t.map((object) => {\n\t\t\t\tif (object.error || !object.data || object.data.bcs?.dataType !== 'moveObject') {\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\n\t\t\t\treturn SuiMoveObject.serialize({\n\t\t\t\t\tdata: {\n\t\t\t\t\t\tMoveObject: {\n\t\t\t\t\t\t\ttype: object.data.bcs.type,\n\t\t\t\t\t\t\thasPublicTransfer: object.data.bcs.hasPublicTransfer,\n\t\t\t\t\t\t\tversion: object.data.bcs.version,\n\t\t\t\t\t\t\tcontents: object.data.bcs.bcsBytes,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\towner: object.data.owner!,\n\t\t\t\t\tpreviousTransaction: object.data.previousTransaction!,\n\t\t\t\t\tstorageRebate: object.data.storageRebate!,\n\t\t\t\t}).toBytes();\n\t\t\t})\n\t\t\t.filter((bcsBytes): bcsBytes is Uint8Array<ArrayBuffer> => !!bcsBytes);\n\n\t\treturn { bcsObjects };\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride sign(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride signWithIntent(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,0BAAiE;AACjE,qBAAiC;AACjC,0BAA4B;AAC5B,mBAAyB;AAEzB,iBAA8B;AAC9B,IAAAA,cAAoB;AAZpB;AA2BO,MAAM,gBAAN,MAAM,sBAAqB,2BAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaxC,YAAY,EAAE,WAAW,gBAAgB,cAAc,UAAU,GAAwB;AACxF,UAAM;AAdD;AACN;AACA;AACA;AACA;AAWC,uBAAK,YAAa;AAClB,uBAAK,iBAAkB;AACvB,uBAAK,eAAgB;AACrB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKS,eAAe;AACvB,WAAO;AAAA,EACR;AAAA;AAAA;AAAA;AAAA;AAAA,EAMS,eAAe;AACvB,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAe,gBAAgB,OAAgD;AAC9E,UAAM,qBAAqB,MAAM,sBAAK,oDAAL,WAA6B,OAAO,MAAM,OAAO;AAAA;AAAA,MAEjF,YAAY,CAAC;AAAA,IACd,EAAE;AAEF,UAAM,oBAAgB,uCAAkB,mBAAmB,KAAK;AAChE,UAAM,EAAE,UAAU,IAAI,MAAM,mBAAK,eAAc;AAAA,MAC9C,mBAAK;AAAA,MACL;AAAA,MACA;AAAA,IACD;AAEA,WAAO;AAAA,MACN,WAAO,uBAAS,KAAK;AAAA,MACrB,eAAW,2CAAsB;AAAA,QAChC;AAAA,QACA,iBAAiB,KAAK,aAAa;AAAA,QACnC,WAAW,mBAAK;AAAA,MACjB,CAAC;AAAA,IACF;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAe,oBAAoB,OAAgD;AAClF,UAAM,oBAAgB;AAAA,MACrB;AAAA,MACA,gBAAI,WAAW,EAAE,UAAU,KAAK,EAAE,QAAQ;AAAA,IAC3C;AACA,UAAM,EAAE,UAAU,IAAI,MAAM,mBAAK,eAAc;AAAA,MAC9C,mBAAK;AAAA,MACL;AAAA,IACD;AAEA,WAAO;AAAA,MACN,WAAO,uBAAS,KAAK;AAAA,MACrB,eAAW,2CAAsB;AAAA,QAChC;AAAA,QACA,iBAAiB,KAAK,aAAa;AAAA,QACnC,WAAW,mBAAK;AAAA,MACjB,CAAC;AAAA,IACF;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,mBACZ,gBACA,cACA,WACC;AACD,UAAM,EAAE,UAAU,IAAI,MAAM,aAAa,aAAa,cAAc;AACpE,QAAI,CAAC,WAAW;AACf,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACxD;AAEA,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA,WAAW,IAAI,gCAAiB,SAAS;AAAA,MACzC;AAAA,MACA;AAAA,IACD,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAyDS,OAAc;AACtB,UAAM,IAAI,MAAM,iDAAiD;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMS,iBAAwB;AAChC,UAAM,IAAI,MAAM,iDAAiD;AAAA,EAClE;AACD;AA/KC;AACA;AACA;AACA;AAJM;AA8GA,4BAAuB,eAAC,kBAA8B;AAC3D,QAAM,cAAc,gCAAY,KAAK,gBAAgB;AACrD,QAAM,OAAO,YAAY,QAAQ;AAEjC,QAAM,eAAe,KAAK,QAAQ,SAAS,IAAI,CAAC,WAAW,OAAO,QAAQ,KAAK,CAAC;AAChF,QAAM,iBAAiB,KAAK,OAC1B,IAAI,CAAC,UAAU;AACf,WAAO,MAAM,UAAU,YAAY,MAAM,OAAO,UAAU,qBACvD,MAAM,OAAO,iBAAiB,WAC9B;AAAA,EACJ,CAAC,EACA,OAAO,CAAC,aAAiC,CAAC,CAAC,QAAQ;AAErD,QAAM,UAAU,MAAM,mBAAK,YAAW,gBAAgB;AAAA,IACrD,KAAK,CAAC,GAAG,cAAc,GAAG,cAAc;AAAA,IACxC,SAAS;AAAA,MACR,SAAS;AAAA,MACT,yBAAyB;AAAA,MACzB,mBAAmB;AAAA,MACnB,WAAW;AAAA,IACZ;AAAA,EACD,CAAC;AAKD,QAAM,aAAa,QACjB,IAAI,CAAC,WAAW;AAChB,QAAI,OAAO,SAAS,CAAC,OAAO,QAAQ,OAAO,KAAK,KAAK,aAAa,cAAc;AAC/E,aAAO;AAAA,IACR;AAEA,WAAO,yBAAc,UAAU;AAAA,MAC9B,MAAM;AAAA,QACL,YAAY;AAAA,UACX,MAAM,OAAO,KAAK,IAAI;AAAA,UACtB,mBAAmB,OAAO,KAAK,IAAI;AAAA,UACnC,SAAS,OAAO,KAAK,IAAI;AAAA,UACzB,UAAU,OAAO,KAAK,IAAI;AAAA,QAC3B;AAAA,MACD;AAAA,MACA,OAAO,OAAO,KAAK;AAAA,MACnB,qBAAqB,OAAO,KAAK;AAAA,MACjC,eAAe,OAAO,KAAK;AAAA,IAC5B,CAAC,EAAE,QAAQ;AAAA,EACZ,CAAC,EACA,OAAO,CAAC,aAAkD,CAAC,CAAC,QAAQ;AAEtE,SAAO,EAAE,WAAW;AACrB;AA/JM,IAAM,eAAN;",
   "names": ["import_bcs"]
 }

package/dist/cjs/utils/utils.d.ts

@@ -3,7 +3,7 @@ export declare const DER_BIT_STRING_LENGTH = 520;
 /** The total number of bytes corresponding to the DER bit string length. */
 export declare const DER_BYTES_LENGTH: number;
 export declare function publicKeyFromDER(derBytes: Uint8Array): Uint8Array<ArrayBufferLike>;
-export declare function getConcatenatedSignature(signature: Uint8Array, keyScheme: string): Uint8Array<ArrayBufferLike>;
+export declare function getConcatenatedSignature(signature: Uint8Array, keyScheme: string): Uint8Array<ArrayBuffer>;
 /**
  * Compresses an uncompressed public key into its compressed form.
  *

package/dist/cjs/utils/utils.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/utils/utils.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { secp256r1 } from '@noble/curves/p256';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { ASN1Construction, ASN1TagClass, DERElement } from 'asn1-ts';\n\n/** The total number of bits in the DER bit string for the uncompressed public key. */\nexport const DER_BIT_STRING_LENGTH = 520;\n\n/** The total number of bytes corresponding to the DER bit string length. */\nexport const DER_BYTES_LENGTH = DER_BIT_STRING_LENGTH / 8;\n\n// Reference Specifications:\n// https://datatracker.ietf.org/doc/html/rfc5480#section-2.2\n// https://www.secg.org/sec1-v2.pdf\n\n/**\n * Converts an array of bits into a byte array.\n *\n * @param bitsArray - A `Uint8ClampedArray` representing the bits to convert.\n * @returns A `Uint8Array` containing the corresponding bytes.\n *\n * @throws {Error} If the input array does not have the expected length.\n */\nfunction bitsToBytes(bitsArray: Uint8ClampedArray): Uint8Array {\n\tconst bytes = new Uint8Array(DER_BYTES_LENGTH);\n\tfor (let i = 0; i < DER_BIT_STRING_LENGTH; i++) {\n\t\tif (bitsArray[i] === 1) {\n\t\t\tbytes[Math.floor(i / 8)] |= 1 << (7 - (i % 8));\n\t\t}\n\t}\n\treturn bytes;\n}\n\nexport function publicKeyFromDER(derBytes: Uint8Array) {\n\tconst encodedData: Uint8Array = derBytes;\n\tconst derElement = new DERElement();\n\tderElement.fromBytes(encodedData);\n\n\t// Validate the ASN.1 structure of the public key\n\tif (\n\t\t!(\n\t\t\tderElement.tagClass === ASN1TagClass.universal &&\n\t\t\tderElement.construction === ASN1Construction.constructed\n\t\t)\n\t) {\n\t\tthrow new Error('Unexpected ASN.1 structure');\n\t}\n\n\tconst components = derElement.components;\n\tconst publicKeyElement = components[1];\n\n\tif (!publicKeyElement) {\n\t\tthrow new Error('Public Key not found in the DER structure');\n\t}\n\n\treturn compressPublicKeyClamped(publicKeyElement.bitString);\n}\n\nexport function getConcatenatedSignature(signature: Uint8Array, keyScheme: string) {\n\tif (!signature || signature.length === 0) {\n\t\tthrow new Error('Invalid signature');\n\t}\n\n\t// Initialize a DERElement to parse the DER-encoded signature\n\tconst derElement = new DERElement();\n\tderElement.fromBytes(signature);\n\n\tconst [r, s] = derElement.toJSON() as [string, string];\n\n\tswitch (keyScheme) {\n\t\tcase 'Secp256k1':\n\t\t\treturn new secp256k1.Signature(BigInt(r), BigInt(s)).normalizeS().toCompactRawBytes();\n\t\tcase 'Secp256r1':\n\t\t\treturn new secp256r1.Signature(BigInt(r), BigInt(s)).normalizeS().toCompactRawBytes();\n\t\tdefault:\n\t\t\tthrow new Error('Unsupported key scheme');\n\t}\n}\n\n/**\n * Compresses an uncompressed public key into its compressed form.\n *\n * The uncompressed key must follow the DER bit string format as specified in [RFC 5480](https://datatracker.ietf.org/doc/html/rfc5480#section-2.2)\n * and [SEC 1: Elliptic Curve Cryptography](https://www.secg.org/sec1-v2.pdf).\n *\n * @param uncompressedKey - A `Uint8ClampedArray` representing the uncompressed public key bits.\n * @returns A `Uint8Array` containing the compressed public key.\n *\n * @throws {Error} If the uncompressed key has an unexpected length or does not start with the expected prefix.\n */\nexport function compressPublicKeyClamped(uncompressedKey: Uint8ClampedArray): Uint8Array {\n\tif (uncompressedKey.length !== DER_BIT_STRING_LENGTH) {\n\t\tthrow new Error('Unexpected length for an uncompressed public key');\n\t}\n\n\t// Convert bits to bytes\n\tconst uncompressedBytes = bitsToBytes(uncompressedKey);\n\n\t// Ensure the public key starts with the standard uncompressed prefix 0x04\n\tif (uncompressedBytes[0] !== 0x04) {\n\t\tthrow new Error('Public key does not start with 0x04');\n\t}\n\n\t// Extract X-Coordinate (skip the first byte, which is the prefix 0x04)\n\tconst xCoord = uncompressedBytes.slice(1, 33);\n\n\t// Determine parity byte for Y coordinate based on the last byte\n\tconst yCoordLastByte = uncompressedBytes[64];\n\tconst parityByte = yCoordLastByte % 2 === 0 ? 0x02 : 0x03;\n\n\t// Return the compressed public key consisting of the parity byte and X-coordinate\n\treturn new Uint8Array([parityByte, ...xCoord]);\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,kBAA0B;AAC1B,uBAA0B;AAC1B,qBAA2D;AAGpD,MAAM,wBAAwB;AAG9B,MAAM,mBAAmB,wBAAwB;AAcxD,SAAS,YAAY,WAA0C;AAC9D,QAAM,QAAQ,IAAI,WAAW,gBAAgB;AAC7C,WAAS,IAAI,GAAG,IAAI,uBAAuB,KAAK;AAC/C,QAAI,UAAU,CAAC,MAAM,GAAG;AACvB,YAAM,KAAK,MAAM,IAAI,CAAC,CAAC,KAAK,KAAM,IAAK,IAAI;AAAA,IAC5C;AAAA,EACD;AACA,SAAO;AACR;AAEO,SAAS,iBAAiB,UAAsB;AACtD,QAAM,cAA0B;AAChC,QAAM,aAAa,IAAI,0BAAW;AAClC,aAAW,UAAU,WAAW;AAGhC,MACC,EACC,WAAW,aAAa,4BAAa,aACrC,WAAW,iBAAiB,gCAAiB,cAE7C;AACD,UAAM,IAAI,MAAM,4BAA4B;AAAA,EAC7C;AAEA,QAAM,aAAa,WAAW;AAC9B,QAAM,mBAAmB,WAAW,CAAC;AAErC,MAAI,CAAC,kBAAkB;AACtB,UAAM,IAAI,MAAM,2CAA2C;AAAA,EAC5D;AAEA,SAAO,yBAAyB,iBAAiB,SAAS;AAC3D;AAEO,SAAS,yBAAyB,WAAuB,WAAmB;AAClF,MAAI,CAAC,aAAa,UAAU,WAAW,GAAG;AACzC,UAAM,IAAI,MAAM,mBAAmB;AAAA,EACpC;AAGA,QAAM,aAAa,IAAI,0BAAW;AAClC,aAAW,UAAU,SAAS;AAE9B,QAAM,CAAC,GAAG,CAAC,IAAI,WAAW,OAAO;AAEjC,UAAQ,WAAW;AAAA,IAClB,KAAK;AACJ,aAAO,IAAI,2BAAU,UAAU,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,kBAAkB;AAAA,IACrF,KAAK;AACJ,aAAO,IAAI,sBAAU,UAAU,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,kBAAkB;AAAA,IACrF;AACC,YAAM,IAAI,MAAM,wBAAwB;AAAA,EAC1C;AACD;AAaO,SAAS,yBAAyB,iBAAgD;AACxF,MAAI,gBAAgB,WAAW,uBAAuB;AACrD,UAAM,IAAI,MAAM,kDAAkD;AAAA,EACnE;AAGA,QAAM,oBAAoB,YAAY,eAAe;AAGrD,MAAI,kBAAkB,CAAC,MAAM,GAAM;AAClC,UAAM,IAAI,MAAM,qCAAqC;AAAA,EACtD;AAGA,QAAM,SAAS,kBAAkB,MAAM,GAAG,EAAE;AAG5C,QAAM,iBAAiB,kBAAkB,EAAE;AAC3C,QAAM,aAAa,iBAAiB,MAAM,IAAI,IAAO;AAGrD,SAAO,IAAI,WAAW,CAAC,YAAY,GAAG,MAAM,CAAC;AAC9C;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { secp256r1 } from '@noble/curves/p256';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { ASN1Construction, ASN1TagClass, DERElement } from 'asn1-ts';\n\n/** The total number of bits in the DER bit string for the uncompressed public key. */\nexport const DER_BIT_STRING_LENGTH = 520;\n\n/** The total number of bytes corresponding to the DER bit string length. */\nexport const DER_BYTES_LENGTH = DER_BIT_STRING_LENGTH / 8;\n\n// Reference Specifications:\n// https://datatracker.ietf.org/doc/html/rfc5480#section-2.2\n// https://www.secg.org/sec1-v2.pdf\n\n/**\n * Converts an array of bits into a byte array.\n *\n * @param bitsArray - A `Uint8ClampedArray` representing the bits to convert.\n * @returns A `Uint8Array` containing the corresponding bytes.\n *\n * @throws {Error} If the input array does not have the expected length.\n */\nfunction bitsToBytes(bitsArray: Uint8ClampedArray): Uint8Array {\n\tconst bytes = new Uint8Array(DER_BYTES_LENGTH);\n\tfor (let i = 0; i < DER_BIT_STRING_LENGTH; i++) {\n\t\tif (bitsArray[i] === 1) {\n\t\t\tbytes[Math.floor(i / 8)] |= 1 << (7 - (i % 8));\n\t\t}\n\t}\n\treturn bytes;\n}\n\nexport function publicKeyFromDER(derBytes: Uint8Array) {\n\tconst encodedData: Uint8Array = derBytes;\n\tconst derElement = new DERElement();\n\tderElement.fromBytes(encodedData);\n\n\t// Validate the ASN.1 structure of the public key\n\tif (\n\t\t!(\n\t\t\tderElement.tagClass === ASN1TagClass.universal &&\n\t\t\tderElement.construction === ASN1Construction.constructed\n\t\t)\n\t) {\n\t\tthrow new Error('Unexpected ASN.1 structure');\n\t}\n\n\tconst components = derElement.components;\n\tconst publicKeyElement = components[1];\n\n\tif (!publicKeyElement) {\n\t\tthrow new Error('Public Key not found in the DER structure');\n\t}\n\n\treturn compressPublicKeyClamped(publicKeyElement.bitString);\n}\n\nexport function getConcatenatedSignature(signature: Uint8Array, keyScheme: string) {\n\tif (!signature || signature.length === 0) {\n\t\tthrow new Error('Invalid signature');\n\t}\n\n\t// Initialize a DERElement to parse the DER-encoded signature\n\tconst derElement = new DERElement();\n\tderElement.fromBytes(signature);\n\n\tconst [r, s] = derElement.toJSON() as [string, string];\n\n\tswitch (keyScheme) {\n\t\tcase 'Secp256k1':\n\t\t\treturn new secp256k1.Signature(BigInt(r), BigInt(s))\n\t\t\t\t.normalizeS()\n\t\t\t\t.toCompactRawBytes() as Uint8Array<ArrayBuffer>;\n\t\tcase 'Secp256r1':\n\t\t\treturn new secp256r1.Signature(BigInt(r), BigInt(s))\n\t\t\t\t.normalizeS()\n\t\t\t\t.toCompactRawBytes() as Uint8Array<ArrayBuffer>;\n\t\tdefault:\n\t\t\tthrow new Error('Unsupported key scheme');\n\t}\n}\n\n/**\n * Compresses an uncompressed public key into its compressed form.\n *\n * The uncompressed key must follow the DER bit string format as specified in [RFC 5480](https://datatracker.ietf.org/doc/html/rfc5480#section-2.2)\n * and [SEC 1: Elliptic Curve Cryptography](https://www.secg.org/sec1-v2.pdf).\n *\n * @param uncompressedKey - A `Uint8ClampedArray` representing the uncompressed public key bits.\n * @returns A `Uint8Array` containing the compressed public key.\n *\n * @throws {Error} If the uncompressed key has an unexpected length or does not start with the expected prefix.\n */\nexport function compressPublicKeyClamped(uncompressedKey: Uint8ClampedArray): Uint8Array {\n\tif (uncompressedKey.length !== DER_BIT_STRING_LENGTH) {\n\t\tthrow new Error('Unexpected length for an uncompressed public key');\n\t}\n\n\t// Convert bits to bytes\n\tconst uncompressedBytes = bitsToBytes(uncompressedKey);\n\n\t// Ensure the public key starts with the standard uncompressed prefix 0x04\n\tif (uncompressedBytes[0] !== 0x04) {\n\t\tthrow new Error('Public key does not start with 0x04');\n\t}\n\n\t// Extract X-Coordinate (skip the first byte, which is the prefix 0x04)\n\tconst xCoord = uncompressedBytes.slice(1, 33);\n\n\t// Determine parity byte for Y coordinate based on the last byte\n\tconst yCoordLastByte = uncompressedBytes[64];\n\tconst parityByte = yCoordLastByte % 2 === 0 ? 0x02 : 0x03;\n\n\t// Return the compressed public key consisting of the parity byte and X-coordinate\n\treturn new Uint8Array([parityByte, ...xCoord]);\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,kBAA0B;AAC1B,uBAA0B;AAC1B,qBAA2D;AAGpD,MAAM,wBAAwB;AAG9B,MAAM,mBAAmB,wBAAwB;AAcxD,SAAS,YAAY,WAA0C;AAC9D,QAAM,QAAQ,IAAI,WAAW,gBAAgB;AAC7C,WAAS,IAAI,GAAG,IAAI,uBAAuB,KAAK;AAC/C,QAAI,UAAU,CAAC,MAAM,GAAG;AACvB,YAAM,KAAK,MAAM,IAAI,CAAC,CAAC,KAAK,KAAM,IAAK,IAAI;AAAA,IAC5C;AAAA,EACD;AACA,SAAO;AACR;AAEO,SAAS,iBAAiB,UAAsB;AACtD,QAAM,cAA0B;AAChC,QAAM,aAAa,IAAI,0BAAW;AAClC,aAAW,UAAU,WAAW;AAGhC,MACC,EACC,WAAW,aAAa,4BAAa,aACrC,WAAW,iBAAiB,gCAAiB,cAE7C;AACD,UAAM,IAAI,MAAM,4BAA4B;AAAA,EAC7C;AAEA,QAAM,aAAa,WAAW;AAC9B,QAAM,mBAAmB,WAAW,CAAC;AAErC,MAAI,CAAC,kBAAkB;AACtB,UAAM,IAAI,MAAM,2CAA2C;AAAA,EAC5D;AAEA,SAAO,yBAAyB,iBAAiB,SAAS;AAC3D;AAEO,SAAS,yBAAyB,WAAuB,WAAmB;AAClF,MAAI,CAAC,aAAa,UAAU,WAAW,GAAG;AACzC,UAAM,IAAI,MAAM,mBAAmB;AAAA,EACpC;AAGA,QAAM,aAAa,IAAI,0BAAW;AAClC,aAAW,UAAU,SAAS;AAE9B,QAAM,CAAC,GAAG,CAAC,IAAI,WAAW,OAAO;AAEjC,UAAQ,WAAW;AAAA,IAClB,KAAK;AACJ,aAAO,IAAI,2BAAU,UAAU,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,EACjD,WAAW,EACX,kBAAkB;AAAA,IACrB,KAAK;AACJ,aAAO,IAAI,sBAAU,UAAU,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,EACjD,WAAW,EACX,kBAAkB;AAAA,IACrB;AACC,YAAM,IAAI,MAAM,wBAAwB;AAAA,EAC1C;AACD;AAaO,SAAS,yBAAyB,iBAAgD;AACxF,MAAI,gBAAgB,WAAW,uBAAuB;AACrD,UAAM,IAAI,MAAM,kDAAkD;AAAA,EACnE;AAGA,QAAM,oBAAoB,YAAY,eAAe;AAGrD,MAAI,kBAAkB,CAAC,MAAM,GAAM;AAClC,UAAM,IAAI,MAAM,qCAAqC;AAAA,EACtD;AAGA,QAAM,SAAS,kBAAkB,MAAM,GAAG,EAAE;AAG5C,QAAM,iBAAiB,kBAAkB,EAAE;AAC3C,QAAM,aAAa,iBAAiB,MAAM,IAAI,IAAO;AAGrD,SAAO,IAAI,WAAW,CAAC,YAAY,GAAG,MAAM,CAAC;AAC9C;",
   "names": []
 }

package/dist/cjs/webcrypto/index.d.ts

@@ -3,7 +3,7 @@ import { Signer } from '@mysten/sui/cryptography';
 import { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';
 export interface ExportedWebCryptoKeypair {
     privateKey: CryptoKey;
-    publicKey: Uint8Array;
+    publicKey: Uint8Array<ArrayBuffer>;
 }
 export declare class WebCryptoSigner extends Signer {
     #private;
@@ -22,5 +22,5 @@ export declare class WebCryptoSigner extends Signer {
      */
     export(): ExportedWebCryptoKeypair;
     getPublicKey(): Secp256r1PublicKey;
-    sign(bytes: Uint8Array): Promise<Uint8Array>;
+    sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
 }

package/dist/cjs/webcrypto/index.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/webcrypto/index.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { SignatureScheme } from '@mysten/sui/cryptography';\nimport { Signer } from '@mysten/sui/cryptography';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { secp256r1 } from '@noble/curves/p256';\n\n// Convert from uncompressed (65 bytes) to compressed (33 bytes) format\nfunction getCompressedPublicKey(publicKey: Uint8Array) {\n\tconst rawBytes = new Uint8Array(publicKey);\n\tconst x = rawBytes.slice(1, 33);\n\tconst y = rawBytes.slice(33, 65);\n\n\tconst prefix = (y[31] & 1) === 0 ? 0x02 : 0x03;\n\n\tconst compressed = new Uint8Array(Secp256r1PublicKey.SIZE);\n\tcompressed[0] = prefix;\n\tcompressed.set(x, 1);\n\n\treturn compressed;\n}\n\nexport interface ExportedWebCryptoKeypair {\n\tprivateKey: CryptoKey;\n\tpublicKey: Uint8Array;\n}\n\nexport class WebCryptoSigner extends Signer {\n\tprivateKey: CryptoKey;\n\n\t#publicKey: Secp256r1PublicKey;\n\n\tstatic async generate({ extractable = false }: { extractable?: boolean } = {}) {\n\t\tconst keypair = await globalThis.crypto.subtle.generateKey(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\tnamedCurve: 'P-256',\n\t\t\t},\n\t\t\textractable,\n\t\t\t['sign', 'verify'],\n\t\t);\n\n\t\tconst publicKey = await globalThis.crypto.subtle.exportKey('raw', keypair.publicKey);\n\n\t\treturn new WebCryptoSigner(\n\t\t\tkeypair.privateKey,\n\t\t\tgetCompressedPublicKey(new Uint8Array(publicKey)),\n\t\t);\n\t}\n\n\t/**\n\t * Imports a keypair using the value returned by `export()`.\n\t */\n\tstatic import(data: ExportedWebCryptoKeypair) {\n\t\treturn new WebCryptoSigner(data.privateKey, data.publicKey);\n\t}\n\n\tgetKeyScheme(): SignatureScheme {\n\t\treturn 'Secp256r1';\n\t}\n\n\tconstructor(privateKey: CryptoKey, publicKey: Uint8Array) {\n\t\tsuper();\n\t\tthis.privateKey = privateKey;\n\t\tthis.#publicKey = new Secp256r1PublicKey(publicKey);\n\t}\n\n\t/**\n\t * Exports the keypair so that it can be stored in IndexedDB.\n\t */\n\texport(): ExportedWebCryptoKeypair {\n\t\tconst exportedKeypair = {\n\t\t\tprivateKey: this.privateKey,\n\t\t\tpublicKey: this.#publicKey.toRawBytes(),\n\t\t};\n\n\t\tObject.defineProperty(exportedKeypair, 'toJSON', {\n\t\t\tenumerable: false,\n\t\t\tvalue: () => {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'The exported keypair must not be serialized. It must be stored in IndexedDB directly.',\n\t\t\t\t);\n\t\t\t},\n\t\t});\n\n\t\treturn exportedKeypair;\n\t}\n\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array> {\n\t\tconst rawSignature = await globalThis.crypto.subtle.sign(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\thash: 'SHA-256',\n\t\t\t},\n\t\t\tthis.privateKey,\n\t\t\tbytes,\n\t\t);\n\n\t\tconst signature = secp256r1.Signature.fromCompact(new Uint8Array(rawSignature));\n\n\t\treturn signature.normalizeS().toCompactRawBytes();\n\t}\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,0BAAuB;AACvB,uBAAmC;AACnC,kBAA0B;AAN1B;AASA,SAAS,uBAAuB,WAAuB;AACtD,QAAM,WAAW,IAAI,WAAW,SAAS;AACzC,QAAM,IAAI,SAAS,MAAM,GAAG,EAAE;AAC9B,QAAM,IAAI,SAAS,MAAM,IAAI,EAAE;AAE/B,QAAM,UAAU,EAAE,EAAE,IAAI,OAAO,IAAI,IAAO;AAE1C,QAAM,aAAa,IAAI,WAAW,oCAAmB,IAAI;AACzD,aAAW,CAAC,IAAI;AAChB,aAAW,IAAI,GAAG,CAAC;AAEnB,SAAO;AACR;AAOO,MAAM,mBAAN,MAAM,yBAAwB,2BAAO;AAAA,EAkC3C,YAAY,YAAuB,WAAuB;AACzD,UAAM;AAhCP;AAiCC,SAAK,aAAa;AAClB,uBAAK,YAAa,IAAI,oCAAmB,SAAS;AAAA,EACnD;AAAA,EAjCA,aAAa,SAAS,EAAE,cAAc,MAAM,IAA+B,CAAC,GAAG;AAC9E,UAAM,UAAU,MAAM,WAAW,OAAO,OAAO;AAAA,MAC9C;AAAA,QACC,MAAM;AAAA,QACN,YAAY;AAAA,MACb;AAAA,MACA;AAAA,MACA,CAAC,QAAQ,QAAQ;AAAA,IAClB;AAEA,UAAM,YAAY,MAAM,WAAW,OAAO,OAAO,UAAU,OAAO,QAAQ,SAAS;AAEnF,WAAO,IAAI;AAAA,MACV,QAAQ;AAAA,MACR,uBAAuB,IAAI,WAAW,SAAS,CAAC;AAAA,IACjD;AAAA,EACD;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,OAAO,MAAgC;AAC7C,WAAO,IAAI,iBAAgB,KAAK,YAAY,KAAK,SAAS;AAAA,EAC3D;AAAA,EAEA,eAAgC;AAC/B,WAAO;AAAA,EACR;AAAA;AAAA;AAAA;AAAA,EAWA,SAAmC;AAClC,UAAM,kBAAkB;AAAA,MACvB,YAAY,KAAK;AAAA,MACjB,WAAW,mBAAK,YAAW,WAAW;AAAA,IACvC;AAEA,WAAO,eAAe,iBAAiB,UAAU;AAAA,MAChD,YAAY;AAAA,MACZ,OAAO,MAAM;AACZ,cAAM,IAAI;AAAA,UACT;AAAA,QACD;AAAA,MACD;AAAA,IACD,CAAC;AAED,WAAO;AAAA,EACR;AAAA,EAEA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,MAAM,KAAK,OAAwC;AAClD,UAAM,eAAe,MAAM,WAAW,OAAO,OAAO;AAAA,MACnD;AAAA,QACC,MAAM;AAAA,QACN,MAAM;AAAA,MACP;AAAA,MACA,KAAK;AAAA,MACL;AAAA,IACD;AAEA,UAAM,YAAY,sBAAU,UAAU,YAAY,IAAI,WAAW,YAAY,CAAC;AAE9E,WAAO,UAAU,WAAW,EAAE,kBAAkB;AAAA,EACjD;AACD;AA5EC;AAHM,IAAM,kBAAN;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { SignatureScheme } from '@mysten/sui/cryptography';\nimport { Signer } from '@mysten/sui/cryptography';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { secp256r1 } from '@noble/curves/p256';\n\n// Convert from uncompressed (65 bytes) to compressed (33 bytes) format\nfunction getCompressedPublicKey(publicKey: Uint8Array) {\n\tconst rawBytes = new Uint8Array(publicKey);\n\tconst x = rawBytes.slice(1, 33);\n\tconst y = rawBytes.slice(33, 65);\n\n\tconst prefix = (y[31] & 1) === 0 ? 0x02 : 0x03;\n\n\tconst compressed = new Uint8Array(Secp256r1PublicKey.SIZE);\n\tcompressed[0] = prefix;\n\tcompressed.set(x, 1);\n\n\treturn compressed;\n}\n\nexport interface ExportedWebCryptoKeypair {\n\tprivateKey: CryptoKey;\n\tpublicKey: Uint8Array<ArrayBuffer>;\n}\n\nexport class WebCryptoSigner extends Signer {\n\tprivateKey: CryptoKey;\n\n\t#publicKey: Secp256r1PublicKey;\n\n\tstatic async generate({ extractable = false }: { extractable?: boolean } = {}) {\n\t\tconst keypair = await globalThis.crypto.subtle.generateKey(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\tnamedCurve: 'P-256',\n\t\t\t},\n\t\t\textractable,\n\t\t\t['sign', 'verify'],\n\t\t);\n\n\t\tconst publicKey = await globalThis.crypto.subtle.exportKey('raw', keypair.publicKey);\n\n\t\treturn new WebCryptoSigner(\n\t\t\tkeypair.privateKey,\n\t\t\tgetCompressedPublicKey(new Uint8Array(publicKey)),\n\t\t);\n\t}\n\n\t/**\n\t * Imports a keypair using the value returned by `export()`.\n\t */\n\tstatic import(data: ExportedWebCryptoKeypair) {\n\t\treturn new WebCryptoSigner(data.privateKey, data.publicKey);\n\t}\n\n\tgetKeyScheme(): SignatureScheme {\n\t\treturn 'Secp256r1';\n\t}\n\n\tconstructor(privateKey: CryptoKey, publicKey: Uint8Array) {\n\t\tsuper();\n\t\tthis.privateKey = privateKey;\n\t\tthis.#publicKey = new Secp256r1PublicKey(publicKey);\n\t}\n\n\t/**\n\t * Exports the keypair so that it can be stored in IndexedDB.\n\t */\n\texport(): ExportedWebCryptoKeypair {\n\t\tconst exportedKeypair = {\n\t\t\tprivateKey: this.privateKey,\n\t\t\tpublicKey: this.#publicKey.toRawBytes(),\n\t\t};\n\n\t\tObject.defineProperty(exportedKeypair, 'toJSON', {\n\t\t\tenumerable: false,\n\t\t\tvalue: () => {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'The exported keypair must not be serialized. It must be stored in IndexedDB directly.',\n\t\t\t\t);\n\t\t\t},\n\t\t});\n\n\t\treturn exportedKeypair;\n\t}\n\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst rawSignature = await globalThis.crypto.subtle.sign(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\thash: 'SHA-256',\n\t\t\t},\n\t\t\tthis.privateKey,\n\t\t\tbytes as BufferSource,\n\t\t);\n\n\t\tconst signature = secp256r1.Signature.fromCompact(new Uint8Array(rawSignature));\n\n\t\treturn signature.normalizeS().toCompactRawBytes() as Uint8Array<ArrayBuffer>;\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,0BAAuB;AACvB,uBAAmC;AACnC,kBAA0B;AAN1B;AASA,SAAS,uBAAuB,WAAuB;AACtD,QAAM,WAAW,IAAI,WAAW,SAAS;AACzC,QAAM,IAAI,SAAS,MAAM,GAAG,EAAE;AAC9B,QAAM,IAAI,SAAS,MAAM,IAAI,EAAE;AAE/B,QAAM,UAAU,EAAE,EAAE,IAAI,OAAO,IAAI,IAAO;AAE1C,QAAM,aAAa,IAAI,WAAW,oCAAmB,IAAI;AACzD,aAAW,CAAC,IAAI;AAChB,aAAW,IAAI,GAAG,CAAC;AAEnB,SAAO;AACR;AAOO,MAAM,mBAAN,MAAM,yBAAwB,2BAAO;AAAA,EAkC3C,YAAY,YAAuB,WAAuB;AACzD,UAAM;AAhCP;AAiCC,SAAK,aAAa;AAClB,uBAAK,YAAa,IAAI,oCAAmB,SAAS;AAAA,EACnD;AAAA,EAjCA,aAAa,SAAS,EAAE,cAAc,MAAM,IAA+B,CAAC,GAAG;AAC9E,UAAM,UAAU,MAAM,WAAW,OAAO,OAAO;AAAA,MAC9C;AAAA,QACC,MAAM;AAAA,QACN,YAAY;AAAA,MACb;AAAA,MACA;AAAA,MACA,CAAC,QAAQ,QAAQ;AAAA,IAClB;AAEA,UAAM,YAAY,MAAM,WAAW,OAAO,OAAO,UAAU,OAAO,QAAQ,SAAS;AAEnF,WAAO,IAAI;AAAA,MACV,QAAQ;AAAA,MACR,uBAAuB,IAAI,WAAW,SAAS,CAAC;AAAA,IACjD;AAAA,EACD;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,OAAO,MAAgC;AAC7C,WAAO,IAAI,iBAAgB,KAAK,YAAY,KAAK,SAAS;AAAA,EAC3D;AAAA,EAEA,eAAgC;AAC/B,WAAO;AAAA,EACR;AAAA;AAAA;AAAA;AAAA,EAWA,SAAmC;AAClC,UAAM,kBAAkB;AAAA,MACvB,YAAY,KAAK;AAAA,MACjB,WAAW,mBAAK,YAAW,WAAW;AAAA,IACvC;AAEA,WAAO,eAAe,iBAAiB,UAAU;AAAA,MAChD,YAAY;AAAA,MACZ,OAAO,MAAM;AACZ,cAAM,IAAI;AAAA,UACT;AAAA,QACD;AAAA,MACD;AAAA,IACD,CAAC;AAED,WAAO;AAAA,EACR;AAAA,EAEA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,MAAM,KAAK,OAAqD;AAC/D,UAAM,eAAe,MAAM,WAAW,OAAO,OAAO;AAAA,MACnD;AAAA,QACC,MAAM;AAAA,QACN,MAAM;AAAA,MACP;AAAA,MACA,KAAK;AAAA,MACL;AAAA,IACD;AAEA,UAAM,YAAY,sBAAU,UAAU,YAAY,IAAI,WAAW,YAAY,CAAC;AAE9E,WAAO,UAAU,WAAW,EAAE,kBAAkB;AAAA,EACjD;AACD;AA5EC;AAHM,IAAM,kBAAN;",
   "names": []
 }

package/dist/esm/aws/aws-kms-signer.d.ts

@@ -45,7 +45,7 @@ export declare class AwsKmsSigner extends Signer {
      * @returns A promise that resolves to the signature as a Uint8Array.
      * @throws Will throw an error if the public key is not initialized or if signing fails.
      */
-    sign(bytes: Uint8Array): Promise<Uint8Array>;
+    sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
     /**
      * Synchronous signing is not supported by AWS KMS.
      * @throws Always throws an error indicating synchronous signing is unsupported.

package/dist/esm/aws/aws-kms-signer.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/aws/aws-kms-signer.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { fromBase64, toBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature } from '../utils/utils.js';\nimport type { AwsClientOptions } from './aws-client.js';\nimport { AwsKmsClient } from './aws-client.js';\n\n/**\n * Configuration options for initializing the AwsKmsSigner.\n */\nexport interface AwsKmsSignerOptions {\n\t/** AWS KMS Key ID used for signing */\n\tkmsKeyId: string;\n\t/** Options for setting up the AWS KMS client */\n\tclient: AwsKmsClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using AWS-managed cryptographic keys.\n */\nexport class AwsKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** AWS KMS client instance */\n\t#client: AwsKmsClient;\n\t/** AWS KMS Key ID used for signing */\n\t#kmsKeyId: string;\n\n\t/**\n\t * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await AwsKmsSigner.fromKeyId(keyId, options);\n\t * ```\n\t * @throws Will throw an error if required AWS credentials or region are not provided.\n\t */\n\tconstructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!kmsKeyId) throw new Error('KMS Key ID is required');\n\n\t\tthis.#client = client;\n\t\tthis.#kmsKeyId = kmsKeyId;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns AWS supports only Secp256k1 and Secp256r1 schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using AWS KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array> {\n\t\tconst signResponse = await this.#client.runCommand('Sign', {\n\t\t\tKeyId: this.#kmsKeyId,\n\t\t\tMessage: toBase64(bytes),\n\t\t\tMessageType: 'RAW',\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256',\n\t\t});\n\n\t\t// Concatenate the signature components into a compact form\n\t\treturn getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by AWS KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t */\n\tsignData(): never {\n\t\tthrow new Error('KMS Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from AWS KMS.\n\t * It is recommended to initialize an `AwsKmsSigner` instance using this function.\n\t * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromKeyId(keyId: string, options: AwsClientOptions) {\n\t\tconst client = new AwsKmsClient(options);\n\n\t\tconst pubKey = await client.getPublicKey(keyId);\n\n\t\treturn new AwsKmsSigner({\n\t\t\tkmsKeyId: keyId,\n\t\t\tclient,\n\t\t\tpublicKey: pubKey,\n\t\t});\n\t}\n}\n"],
-  "mappings": ";;;;;;;AAAA;AAGA,SAAS,0BAA0B,cAAc;AACjD,SAAS,YAAY,gBAAgB;AAErC,SAAS,gCAAgC;AAEzC,SAAS,oBAAoB;AAkBtB,MAAM,gBAAN,MAAM,sBAAqB,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAexC,YAAY,EAAE,UAAU,QAAQ,UAAU,GAAwB;AACjE,UAAM;AAfP;AAEA;AAAA;AAEA;AAAA;AAYC,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,wBAAwB;AAEvD,uBAAK,SAAU;AACf,uBAAK,WAAY;AACjB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,yBAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAwC;AAClD,UAAM,eAAe,MAAM,mBAAK,SAAQ,WAAW,QAAQ;AAAA,MAC1D,OAAO,mBAAK;AAAA,MACZ,SAAS,SAAS,KAAK;AAAA,MACvB,aAAa;AAAA,MACb,kBAAkB;AAAA,IACnB,CAAC;AAGD,WAAO,yBAAyB,WAAW,aAAa,SAAS,GAAG,KAAK,aAAa,CAAC;AAAA,EACxF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,UAAU,OAAe,SAA2B;AAChE,UAAM,SAAS,IAAI,aAAa,OAAO;AAEvC,UAAM,SAAS,MAAM,OAAO,aAAa,KAAK;AAE9C,WAAO,IAAI,cAAa;AAAA,MACvB,UAAU;AAAA,MACV;AAAA,MACA,WAAW;AAAA,IACZ,CAAC;AAAA,EACF;AACD;AAlFC;AAEA;AAEA;AALM,IAAM,eAAN;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { fromBase64, toBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature } from '../utils/utils.js';\nimport type { AwsClientOptions } from './aws-client.js';\nimport { AwsKmsClient } from './aws-client.js';\n\n/**\n * Configuration options for initializing the AwsKmsSigner.\n */\nexport interface AwsKmsSignerOptions {\n\t/** AWS KMS Key ID used for signing */\n\tkmsKeyId: string;\n\t/** Options for setting up the AWS KMS client */\n\tclient: AwsKmsClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using AWS-managed cryptographic keys.\n */\nexport class AwsKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** AWS KMS client instance */\n\t#client: AwsKmsClient;\n\t/** AWS KMS Key ID used for signing */\n\t#kmsKeyId: string;\n\n\t/**\n\t * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await AwsKmsSigner.fromKeyId(keyId, options);\n\t * ```\n\t * @throws Will throw an error if required AWS credentials or region are not provided.\n\t */\n\tconstructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!kmsKeyId) throw new Error('KMS Key ID is required');\n\n\t\tthis.#client = client;\n\t\tthis.#kmsKeyId = kmsKeyId;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns AWS supports only Secp256k1 and Secp256r1 schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using AWS KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst signResponse = await this.#client.runCommand('Sign', {\n\t\t\tKeyId: this.#kmsKeyId,\n\t\t\tMessage: toBase64(bytes),\n\t\t\tMessageType: 'RAW',\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256',\n\t\t});\n\n\t\t// Concatenate the signature components into a compact form\n\t\treturn getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by AWS KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t */\n\tsignData(): never {\n\t\tthrow new Error('KMS Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from AWS KMS.\n\t * It is recommended to initialize an `AwsKmsSigner` instance using this function.\n\t * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromKeyId(keyId: string, options: AwsClientOptions) {\n\t\tconst client = new AwsKmsClient(options);\n\n\t\tconst pubKey = await client.getPublicKey(keyId);\n\n\t\treturn new AwsKmsSigner({\n\t\t\tkmsKeyId: keyId,\n\t\t\tclient,\n\t\t\tpublicKey: pubKey,\n\t\t});\n\t}\n}\n"],
+  "mappings": ";;;;;;;AAAA;AAGA,SAAS,0BAA0B,cAAc;AACjD,SAAS,YAAY,gBAAgB;AAErC,SAAS,gCAAgC;AAEzC,SAAS,oBAAoB;AAkBtB,MAAM,gBAAN,MAAM,sBAAqB,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAexC,YAAY,EAAE,UAAU,QAAQ,UAAU,GAAwB;AACjE,UAAM;AAfP;AAEA;AAAA;AAEA;AAAA;AAYC,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,wBAAwB;AAEvD,uBAAK,SAAU;AACf,uBAAK,WAAY;AACjB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,yBAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,eAAe,MAAM,mBAAK,SAAQ,WAAW,QAAQ;AAAA,MAC1D,OAAO,mBAAK;AAAA,MACZ,SAAS,SAAS,KAAK;AAAA,MACvB,aAAa;AAAA,MACb,kBAAkB;AAAA,IACnB,CAAC;AAGD,WAAO,yBAAyB,WAAW,aAAa,SAAS,GAAG,KAAK,aAAa,CAAC;AAAA,EACxF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,UAAU,OAAe,SAA2B;AAChE,UAAM,SAAS,IAAI,aAAa,OAAO;AAEvC,UAAM,SAAS,MAAM,OAAO,aAAa,KAAK;AAE9C,WAAO,IAAI,cAAa;AAAA,MACvB,UAAU;AAAA,MACV;AAAA,MACA,WAAW;AAAA,IACZ,CAAC;AAAA,EACF;AACD;AAlFC;AAEA;AAEA;AALM,IAAM,eAAN;",
   "names": []
 }

package/dist/esm/gcp/gcp-kms-client.d.ts

@@ -45,7 +45,7 @@ export declare class GcpKmsSigner extends Signer {
      * @returns A promise that resolves to the signature as a Uint8Array.
      * @throws Will throw an error if the public key is not initialized or if signing fails.
      */
-    sign(bytes: Uint8Array): Promise<Uint8Array>;
+    sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
     /**
      * Synchronous signing is not supported by GCP KMS.
      * @throws Always throws an error indicating synchronous signing is unsupported.

package/dist/esm/gcp/gcp-kms-client.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/gcp/gcp-kms-client.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { KeyManagementServiceClient } from '@google-cloud/kms';\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { fromBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature, publicKeyFromDER } from '../utils/utils.js';\n\n/**\n * Configuration options for initializing the GcpKmsSigner.\n */\nexport interface GcpKmsSignerOptions {\n\t/** The version name generated from `client.cryptoKeyVersionPath()` */\n\tversionName: string;\n\t/** Options for setting up the GCP KMS client */\n\tclient: KeyManagementServiceClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * GCP KMS Signer integrates GCP Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using GCP-managed cryptographic keys.\n */\nexport class GcpKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** GCP KMS client instance */\n\t#client: KeyManagementServiceClient;\n\t/** GCP KMS version name (generated from `client.cryptoKeyVersionPath()`) */\n\t#versionName: string;\n\n\t/**\n\t * Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`\n\t * or `fromVersionName` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await GcpKmsSigner.fromVersionName(versionName);\n\t * ```\n\t * @throws Will throw an error if required GCP credentials are not provided.\n\t */\n\tconstructor({ versionName, client, publicKey }: GcpKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!versionName) throw new Error('Version name is required');\n\n\t\tthis.#client = client;\n\t\tthis.#versionName = versionName;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using GCP KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array> {\n\t\tconst [signResponse] = await this.#client.asymmetricSign({\n\t\t\tname: this.#versionName,\n\t\t\tdata: bytes,\n\t\t});\n\n\t\tif (!signResponse.signature) {\n\t\t\tthrow new Error('No signature returned from GCP KMS');\n\t\t}\n\n\t\treturn getConcatenatedSignature(signResponse.signature as Uint8Array, this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by GCP KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t */\n\tsignData(): never {\n\t\tthrow new Error('GCP Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Creates a GCP KMS signer from the provided options.\n\t * Expects the credentials file to be set as an env variable\n\t * (GOOGLE_APPLICATION_CREDENTIALS).\n\t */\n\tstatic async fromOptions(options: {\n\t\tprojectId: string;\n\t\tlocation: string;\n\t\tkeyRing: string;\n\t\tcryptoKey: string;\n\t\tcryptoKeyVersion: string;\n\t}) {\n\t\tconst client = new KeyManagementServiceClient();\n\n\t\tconst versionName = client.cryptoKeyVersionPath(\n\t\t\toptions.projectId,\n\t\t\toptions.location,\n\t\t\toptions.keyRing,\n\t\t\toptions.cryptoKey,\n\t\t\toptions.cryptoKeyVersion,\n\t\t);\n\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n\n\tstatic async fromVersionName(versionName: string) {\n\t\tconst client = new KeyManagementServiceClient();\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n}\n\n/**\n * Retrieves the public key associated with the given version name.\n */\nasync function getPublicKey(\n\tclient: KeyManagementServiceClient,\n\tversionName: string,\n): Promise<PublicKey> {\n\tconst [publicKey] = await client.getPublicKey({ name: versionName });\n\n\tconst { algorithm, pem } = publicKey;\n\n\tif (!pem) throw new Error('No PEM key returned from GCP KMS');\n\n\tconst base64 = pem\n\t\t.replace('-----BEGIN PUBLIC KEY-----', '')\n\t\t.replace('-----END PUBLIC KEY-----', '')\n\t\t.replace(/\\s/g, '');\n\n\tconst compressedKey = publicKeyFromDER(fromBase64(base64));\n\n\tswitch (algorithm) {\n\t\tcase 'EC_SIGN_SECP256K1_SHA256':\n\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\tcase 'EC_SIGN_P256_SHA256':\n\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported algorithm: ${algorithm}`);\n\t}\n}\n"],
-  "mappings": ";;;;;;;AAAA;AAEA,SAAS,kCAAkC;AAE3C,SAAS,0BAA0B,cAAc;AACjD,SAAS,0BAA0B;AACnC,SAAS,0BAA0B;AACnC,SAAS,kBAAkB;AAE3B,SAAS,0BAA0B,wBAAwB;AAkBpD,MAAM,gBAAN,MAAM,sBAAqB,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBxC,YAAY,EAAE,aAAa,QAAQ,UAAU,GAAwB;AACpE,UAAM;AAhBP;AAEA;AAAA;AAEA;AAAA;AAaC,QAAI,CAAC,YAAa,OAAM,IAAI,MAAM,0BAA0B;AAE5D,uBAAK,SAAU;AACf,uBAAK,cAAe;AACpB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,yBAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAwC;AAClD,UAAM,CAAC,YAAY,IAAI,MAAM,mBAAK,SAAQ,eAAe;AAAA,MACxD,MAAM,mBAAK;AAAA,MACX,MAAM;AAAA,IACP,CAAC;AAED,QAAI,CAAC,aAAa,WAAW;AAC5B,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACrD;AAEA,WAAO,yBAAyB,aAAa,WAAyB,KAAK,aAAa,CAAC;AAAA,EAC1F;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,YAAY,SAMtB;AACF,UAAM,SAAS,IAAI,2BAA2B;AAE9C,UAAM,cAAc,OAAO;AAAA,MAC1B,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IACT;AAEA,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA;AAAA,MACA,WAAW,MAAM,aAAa,QAAQ,WAAW;AAAA,IAClD,CAAC;AAAA,EACF;AAAA,EAEA,aAAa,gBAAgB,aAAqB;AACjD,UAAM,SAAS,IAAI,2BAA2B;AAC9C,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA;AAAA,MACA,WAAW,MAAM,aAAa,QAAQ,WAAW;AAAA,IAClD,CAAC;AAAA,EACF;AACD;AAzGC;AAEA;AAEA;AALM,IAAM,eAAN;AA+GP,eAAe,aACd,QACA,aACqB;AACrB,QAAM,CAAC,SAAS,IAAI,MAAM,OAAO,aAAa,EAAE,MAAM,YAAY,CAAC;AAEnE,QAAM,EAAE,WAAW,IAAI,IAAI;AAE3B,MAAI,CAAC,IAAK,OAAM,IAAI,MAAM,kCAAkC;AAE5D,QAAM,SAAS,IACb,QAAQ,8BAA8B,EAAE,EACxC,QAAQ,4BAA4B,EAAE,EACtC,QAAQ,OAAO,EAAE;AAEnB,QAAM,gBAAgB,iBAAiB,WAAW,MAAM,CAAC;AAEzD,UAAQ,WAAW;AAAA,IAClB,KAAK;AACJ,aAAO,IAAI,mBAAmB,aAAa;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,mBAAmB,aAAa;AAAA,IAC5C;AACC,YAAM,IAAI,MAAM,0BAA0B,SAAS,EAAE;AAAA,EACvD;AACD;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { KeyManagementServiceClient } from '@google-cloud/kms';\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { fromBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature, publicKeyFromDER } from '../utils/utils.js';\n\n/**\n * Configuration options for initializing the GcpKmsSigner.\n */\nexport interface GcpKmsSignerOptions {\n\t/** The version name generated from `client.cryptoKeyVersionPath()` */\n\tversionName: string;\n\t/** Options for setting up the GCP KMS client */\n\tclient: KeyManagementServiceClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * GCP KMS Signer integrates GCP Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using GCP-managed cryptographic keys.\n */\nexport class GcpKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** GCP KMS client instance */\n\t#client: KeyManagementServiceClient;\n\t/** GCP KMS version name (generated from `client.cryptoKeyVersionPath()`) */\n\t#versionName: string;\n\n\t/**\n\t * Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`\n\t * or `fromVersionName` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await GcpKmsSigner.fromVersionName(versionName);\n\t * ```\n\t * @throws Will throw an error if required GCP credentials are not provided.\n\t */\n\tconstructor({ versionName, client, publicKey }: GcpKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!versionName) throw new Error('Version name is required');\n\n\t\tthis.#client = client;\n\t\tthis.#versionName = versionName;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using GCP KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst [signResponse] = await this.#client.asymmetricSign({\n\t\t\tname: this.#versionName,\n\t\t\tdata: bytes,\n\t\t});\n\n\t\tif (!signResponse.signature) {\n\t\t\tthrow new Error('No signature returned from GCP KMS');\n\t\t}\n\n\t\treturn getConcatenatedSignature(signResponse.signature as Uint8Array, this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by GCP KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t */\n\tsignData(): never {\n\t\tthrow new Error('GCP Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Creates a GCP KMS signer from the provided options.\n\t * Expects the credentials file to be set as an env variable\n\t * (GOOGLE_APPLICATION_CREDENTIALS).\n\t */\n\tstatic async fromOptions(options: {\n\t\tprojectId: string;\n\t\tlocation: string;\n\t\tkeyRing: string;\n\t\tcryptoKey: string;\n\t\tcryptoKeyVersion: string;\n\t}) {\n\t\tconst client = new KeyManagementServiceClient();\n\n\t\tconst versionName = client.cryptoKeyVersionPath(\n\t\t\toptions.projectId,\n\t\t\toptions.location,\n\t\t\toptions.keyRing,\n\t\t\toptions.cryptoKey,\n\t\t\toptions.cryptoKeyVersion,\n\t\t);\n\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n\n\tstatic async fromVersionName(versionName: string) {\n\t\tconst client = new KeyManagementServiceClient();\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n}\n\n/**\n * Retrieves the public key associated with the given version name.\n */\nasync function getPublicKey(\n\tclient: KeyManagementServiceClient,\n\tversionName: string,\n): Promise<PublicKey> {\n\tconst [publicKey] = await client.getPublicKey({ name: versionName });\n\n\tconst { algorithm, pem } = publicKey;\n\n\tif (!pem) throw new Error('No PEM key returned from GCP KMS');\n\n\tconst base64 = pem\n\t\t.replace('-----BEGIN PUBLIC KEY-----', '')\n\t\t.replace('-----END PUBLIC KEY-----', '')\n\t\t.replace(/\\s/g, '');\n\n\tconst compressedKey = publicKeyFromDER(fromBase64(base64));\n\n\tswitch (algorithm) {\n\t\tcase 'EC_SIGN_SECP256K1_SHA256':\n\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\tcase 'EC_SIGN_P256_SHA256':\n\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported algorithm: ${algorithm}`);\n\t}\n}\n"],
+  "mappings": ";;;;;;;AAAA;AAEA,SAAS,kCAAkC;AAE3C,SAAS,0BAA0B,cAAc;AACjD,SAAS,0BAA0B;AACnC,SAAS,0BAA0B;AACnC,SAAS,kBAAkB;AAE3B,SAAS,0BAA0B,wBAAwB;AAkBpD,MAAM,gBAAN,MAAM,sBAAqB,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBxC,YAAY,EAAE,aAAa,QAAQ,UAAU,GAAwB;AACpE,UAAM;AAhBP;AAEA;AAAA;AAEA;AAAA;AAaC,QAAI,CAAC,YAAa,OAAM,IAAI,MAAM,0BAA0B;AAE5D,uBAAK,SAAU;AACf,uBAAK,cAAe;AACpB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,yBAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,CAAC,YAAY,IAAI,MAAM,mBAAK,SAAQ,eAAe;AAAA,MACxD,MAAM,mBAAK;AAAA,MACX,MAAM;AAAA,IACP,CAAC;AAED,QAAI,CAAC,aAAa,WAAW;AAC5B,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACrD;AAEA,WAAO,yBAAyB,aAAa,WAAyB,KAAK,aAAa,CAAC;AAAA,EAC1F;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,YAAY,SAMtB;AACF,UAAM,SAAS,IAAI,2BAA2B;AAE9C,UAAM,cAAc,OAAO;AAAA,MAC1B,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IACT;AAEA,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA;AAAA,MACA,WAAW,MAAM,aAAa,QAAQ,WAAW;AAAA,IAClD,CAAC;AAAA,EACF;AAAA,EAEA,aAAa,gBAAgB,aAAqB;AACjD,UAAM,SAAS,IAAI,2BAA2B;AAC9C,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA;AAAA,MACA,WAAW,MAAM,aAAa,QAAQ,WAAW;AAAA,IAClD,CAAC;AAAA,EACF;AACD;AAzGC;AAEA;AAEA;AALM,IAAM,eAAN;AA+GP,eAAe,aACd,QACA,aACqB;AACrB,QAAM,CAAC,SAAS,IAAI,MAAM,OAAO,aAAa,EAAE,MAAM,YAAY,CAAC;AAEnE,QAAM,EAAE,WAAW,IAAI,IAAI;AAE3B,MAAI,CAAC,IAAK,OAAM,IAAI,MAAM,kCAAkC;AAE5D,QAAM,SAAS,IACb,QAAQ,8BAA8B,EAAE,EACxC,QAAQ,4BAA4B,EAAE,EACtC,QAAQ,OAAO,EAAE;AAEnB,QAAM,gBAAgB,iBAAiB,WAAW,MAAM,CAAC;AAEzD,UAAQ,WAAW;AAAA,IAClB,KAAK;AACJ,aAAO,IAAI,mBAAmB,aAAa;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,mBAAmB,aAAa;AAAA,IAC5C;AACC,YAAM,IAAI,MAAM,0BAA0B,SAAS,EAAE;AAAA,EACvD;AACD;",
   "names": []
 }

package/dist/esm/ledger/index.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/ledger/index.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type SuiLedgerClient from '@mysten/ledgerjs-hw-app-sui';\nimport type { SuiClient } from '@mysten/sui/client';\nimport type { SignatureWithBytes } from '@mysten/sui/cryptography';\nimport { messageWithIntent, Signer, toSerializedSignature } from '@mysten/sui/cryptography';\nimport { Ed25519PublicKey } from '@mysten/sui/keypairs/ed25519';\nimport { Transaction } from '@mysten/sui/transactions';\nimport { toBase64 } from '@mysten/sui/utils';\n\nimport { SuiMoveObject } from './bcs.js';\nimport { bcs } from '@mysten/sui/bcs';\n\n/**\n * Configuration options for initializing the LedgerSigner.\n */\nexport interface LedgerSignerOptions {\n\tpublicKey: Ed25519PublicKey;\n\tderivationPath: string;\n\tledgerClient: SuiLedgerClient;\n\tsuiClient: SuiClient;\n}\n\n/**\n * Ledger integrates with the Sui blockchain to provide signing capabilities using Ledger devices.\n */\nexport class LedgerSigner extends Signer {\n\t#derivationPath: string;\n\t#publicKey: Ed25519PublicKey;\n\t#ledgerClient: SuiLedgerClient;\n\t#suiClient: SuiClient;\n\n\t/**\n\t * Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.\n\t * @example\n\t * ```\n\t * const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);\n\t * ```\n\t */\n\tconstructor({ publicKey, derivationPath, ledgerClient, suiClient }: LedgerSignerOptions) {\n\t\tsuper();\n\t\tthis.#publicKey = publicKey;\n\t\tthis.#derivationPath = derivationPath;\n\t\tthis.#ledgerClient = ledgerClient;\n\t\tthis.#suiClient = suiClient;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t */\n\toverride getKeyScheme() {\n\t\treturn 'ED25519' as const;\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Ed25519PublicKey instance.\n\t */\n\toverride getPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the provided transaction bytes.\n\t * @returns The signed transaction bytes and signature.\n\t */\n\toverride async signTransaction(bytes: Uint8Array): Promise<SignatureWithBytes> {\n\t\tconst transactionOptions = await this.#getClearSigningOptions(bytes).catch(() => ({\n\t\t\t// Fail gracefully so network errors or serialization issues don't break transaction signing:\n\t\t\tbcsObjects: [],\n\t\t}));\n\n\t\tconst intentMessage = messageWithIntent('TransactionData', bytes);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t\ttransactionOptions,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Signs the provided personal message.\n\t * @returns The signed message bytes and signature.\n\t */\n\toverride async signPersonalMessage(bytes: Uint8Array): Promise<SignatureWithBytes> {\n\t\tconst intentMessage = messageWithIntent(\n\t\t\t'PersonalMessage',\n\t\t\tbcs.byteVector().serialize(bytes).toBytes(),\n\t\t);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from a Ledger device.\n\t * It is recommended to initialize an `LedgerSigner` instance using this function.\n\t * @returns A promise that resolves once a `LedgerSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromDerivationPath(\n\t\tderivationPath: string,\n\t\tledgerClient: SuiLedgerClient,\n\t\tsuiClient: SuiClient,\n\t) {\n\t\tconst { publicKey } = await ledgerClient.getPublicKey(derivationPath);\n\t\tif (!publicKey) {\n\t\t\tthrow new Error('Failed to get public key from Ledger.');\n\t\t}\n\n\t\treturn new LedgerSigner({\n\t\t\tderivationPath,\n\t\t\tpublicKey: new Ed25519PublicKey(publicKey),\n\t\t\tledgerClient,\n\t\t\tsuiClient,\n\t\t});\n\t}\n\n\tasync #getClearSigningOptions(transactionBytes: Uint8Array) {\n\t\tconst transaction = Transaction.from(transactionBytes);\n\t\tconst data = transaction.getData();\n\n\t\tconst gasObjectIds = data.gasData.payment?.map((object) => object.objectId) ?? [];\n\t\tconst inputObjectIds = data.inputs\n\t\t\t.map((input) => {\n\t\t\t\treturn input.$kind === 'Object' && input.Object.$kind === 'ImmOrOwnedObject'\n\t\t\t\t\t? input.Object.ImmOrOwnedObject.objectId\n\t\t\t\t\t: null;\n\t\t\t})\n\t\t\t.filter((objectId): objectId is string => !!objectId);\n\n\t\tconst objects = await this.#suiClient.multiGetObjects({\n\t\t\tids: [...gasObjectIds, ...inputObjectIds],\n\t\t\toptions: {\n\t\t\t\tshowBcs: true,\n\t\t\t\tshowPreviousTransaction: true,\n\t\t\t\tshowStorageRebate: true,\n\t\t\t\tshowOwner: true,\n\t\t\t},\n\t\t});\n\n\t\t// NOTE: We should probably get rid of this manual serialization logic in favor of using the\n\t\t// already serialized object bytes from the GraphQL API once there is more mainstream support\n\t\t// for it + we can enforce the transport type on the Sui client.\n\t\tconst bcsObjects = objects\n\t\t\t.map((object) => {\n\t\t\t\tif (object.error || !object.data || object.data.bcs?.dataType !== 'moveObject') {\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\n\t\t\t\treturn SuiMoveObject.serialize({\n\t\t\t\t\tdata: {\n\t\t\t\t\t\tMoveObject: {\n\t\t\t\t\t\t\ttype: object.data.bcs.type,\n\t\t\t\t\t\t\thasPublicTransfer: object.data.bcs.hasPublicTransfer,\n\t\t\t\t\t\t\tversion: object.data.bcs.version,\n\t\t\t\t\t\t\tcontents: object.data.bcs.bcsBytes,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\towner: object.data.owner!,\n\t\t\t\t\tpreviousTransaction: object.data.previousTransaction!,\n\t\t\t\t\tstorageRebate: object.data.storageRebate!,\n\t\t\t\t}).toBytes();\n\t\t\t})\n\t\t\t.filter((bcsBytes): bcsBytes is Uint8Array => !!bcsBytes);\n\n\t\treturn { bcsObjects };\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride sign(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride signWithIntent(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n}\n"],
-  "mappings": ";;;;;;;;AAAA;AAMA,SAAS,mBAAmB,QAAQ,6BAA6B;AACjE,SAAS,wBAAwB;AACjC,SAAS,mBAAmB;AAC5B,SAAS,gBAAgB;AAEzB,SAAS,qBAAqB;AAC9B,SAAS,WAAW;AAeb,MAAM,gBAAN,MAAM,sBAAqB,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaxC,YAAY,EAAE,WAAW,gBAAgB,cAAc,UAAU,GAAwB;AACxF,UAAM;AAdD;AACN;AACA;AACA;AACA;AAWC,uBAAK,YAAa;AAClB,uBAAK,iBAAkB;AACvB,uBAAK,eAAgB;AACrB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKS,eAAe;AACvB,WAAO;AAAA,EACR;AAAA;AAAA;AAAA;AAAA;AAAA,EAMS,eAAe;AACvB,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAe,gBAAgB,OAAgD;AAC9E,UAAM,qBAAqB,MAAM,sBAAK,oDAAL,WAA6B,OAAO,MAAM,OAAO;AAAA;AAAA,MAEjF,YAAY,CAAC;AAAA,IACd,EAAE;AAEF,UAAM,gBAAgB,kBAAkB,mBAAmB,KAAK;AAChE,UAAM,EAAE,UAAU,IAAI,MAAM,mBAAK,eAAc;AAAA,MAC9C,mBAAK;AAAA,MACL;AAAA,MACA;AAAA,IACD;AAEA,WAAO;AAAA,MACN,OAAO,SAAS,KAAK;AAAA,MACrB,WAAW,sBAAsB;AAAA,QAChC;AAAA,QACA,iBAAiB,KAAK,aAAa;AAAA,QACnC,WAAW,mBAAK;AAAA,MACjB,CAAC;AAAA,IACF;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAe,oBAAoB,OAAgD;AAClF,UAAM,gBAAgB;AAAA,MACrB;AAAA,MACA,IAAI,WAAW,EAAE,UAAU,KAAK,EAAE,QAAQ;AAAA,IAC3C;AACA,UAAM,EAAE,UAAU,IAAI,MAAM,mBAAK,eAAc;AAAA,MAC9C,mBAAK;AAAA,MACL;AAAA,IACD;AAEA,WAAO;AAAA,MACN,OAAO,SAAS,KAAK;AAAA,MACrB,WAAW,sBAAsB;AAAA,QAChC;AAAA,QACA,iBAAiB,KAAK,aAAa;AAAA,QACnC,WAAW,mBAAK;AAAA,MACjB,CAAC;AAAA,IACF;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,mBACZ,gBACA,cACA,WACC;AACD,UAAM,EAAE,UAAU,IAAI,MAAM,aAAa,aAAa,cAAc;AACpE,QAAI,CAAC,WAAW;AACf,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACxD;AAEA,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA,WAAW,IAAI,iBAAiB,SAAS;AAAA,MACzC;AAAA,MACA;AAAA,IACD,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAyDS,OAAc;AACtB,UAAM,IAAI,MAAM,iDAAiD;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMS,iBAAwB;AAChC,UAAM,IAAI,MAAM,iDAAiD;AAAA,EAClE;AACD;AA/KC;AACA;AACA;AACA;AAJM;AA8GA,4BAAuB,eAAC,kBAA8B;AAC3D,QAAM,cAAc,YAAY,KAAK,gBAAgB;AACrD,QAAM,OAAO,YAAY,QAAQ;AAEjC,QAAM,eAAe,KAAK,QAAQ,SAAS,IAAI,CAAC,WAAW,OAAO,QAAQ,KAAK,CAAC;AAChF,QAAM,iBAAiB,KAAK,OAC1B,IAAI,CAAC,UAAU;AACf,WAAO,MAAM,UAAU,YAAY,MAAM,OAAO,UAAU,qBACvD,MAAM,OAAO,iBAAiB,WAC9B;AAAA,EACJ,CAAC,EACA,OAAO,CAAC,aAAiC,CAAC,CAAC,QAAQ;AAErD,QAAM,UAAU,MAAM,mBAAK,YAAW,gBAAgB;AAAA,IACrD,KAAK,CAAC,GAAG,cAAc,GAAG,cAAc;AAAA,IACxC,SAAS;AAAA,MACR,SAAS;AAAA,MACT,yBAAyB;AAAA,MACzB,mBAAmB;AAAA,MACnB,WAAW;AAAA,IACZ;AAAA,EACD,CAAC;AAKD,QAAM,aAAa,QACjB,IAAI,CAAC,WAAW;AAChB,QAAI,OAAO,SAAS,CAAC,OAAO,QAAQ,OAAO,KAAK,KAAK,aAAa,cAAc;AAC/E,aAAO;AAAA,IACR;AAEA,WAAO,cAAc,UAAU;AAAA,MAC9B,MAAM;AAAA,QACL,YAAY;AAAA,UACX,MAAM,OAAO,KAAK,IAAI;AAAA,UACtB,mBAAmB,OAAO,KAAK,IAAI;AAAA,UACnC,SAAS,OAAO,KAAK,IAAI;AAAA,UACzB,UAAU,OAAO,KAAK,IAAI;AAAA,QAC3B;AAAA,MACD;AAAA,MACA,OAAO,OAAO,KAAK;AAAA,MACnB,qBAAqB,OAAO,KAAK;AAAA,MACjC,eAAe,OAAO,KAAK;AAAA,IAC5B,CAAC,EAAE,QAAQ;AAAA,EACZ,CAAC,EACA,OAAO,CAAC,aAAqC,CAAC,CAAC,QAAQ;AAEzD,SAAO,EAAE,WAAW;AACrB;AA/JM,IAAM,eAAN;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type SuiLedgerClient from '@mysten/ledgerjs-hw-app-sui';\nimport type { SuiClient } from '@mysten/sui/client';\nimport type { SignatureWithBytes } from '@mysten/sui/cryptography';\nimport { messageWithIntent, Signer, toSerializedSignature } from '@mysten/sui/cryptography';\nimport { Ed25519PublicKey } from '@mysten/sui/keypairs/ed25519';\nimport { Transaction } from '@mysten/sui/transactions';\nimport { toBase64 } from '@mysten/sui/utils';\n\nimport { SuiMoveObject } from './bcs.js';\nimport { bcs } from '@mysten/sui/bcs';\n\n/**\n * Configuration options for initializing the LedgerSigner.\n */\nexport interface LedgerSignerOptions {\n\tpublicKey: Ed25519PublicKey;\n\tderivationPath: string;\n\tledgerClient: SuiLedgerClient;\n\tsuiClient: SuiClient;\n}\n\n/**\n * Ledger integrates with the Sui blockchain to provide signing capabilities using Ledger devices.\n */\nexport class LedgerSigner extends Signer {\n\t#derivationPath: string;\n\t#publicKey: Ed25519PublicKey;\n\t#ledgerClient: SuiLedgerClient;\n\t#suiClient: SuiClient;\n\n\t/**\n\t * Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.\n\t * @example\n\t * ```\n\t * const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);\n\t * ```\n\t */\n\tconstructor({ publicKey, derivationPath, ledgerClient, suiClient }: LedgerSignerOptions) {\n\t\tsuper();\n\t\tthis.#publicKey = publicKey;\n\t\tthis.#derivationPath = derivationPath;\n\t\tthis.#ledgerClient = ledgerClient;\n\t\tthis.#suiClient = suiClient;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t */\n\toverride getKeyScheme() {\n\t\treturn 'ED25519' as const;\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Ed25519PublicKey instance.\n\t */\n\toverride getPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the provided transaction bytes.\n\t * @returns The signed transaction bytes and signature.\n\t */\n\toverride async signTransaction(bytes: Uint8Array): Promise<SignatureWithBytes> {\n\t\tconst transactionOptions = await this.#getClearSigningOptions(bytes).catch(() => ({\n\t\t\t// Fail gracefully so network errors or serialization issues don't break transaction signing:\n\t\t\tbcsObjects: [],\n\t\t}));\n\n\t\tconst intentMessage = messageWithIntent('TransactionData', bytes);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t\ttransactionOptions,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Signs the provided personal message.\n\t * @returns The signed message bytes and signature.\n\t */\n\toverride async signPersonalMessage(bytes: Uint8Array): Promise<SignatureWithBytes> {\n\t\tconst intentMessage = messageWithIntent(\n\t\t\t'PersonalMessage',\n\t\t\tbcs.byteVector().serialize(bytes).toBytes(),\n\t\t);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from a Ledger device.\n\t * It is recommended to initialize an `LedgerSigner` instance using this function.\n\t * @returns A promise that resolves once a `LedgerSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromDerivationPath(\n\t\tderivationPath: string,\n\t\tledgerClient: SuiLedgerClient,\n\t\tsuiClient: SuiClient,\n\t) {\n\t\tconst { publicKey } = await ledgerClient.getPublicKey(derivationPath);\n\t\tif (!publicKey) {\n\t\t\tthrow new Error('Failed to get public key from Ledger.');\n\t\t}\n\n\t\treturn new LedgerSigner({\n\t\t\tderivationPath,\n\t\t\tpublicKey: new Ed25519PublicKey(publicKey),\n\t\t\tledgerClient,\n\t\t\tsuiClient,\n\t\t});\n\t}\n\n\tasync #getClearSigningOptions(transactionBytes: Uint8Array) {\n\t\tconst transaction = Transaction.from(transactionBytes);\n\t\tconst data = transaction.getData();\n\n\t\tconst gasObjectIds = data.gasData.payment?.map((object) => object.objectId) ?? [];\n\t\tconst inputObjectIds = data.inputs\n\t\t\t.map((input) => {\n\t\t\t\treturn input.$kind === 'Object' && input.Object.$kind === 'ImmOrOwnedObject'\n\t\t\t\t\t? input.Object.ImmOrOwnedObject.objectId\n\t\t\t\t\t: null;\n\t\t\t})\n\t\t\t.filter((objectId): objectId is string => !!objectId);\n\n\t\tconst objects = await this.#suiClient.multiGetObjects({\n\t\t\tids: [...gasObjectIds, ...inputObjectIds],\n\t\t\toptions: {\n\t\t\t\tshowBcs: true,\n\t\t\t\tshowPreviousTransaction: true,\n\t\t\t\tshowStorageRebate: true,\n\t\t\t\tshowOwner: true,\n\t\t\t},\n\t\t});\n\n\t\t// NOTE: We should probably get rid of this manual serialization logic in favor of using the\n\t\t// already serialized object bytes from the GraphQL API once there is more mainstream support\n\t\t// for it + we can enforce the transport type on the Sui client.\n\t\tconst bcsObjects = objects\n\t\t\t.map((object) => {\n\t\t\t\tif (object.error || !object.data || object.data.bcs?.dataType !== 'moveObject') {\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\n\t\t\t\treturn SuiMoveObject.serialize({\n\t\t\t\t\tdata: {\n\t\t\t\t\t\tMoveObject: {\n\t\t\t\t\t\t\ttype: object.data.bcs.type,\n\t\t\t\t\t\t\thasPublicTransfer: object.data.bcs.hasPublicTransfer,\n\t\t\t\t\t\t\tversion: object.data.bcs.version,\n\t\t\t\t\t\t\tcontents: object.data.bcs.bcsBytes,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\towner: object.data.owner!,\n\t\t\t\t\tpreviousTransaction: object.data.previousTransaction!,\n\t\t\t\t\tstorageRebate: object.data.storageRebate!,\n\t\t\t\t}).toBytes();\n\t\t\t})\n\t\t\t.filter((bcsBytes): bcsBytes is Uint8Array<ArrayBuffer> => !!bcsBytes);\n\n\t\treturn { bcsObjects };\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride sign(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride signWithIntent(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n}\n"],
+  "mappings": ";;;;;;;;AAAA;AAMA,SAAS,mBAAmB,QAAQ,6BAA6B;AACjE,SAAS,wBAAwB;AACjC,SAAS,mBAAmB;AAC5B,SAAS,gBAAgB;AAEzB,SAAS,qBAAqB;AAC9B,SAAS,WAAW;AAeb,MAAM,gBAAN,MAAM,sBAAqB,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaxC,YAAY,EAAE,WAAW,gBAAgB,cAAc,UAAU,GAAwB;AACxF,UAAM;AAdD;AACN;AACA;AACA;AACA;AAWC,uBAAK,YAAa;AAClB,uBAAK,iBAAkB;AACvB,uBAAK,eAAgB;AACrB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKS,eAAe;AACvB,WAAO;AAAA,EACR;AAAA;AAAA;AAAA;AAAA;AAAA,EAMS,eAAe;AACvB,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAe,gBAAgB,OAAgD;AAC9E,UAAM,qBAAqB,MAAM,sBAAK,oDAAL,WAA6B,OAAO,MAAM,OAAO;AAAA;AAAA,MAEjF,YAAY,CAAC;AAAA,IACd,EAAE;AAEF,UAAM,gBAAgB,kBAAkB,mBAAmB,KAAK;AAChE,UAAM,EAAE,UAAU,IAAI,MAAM,mBAAK,eAAc;AAAA,MAC9C,mBAAK;AAAA,MACL;AAAA,MACA;AAAA,IACD;AAEA,WAAO;AAAA,MACN,OAAO,SAAS,KAAK;AAAA,MACrB,WAAW,sBAAsB;AAAA,QAChC;AAAA,QACA,iBAAiB,KAAK,aAAa;AAAA,QACnC,WAAW,mBAAK;AAAA,MACjB,CAAC;AAAA,IACF;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAe,oBAAoB,OAAgD;AAClF,UAAM,gBAAgB;AAAA,MACrB;AAAA,MACA,IAAI,WAAW,EAAE,UAAU,KAAK,EAAE,QAAQ;AAAA,IAC3C;AACA,UAAM,EAAE,UAAU,IAAI,MAAM,mBAAK,eAAc;AAAA,MAC9C,mBAAK;AAAA,MACL;AAAA,IACD;AAEA,WAAO;AAAA,MACN,OAAO,SAAS,KAAK;AAAA,MACrB,WAAW,sBAAsB;AAAA,QAChC;AAAA,QACA,iBAAiB,KAAK,aAAa;AAAA,QACnC,WAAW,mBAAK;AAAA,MACjB,CAAC;AAAA,IACF;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,mBACZ,gBACA,cACA,WACC;AACD,UAAM,EAAE,UAAU,IAAI,MAAM,aAAa,aAAa,cAAc;AACpE,QAAI,CAAC,WAAW;AACf,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACxD;AAEA,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA,WAAW,IAAI,iBAAiB,SAAS;AAAA,MACzC;AAAA,MACA;AAAA,IACD,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAyDS,OAAc;AACtB,UAAM,IAAI,MAAM,iDAAiD;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMS,iBAAwB;AAChC,UAAM,IAAI,MAAM,iDAAiD;AAAA,EAClE;AACD;AA/KC;AACA;AACA;AACA;AAJM;AA8GA,4BAAuB,eAAC,kBAA8B;AAC3D,QAAM,cAAc,YAAY,KAAK,gBAAgB;AACrD,QAAM,OAAO,YAAY,QAAQ;AAEjC,QAAM,eAAe,KAAK,QAAQ,SAAS,IAAI,CAAC,WAAW,OAAO,QAAQ,KAAK,CAAC;AAChF,QAAM,iBAAiB,KAAK,OAC1B,IAAI,CAAC,UAAU;AACf,WAAO,MAAM,UAAU,YAAY,MAAM,OAAO,UAAU,qBACvD,MAAM,OAAO,iBAAiB,WAC9B;AAAA,EACJ,CAAC,EACA,OAAO,CAAC,aAAiC,CAAC,CAAC,QAAQ;AAErD,QAAM,UAAU,MAAM,mBAAK,YAAW,gBAAgB;AAAA,IACrD,KAAK,CAAC,GAAG,cAAc,GAAG,cAAc;AAAA,IACxC,SAAS;AAAA,MACR,SAAS;AAAA,MACT,yBAAyB;AAAA,MACzB,mBAAmB;AAAA,MACnB,WAAW;AAAA,IACZ;AAAA,EACD,CAAC;AAKD,QAAM,aAAa,QACjB,IAAI,CAAC,WAAW;AAChB,QAAI,OAAO,SAAS,CAAC,OAAO,QAAQ,OAAO,KAAK,KAAK,aAAa,cAAc;AAC/E,aAAO;AAAA,IACR;AAEA,WAAO,cAAc,UAAU;AAAA,MAC9B,MAAM;AAAA,QACL,YAAY;AAAA,UACX,MAAM,OAAO,KAAK,IAAI;AAAA,UACtB,mBAAmB,OAAO,KAAK,IAAI;AAAA,UACnC,SAAS,OAAO,KAAK,IAAI;AAAA,UACzB,UAAU,OAAO,KAAK,IAAI;AAAA,QAC3B;AAAA,MACD;AAAA,MACA,OAAO,OAAO,KAAK;AAAA,MACnB,qBAAqB,OAAO,KAAK;AAAA,MACjC,eAAe,OAAO,KAAK;AAAA,IAC5B,CAAC,EAAE,QAAQ;AAAA,EACZ,CAAC,EACA,OAAO,CAAC,aAAkD,CAAC,CAAC,QAAQ;AAEtE,SAAO,EAAE,WAAW;AACrB;AA/JM,IAAM,eAAN;",
   "names": []
 }

package/dist/esm/utils/utils.d.ts

@@ -3,7 +3,7 @@ export declare const DER_BIT_STRING_LENGTH = 520;
 /** The total number of bytes corresponding to the DER bit string length. */
 export declare const DER_BYTES_LENGTH: number;
 export declare function publicKeyFromDER(derBytes: Uint8Array): Uint8Array<ArrayBufferLike>;
-export declare function getConcatenatedSignature(signature: Uint8Array, keyScheme: string): Uint8Array<ArrayBufferLike>;
+export declare function getConcatenatedSignature(signature: Uint8Array, keyScheme: string): Uint8Array<ArrayBuffer>;
 /**
  * Compresses an uncompressed public key into its compressed form.
  *

package/dist/esm/utils/utils.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/utils/utils.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { secp256r1 } from '@noble/curves/p256';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { ASN1Construction, ASN1TagClass, DERElement } from 'asn1-ts';\n\n/** The total number of bits in the DER bit string for the uncompressed public key. */\nexport const DER_BIT_STRING_LENGTH = 520;\n\n/** The total number of bytes corresponding to the DER bit string length. */\nexport const DER_BYTES_LENGTH = DER_BIT_STRING_LENGTH / 8;\n\n// Reference Specifications:\n// https://datatracker.ietf.org/doc/html/rfc5480#section-2.2\n// https://www.secg.org/sec1-v2.pdf\n\n/**\n * Converts an array of bits into a byte array.\n *\n * @param bitsArray - A `Uint8ClampedArray` representing the bits to convert.\n * @returns A `Uint8Array` containing the corresponding bytes.\n *\n * @throws {Error} If the input array does not have the expected length.\n */\nfunction bitsToBytes(bitsArray: Uint8ClampedArray): Uint8Array {\n\tconst bytes = new Uint8Array(DER_BYTES_LENGTH);\n\tfor (let i = 0; i < DER_BIT_STRING_LENGTH; i++) {\n\t\tif (bitsArray[i] === 1) {\n\t\t\tbytes[Math.floor(i / 8)] |= 1 << (7 - (i % 8));\n\t\t}\n\t}\n\treturn bytes;\n}\n\nexport function publicKeyFromDER(derBytes: Uint8Array) {\n\tconst encodedData: Uint8Array = derBytes;\n\tconst derElement = new DERElement();\n\tderElement.fromBytes(encodedData);\n\n\t// Validate the ASN.1 structure of the public key\n\tif (\n\t\t!(\n\t\t\tderElement.tagClass === ASN1TagClass.universal &&\n\t\t\tderElement.construction === ASN1Construction.constructed\n\t\t)\n\t) {\n\t\tthrow new Error('Unexpected ASN.1 structure');\n\t}\n\n\tconst components = derElement.components;\n\tconst publicKeyElement = components[1];\n\n\tif (!publicKeyElement) {\n\t\tthrow new Error('Public Key not found in the DER structure');\n\t}\n\n\treturn compressPublicKeyClamped(publicKeyElement.bitString);\n}\n\nexport function getConcatenatedSignature(signature: Uint8Array, keyScheme: string) {\n\tif (!signature || signature.length === 0) {\n\t\tthrow new Error('Invalid signature');\n\t}\n\n\t// Initialize a DERElement to parse the DER-encoded signature\n\tconst derElement = new DERElement();\n\tderElement.fromBytes(signature);\n\n\tconst [r, s] = derElement.toJSON() as [string, string];\n\n\tswitch (keyScheme) {\n\t\tcase 'Secp256k1':\n\t\t\treturn new secp256k1.Signature(BigInt(r), BigInt(s)).normalizeS().toCompactRawBytes();\n\t\tcase 'Secp256r1':\n\t\t\treturn new secp256r1.Signature(BigInt(r), BigInt(s)).normalizeS().toCompactRawBytes();\n\t\tdefault:\n\t\t\tthrow new Error('Unsupported key scheme');\n\t}\n}\n\n/**\n * Compresses an uncompressed public key into its compressed form.\n *\n * The uncompressed key must follow the DER bit string format as specified in [RFC 5480](https://datatracker.ietf.org/doc/html/rfc5480#section-2.2)\n * and [SEC 1: Elliptic Curve Cryptography](https://www.secg.org/sec1-v2.pdf).\n *\n * @param uncompressedKey - A `Uint8ClampedArray` representing the uncompressed public key bits.\n * @returns A `Uint8Array` containing the compressed public key.\n *\n * @throws {Error} If the uncompressed key has an unexpected length or does not start with the expected prefix.\n */\nexport function compressPublicKeyClamped(uncompressedKey: Uint8ClampedArray): Uint8Array {\n\tif (uncompressedKey.length !== DER_BIT_STRING_LENGTH) {\n\t\tthrow new Error('Unexpected length for an uncompressed public key');\n\t}\n\n\t// Convert bits to bytes\n\tconst uncompressedBytes = bitsToBytes(uncompressedKey);\n\n\t// Ensure the public key starts with the standard uncompressed prefix 0x04\n\tif (uncompressedBytes[0] !== 0x04) {\n\t\tthrow new Error('Public key does not start with 0x04');\n\t}\n\n\t// Extract X-Coordinate (skip the first byte, which is the prefix 0x04)\n\tconst xCoord = uncompressedBytes.slice(1, 33);\n\n\t// Determine parity byte for Y coordinate based on the last byte\n\tconst yCoordLastByte = uncompressedBytes[64];\n\tconst parityByte = yCoordLastByte % 2 === 0 ? 0x02 : 0x03;\n\n\t// Return the compressed public key consisting of the parity byte and X-coordinate\n\treturn new Uint8Array([parityByte, ...xCoord]);\n}\n"],
-  "mappings": "AAGA,SAAS,iBAAiB;AAC1B,SAAS,iBAAiB;AAC1B,SAAS,kBAAkB,cAAc,kBAAkB;AAGpD,MAAM,wBAAwB;AAG9B,MAAM,mBAAmB,wBAAwB;AAcxD,SAAS,YAAY,WAA0C;AAC9D,QAAM,QAAQ,IAAI,WAAW,gBAAgB;AAC7C,WAAS,IAAI,GAAG,IAAI,uBAAuB,KAAK;AAC/C,QAAI,UAAU,CAAC,MAAM,GAAG;AACvB,YAAM,KAAK,MAAM,IAAI,CAAC,CAAC,KAAK,KAAM,IAAK,IAAI;AAAA,IAC5C;AAAA,EACD;AACA,SAAO;AACR;AAEO,SAAS,iBAAiB,UAAsB;AACtD,QAAM,cAA0B;AAChC,QAAM,aAAa,IAAI,WAAW;AAClC,aAAW,UAAU,WAAW;AAGhC,MACC,EACC,WAAW,aAAa,aAAa,aACrC,WAAW,iBAAiB,iBAAiB,cAE7C;AACD,UAAM,IAAI,MAAM,4BAA4B;AAAA,EAC7C;AAEA,QAAM,aAAa,WAAW;AAC9B,QAAM,mBAAmB,WAAW,CAAC;AAErC,MAAI,CAAC,kBAAkB;AACtB,UAAM,IAAI,MAAM,2CAA2C;AAAA,EAC5D;AAEA,SAAO,yBAAyB,iBAAiB,SAAS;AAC3D;AAEO,SAAS,yBAAyB,WAAuB,WAAmB;AAClF,MAAI,CAAC,aAAa,UAAU,WAAW,GAAG;AACzC,UAAM,IAAI,MAAM,mBAAmB;AAAA,EACpC;AAGA,QAAM,aAAa,IAAI,WAAW;AAClC,aAAW,UAAU,SAAS;AAE9B,QAAM,CAAC,GAAG,CAAC,IAAI,WAAW,OAAO;AAEjC,UAAQ,WAAW;AAAA,IAClB,KAAK;AACJ,aAAO,IAAI,UAAU,UAAU,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,kBAAkB;AAAA,IACrF,KAAK;AACJ,aAAO,IAAI,UAAU,UAAU,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,kBAAkB;AAAA,IACrF;AACC,YAAM,IAAI,MAAM,wBAAwB;AAAA,EAC1C;AACD;AAaO,SAAS,yBAAyB,iBAAgD;AACxF,MAAI,gBAAgB,WAAW,uBAAuB;AACrD,UAAM,IAAI,MAAM,kDAAkD;AAAA,EACnE;AAGA,QAAM,oBAAoB,YAAY,eAAe;AAGrD,MAAI,kBAAkB,CAAC,MAAM,GAAM;AAClC,UAAM,IAAI,MAAM,qCAAqC;AAAA,EACtD;AAGA,QAAM,SAAS,kBAAkB,MAAM,GAAG,EAAE;AAG5C,QAAM,iBAAiB,kBAAkB,EAAE;AAC3C,QAAM,aAAa,iBAAiB,MAAM,IAAI,IAAO;AAGrD,SAAO,IAAI,WAAW,CAAC,YAAY,GAAG,MAAM,CAAC;AAC9C;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { secp256r1 } from '@noble/curves/p256';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { ASN1Construction, ASN1TagClass, DERElement } from 'asn1-ts';\n\n/** The total number of bits in the DER bit string for the uncompressed public key. */\nexport const DER_BIT_STRING_LENGTH = 520;\n\n/** The total number of bytes corresponding to the DER bit string length. */\nexport const DER_BYTES_LENGTH = DER_BIT_STRING_LENGTH / 8;\n\n// Reference Specifications:\n// https://datatracker.ietf.org/doc/html/rfc5480#section-2.2\n// https://www.secg.org/sec1-v2.pdf\n\n/**\n * Converts an array of bits into a byte array.\n *\n * @param bitsArray - A `Uint8ClampedArray` representing the bits to convert.\n * @returns A `Uint8Array` containing the corresponding bytes.\n *\n * @throws {Error} If the input array does not have the expected length.\n */\nfunction bitsToBytes(bitsArray: Uint8ClampedArray): Uint8Array {\n\tconst bytes = new Uint8Array(DER_BYTES_LENGTH);\n\tfor (let i = 0; i < DER_BIT_STRING_LENGTH; i++) {\n\t\tif (bitsArray[i] === 1) {\n\t\t\tbytes[Math.floor(i / 8)] |= 1 << (7 - (i % 8));\n\t\t}\n\t}\n\treturn bytes;\n}\n\nexport function publicKeyFromDER(derBytes: Uint8Array) {\n\tconst encodedData: Uint8Array = derBytes;\n\tconst derElement = new DERElement();\n\tderElement.fromBytes(encodedData);\n\n\t// Validate the ASN.1 structure of the public key\n\tif (\n\t\t!(\n\t\t\tderElement.tagClass === ASN1TagClass.universal &&\n\t\t\tderElement.construction === ASN1Construction.constructed\n\t\t)\n\t) {\n\t\tthrow new Error('Unexpected ASN.1 structure');\n\t}\n\n\tconst components = derElement.components;\n\tconst publicKeyElement = components[1];\n\n\tif (!publicKeyElement) {\n\t\tthrow new Error('Public Key not found in the DER structure');\n\t}\n\n\treturn compressPublicKeyClamped(publicKeyElement.bitString);\n}\n\nexport function getConcatenatedSignature(signature: Uint8Array, keyScheme: string) {\n\tif (!signature || signature.length === 0) {\n\t\tthrow new Error('Invalid signature');\n\t}\n\n\t// Initialize a DERElement to parse the DER-encoded signature\n\tconst derElement = new DERElement();\n\tderElement.fromBytes(signature);\n\n\tconst [r, s] = derElement.toJSON() as [string, string];\n\n\tswitch (keyScheme) {\n\t\tcase 'Secp256k1':\n\t\t\treturn new secp256k1.Signature(BigInt(r), BigInt(s))\n\t\t\t\t.normalizeS()\n\t\t\t\t.toCompactRawBytes() as Uint8Array<ArrayBuffer>;\n\t\tcase 'Secp256r1':\n\t\t\treturn new secp256r1.Signature(BigInt(r), BigInt(s))\n\t\t\t\t.normalizeS()\n\t\t\t\t.toCompactRawBytes() as Uint8Array<ArrayBuffer>;\n\t\tdefault:\n\t\t\tthrow new Error('Unsupported key scheme');\n\t}\n}\n\n/**\n * Compresses an uncompressed public key into its compressed form.\n *\n * The uncompressed key must follow the DER bit string format as specified in [RFC 5480](https://datatracker.ietf.org/doc/html/rfc5480#section-2.2)\n * and [SEC 1: Elliptic Curve Cryptography](https://www.secg.org/sec1-v2.pdf).\n *\n * @param uncompressedKey - A `Uint8ClampedArray` representing the uncompressed public key bits.\n * @returns A `Uint8Array` containing the compressed public key.\n *\n * @throws {Error} If the uncompressed key has an unexpected length or does not start with the expected prefix.\n */\nexport function compressPublicKeyClamped(uncompressedKey: Uint8ClampedArray): Uint8Array {\n\tif (uncompressedKey.length !== DER_BIT_STRING_LENGTH) {\n\t\tthrow new Error('Unexpected length for an uncompressed public key');\n\t}\n\n\t// Convert bits to bytes\n\tconst uncompressedBytes = bitsToBytes(uncompressedKey);\n\n\t// Ensure the public key starts with the standard uncompressed prefix 0x04\n\tif (uncompressedBytes[0] !== 0x04) {\n\t\tthrow new Error('Public key does not start with 0x04');\n\t}\n\n\t// Extract X-Coordinate (skip the first byte, which is the prefix 0x04)\n\tconst xCoord = uncompressedBytes.slice(1, 33);\n\n\t// Determine parity byte for Y coordinate based on the last byte\n\tconst yCoordLastByte = uncompressedBytes[64];\n\tconst parityByte = yCoordLastByte % 2 === 0 ? 0x02 : 0x03;\n\n\t// Return the compressed public key consisting of the parity byte and X-coordinate\n\treturn new Uint8Array([parityByte, ...xCoord]);\n}\n"],
+  "mappings": "AAGA,SAAS,iBAAiB;AAC1B,SAAS,iBAAiB;AAC1B,SAAS,kBAAkB,cAAc,kBAAkB;AAGpD,MAAM,wBAAwB;AAG9B,MAAM,mBAAmB,wBAAwB;AAcxD,SAAS,YAAY,WAA0C;AAC9D,QAAM,QAAQ,IAAI,WAAW,gBAAgB;AAC7C,WAAS,IAAI,GAAG,IAAI,uBAAuB,KAAK;AAC/C,QAAI,UAAU,CAAC,MAAM,GAAG;AACvB,YAAM,KAAK,MAAM,IAAI,CAAC,CAAC,KAAK,KAAM,IAAK,IAAI;AAAA,IAC5C;AAAA,EACD;AACA,SAAO;AACR;AAEO,SAAS,iBAAiB,UAAsB;AACtD,QAAM,cAA0B;AAChC,QAAM,aAAa,IAAI,WAAW;AAClC,aAAW,UAAU,WAAW;AAGhC,MACC,EACC,WAAW,aAAa,aAAa,aACrC,WAAW,iBAAiB,iBAAiB,cAE7C;AACD,UAAM,IAAI,MAAM,4BAA4B;AAAA,EAC7C;AAEA,QAAM,aAAa,WAAW;AAC9B,QAAM,mBAAmB,WAAW,CAAC;AAErC,MAAI,CAAC,kBAAkB;AACtB,UAAM,IAAI,MAAM,2CAA2C;AAAA,EAC5D;AAEA,SAAO,yBAAyB,iBAAiB,SAAS;AAC3D;AAEO,SAAS,yBAAyB,WAAuB,WAAmB;AAClF,MAAI,CAAC,aAAa,UAAU,WAAW,GAAG;AACzC,UAAM,IAAI,MAAM,mBAAmB;AAAA,EACpC;AAGA,QAAM,aAAa,IAAI,WAAW;AAClC,aAAW,UAAU,SAAS;AAE9B,QAAM,CAAC,GAAG,CAAC,IAAI,WAAW,OAAO;AAEjC,UAAQ,WAAW;AAAA,IAClB,KAAK;AACJ,aAAO,IAAI,UAAU,UAAU,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,EACjD,WAAW,EACX,kBAAkB;AAAA,IACrB,KAAK;AACJ,aAAO,IAAI,UAAU,UAAU,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,EACjD,WAAW,EACX,kBAAkB;AAAA,IACrB;AACC,YAAM,IAAI,MAAM,wBAAwB;AAAA,EAC1C;AACD;AAaO,SAAS,yBAAyB,iBAAgD;AACxF,MAAI,gBAAgB,WAAW,uBAAuB;AACrD,UAAM,IAAI,MAAM,kDAAkD;AAAA,EACnE;AAGA,QAAM,oBAAoB,YAAY,eAAe;AAGrD,MAAI,kBAAkB,CAAC,MAAM,GAAM;AAClC,UAAM,IAAI,MAAM,qCAAqC;AAAA,EACtD;AAGA,QAAM,SAAS,kBAAkB,MAAM,GAAG,EAAE;AAG5C,QAAM,iBAAiB,kBAAkB,EAAE;AAC3C,QAAM,aAAa,iBAAiB,MAAM,IAAI,IAAO;AAGrD,SAAO,IAAI,WAAW,CAAC,YAAY,GAAG,MAAM,CAAC;AAC9C;",
   "names": []
 }

package/dist/esm/webcrypto/index.d.ts

@@ -3,7 +3,7 @@ import { Signer } from '@mysten/sui/cryptography';
 import { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';
 export interface ExportedWebCryptoKeypair {
     privateKey: CryptoKey;
-    publicKey: Uint8Array;
+    publicKey: Uint8Array<ArrayBuffer>;
 }
 export declare class WebCryptoSigner extends Signer {
     #private;
@@ -22,5 +22,5 @@ export declare class WebCryptoSigner extends Signer {
      */
     export(): ExportedWebCryptoKeypair;
     getPublicKey(): Secp256r1PublicKey;
-    sign(bytes: Uint8Array): Promise<Uint8Array>;
+    sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
 }

package/dist/esm/webcrypto/index.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/webcrypto/index.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { SignatureScheme } from '@mysten/sui/cryptography';\nimport { Signer } from '@mysten/sui/cryptography';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { secp256r1 } from '@noble/curves/p256';\n\n// Convert from uncompressed (65 bytes) to compressed (33 bytes) format\nfunction getCompressedPublicKey(publicKey: Uint8Array) {\n\tconst rawBytes = new Uint8Array(publicKey);\n\tconst x = rawBytes.slice(1, 33);\n\tconst y = rawBytes.slice(33, 65);\n\n\tconst prefix = (y[31] & 1) === 0 ? 0x02 : 0x03;\n\n\tconst compressed = new Uint8Array(Secp256r1PublicKey.SIZE);\n\tcompressed[0] = prefix;\n\tcompressed.set(x, 1);\n\n\treturn compressed;\n}\n\nexport interface ExportedWebCryptoKeypair {\n\tprivateKey: CryptoKey;\n\tpublicKey: Uint8Array;\n}\n\nexport class WebCryptoSigner extends Signer {\n\tprivateKey: CryptoKey;\n\n\t#publicKey: Secp256r1PublicKey;\n\n\tstatic async generate({ extractable = false }: { extractable?: boolean } = {}) {\n\t\tconst keypair = await globalThis.crypto.subtle.generateKey(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\tnamedCurve: 'P-256',\n\t\t\t},\n\t\t\textractable,\n\t\t\t['sign', 'verify'],\n\t\t);\n\n\t\tconst publicKey = await globalThis.crypto.subtle.exportKey('raw', keypair.publicKey);\n\n\t\treturn new WebCryptoSigner(\n\t\t\tkeypair.privateKey,\n\t\t\tgetCompressedPublicKey(new Uint8Array(publicKey)),\n\t\t);\n\t}\n\n\t/**\n\t * Imports a keypair using the value returned by `export()`.\n\t */\n\tstatic import(data: ExportedWebCryptoKeypair) {\n\t\treturn new WebCryptoSigner(data.privateKey, data.publicKey);\n\t}\n\n\tgetKeyScheme(): SignatureScheme {\n\t\treturn 'Secp256r1';\n\t}\n\n\tconstructor(privateKey: CryptoKey, publicKey: Uint8Array) {\n\t\tsuper();\n\t\tthis.privateKey = privateKey;\n\t\tthis.#publicKey = new Secp256r1PublicKey(publicKey);\n\t}\n\n\t/**\n\t * Exports the keypair so that it can be stored in IndexedDB.\n\t */\n\texport(): ExportedWebCryptoKeypair {\n\t\tconst exportedKeypair = {\n\t\t\tprivateKey: this.privateKey,\n\t\t\tpublicKey: this.#publicKey.toRawBytes(),\n\t\t};\n\n\t\tObject.defineProperty(exportedKeypair, 'toJSON', {\n\t\t\tenumerable: false,\n\t\t\tvalue: () => {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'The exported keypair must not be serialized. It must be stored in IndexedDB directly.',\n\t\t\t\t);\n\t\t\t},\n\t\t});\n\n\t\treturn exportedKeypair;\n\t}\n\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array> {\n\t\tconst rawSignature = await globalThis.crypto.subtle.sign(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\thash: 'SHA-256',\n\t\t\t},\n\t\t\tthis.privateKey,\n\t\t\tbytes,\n\t\t);\n\n\t\tconst signature = secp256r1.Signature.fromCompact(new Uint8Array(rawSignature));\n\n\t\treturn signature.normalizeS().toCompactRawBytes();\n\t}\n}\n"],
-  "mappings": ";;;;;;;AAAA;AAIA,SAAS,cAAc;AACvB,SAAS,0BAA0B;AACnC,SAAS,iBAAiB;AAG1B,SAAS,uBAAuB,WAAuB;AACtD,QAAM,WAAW,IAAI,WAAW,SAAS;AACzC,QAAM,IAAI,SAAS,MAAM,GAAG,EAAE;AAC9B,QAAM,IAAI,SAAS,MAAM,IAAI,EAAE;AAE/B,QAAM,UAAU,EAAE,EAAE,IAAI,OAAO,IAAI,IAAO;AAE1C,QAAM,aAAa,IAAI,WAAW,mBAAmB,IAAI;AACzD,aAAW,CAAC,IAAI;AAChB,aAAW,IAAI,GAAG,CAAC;AAEnB,SAAO;AACR;AAOO,MAAM,mBAAN,MAAM,yBAAwB,OAAO;AAAA,EAkC3C,YAAY,YAAuB,WAAuB;AACzD,UAAM;AAhCP;AAiCC,SAAK,aAAa;AAClB,uBAAK,YAAa,IAAI,mBAAmB,SAAS;AAAA,EACnD;AAAA,EAjCA,aAAa,SAAS,EAAE,cAAc,MAAM,IAA+B,CAAC,GAAG;AAC9E,UAAM,UAAU,MAAM,WAAW,OAAO,OAAO;AAAA,MAC9C;AAAA,QACC,MAAM;AAAA,QACN,YAAY;AAAA,MACb;AAAA,MACA;AAAA,MACA,CAAC,QAAQ,QAAQ;AAAA,IAClB;AAEA,UAAM,YAAY,MAAM,WAAW,OAAO,OAAO,UAAU,OAAO,QAAQ,SAAS;AAEnF,WAAO,IAAI;AAAA,MACV,QAAQ;AAAA,MACR,uBAAuB,IAAI,WAAW,SAAS,CAAC;AAAA,IACjD;AAAA,EACD;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,OAAO,MAAgC;AAC7C,WAAO,IAAI,iBAAgB,KAAK,YAAY,KAAK,SAAS;AAAA,EAC3D;AAAA,EAEA,eAAgC;AAC/B,WAAO;AAAA,EACR;AAAA;AAAA;AAAA;AAAA,EAWA,SAAmC;AAClC,UAAM,kBAAkB;AAAA,MACvB,YAAY,KAAK;AAAA,MACjB,WAAW,mBAAK,YAAW,WAAW;AAAA,IACvC;AAEA,WAAO,eAAe,iBAAiB,UAAU;AAAA,MAChD,YAAY;AAAA,MACZ,OAAO,MAAM;AACZ,cAAM,IAAI;AAAA,UACT;AAAA,QACD;AAAA,MACD;AAAA,IACD,CAAC;AAED,WAAO;AAAA,EACR;AAAA,EAEA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,MAAM,KAAK,OAAwC;AAClD,UAAM,eAAe,MAAM,WAAW,OAAO,OAAO;AAAA,MACnD;AAAA,QACC,MAAM;AAAA,QACN,MAAM;AAAA,MACP;AAAA,MACA,KAAK;AAAA,MACL;AAAA,IACD;AAEA,UAAM,YAAY,UAAU,UAAU,YAAY,IAAI,WAAW,YAAY,CAAC;AAE9E,WAAO,UAAU,WAAW,EAAE,kBAAkB;AAAA,EACjD;AACD;AA5EC;AAHM,IAAM,kBAAN;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { SignatureScheme } from '@mysten/sui/cryptography';\nimport { Signer } from '@mysten/sui/cryptography';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { secp256r1 } from '@noble/curves/p256';\n\n// Convert from uncompressed (65 bytes) to compressed (33 bytes) format\nfunction getCompressedPublicKey(publicKey: Uint8Array) {\n\tconst rawBytes = new Uint8Array(publicKey);\n\tconst x = rawBytes.slice(1, 33);\n\tconst y = rawBytes.slice(33, 65);\n\n\tconst prefix = (y[31] & 1) === 0 ? 0x02 : 0x03;\n\n\tconst compressed = new Uint8Array(Secp256r1PublicKey.SIZE);\n\tcompressed[0] = prefix;\n\tcompressed.set(x, 1);\n\n\treturn compressed;\n}\n\nexport interface ExportedWebCryptoKeypair {\n\tprivateKey: CryptoKey;\n\tpublicKey: Uint8Array<ArrayBuffer>;\n}\n\nexport class WebCryptoSigner extends Signer {\n\tprivateKey: CryptoKey;\n\n\t#publicKey: Secp256r1PublicKey;\n\n\tstatic async generate({ extractable = false }: { extractable?: boolean } = {}) {\n\t\tconst keypair = await globalThis.crypto.subtle.generateKey(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\tnamedCurve: 'P-256',\n\t\t\t},\n\t\t\textractable,\n\t\t\t['sign', 'verify'],\n\t\t);\n\n\t\tconst publicKey = await globalThis.crypto.subtle.exportKey('raw', keypair.publicKey);\n\n\t\treturn new WebCryptoSigner(\n\t\t\tkeypair.privateKey,\n\t\t\tgetCompressedPublicKey(new Uint8Array(publicKey)),\n\t\t);\n\t}\n\n\t/**\n\t * Imports a keypair using the value returned by `export()`.\n\t */\n\tstatic import(data: ExportedWebCryptoKeypair) {\n\t\treturn new WebCryptoSigner(data.privateKey, data.publicKey);\n\t}\n\n\tgetKeyScheme(): SignatureScheme {\n\t\treturn 'Secp256r1';\n\t}\n\n\tconstructor(privateKey: CryptoKey, publicKey: Uint8Array) {\n\t\tsuper();\n\t\tthis.privateKey = privateKey;\n\t\tthis.#publicKey = new Secp256r1PublicKey(publicKey);\n\t}\n\n\t/**\n\t * Exports the keypair so that it can be stored in IndexedDB.\n\t */\n\texport(): ExportedWebCryptoKeypair {\n\t\tconst exportedKeypair = {\n\t\t\tprivateKey: this.privateKey,\n\t\t\tpublicKey: this.#publicKey.toRawBytes(),\n\t\t};\n\n\t\tObject.defineProperty(exportedKeypair, 'toJSON', {\n\t\t\tenumerable: false,\n\t\t\tvalue: () => {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'The exported keypair must not be serialized. It must be stored in IndexedDB directly.',\n\t\t\t\t);\n\t\t\t},\n\t\t});\n\n\t\treturn exportedKeypair;\n\t}\n\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst rawSignature = await globalThis.crypto.subtle.sign(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\thash: 'SHA-256',\n\t\t\t},\n\t\t\tthis.privateKey,\n\t\t\tbytes as BufferSource,\n\t\t);\n\n\t\tconst signature = secp256r1.Signature.fromCompact(new Uint8Array(rawSignature));\n\n\t\treturn signature.normalizeS().toCompactRawBytes() as Uint8Array<ArrayBuffer>;\n\t}\n}\n"],
+  "mappings": ";;;;;;;AAAA;AAIA,SAAS,cAAc;AACvB,SAAS,0BAA0B;AACnC,SAAS,iBAAiB;AAG1B,SAAS,uBAAuB,WAAuB;AACtD,QAAM,WAAW,IAAI,WAAW,SAAS;AACzC,QAAM,IAAI,SAAS,MAAM,GAAG,EAAE;AAC9B,QAAM,IAAI,SAAS,MAAM,IAAI,EAAE;AAE/B,QAAM,UAAU,EAAE,EAAE,IAAI,OAAO,IAAI,IAAO;AAE1C,QAAM,aAAa,IAAI,WAAW,mBAAmB,IAAI;AACzD,aAAW,CAAC,IAAI;AAChB,aAAW,IAAI,GAAG,CAAC;AAEnB,SAAO;AACR;AAOO,MAAM,mBAAN,MAAM,yBAAwB,OAAO;AAAA,EAkC3C,YAAY,YAAuB,WAAuB;AACzD,UAAM;AAhCP;AAiCC,SAAK,aAAa;AAClB,uBAAK,YAAa,IAAI,mBAAmB,SAAS;AAAA,EACnD;AAAA,EAjCA,aAAa,SAAS,EAAE,cAAc,MAAM,IAA+B,CAAC,GAAG;AAC9E,UAAM,UAAU,MAAM,WAAW,OAAO,OAAO;AAAA,MAC9C;AAAA,QACC,MAAM;AAAA,QACN,YAAY;AAAA,MACb;AAAA,MACA;AAAA,MACA,CAAC,QAAQ,QAAQ;AAAA,IAClB;AAEA,UAAM,YAAY,MAAM,WAAW,OAAO,OAAO,UAAU,OAAO,QAAQ,SAAS;AAEnF,WAAO,IAAI;AAAA,MACV,QAAQ;AAAA,MACR,uBAAuB,IAAI,WAAW,SAAS,CAAC;AAAA,IACjD;AAAA,EACD;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,OAAO,MAAgC;AAC7C,WAAO,IAAI,iBAAgB,KAAK,YAAY,KAAK,SAAS;AAAA,EAC3D;AAAA,EAEA,eAAgC;AAC/B,WAAO;AAAA,EACR;AAAA;AAAA;AAAA;AAAA,EAWA,SAAmC;AAClC,UAAM,kBAAkB;AAAA,MACvB,YAAY,KAAK;AAAA,MACjB,WAAW,mBAAK,YAAW,WAAW;AAAA,IACvC;AAEA,WAAO,eAAe,iBAAiB,UAAU;AAAA,MAChD,YAAY;AAAA,MACZ,OAAO,MAAM;AACZ,cAAM,IAAI;AAAA,UACT;AAAA,QACD;AAAA,MACD;AAAA,IACD,CAAC;AAED,WAAO;AAAA,EACR;AAAA,EAEA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,MAAM,KAAK,OAAqD;AAC/D,UAAM,eAAe,MAAM,WAAW,OAAO,OAAO;AAAA,MACnD;AAAA,QACC,MAAM;AAAA,QACN,MAAM;AAAA,MACP;AAAA,MACA,KAAK;AAAA,MACL;AAAA,IACD;AAEA,UAAM,YAAY,UAAU,UAAU,YAAY,IAAI,WAAW,YAAY,CAAC;AAE9E,WAAO,UAAU,WAAW,EAAE,kBAAkB;AAAA,EACjD;AACD;AA5EC;AAHM,IAAM,kBAAN;",
   "names": []
 }