@opendatalabs/vana-sdk 0.1.0-alpha.603cc4b → 0.1.0-alpha.606fa2d

package/dist/browser.js

@@ -2,26 +2,6 @@ var __defProp = Object.defineProperty;
 var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
 var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
 
-// src/platform/shared/crypto-utils.ts
-function processWalletPublicKey(publicKey) {
-  const publicKeyHex = publicKey.startsWith("0x") ? publicKey.slice(2) : publicKey;
-  const publicKeyBytes = Buffer.from(publicKeyHex, "hex");
-  return publicKeyBytes.length === 64 ? Buffer.concat([Buffer.from([4]), publicKeyBytes]) : publicKeyBytes;
-}
-function processWalletPrivateKey(privateKey) {
-  const privateKeyHex = privateKey.startsWith("0x") ? privateKey.slice(2) : privateKey;
-  return Buffer.from(privateKeyHex, "hex");
-}
-function parseEncryptedDataBuffer(encryptedBuffer) {
-  return {
-    iv: encryptedBuffer.slice(0, 16),
-    ephemPublicKey: encryptedBuffer.slice(16, 81),
-    // 65 bytes for uncompressed public key
-    ciphertext: encryptedBuffer.slice(81, -32),
-    mac: encryptedBuffer.slice(-32)
-  };
-}
-
 // src/platform/shared/pgp-utils.ts
 var STANDARD_PGP_CONFIG = {
   preferredCompressionAlgorithm: 2,
@@ -67,110 +47,751 @@ function lazyImport(importFn) {
   };
 }
 
+// src/utils/encoding.ts
+function toHex(data) {
+  if (typeof Buffer !== "undefined" && Buffer.from) {
+    return Buffer.from(data).toString("hex");
+  }
+  return Array.from(data, (byte) => byte.toString(16).padStart(2, "0")).join(
+    ""
+  );
+}
+function fromHex(hex) {
+  const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
+  if (cleanHex.length % 2 !== 0) {
+    throw new Error("Invalid hex string: odd length");
+  }
+  if (!/^[0-9a-fA-F]*$/.test(cleanHex)) {
+    throw new Error("Invalid hex string: contains non-hex characters");
+  }
+  if (typeof Buffer !== "undefined" && Buffer.from) {
+    return new Uint8Array(Buffer.from(cleanHex, "hex"));
+  }
+  const bytes = new Uint8Array(cleanHex.length / 2);
+  for (let i = 0; i < cleanHex.length; i += 2) {
+    bytes[i / 2] = parseInt(cleanHex.substr(i, 2), 16);
+  }
+  return bytes;
+}
+function stringToBytes(str) {
+  if (typeof Buffer !== "undefined" && Buffer.from) {
+    return new Uint8Array(Buffer.from(str, "utf8"));
+  }
+  if (typeof TextEncoder !== "undefined") {
+    return new TextEncoder().encode(str);
+  }
+  const bytes = [];
+  for (let i = 0; i < str.length; i++) {
+    const char = str.charCodeAt(i);
+    if (char < 128) {
+      bytes.push(char);
+    } else if (char < 2048) {
+      bytes.push(192 | char >> 6, 128 | char & 63);
+    } else if (char < 55296 || char >= 57344) {
+      bytes.push(
+        224 | char >> 12,
+        128 | char >> 6 & 63,
+        128 | char & 63
+      );
+    } else {
+      i++;
+      const char2 = str.charCodeAt(i);
+      const codePoint = 65536 + ((char & 1023) << 10 | char2 & 1023);
+      bytes.push(
+        240 | codePoint >> 18,
+        128 | codePoint >> 12 & 63,
+        128 | codePoint >> 6 & 63,
+        128 | codePoint & 63
+      );
+    }
+  }
+  return new Uint8Array(bytes);
+}
+function bytesToString(bytes) {
+  if (typeof Buffer !== "undefined" && Buffer.from) {
+    return Buffer.from(bytes).toString("utf8");
+  }
+  if (typeof TextDecoder !== "undefined") {
+    return new TextDecoder().decode(bytes);
+  }
+  let str = "";
+  let i = 0;
+  while (i < bytes.length) {
+    const byte = bytes[i];
+    if (byte < 128) {
+      str += String.fromCharCode(byte);
+      i++;
+    } else if ((byte & 224) === 192) {
+      str += String.fromCharCode((byte & 31) << 6 | bytes[i + 1] & 63);
+      i += 2;
+    } else if ((byte & 240) === 224) {
+      str += String.fromCharCode(
+        (byte & 15) << 12 | (bytes[i + 1] & 63) << 6 | bytes[i + 2] & 63
+      );
+      i += 3;
+    } else {
+      const codePoint = ((byte & 7) << 18 | (bytes[i + 1] & 63) << 12 | (bytes[i + 2] & 63) << 6 | bytes[i + 3] & 63) - 65536;
+      str += String.fromCharCode(
+        55296 + (codePoint >> 10),
+        56320 + (codePoint & 1023)
+      );
+      i += 4;
+    }
+  }
+  return str;
+}
+
+// src/utils/crypto-utils.ts
+function concatBytes(...arrays) {
+  const totalLength = arrays.reduce((sum, arr) => sum + arr.length, 0);
+  const result = new Uint8Array(totalLength);
+  let offset = 0;
+  for (const arr of arrays) {
+    result.set(arr, offset);
+    offset += arr.length;
+  }
+  return result;
+}
+function hexToBytes(hex) {
+  return fromHex(hex);
+}
+function bytesToHex(bytes) {
+  return toHex(bytes);
+}
+function processWalletPublicKey(publicKey) {
+  const publicKeyHex = typeof publicKey === "string" ? publicKey.startsWith("0x") ? publicKey.slice(2) : publicKey : bytesToHex(publicKey);
+  const publicKeyBytes = hexToBytes(publicKeyHex);
+  return publicKeyBytes.length === 64 ? concatBytes(new Uint8Array([4]), publicKeyBytes) : publicKeyBytes;
+}
+function processWalletPrivateKey(privateKey) {
+  const privateKeyHex = typeof privateKey === "string" ? privateKey.startsWith("0x") ? privateKey.slice(2) : privateKey : bytesToHex(privateKey);
+  return hexToBytes(privateKeyHex);
+}
+function parseEncryptedDataBuffer(encryptedBuffer) {
+  return {
+    iv: encryptedBuffer.slice(0, 16),
+    ephemPublicKey: encryptedBuffer.slice(16, 81),
+    // 65 bytes for uncompressed public key
+    ciphertext: encryptedBuffer.slice(81, -32),
+    mac: encryptedBuffer.slice(-32)
+  };
+}
+
+// src/crypto/services/WalletKeyEncryptionService.ts
+var WalletKeyEncryptionService = class {
+  constructor(config) {
+    __publicField(this, "eciesProvider");
+    this.eciesProvider = config.eciesProvider;
+  }
+  /**
+   * Encrypts data using a wallet's public key.
+   *
+   * @param data - The plaintext message to encrypt for the wallet owner.
+   * @param publicKey - The recipient wallet's public key for encryption.
+   * @returns A promise that resolves to the encrypted data as a hex string.
+   * @throws {Error} When encryption fails due to invalid key format.
+   *
+   * @example
+   * ```typescript
+   * const encrypted = await processor.encryptWithWalletPublicKey(
+   *   "Secret message",
+   *   "0x04..." // 65-byte uncompressed public key
+   * );
+   * console.log(`Encrypted: ${encrypted}`);
+   * ```
+   */
+  async encryptWithWalletPublicKey(data, publicKey) {
+    const publicKeyBytes = processWalletPublicKey(publicKey);
+    const dataBytes = stringToBytes(data);
+    const encrypted = await this.eciesProvider.encrypt(
+      publicKeyBytes,
+      dataBytes
+    );
+    const result = concatBytes(
+      encrypted.iv,
+      encrypted.ephemPublicKey,
+      encrypted.ciphertext,
+      encrypted.mac
+    );
+    return bytesToHex(result);
+  }
+  /**
+   * Decrypts data using a wallet's private key.
+   *
+   * @param encryptedData - The hex-encoded encrypted data to decrypt.
+   * @param privateKey - The wallet's private key for decryption.
+   * @returns A promise that resolves to the decrypted plaintext message.
+   * @throws {Error} When decryption fails due to invalid data or key format.
+   *
+   * @example
+   * ```typescript
+   * const decrypted = await processor.decryptWithWalletPrivateKey(
+   *   encryptedHexString,
+   *   "0x..." // 32-byte private key
+   * );
+   * console.log(`Decrypted: ${decrypted}`);
+   * ```
+   */
+  async decryptWithWalletPrivateKey(encryptedData, privateKey) {
+    const privateKeyBytes = processWalletPrivateKey(privateKey);
+    const encryptedBytes = hexToBytes(encryptedData);
+    const encrypted = parseEncryptedDataBuffer(encryptedBytes);
+    const decrypted = await this.eciesProvider.decrypt(
+      privateKeyBytes,
+      encrypted
+    );
+    return bytesToString(decrypted);
+  }
+  /**
+   * Encrypts a Uint8Array with a wallet public key
+   *
+   * @param data - Binary data to encrypt
+   * @param publicKey - Public key as hex string or Uint8Array
+   * @returns Encrypted data structure
+   */
+  async encryptBinary(data, publicKey) {
+    const publicKeyBytes = processWalletPublicKey(publicKey);
+    return this.eciesProvider.encrypt(publicKeyBytes, data);
+  }
+  /**
+   * Decrypts to a Uint8Array with a wallet private key
+   *
+   * @param encrypted - Encrypted data structure
+   * @param privateKey - Private key as hex string or Uint8Array
+   * @returns Decrypted binary data
+   */
+  async decryptBinary(encrypted, privateKey) {
+    const privateKeyBytes = processWalletPrivateKey(privateKey);
+    return this.eciesProvider.decrypt(privateKeyBytes, encrypted);
+  }
+  /**
+   * Gets the underlying ECIES provider
+   *
+   * @returns The ECIES provider instance
+   */
+  getECIESProvider() {
+    return this.eciesProvider;
+  }
+};
+
+// src/crypto/ecies/utils.ts
+function hexToBytes2(hex) {
+  if (hex.length % 2 !== 0) {
+    throw new Error("Hex string must have even length");
+  }
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
+  }
+  return bytes;
+}
+function bytesToHex2(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function stringToBytes2(str) {
+  return new TextEncoder().encode(str);
+}
+function bytesToString2(bytes) {
+  return new TextDecoder().decode(bytes);
+}
+function concatBytes2(...arrays) {
+  const totalLength = arrays.reduce((sum, arr) => sum + arr.length, 0);
+  const result = new Uint8Array(totalLength);
+  let offset = 0;
+  for (const arr of arrays) {
+    result.set(arr, offset);
+    offset += arr.length;
+  }
+  return result;
+}
+function constantTimeEqual(a, b) {
+  if (a.length !== b.length) return false;
+  let result = 0;
+  for (let i = 0; i < a.length; i++) {
+    result |= a[i] ^ b[i];
+  }
+  return result === 0;
+}
+
+// src/platform/browser.ts
+import * as secp256k12 from "@noble/secp256k1";
+
+// src/crypto/ecies/browser.ts
+import * as secp256k1 from "@noble/secp256k1";
+
+// src/crypto/ecies/constants.ts
+var CURVE = {
+  /** The elliptic curve used (secp256k1 - same as Bitcoin/Ethereum) */
+  name: "secp256k1",
+  /** Private key length in bytes */
+  PRIVATE_KEY_LENGTH: 32,
+  /** Compressed public key length in bytes (0x02 or 0x03 prefix + 32 bytes) */
+  COMPRESSED_PUBLIC_KEY_LENGTH: 33,
+  /** Uncompressed public key length in bytes (0x04 prefix + 64 bytes) */
+  UNCOMPRESSED_PUBLIC_KEY_LENGTH: 65,
+  /** ECDH shared secret X coordinate length */
+  SHARED_SECRET_LENGTH: 32,
+  /** Public key prefixes */
+  PREFIX: {
+    /** Uncompressed public key prefix */
+    UNCOMPRESSED: 4,
+    /** Compressed public key prefix for even Y */
+    COMPRESSED_EVEN: 2,
+    /** Compressed public key prefix for odd Y */
+    COMPRESSED_ODD: 3
+  },
+  /** X coordinate starts at byte 1 (after prefix) */
+  X_COORDINATE_OFFSET: 1,
+  /** X coordinate ends at byte 33 (1 + 32) */
+  X_COORDINATE_END: 33
+};
+var CIPHER = {
+  /** Cipher algorithm - must match eccrypto */
+  algorithm: "aes-256-cbc",
+  /** AES key length in bytes */
+  KEY_LENGTH: 32,
+  /** Initialization vector length in bytes */
+  IV_LENGTH: 16,
+  /** Block size for AES */
+  BLOCK_SIZE: 16
+};
+var KDF = {
+  /** Hash algorithm for key derivation - must match eccrypto */
+  algorithm: "sha512",
+  /** Output length of SHA-512 in bytes */
+  OUTPUT_LENGTH: 64,
+  /** Encryption key slice (first 32 bytes of KDF output) */
+  ENCRYPTION_KEY_OFFSET: 0,
+  ENCRYPTION_KEY_LENGTH: 32,
+  /** MAC key slice (last 32 bytes of KDF output) */
+  MAC_KEY_OFFSET: 32,
+  MAC_KEY_LENGTH: 32
+};
+var MAC = {
+  /** MAC algorithm - must match eccrypto */
+  algorithm: "sha256",
+  /** HMAC-SHA256 output length in bytes */
+  LENGTH: 32
+};
+var FORMAT = {
+  /** Offsets for each component in serialized format */
+  IV_OFFSET: 0,
+  IV_LENGTH: CIPHER.IV_LENGTH,
+  /** Ephemeral public key (always uncompressed in eccrypto format) */
+  EPHEMERAL_KEY_OFFSET: CIPHER.IV_LENGTH,
+  EPHEMERAL_KEY_LENGTH: CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,
+  /** Ciphertext starts after IV and ephemeral key */
+  CIPHERTEXT_OFFSET: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,
+  /** MAC is always the last 32 bytes */
+  MAC_LENGTH: MAC.LENGTH,
+  /** Minimum size of encrypted data (IV + ephemKey + MAC, no ciphertext) */
+  MIN_ENCRYPTED_LENGTH: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + MAC.LENGTH,
+  /**
+   * Helper to calculate total length of encrypted data
+   *
+   * @param ciphertextLength - Length of the ciphertext portion
+   * @returns Total length including all components
+   */
+  getTotalLength: (ciphertextLength) => CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + ciphertextLength + MAC.LENGTH
+};
+
+// src/crypto/ecies/interface.ts
+var ECIESError = class extends Error {
+  constructor(message, code, cause) {
+    super(message);
+    this.code = code;
+    this.cause = cause;
+    this.name = "ECIESError";
+  }
+};
+function isECIESEncrypted(obj) {
+  if (!obj || typeof obj !== "object") return false;
+  const enc = obj;
+  const isUint8Array = (value) => {
+    return value instanceof Uint8Array || typeof Buffer !== "undefined" && Buffer.isBuffer(value);
+  };
+  return isUint8Array(enc.iv) && enc.iv.length === CIPHER.IV_LENGTH && isUint8Array(enc.ephemPublicKey) && (enc.ephemPublicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH || enc.ephemPublicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) && isUint8Array(enc.ciphertext) && enc.ciphertext.length > 0 && isUint8Array(enc.mac) && enc.mac.length === MAC.LENGTH;
+}
+
+// src/crypto/ecies/base.ts
+var _BaseECIESUint8 = class _BaseECIESUint8 {
+  /**
+   * Normalizes a public key to uncompressed format.
+   *
+   * @param publicKey - Public key in any format.
+   * @returns Uncompressed public key (65 bytes).
+   * @throws {ECIESError} If key format is invalid.
+   */
+  normalizePublicKey(publicKey) {
+    if (_BaseECIESUint8.validatedKeys.has(publicKey)) {
+      return publicKey;
+    }
+    if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {
+      if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {
+        throw new ECIESError(
+          "Invalid uncompressed public key prefix",
+          "INVALID_KEY"
+        );
+      }
+      if (!this.validatePublicKey(publicKey)) {
+        throw new ECIESError("Invalid public key", "INVALID_KEY");
+      }
+      _BaseECIESUint8.validatedKeys.set(publicKey, true);
+      return publicKey;
+    }
+    if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {
+      const decompressed = this.decompressPublicKey(publicKey);
+      if (!decompressed) {
+        throw new ECIESError("Failed to decompress public key", "INVALID_KEY");
+      }
+      _BaseECIESUint8.validatedKeys.set(decompressed, true);
+      return decompressed;
+    }
+    throw new ECIESError(
+      `Invalid public key length: ${publicKey.length}`,
+      "INVALID_KEY"
+    );
+  }
+  /**
+   * Encrypts data using ECIES.
+   *
+   * @param publicKey - The recipient's public key (compressed or uncompressed)
+   * @param message - The data to encrypt
+   * @returns Promise resolving to encrypted data structure
+   */
+  async encrypt(publicKey, message) {
+    try {
+      if (!(publicKey instanceof Uint8Array)) {
+        throw new ECIESError("Public key must be a Uint8Array", "INVALID_KEY");
+      }
+      if (!(message instanceof Uint8Array)) {
+        throw new ECIESError(
+          "Message must be a Uint8Array",
+          "ENCRYPTION_FAILED"
+        );
+      }
+      if (publicKey.length === 0) {
+        throw new ECIESError("Public key cannot be empty", "INVALID_KEY");
+      }
+      const pubKey = this.normalizePublicKey(publicKey);
+      let ephemeralPrivateKey;
+      do {
+        ephemeralPrivateKey = this.generateRandomBytes(
+          CURVE.PRIVATE_KEY_LENGTH
+        );
+      } while (!this.verifyPrivateKey(ephemeralPrivateKey));
+      const ephemeralPublicKey = this.createPublicKey(
+        ephemeralPrivateKey,
+        false
+      );
+      if (!ephemeralPublicKey) {
+        throw new ECIESError(
+          "Failed to generate ephemeral public key",
+          "ENCRYPTION_FAILED"
+        );
+      }
+      const sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);
+      const kdf = this.sha512(sharedSecret);
+      const encryptionKey = kdf.slice(
+        KDF.ENCRYPTION_KEY_OFFSET,
+        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH
+      );
+      const macKey = kdf.slice(
+        KDF.MAC_KEY_OFFSET,
+        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH
+      );
+      const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);
+      const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);
+      const macData = concatBytes2(iv, ephemeralPublicKey, ciphertext);
+      const mac = this.hmacSha256(macKey, macData);
+      this.clearBuffer(ephemeralPrivateKey);
+      this.clearBuffer(sharedSecret);
+      this.clearBuffer(kdf);
+      return {
+        iv,
+        ephemPublicKey: ephemeralPublicKey,
+        ciphertext,
+        mac
+      };
+    } catch (error) {
+      if (error instanceof ECIESError) throw error;
+      throw new ECIESError(
+        `Encryption failed: ${error instanceof Error ? error.message : "Unknown error"}`,
+        "ENCRYPTION_FAILED",
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Decrypts ECIES encrypted data.
+   *
+   * @param privateKey - The recipient's private key (32 bytes)
+   * @param encrypted - The encrypted data structure from encrypt()
+   * @returns Promise resolving to the original plaintext
+   */
+  async decrypt(privateKey, encrypted) {
+    try {
+      if (!(privateKey instanceof Uint8Array)) {
+        throw new ECIESError("Private key must be a Uint8Array", "INVALID_KEY");
+      }
+      if (!isECIESEncrypted(encrypted)) {
+        throw new ECIESError(
+          "Invalid encrypted data structure",
+          "DECRYPTION_FAILED"
+        );
+      }
+      if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {
+        throw new ECIESError(
+          `Invalid private key length: ${privateKey.length}`,
+          "INVALID_KEY"
+        );
+      }
+      if (!this.verifyPrivateKey(privateKey)) {
+        throw new ECIESError("Invalid private key", "INVALID_KEY");
+      }
+      const ephemeralPublicKey = this.normalizePublicKey(
+        encrypted.ephemPublicKey
+      );
+      const sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);
+      const kdf = this.sha512(sharedSecret);
+      const encryptionKey = kdf.slice(
+        KDF.ENCRYPTION_KEY_OFFSET,
+        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH
+      );
+      const macKey = kdf.slice(
+        KDF.MAC_KEY_OFFSET,
+        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH
+      );
+      const macData = concatBytes2(
+        encrypted.iv,
+        encrypted.ephemPublicKey,
+        encrypted.ciphertext
+      );
+      const expectedMac = this.hmacSha256(macKey, macData);
+      if (!constantTimeEqual(encrypted.mac, expectedMac)) {
+        throw new ECIESError("MAC verification failed", "MAC_MISMATCH");
+      }
+      const decrypted = await this.aesDecrypt(
+        encryptionKey,
+        encrypted.iv,
+        encrypted.ciphertext
+      );
+      this.clearBuffer(sharedSecret);
+      this.clearBuffer(kdf);
+      return decrypted;
+    } catch (error) {
+      if (error instanceof ECIESError) throw error;
+      throw new ECIESError(
+        `Decryption failed: ${error instanceof Error ? error.message : "Unknown error"}`,
+        "DECRYPTION_FAILED",
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Clears sensitive data from memory using multi-pass overwrite.
+   *
+   * @remarks
+   * Uses multiple passes with different patterns to make it harder
+   * for JIT compilers to optimize away the operation. While not
+   * guaranteed in JavaScript, this is a best-effort approach to
+   * clear sensitive data from memory.
+   *
+   * @param buffer - The buffer to clear
+   */
+  clearBuffer(buffer) {
+    if (buffer && buffer.length > 0) {
+      buffer.fill(0);
+      buffer.fill(255);
+      buffer.fill(170);
+      buffer.fill(0);
+      for (let i = 0; i < buffer.length; i++) {
+        buffer[i] = i & 255 ^ 90;
+      }
+      buffer.fill(0);
+    }
+  }
+};
+// Cache for validated public keys to avoid repeated validation
+__publicField(_BaseECIESUint8, "validatedKeys", /* @__PURE__ */ new WeakMap());
+var BaseECIESUint8 = _BaseECIESUint8;
+
+// src/crypto/ecies/browser.ts
+import { hmac } from "@noble/hashes/hmac";
+import { sha256, sha512 as nobleSha512 } from "@noble/hashes/sha2";
+var BrowserECIESUint8Provider = class extends BaseECIESUint8 {
+  generateRandomBytes(length) {
+    const bytes = new Uint8Array(length);
+    crypto.getRandomValues(bytes);
+    return bytes;
+  }
+  verifyPrivateKey(privateKey) {
+    try {
+      return secp256k1.utils.isValidPrivateKey(privateKey);
+    } catch {
+      return false;
+    }
+  }
+  createPublicKey(privateKey, compressed) {
+    try {
+      return secp256k1.getPublicKey(privateKey, compressed);
+    } catch {
+      return null;
+    }
+  }
+  validatePublicKey(publicKey) {
+    try {
+      secp256k1.Point.fromHex(publicKey);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  decompressPublicKey(publicKey) {
+    try {
+      const point = secp256k1.Point.fromHex(publicKey);
+      return point.toRawBytes(false);
+    } catch {
+      return null;
+    }
+  }
+  performECDH(publicKey, privateKey) {
+    try {
+      const sharedPoint = secp256k1.getSharedSecret(
+        privateKey,
+        publicKey,
+        true
+      );
+      return sharedPoint.slice(1);
+    } catch (error) {
+      throw new Error(
+        `ECDH failed: ${error instanceof Error ? error.message : "Unknown error"}`
+      );
+    }
+  }
+  sha512(data) {
+    return nobleSha512(data);
+  }
+  hmacSha256(key, data) {
+    return hmac(sha256, key, data);
+  }
+  async aesEncrypt(key, iv, plaintext) {
+    const cryptoKey = await crypto.subtle.importKey(
+      "raw",
+      key,
+      { name: "AES-CBC" },
+      false,
+      ["encrypt"]
+    );
+    const encrypted = await crypto.subtle.encrypt(
+      { name: "AES-CBC", iv },
+      cryptoKey,
+      plaintext
+    );
+    return new Uint8Array(encrypted);
+  }
+  async aesDecrypt(key, iv, ciphertext) {
+    const cryptoKey = await crypto.subtle.importKey(
+      "raw",
+      key,
+      { name: "AES-CBC" },
+      false,
+      ["decrypt"]
+    );
+    const decrypted = await crypto.subtle.decrypt(
+      { name: "AES-CBC", iv },
+      cryptoKey,
+      ciphertext
+    );
+    return new Uint8Array(decrypted);
+  }
+};
+
 // src/platform/browser.ts
 var getOpenPGP = lazyImport(() => import("openpgp"));
 var BrowserCryptoAdapter = class {
+  constructor() {
+    __publicField(this, "eciesProvider", new BrowserECIESUint8Provider());
+    __publicField(this, "walletKeyEncryptionService", new WalletKeyEncryptionService({
+      eciesProvider: this.eciesProvider
+    }));
+  }
   async encryptWithPublicKey(data, publicKeyHex) {
     try {
-      const eccrypto = await import("eccrypto-js");
-      const publicKeyBuffer = Buffer.from(publicKeyHex, "hex");
-      const encrypted = await eccrypto.encrypt(
-        publicKeyBuffer,
-        Buffer.from(data, "utf8")
+      const publicKeyBytes = hexToBytes2(publicKeyHex);
+      const encrypted = await this.eciesProvider.encrypt(
+        publicKeyBytes,
+        stringToBytes2(data)
       );
-      const result = Buffer.concat([
+      const result = concatBytes2(
         encrypted.iv,
         encrypted.ephemPublicKey,
         encrypted.ciphertext,
         encrypted.mac
-      ]);
-      return result.toString("hex");
+      );
+      return bytesToHex2(result);
     } catch (error) {
-      throw new Error(`Encryption failed: ${error}`);
+      throw wrapCryptoError("encryptWithPublicKey", error);
     }
   }
   async decryptWithPrivateKey(encryptedData, privateKeyHex) {
     try {
-      const eccrypto = await import("eccrypto-js");
-      const privateKeyBuffer = processWalletPrivateKey(privateKeyHex);
-      const encryptedBuffer = Buffer.from(encryptedData, "hex");
-      const { iv, ephemPublicKey, ciphertext, mac } = parseEncryptedDataBuffer(encryptedBuffer);
-      const encryptedObj = { iv, ephemPublicKey, ciphertext, mac };
-      const decryptedBuffer = await eccrypto.decrypt(
-        privateKeyBuffer,
-        encryptedObj
+      const encryptedBytes = hexToBytes2(encryptedData);
+      const privateKeyBytes = hexToBytes2(privateKeyHex);
+      const encrypted = parseEncryptedDataBuffer(encryptedBytes);
+      const decrypted = await this.eciesProvider.decrypt(
+        privateKeyBytes,
+        encrypted
       );
-      return decryptedBuffer.toString("utf8");
+      return bytesToString2(decrypted);
     } catch (error) {
-      throw new Error(`Decryption failed: ${error}`);
+      throw wrapCryptoError("decryptWithPrivateKey", error);
     }
   }
-  async generateKeyPair() {
+  async encryptWithWalletPublicKey(data, publicKey) {
     try {
-      const eccrypto = await import("eccrypto-js");
-      const privateKeyBytes = new Uint8Array(32);
-      crypto.getRandomValues(privateKeyBytes);
-      const privateKey = Buffer.from(privateKeyBytes);
-      const publicKey = eccrypto.getPublicCompressed(privateKey);
-      return {
-        privateKey: privateKey.toString("hex"),
-        publicKey: publicKey.toString("hex")
-      };
+      return await this.walletKeyEncryptionService.encryptWithWalletPublicKey(
+        data,
+        publicKey
+      );
     } catch (error) {
-      throw wrapCryptoError("key generation", error);
+      throw wrapCryptoError("encryptWithWalletPublicKey", error);
     }
   }
-  async encryptWithWalletPublicKey(data, publicKey) {
+  async decryptWithWalletPrivateKey(encryptedData, privateKey) {
     try {
-      const eccrypto = await import("eccrypto-js");
-      const uncompressedKey = processWalletPublicKey(publicKey);
-      const encryptedBuffer = await eccrypto.encrypt(
-        uncompressedKey,
-        Buffer.from(data)
+      return await this.walletKeyEncryptionService.decryptWithWalletPrivateKey(
+        encryptedData,
+        privateKey
       );
-      const result = Buffer.concat([
-        encryptedBuffer.iv,
-        encryptedBuffer.ephemPublicKey,
-        encryptedBuffer.ciphertext,
-        encryptedBuffer.mac
-      ]);
-      return result.toString("hex");
     } catch (error) {
-      throw wrapCryptoError("encrypt with wallet public key", error);
+      throw wrapCryptoError("decryptWithWalletPrivateKey", error);
     }
   }
-  async decryptWithWalletPrivateKey(encryptedData, privateKey) {
+  async generateKeyPair() {
     try {
-      const eccrypto = await import("eccrypto-js");
-      const privateKeyBuffer = processWalletPrivateKey(privateKey);
-      const encryptedBuffer = Buffer.from(encryptedData, "hex");
-      const { iv, ephemPublicKey, ciphertext, mac } = parseEncryptedDataBuffer(encryptedBuffer);
-      const encryptedObj = { iv, ephemPublicKey, ciphertext, mac };
-      const decryptedBuffer = await eccrypto.decrypt(
-        privateKeyBuffer,
-        encryptedObj
-      );
-      return decryptedBuffer.toString("utf8");
+      const privateKeyBytes = secp256k12.utils.randomPrivateKey();
+      const publicKeyBytes = secp256k12.getPublicKey(privateKeyBytes, true);
+      return {
+        privateKey: bytesToHex2(privateKeyBytes),
+        publicKey: bytesToHex2(publicKeyBytes)
+      };
     } catch (error) {
-      throw wrapCryptoError("decrypt with wallet private key", error);
+      throw wrapCryptoError("generateKeyPair", error);
     }
   }
   async encryptWithPassword(data, password) {
     try {
       const openpgp = await getOpenPGP();
-      const message = await openpgp.createMessage({
-        binary: data
-      });
+      const message = await openpgp.createMessage({ binary: data });
       const encrypted = await openpgp.encrypt({
         message,
         passwords: [password],
         format: "binary"
       });
-      const response = new Response(encrypted);
-      const arrayBuffer = await response.arrayBuffer();
-      return new Uint8Array(arrayBuffer);
+      return new Uint8Array(encrypted);
     } catch (error) {
-      throw new Error(`Failed to encrypt with password: ${error}`);
+      throw wrapCryptoError("encryptWithPassword", error);
     }
   }
   async decryptWithPassword(encryptedData, password) {
@@ -179,14 +800,14 @@ var BrowserCryptoAdapter = class {
       const message = await openpgp.readMessage({
         binaryMessage: encryptedData
       });
-      const { data: decrypted } = await openpgp.decrypt({
+      const { data } = await openpgp.decrypt({
         message,
         passwords: [password],
         format: "binary"
       });
-      return new Uint8Array(decrypted);
+      return new Uint8Array(data);
     } catch (error) {
-      throw new Error(`Failed to decrypt with password: ${error}`);
+      throw wrapCryptoError("decryptWithPassword", error);
     }
   }
 };
@@ -238,9 +859,6 @@ var BrowserPGPAdapter = class {
 };
 var BrowserHttpAdapter = class {
   async fetch(url, options) {
-    if (typeof fetch === "undefined") {
-      throw new Error("Fetch API not available in this browser environment");
-    }
     return fetch(url, options);
   }
 };
@@ -260,17 +878,19 @@ var BrowserCacheAdapter = class {
   }
   set(key, value) {
     try {
-      if (typeof sessionStorage !== "undefined") {
-        sessionStorage.setItem(this.prefix + key, value);
+      if (typeof sessionStorage === "undefined") {
+        return;
       }
+      sessionStorage.setItem(this.prefix + key, value);
     } catch {
     }
   }
   delete(key) {
     try {
-      if (typeof sessionStorage !== "undefined") {
-        sessionStorage.removeItem(this.prefix + key);
+      if (typeof sessionStorage === "undefined") {
+        return;
       }
+      sessionStorage.removeItem(this.prefix + key);
     } catch {
     }
   }
@@ -279,30 +899,27 @@ var BrowserCacheAdapter = class {
       if (typeof sessionStorage === "undefined") {
         return;
       }
-      const keys = Object.keys(sessionStorage);
-      for (const key of keys) {
-        if (key.startsWith(this.prefix)) {
-          sessionStorage.removeItem(key);
+      const keysToRemove = [];
+      for (let i = 0; i < sessionStorage.length; i++) {
+        const key = sessionStorage.key(i);
+        if (key?.startsWith(this.prefix)) {
+          keysToRemove.push(key);
         }
       }
+      keysToRemove.forEach((key) => sessionStorage.removeItem(key));
     } catch {
     }
   }
 };
 var BrowserPlatformAdapter = class {
   constructor() {
-    __publicField(this, "crypto");
-    __publicField(this, "pgp");
-    __publicField(this, "http");
-    __publicField(this, "cache");
+    __publicField(this, "crypto", new BrowserCryptoAdapter());
+    __publicField(this, "pgp", new BrowserPGPAdapter());
+    __publicField(this, "http", new BrowserHttpAdapter());
+    __publicField(this, "cache", new BrowserCacheAdapter());
     __publicField(this, "platform", "browser");
-    this.crypto = new BrowserCryptoAdapter();
-    this.pgp = new BrowserPGPAdapter();
-    this.http = new BrowserHttpAdapter();
-    this.cache = new BrowserCacheAdapter();
   }
 };
-var browserPlatformAdapter = new BrowserPlatformAdapter();
 export {
   BrowserPlatformAdapter
 };