@nice-code/util 0.5.5 → 0.6.0

package/build/types/core/core_valibot_schemas.d.ts

@@ -0,0 +1,13 @@
+import * as v from "valibot";
+export declare const vBase64: v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.Base64Action<string, undefined>]>;
+export declare const vCreateSchema_TypePrefixedDataString: <P extends string>(typeValues: P[], typeKind: string) => v.SchemaWithPipe<readonly [v.CustomSchema<`${P}::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+export interface ICreateTypePrefixedDataStringResult<T extends string, F extends string> {
+    type: T;
+    format: F;
+    typeKind: string;
+    formatKind?: string;
+    transformJson?: boolean;
+}
+export declare const vCreateSchema_TypeAndFormatPrefixedDataString: <T extends string, F extends string>({ type, format, typeKind, formatKind, }: ICreateTypePrefixedDataStringResult<T, F>) => v.SchemaWithPipe<readonly [v.CustomSchema<`${T}::${F}::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+export declare const vCreateSchema_TypeAndId: <S extends string>(dataType: S | S[]) => v.SchemaWithPipe<readonly [v.CustomSchema<`${S}::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+export type TTypeAndId<S extends string = string> = `${S}::${string}`;

package/build/types/core/createDataStringConverter_stringToObject.d.ts

@@ -0,0 +1,12 @@
+import type { ECryptoKeyFormat } from "../crypto/crypto.schema";
+interface ICreateDataStringConverter_StringToObject {
+    transformJsonForFormats?: ECryptoKeyFormat[];
+    transformJson?: boolean;
+}
+export declare const createDataStringConverter_stringToObject: <T extends string, F extends ECryptoKeyFormat, D = string>({ transformJsonForFormats, transformJson, }?: ICreateDataStringConverter_StringToObject) => (inputDataString: `${T}::${F}::${string}`) => {
+    formattedString: `${T}::${F}::${string}`;
+    type: T;
+    format: F;
+    data: D;
+};
+export {};

package/build/types/crypto/aes_gcm/createAesGcmKeyFromX25519Keys.d.ts

@@ -0,0 +1,6 @@
+export declare const createAesGcmKeyFromX25519Keys: ({ externalX25519PublicKey, internalX25519PrivateKey, infoString, saltString, }: {
+    internalX25519PrivateKey: CryptoKey;
+    externalX25519PublicKey: CryptoKey;
+    saltString?: string;
+    infoString?: string;
+}) => Promise<CryptoKey>;

package/build/types/crypto/aes_gcm/decryptTextDataWithAesGcmKey.d.ts

@@ -0,0 +1,5 @@
+import type { TEncryptedAesGcmPayload } from "../crypto.schema";
+export declare const decryptTextDataWithAesGcmKey: ({ aesGcmKey, dataToDecrypt, }: {
+    aesGcmKey: CryptoKey;
+    dataToDecrypt: TEncryptedAesGcmPayload;
+}) => Promise<string>;

package/build/types/crypto/aes_gcm/encryptTextDataWithAesGcmKey.d.ts

@@ -0,0 +1,5 @@
+import type { TEncryptedAesGcmPayload } from "../crypto.schema";
+export declare const encryptTextDataWithAesGcmKey: ({ aesGcmKey, dataToEncrypt, }: {
+    aesGcmKey: CryptoKey;
+    dataToEncrypt: string;
+}) => Promise<TEncryptedAesGcmPayload>;

package/build/types/crypto/client_key_link/ClientCryptoKeyLink.d.ts

@@ -0,0 +1,167 @@
+import type { TTypeAndId } from "../../core/core_valibot_schemas";
+import type { StorageAdapter } from "../../storage_adapter/StorageAdapter";
+import type { TEncryptedAesGcmPayload, TSerializedCryptoKeyData_Ed25519_Raw, TSerializedCryptoKeyData_X25519_Raw } from "../crypto.schema";
+interface IClientCryptoKeyLink_Constructor {
+    storageAdapter?: StorageAdapter;
+}
+interface ILinkedClientPublicKeys {
+    verifyPublicKey?: TSerializedCryptoKeyData_Ed25519_Raw;
+    exchangePublicKey?: TSerializedCryptoKeyData_X25519_Raw;
+}
+interface ILocalPublicKeys {
+    verifyPublicKey: TSerializedCryptoKeyData_Ed25519_Raw;
+    exchangePublicKey: TSerializedCryptoKeyData_X25519_Raw;
+}
+interface ILinkClientKeys {
+    linkedClientId: TTypeAndId;
+    verifyPublicKey?: TSerializedCryptoKeyData_Ed25519_Raw;
+    exchangePublicKey?: TSerializedCryptoKeyData_X25519_Raw;
+    saltString?: string;
+    infoString?: string;
+    bindVerifyKeysIntoDerivation?: boolean;
+}
+interface IEncryptDataForLinkedClient {
+    linkedClientId: TTypeAndId;
+    dataToEncrypt: string;
+}
+interface IDecryptDataFromLinkedClient {
+    linkedClientId: TTypeAndId;
+    dataToDecrypt: TEncryptedAesGcmPayload;
+}
+interface IDecryptAndVerifyDataFromLinkedClient extends IDecryptDataFromLinkedClient {
+    signatureBase64: string;
+}
+interface IVerifyChallengeFromLinkedClient {
+    linkedClientId: TTypeAndId;
+    challenge: string;
+    signatureBase64: string;
+}
+export declare class ClientCryptoKeyLink {
+    private localExchangeKeyPair;
+    private localVerifyKeyPair;
+    private linkedClientKeys;
+    private storage;
+    private initialized;
+    private initializePromise;
+    private localExchangeKeyPairPromise;
+    private localVerifyKeyPairPromise;
+    constructor({ storageAdapter }?: IClientCryptoKeyLink_Constructor);
+    /**
+     * Loads the local key pairs and any linked client public keys from storage (when a storage
+     * adapter was provided), generating and persisting fresh local key pairs if none exist yet.
+     *
+     * Must be called (and awaited) before any sign/verify/encrypt/decrypt operation.
+     */
+    initialize(): Promise<void>;
+    private runInitialize;
+    /**
+     * Loads the local key pairs from storage if they were previously persisted. Does NOT generate
+     * fresh keys — local identity is created lazily on first use (see {@link ensureLocalExchangeKeyPair}
+     * / {@link ensureLocalVerifyKeyPair}), so a verify-only or otherwise key-less consumer never
+     * generates or stores keys it does not need.
+     */
+    private loadStoredLocalKeys;
+    /**
+     * Returns the local exchange (X25519) key pair, generating and persisting it on first use.
+     * Concurrent callers share a single generation.
+     */
+    private ensureLocalExchangeKeyPair;
+    /**
+     * Returns the local verify (Ed25519) key pair, generating and persisting it on first use.
+     * Concurrent callers share a single generation.
+     */
+    private ensureLocalVerifyKeyPair;
+    private loadLinkedClients;
+    private serializeExchangeKeyPair;
+    private serializeVerifyKeyPair;
+    /**
+     * The local public keys that should be shared with a linked client so that it can verify this
+     * client's signatures and derive a shared encryption key. Generates the local identity on first
+     * use.
+     */
+    getLocalPublicKeys(): Promise<ILocalPublicKeys>;
+    /**
+     * The local exchange (X25519) public key, generating the exchange key pair on first use. Does not
+     * touch the verify key pair — useful for an exchange-only consumer (e.g. a bridge) that never
+     * signs.
+     */
+    getLocalExchangePublicKey(): Promise<TSerializedCryptoKeyData_X25519_Raw>;
+    /**
+     * The local verify (Ed25519) public key, generating the verify key pair on first use. Does not
+     * touch the exchange key pair.
+     */
+    getLocalVerifyPublicKey(): Promise<TSerializedCryptoKeyData_Ed25519_Raw>;
+    /**
+     * Registers (or updates) the public keys of a linked client in memory only — nothing is written
+     * to storage. Use this for ephemeral links (e.g. a per-session bridge or end-to-end peer keyed by
+     * a session salt/info), so the derived shared key never outlives the process.
+     *
+     * Re-linking with a new exchange public key, salt, or info invalidates any previously cached
+     * shared key for the link.
+     */
+    linkClient({ linkedClientId, verifyPublicKey, exchangePublicKey, saltString, infoString, bindVerifyKeysIntoDerivation, }: ILinkClientKeys): Promise<void>;
+    /**
+     * Like {@link linkClient}, but also persists the linked client's public keys (and salt/info) to
+     * storage so the link survives a reload.
+     *
+     * NOTE: salt/info are written in plaintext. When they are session secrets (e.g. a partner secret
+     * or bridge salt), prefer {@link linkClient} and re-establish the link per session instead.
+     */
+    linkClientAndStore(input: ILinkClientKeys): Promise<void>;
+    /**
+     * Whether a linked client is currently registered (in memory) under this id.
+     */
+    hasLinkedClient(linkedClientId: TTypeAndId): boolean;
+    /**
+     * The serialized public keys registered for a linked client, or undefined when the client is not
+     * linked. Useful when a holder needs to relay a linked client's keys onward (e.g. a backend
+     * relaying a wallet's verify key to a partner).
+     */
+    getLinkedClientPublicKeys(linkedClientId: TTypeAndId): ILinkedClientPublicKeys | undefined;
+    /**
+     * Removes a single linked client from memory and, when storage is available, from persisted
+     * state. Any cached shared key for the link is dropped with it.
+     */
+    unlinkClient(linkedClientId: TTypeAndId): Promise<void>;
+    /**
+     * Removes all linked clients from memory and persisted state, while keeping the local identity
+     * key pairs intact.
+     */
+    unlinkAllClients(): Promise<void>;
+    /**
+     * Wipes everything this instance owns — local identity key pairs and all linked clients, in
+     * memory and in storage. After a reset, {@link initialize} must be called again before use (it
+     * will generate a fresh local identity).
+     *
+     * Only the keys owned by this util are removed, so a shared storage adapter's other data is left
+     * untouched.
+     */
+    reset(): Promise<void>;
+    private getLinkedClient;
+    private getAesGcmKeyForLinkedClient;
+    encryptDataForLinkedClient({ dataToEncrypt, linkedClientId, }: IEncryptDataForLinkedClient): Promise<TEncryptedAesGcmPayload>;
+    decryptDataFromLinkedClient({ dataToDecrypt, linkedClientId, }: IDecryptDataFromLinkedClient): Promise<string>;
+    signAndEncryptDataForLinkedClient({ dataToEncrypt, linkedClientId, }: IEncryptDataForLinkedClient): Promise<{
+        encryptedData: TEncryptedAesGcmPayload;
+        signatureBase64: string;
+    }>;
+    /**
+     * Decrypts a payload from a linked client and verifies that the decrypted plaintext was signed
+     * by that client. Counterpart to {@link signAndEncryptDataForLinkedClient}.
+     *
+     * Returns the decrypted `data` alongside `isValid` — the caller decides how to handle an invalid
+     * signature. (A tampered ciphertext fails earlier at AES-GCM decryption.)
+     */
+    decryptAndVerifyDataFromLinkedClient({ dataToDecrypt, linkedClientId, signatureBase64, }: IDecryptAndVerifyDataFromLinkedClient): Promise<{
+        data: string;
+        isValid: boolean;
+    }>;
+    signChallenge(challenge: [string, ...string[]]): Promise<{
+        signatureBase64: string;
+    }>;
+    /**
+     * Verifies a signature over `challenge` against the linked client's verify (Ed25519) public key.
+     */
+    verifyChallengeFromLinkedClient({ linkedClientId, challenge, signatureBase64, }: IVerifyChallengeFromLinkedClient): Promise<boolean>;
+}
+export {};

package/build/types/crypto/client_key_link/buildVerifyKeyBoundInfoString.d.ts

@@ -0,0 +1,20 @@
+import type { TSerializedCryptoKeyData_Ed25519_Raw } from "../crypto.schema";
+interface IBuildVerifyKeyBoundInfoString_Input {
+    infoString?: string;
+    verifyPublicKeys: [TSerializedCryptoKeyData_Ed25519_Raw, TSerializedCryptoKeyData_Ed25519_Raw];
+}
+/**
+ * The canonical HKDF `info` for a client-to-client shared key that binds both sides' verify
+ * public keys into the derivation.
+ *
+ * When the two keys are relayed through an intermediary, a tampered key produces mismatched AES
+ * keys on the two sides — the very first decryption fails, so key substitution is detected without
+ * any extra signature ceremony.
+ *
+ * The keys are sorted lexicographically so the result is independent of which side is "local" —
+ * both ends of a link compute the identical string without coordinating an order. Used internally
+ * by ClientCryptoKeyLink (`bindVerifyKeysIntoDerivation`); exported for code that derives the same
+ * key outside the link.
+ */
+export declare const buildVerifyKeyBoundInfoString: ({ infoString, verifyPublicKeys, }: IBuildVerifyKeyBoundInfoString_Input) => string;
+export {};

package/build/types/crypto/crypto.converters.d.ts

@@ -0,0 +1,53 @@
+import { type ECryptoKeyAlgo, ECryptoKeyFormat, type ISerializedKeyData_Ed25519_Jwk, type ISerializedKeyData_Ed25519_Raw, type ISerializedKeyData_X25519_Jwk, type ISerializedKeyData_X25519_Raw, type TSerializedCryptoKeyData_Ed25519_Jwk, type TSerializedCryptoKeyData_Ed25519_Jwk_Transformed, type TSerializedCryptoKeyData_Ed25519_Raw, type TSerializedCryptoKeyData_Ed25519_Raw_Transformed, type TSerializedCryptoKeyData_X25519_Jwk, type TSerializedCryptoKeyData_X25519_Jwk_Transformed, type TSerializedCryptoKeyData_X25519_Raw, type TSerializedCryptoKeyData_X25519_Raw_Transformed } from "./crypto.schema";
+/**
+ *
+ * [CRYPTO ALGO] ED25519
+ *
+ */
+export declare const convertEd25519RawDataStringToObject: (inputDataString: `ed25519::raw_base64::${string}`) => {
+    formattedString: `ed25519::raw_base64::${string}`;
+    type: ECryptoKeyAlgo.ed25519;
+    format: ECryptoKeyFormat.raw_base64;
+    data: string;
+};
+export declare const convertEd25519JwkDataStringToObject: (inputDataString: `ed25519::jwk::${string}`) => {
+    formattedString: `ed25519::jwk::${string}`;
+    type: ECryptoKeyAlgo.ed25519;
+    format: ECryptoKeyFormat.jwk;
+    data: JsonWebKey;
+};
+export declare const convertEd25519FormattedStringToObject: (inputDataString: `ed25519::raw_base64::${string}` | `ed25519::jwk::${string}`) => {
+    formattedString: `ed25519::raw_base64::${string}` | `ed25519::jwk::${string}`;
+    type: ECryptoKeyAlgo.ed25519;
+    format: ECryptoKeyFormat;
+    data: string;
+};
+export declare const convertEd25519RawDataStringToSerializedKeyData: (input: TSerializedCryptoKeyData_Ed25519_Raw) => ISerializedKeyData_Ed25519_Raw;
+export declare const convertEd25519JwkDataStringToSerializedKeyData: (input: TSerializedCryptoKeyData_Ed25519_Jwk) => ISerializedKeyData_Ed25519_Jwk;
+export declare const convertEd25519FormattedStringToSerializedKeyData: <I extends TSerializedCryptoKeyData_Ed25519_Raw | TSerializedCryptoKeyData_Ed25519_Jwk, O extends I extends TSerializedCryptoKeyData_Ed25519_Raw ? TSerializedCryptoKeyData_Ed25519_Raw_Transformed : TSerializedCryptoKeyData_Ed25519_Jwk_Transformed>(input: I) => O;
+/**
+ *
+ * [CRYPTO ALGO] X25519
+ *
+ */
+export declare const convertX25519RawDataStringToObject: (inputDataString: `x25519::raw_base64::${string}`) => {
+    formattedString: `x25519::raw_base64::${string}`;
+    type: ECryptoKeyAlgo.x25519;
+    format: ECryptoKeyFormat.raw_base64;
+    data: string;
+};
+export declare const convertX25519JwkDataStringToObject: (inputDataString: `x25519::jwk::${string}`) => {
+    formattedString: `x25519::jwk::${string}`;
+    type: ECryptoKeyAlgo.x25519;
+    format: ECryptoKeyFormat.jwk;
+    data: JsonWebKey;
+};
+export declare const convertX25519FormattedStringToObject: (inputDataString: `x25519::raw_base64::${string}` | `x25519::jwk::${string}`) => {
+    formattedString: `x25519::raw_base64::${string}` | `x25519::jwk::${string}`;
+    type: ECryptoKeyAlgo.x25519;
+    format: ECryptoKeyFormat;
+    data: string;
+};
+export declare const convertX25519RawDataStringToSerializedKeyData: (input: TSerializedCryptoKeyData_X25519_Raw) => ISerializedKeyData_X25519_Raw;
+export declare const convertX25519JwkDataStringToSerializedKeyData: (input: TSerializedCryptoKeyData_X25519_Jwk) => ISerializedKeyData_X25519_Jwk;
+export declare const convertX25519FormattedStringToSerializedKeyData: <I extends TSerializedCryptoKeyData_X25519_Raw | TSerializedCryptoKeyData_X25519_Jwk, O extends I extends TSerializedCryptoKeyData_X25519_Raw ? TSerializedCryptoKeyData_X25519_Raw_Transformed : TSerializedCryptoKeyData_X25519_Jwk_Transformed>(input: I) => O;

package/build/types/crypto/crypto.schema.d.ts

@@ -0,0 +1,83 @@
+import * as v from "valibot";
+export declare enum ECryptoKeyAlgo {
+    ed25519 = "ed25519",
+    x25519 = "x25519"
+}
+export declare enum ECryptoKeyFormat {
+    raw_base64 = "raw_base64",
+    jwk = "jwk"
+}
+export declare const vSerializedCryptoKeyDataEd25519_Raw: v.SchemaWithPipe<readonly [v.CustomSchema<`ed25519::raw_base64::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+export declare const vSerializedCryptoKeyDataEd25519_Jwk: v.SchemaWithPipe<readonly [v.CustomSchema<`ed25519::jwk::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+export type TSerializedCryptoKeyData_Ed25519_Raw = v.InferInput<typeof vSerializedCryptoKeyDataEd25519_Raw>;
+export type TSerializedCryptoKeyData_Ed25519_Raw_Transformed = {
+    formattedString: `${ECryptoKeyAlgo.ed25519}::${ECryptoKeyFormat.raw_base64}::${string}`;
+    type: ECryptoKeyAlgo.ed25519;
+    format: ECryptoKeyFormat.raw_base64;
+    data: string;
+};
+export type TSerializedCryptoKeyData_Ed25519_Jwk = v.InferInput<typeof vSerializedCryptoKeyDataEd25519_Jwk>;
+export type TSerializedCryptoKeyData_Ed25519_Jwk_Transformed = {
+    formattedString: `${ECryptoKeyAlgo.ed25519}::${ECryptoKeyFormat.jwk}::${string}`;
+    type: ECryptoKeyAlgo.ed25519;
+    format: ECryptoKeyFormat.jwk;
+    data: JsonWebKey;
+};
+export declare const vSerializedCryptoKeyDataX25519_Raw: v.SchemaWithPipe<readonly [v.CustomSchema<`x25519::raw_base64::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+export declare const vSerializedCryptoKeyDataX25519_Jwk: v.SchemaWithPipe<readonly [v.CustomSchema<`x25519::jwk::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+export declare const vCryptoKeyPairDataX25519: v.ObjectSchema<{
+    readonly publicKey: v.SchemaWithPipe<readonly [v.CustomSchema<`x25519::raw_base64::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+    readonly privateKey: v.SchemaWithPipe<readonly [v.CustomSchema<`x25519::jwk::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+}, undefined>;
+export type TSerializedCryptoKeyPairDataX25519 = v.InferInput<typeof vCryptoKeyPairDataX25519>;
+export declare const vCryptoKeyPairDataEd25519: v.ObjectSchema<{
+    readonly publicKey: v.SchemaWithPipe<readonly [v.CustomSchema<`ed25519::raw_base64::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+    readonly privateKey: v.SchemaWithPipe<readonly [v.CustomSchema<`ed25519::jwk::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+}, undefined>;
+export type TSerializedCryptoKeyPairDataEd25519 = v.InferInput<typeof vCryptoKeyPairDataEd25519>;
+export type TSerializedCryptoKeyData_X25519_Raw = v.InferInput<typeof vSerializedCryptoKeyDataX25519_Raw>;
+export type TSerializedCryptoKeyData_X25519_Raw_Transformed = {
+    formattedString: `${ECryptoKeyAlgo.x25519}::${ECryptoKeyFormat.raw_base64}::${string}`;
+    type: ECryptoKeyAlgo.x25519;
+    format: ECryptoKeyFormat.raw_base64;
+    data: string;
+};
+export type TSerializedCryptoKeyData_X25519_Jwk = v.InferInput<typeof vSerializedCryptoKeyDataX25519_Jwk>;
+export type TSerializedCryptoKeyData_X25519_Jwk_Transformed = {
+    formattedString: `${ECryptoKeyAlgo.x25519}::${ECryptoKeyFormat.jwk}::${string}`;
+    type: ECryptoKeyAlgo.x25519;
+    format: ECryptoKeyFormat.jwk;
+    data: JsonWebKey;
+};
+export declare const vVerifyChallengeWithSignature_Input: v.ObjectSchema<{
+    readonly challenge: v.StringSchema<undefined>;
+    readonly signatureBase64: v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.Base64Action<string, undefined>]>;
+}, undefined>;
+export declare const vVerifyChallengeWithSignature_WithThrow_Input: v.IntersectSchema<[v.ObjectSchema<{
+    readonly challenge: v.StringSchema<undefined>;
+    readonly signatureBase64: v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.Base64Action<string, undefined>]>;
+}, undefined>, v.ObjectSchema<{
+    readonly throwOnInvalid: v.OptionalSchema<v.BooleanSchema<undefined>, undefined>;
+}, undefined>], undefined>;
+export type TVerifyChallengeWithSignature_Input = v.InferInput<typeof vVerifyChallengeWithSignature_Input>;
+export type TVerifyChallengeWithSignature_WithThrow_Input = v.InferInput<typeof vVerifyChallengeWithSignature_WithThrow_Input>;
+export declare const vEncryptedAesGcmPayload: v.ObjectSchema<{
+    readonly nonce: v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.Base64Action<string, undefined>]>;
+    readonly ciphertext: v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.Base64Action<string, undefined>]>;
+}, undefined>;
+export type TEncryptedAesGcmPayload = v.InferInput<typeof vEncryptedAesGcmPayload>;
+export type TEncryptedAesGcmPayload_Transformed = v.InferOutput<typeof vEncryptedAesGcmPayload>;
+interface ISerializedKeyData<T, P> {
+    transformed: T;
+    prefixed: P;
+}
+export interface ISerializedKeyData_Ed25519_Raw extends ISerializedKeyData<TSerializedCryptoKeyData_Ed25519_Raw_Transformed, TSerializedCryptoKeyData_Ed25519_Raw> {
+}
+export interface ISerializedKeyData_Ed25519_Jwk extends ISerializedKeyData<TSerializedCryptoKeyData_Ed25519_Jwk_Transformed, TSerializedCryptoKeyData_Ed25519_Jwk> {
+}
+export interface ISerializedKeyData_X25519_Raw extends ISerializedKeyData<TSerializedCryptoKeyData_X25519_Raw_Transformed, TSerializedCryptoKeyData_X25519_Raw> {
+}
+export interface ISerializedKeyData_X25519_Jwk extends ISerializedKeyData<TSerializedCryptoKeyData_X25519_Jwk_Transformed, TSerializedCryptoKeyData_X25519_Jwk> {
+}
+export type TSerializedKeyData = ISerializedKeyData_Ed25519_Raw | ISerializedKeyData_Ed25519_Jwk | ISerializedKeyData_X25519_Raw | ISerializedKeyData_X25519_Jwk;
+export {};

package/build/types/crypto/ed25519/generateEd25519KeyPair.d.ts

@@ -0,0 +1 @@
+export declare const generateEd25519KeyPair: () => Promise<CryptoKeyPair>;

package/build/types/crypto/ed25519/importEd25519Key.d.ts

@@ -0,0 +1,35 @@
+import { type TSerializedCryptoKeyData_Ed25519_Jwk_Transformed, type TSerializedCryptoKeyData_Ed25519_Raw_Transformed } from "../crypto.schema";
+export declare const importEd25519Key: {
+    private: {
+        fromFormattedString: {
+            readonly extractable: (input: `ed25519::jwk::${string}`) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: `ed25519::jwk::${string}`) => Promise<CryptoKey>;
+        };
+        fromSerializedObject: {
+            readonly extractable: (input: TSerializedCryptoKeyData_Ed25519_Jwk_Transformed) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: TSerializedCryptoKeyData_Ed25519_Jwk_Transformed) => Promise<CryptoKey>;
+        };
+        fromJwk: {
+            readonly extractable: (input: JsonWebKey) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: JsonWebKey) => Promise<CryptoKey>;
+        };
+    };
+    public: {
+        fromBase64: {
+            readonly extractable: (input: string) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: string) => Promise<CryptoKey>;
+        };
+        fromFormattedString: {
+            readonly extractable: (input: `ed25519::raw_base64::${string}` | `ed25519::jwk::${string}`) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: `ed25519::raw_base64::${string}` | `ed25519::jwk::${string}`) => Promise<CryptoKey>;
+        };
+        fromSerializedObject: {
+            readonly extractable: (input: TSerializedCryptoKeyData_Ed25519_Raw_Transformed | TSerializedCryptoKeyData_Ed25519_Jwk_Transformed) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: TSerializedCryptoKeyData_Ed25519_Raw_Transformed | TSerializedCryptoKeyData_Ed25519_Jwk_Transformed) => Promise<CryptoKey>;
+        };
+        fromJwk: {
+            readonly extractable: (input: JsonWebKey) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: JsonWebKey) => Promise<CryptoKey>;
+        };
+    };
+};

package/build/types/crypto/ed25519/serializeEd25519Key_Jwk.d.ts

@@ -0,0 +1,2 @@
+import { type ISerializedKeyData_Ed25519_Jwk } from "../crypto.schema";
+export declare const serializeEd25519Key_Jwk: (key: CryptoKey) => Promise<ISerializedKeyData_Ed25519_Jwk>;

package/build/types/crypto/ed25519/serializeEd25519Key_Raw.d.ts

@@ -0,0 +1,2 @@
+import { type ISerializedKeyData_Ed25519_Raw } from "../crypto.schema";
+export declare const serializeEd25519Key_Raw: (publicKey: CryptoKey) => Promise<ISerializedKeyData_Ed25519_Raw>;

package/build/types/crypto/ed25519/signCombinedTextDataWithKeyEd25519.d.ts

@@ -0,0 +1,2 @@
+export declare const DEFAULT_COMBINED_TEXT_DATA_SEPARATOR = "::";
+export declare const signCombinedTextDataWithKeyEd25519: (data: string[], cryptoKey: CryptoKey, separator?: string) => Promise<Uint8Array>;

package/build/types/crypto/ed25519/signTextDataWithKeyEd25519.d.ts

@@ -0,0 +1 @@
+export declare const signTextDataWithKeyEd25519: (data: string, cryptoKey: CryptoKey) => Promise<Uint8Array>;

package/build/types/crypto/ed25519/verifyWithKeyEd25519.d.ts

@@ -0,0 +1,5 @@
+export declare const verifyWithKeyEd25519: ({ challenge, signatureBase64, publicKey, }: {
+    challenge: string;
+    signatureBase64: string;
+    publicKey: CryptoKey;
+}) => Promise<boolean>;

package/build/types/crypto/index.d.ts

@@ -0,0 +1,18 @@
+export * from "./aes_gcm/createAesGcmKeyFromX25519Keys";
+export * from "./aes_gcm/decryptTextDataWithAesGcmKey";
+export * from "./aes_gcm/encryptTextDataWithAesGcmKey";
+export * from "./client_key_link/buildVerifyKeyBoundInfoString";
+export * from "./client_key_link/ClientCryptoKeyLink";
+export * from "./crypto.converters";
+export * from "./ed25519/generateEd25519KeyPair";
+export * from "./ed25519/importEd25519Key";
+export * from "./ed25519/serializeEd25519Key_Jwk";
+export * from "./ed25519/serializeEd25519Key_Raw";
+export * from "./ed25519/signCombinedTextDataWithKeyEd25519";
+export * from "./ed25519/signTextDataWithKeyEd25519";
+export * from "./ed25519/verifyWithKeyEd25519";
+export * from "./x25519/createSharedBitsFromX25519";
+export * from "./x25519/generateX25519KeyPair";
+export * from "./x25519/importX25519Key";
+export * from "./x25519/serializeX25519Key_Jwk";
+export * from "./x25519/serializeX25519Key_Raw";

package/build/types/crypto/x25519/createSharedBitsFromX25519.d.ts

@@ -0,0 +1,4 @@
+export declare const createSharedBitsFromX25519: ({ privateKey, publicKey, }: {
+    privateKey: CryptoKey;
+    publicKey: CryptoKey;
+}) => Promise<Uint8Array>;

package/build/types/crypto/x25519/generateX25519KeyPair.d.ts

@@ -0,0 +1 @@
+export declare const generateX25519KeyPair: () => Promise<CryptoKeyPair>;

package/build/types/crypto/x25519/importX25519Key.d.ts

@@ -0,0 +1,35 @@
+import { type TSerializedCryptoKeyData_X25519_Jwk_Transformed, type TSerializedCryptoKeyData_X25519_Raw_Transformed } from "../crypto.schema";
+export declare const importX25519Key: {
+    private: {
+        fromFormattedString: {
+            readonly extractable: (input: `x25519::jwk::${string}`) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: `x25519::jwk::${string}`) => Promise<CryptoKey>;
+        };
+        fromSerializedObject: {
+            readonly extractable: (input: TSerializedCryptoKeyData_X25519_Jwk_Transformed) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: TSerializedCryptoKeyData_X25519_Jwk_Transformed) => Promise<CryptoKey>;
+        };
+        fromJwk: {
+            readonly extractable: (input: JsonWebKey) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: JsonWebKey) => Promise<CryptoKey>;
+        };
+    };
+    public: {
+        fromBase64: {
+            readonly extractable: (input: string) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: string) => Promise<CryptoKey>;
+        };
+        fromFormattedString: {
+            readonly extractable: (input: `x25519::raw_base64::${string}` | `x25519::jwk::${string}`) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: `x25519::raw_base64::${string}` | `x25519::jwk::${string}`) => Promise<CryptoKey>;
+        };
+        fromSerializedObject: {
+            readonly extractable: (input: TSerializedCryptoKeyData_X25519_Raw_Transformed | TSerializedCryptoKeyData_X25519_Jwk_Transformed) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: TSerializedCryptoKeyData_X25519_Raw_Transformed | TSerializedCryptoKeyData_X25519_Jwk_Transformed) => Promise<CryptoKey>;
+        };
+        fromJwk: {
+            readonly extractable: (input: JsonWebKey) => Promise<CryptoKey>;
+            readonly nonExtractable: (input: JsonWebKey) => Promise<CryptoKey>;
+        };
+    };
+};

package/build/types/crypto/x25519/serializeX25519Key_Jwk.d.ts

@@ -0,0 +1,2 @@
+import { type ISerializedKeyData_X25519_Jwk } from "../crypto.schema";
+export declare const serializeX25519Key_Jwk: (key: CryptoKey) => Promise<ISerializedKeyData_X25519_Jwk>;

package/build/types/crypto/x25519/serializeX25519Key_Raw.d.ts

@@ -0,0 +1,2 @@
+import { type ISerializedKeyData_X25519_Raw } from "../crypto.schema";
+export declare const serializeX25519Key_Raw: (key: CryptoKey) => Promise<ISerializedKeyData_X25519_Raw>;

package/build/types/data_type/index.d.ts

@@ -0,0 +1 @@
+export * from "./string/nullEmpty";

package/build/types/data_type/string/nullEmpty.d.ts

@@ -0,0 +1,3 @@
+export declare const notNullEmpty: (str: string | null | undefined) => str is string;
+export declare const nullEmpty: (str: string | null | undefined) => str is null | undefined | "";
+export declare const firstNotNullEmpty: (...strItems: (string | null | undefined)[]) => string | undefined;

package/build/types/index.d.ts

@@ -1,3 +1,4 @@
+export * from "./crypto";
 export * from "./storage_adapter/StorageAdapter";
 export * from "./storage_adapter/specific/browser/browser_storage";
 export * from "./storage_adapter/specific/durable_object/durable_object_storage";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nice-code/util",
-  "version": "0.5.5",
+  "version": "0.6.0",
   "private": false,
   "type": "module",
   "exports": {
@@ -35,11 +35,15 @@
     "@tanstack/react-query": "^5.100.3",
     "react": ">=19",
     "valibot": "^1.3.1",
+    "@scure/base": "^2.2.0",
     "wrangler": "4.94.0"
   },
   "peerDependenciesMeta": {
     "wrangler": {
       "optional": true
+    },
+    "@scure/base": {
+      "optional": true
     }
   }
 }