@opentdf/sdk 0.1.0-beta.1701

package/dist/cjs/src/nanotdf/models/Signature.js

@@ -0,0 +1,77 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const calculateByCurve_js_1 = require("../helpers/calculateByCurve.js");
+const errors_js_1 = require("../../errors.js");
+/**
+ * NanoTDF Signature
+ *
+ * The signature section is an optional section that contains an ECDSA signature used to cryptographically bind the Header and Payload to a creator of the nanotdf. The key used for signing is the private key of the creator of the nanotdf. The ECC Params used for the signature are described in Section 3.3.1.4.2. The private key used for this signature is distinctly different than the ephemeral private key. This is a persistent key belonging to an individual, entity, or device that creates nanotdfs. The signature is used to authenticate the entire nanotdf and contains both the public key related to the creators private key and the resulting signature. The structure of this section:
+ *
+ * | Section    | Minimum Length (B) | Maximum Length (B) |
+ * |------------|--------------------|--------------------|
+ * | Public Key | 33                 | 67                 |
+ * | Signature  | 64                 | 132                |
+ *
+ * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#333-signature
+ */
+class Signature {
+    static parse(header, buff) {
+        let offset = 0;
+        /**
+         * Parse the public key
+         *
+         * This section contains the compressed public key of the private key used to sign the message.
+         */
+        // TODO: Resolve where offset is missing 1 byte
+        const publicKeyLength = (0, calculateByCurve_js_1.lengthOfPublicKey)(header.signatureCurveName) + 1;
+        const publicKey = buff.subarray(offset, offset + publicKeyLength);
+        offset += publicKeyLength;
+        /**
+         * Parse signature
+         *
+         * This section contains the encoded `r` and `s` values of the ECDSA signature.
+         *
+         * ECDSA signatures are big endian encodings of the `r` and `s` values of an ECDSA signature.The length of `r` and `s`
+         * values is determined by the ECC Mode used for the signature. The encoding for the signature is the big endian
+         * encodings of R and S concatenated to each other. For example, `r = 1` and `s = 2` for an ECDSA signature of a
+         * ecp256k1 key would be (line breaks and spaces are added for easier visualization):
+         *
+         * ```
+         * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+         * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
+         * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+         * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02
+         * ```
+         *
+         * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#52-ecdsa-signature-encoding
+         */
+        const signatureLength = (0, calculateByCurve_js_1.lengthOfSignature)(header.signatureCurveName);
+        const signature = buff.subarray(offset, offset + signatureLength);
+        offset += signatureLength;
+        return { signature: new Signature(publicKey, signature), offset };
+    }
+    constructor(publicKey, signature) {
+        this.publicKey = publicKey;
+        this.signature = signature;
+    }
+    /**
+     * Length
+     *
+     * @returns { number } Length of signature
+     */
+    get length() {
+        return this.publicKey.length + this.signature.length;
+    }
+    /**
+     * Copy the contents of the signature to buffer
+     */
+    copyToBuffer(target) {
+        if (this.length > target.length) {
+            throw new errors_js_1.ConfigurationError('Invalid buffer size to copy signature');
+        }
+        target.set(this.publicKey, 0);
+        target.set(this.signature, this.publicKey.length);
+    }
+}
+exports.default = Signature;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU2lnbmF0dXJlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYvbW9kZWxzL1NpZ25hdHVyZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUNBLHdFQUFzRjtBQUN0RiwrQ0FBcUQ7QUFFckQ7Ozs7Ozs7Ozs7O0dBV0c7QUFDSCxNQUFxQixTQUFTO0lBSTVCLE1BQU0sQ0FBQyxLQUFLLENBQUMsTUFBYyxFQUFFLElBQWdCO1FBQzNDLElBQUksTUFBTSxHQUFHLENBQUMsQ0FBQztRQUVmOzs7O1dBSUc7UUFDSCwrQ0FBK0M7UUFDL0MsTUFBTSxlQUFlLEdBQUcsSUFBQSx1Q0FBaUIsRUFBQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDekUsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsTUFBTSxHQUFHLGVBQWUsQ0FBQyxDQUFDO1FBQ2xFLE1BQU0sSUFBSSxlQUFlLENBQUM7UUFFMUI7Ozs7Ozs7Ozs7Ozs7Ozs7OztXQWtCRztRQUNILE1BQU0sZUFBZSxHQUFHLElBQUEsdUNBQWlCLEVBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDckUsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsTUFBTSxHQUFHLGVBQWUsQ0FBQyxDQUFDO1FBQ2xFLE1BQU0sSUFBSSxlQUFlLENBQUM7UUFFMUIsT0FBTyxFQUFFLFNBQVMsRUFBRSxJQUFJLFNBQVMsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLEVBQUUsTUFBTSxFQUFFLENBQUM7SUFDcEUsQ0FBQztJQUVELFlBQVksU0FBcUIsRUFBRSxTQUFxQjtRQUN0RCxJQUFJLENBQUMsU0FBUyxHQUFHLFNBQVMsQ0FBQztRQUMzQixJQUFJLENBQUMsU0FBUyxHQUFHLFNBQVMsQ0FBQztJQUM3QixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILElBQUksTUFBTTtRQUNSLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7SUFDdkQsQ0FBQztJQUVEOztPQUVHO0lBQ0gsWUFBWSxDQUFDLE1BQWtCO1FBQzdCLElBQUksSUFBSSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUMsTUFBTSxFQUFFO1lBQy9CLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1NBQ3ZFO1FBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQzlCLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3BELENBQUM7Q0FDRjtBQXBFRCw0QkFvRUMifQ==

package/dist/cjs/src/nanotdf-crypto/ciphers.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.supportedCiphers = exports.CipherTagLengths = exports.Ciphers = void 0;
+var Ciphers;
+(function (Ciphers) {
+    Ciphers["AesGcm"] = "AES-GCM";
+})(Ciphers || (exports.Ciphers = Ciphers = {}));
+var CipherTagLengths;
+(function (CipherTagLengths) {
+    CipherTagLengths[CipherTagLengths["AesGcm"] = 128] = "AesGcm";
+})(CipherTagLengths || (exports.CipherTagLengths = CipherTagLengths = {}));
+const cipherKeys = [];
+for (const cipherKey in Ciphers) {
+    cipherKeys.push(cipherKey);
+}
+exports.supportedCiphers = cipherKeys;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2lwaGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9uYW5vdGRmLWNyeXB0by9jaXBoZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLElBQVksT0FFWDtBQUZELFdBQVksT0FBTztJQUNqQiw2QkFBa0IsQ0FBQTtBQUNwQixDQUFDLEVBRlcsT0FBTyx1QkFBUCxPQUFPLFFBRWxCO0FBRUQsSUFBWSxnQkFFWDtBQUZELFdBQVksZ0JBQWdCO0lBQzFCLDZEQUFZLENBQUE7QUFDZCxDQUFDLEVBRlcsZ0JBQWdCLGdDQUFoQixnQkFBZ0IsUUFFM0I7QUFFRCxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUM7QUFDdEIsS0FBSyxNQUFNLFNBQVMsSUFBSSxPQUFPLEVBQUU7SUFDL0IsVUFBVSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztDQUM1QjtBQUNZLFFBQUEsZ0JBQWdCLEdBQUcsVUFBVSxDQUFDIn0=

package/dist/cjs/src/nanotdf-crypto/decrypt.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const ciphers_js_1 = require("./ciphers.js");
+/**
+ * Decrypt plaintext buffer to plaintext buffer
+ *
+ * Only supports AES-GCM
+ * @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/encrypt
+ *
+ * @param key Encryption key
+ * @param ciphertext Encrypted buffer
+ * @param iv Initialization vector
+ * @param tagLength Size (bits) of authentication tag
+ * @returns Resolves plaintext buffer
+ */
+async function decrypt(key, ciphertext, iv, tagLength) {
+    return crypto.subtle.decrypt({
+        name: ciphers_js_1.Ciphers.AesGcm,
+        iv,
+        tagLength: tagLength || ciphers_js_1.CipherTagLengths.AesGcm,
+    }, key, ciphertext);
+}
+exports.default = decrypt;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGVjcnlwdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9uYW5vdGRmLWNyeXB0by9kZWNyeXB0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsNkNBQXlEO0FBRXpEOzs7Ozs7Ozs7OztHQVdHO0FBQ1ksS0FBSyxVQUFVLE9BQU8sQ0FDbkMsR0FBYyxFQUNkLFVBQXNCLEVBQ3RCLEVBQWMsRUFDZCxTQUFrQjtJQUVsQixPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUMxQjtRQUNFLElBQUksRUFBRSxvQkFBTyxDQUFDLE1BQU07UUFDcEIsRUFBRTtRQUNGLFNBQVMsRUFBRSxTQUFTLElBQUksNkJBQWdCLENBQUMsTUFBTTtLQUNoRCxFQUNELEdBQUcsRUFDSCxVQUFVLENBQ1gsQ0FBQztBQUNKLENBQUM7QUFmRCwwQkFlQyJ9

package/dist/cjs/src/nanotdf-crypto/digest.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+function digest(hashType, data) {
+    return crypto.subtle.digest(hashType, data);
+}
+exports.default = digest;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGlnZXN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYtY3J5cHRvL2RpZ2VzdC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUVBLFNBQXdCLE1BQU0sQ0FDNUIsUUFBNkIsRUFDN0IsSUFBOEI7SUFFOUIsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsSUFBSSxDQUFDLENBQUM7QUFDOUMsQ0FBQztBQUxELHlCQUtDIn0=

package/dist/cjs/src/nanotdf-crypto/ecdsaSignature.js

@@ -0,0 +1,83 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractRSValuesFromSignature = exports.verifyECDSASignature = exports.computeECDSASig = void 0;
+const errors_js_1 = require("../errors.js");
+const enums_js_1 = require("./../nanotdf-crypto/enums.js");
+/**
+ * Computes an ECDSA signature for the given data using the provided private key.
+ *
+ * This function uses the Web Crypto API to generate a digital signature
+ * for the input data using the ECDSA algorithm with SHA-256 as the hash function.
+ *
+ * @param {CryptoKey} privateKey - The ECDSA private key used for signing.
+ * @param {Uint8Array} data - The data to be signed.
+ * @returns {Promise<ArrayBuffer>} - A promise that resolves to the generated signature.
+ */
+async function computeECDSASig(privateKey, data) {
+    const signature = await crypto.subtle.sign({
+        name: enums_js_1.AlgorithmName.ECDSA,
+        hash: { name: 'SHA-256' },
+    }, privateKey, data);
+    return signature;
+}
+exports.computeECDSASig = computeECDSASig;
+/**
+ * Verifies an ECDSA signature using the provided public key and data.
+ *
+ * This function uses the Web Crypto API to verify the digital signature
+ * for the input data using the ECDSA algorithm with SHA-256 as the hash function.
+ *
+ * @param {CryptoKey} publicKey - The ECDSA public key used for verification.
+ * @param {Uint8Array} signature - The signature to be verified.
+ * @param {Uint8Array} data - The data that was signed.
+ * @returns {Promise<boolean>} - A promise that resolves to a boolean indicating whether the signature is valid.
+ */
+async function verifyECDSASignature(publicKey, signature, data) {
+    const isValid = await crypto.subtle.verify({
+        name: enums_js_1.AlgorithmName.ECDSA,
+        hash: { name: 'SHA-256' },
+    }, publicKey, signature, data);
+    return isValid;
+}
+exports.verifyECDSASignature = verifyECDSASignature;
+/**
+ * Extracts the r and s values from a given ECDSA signature.
+ *
+ * @param {Uint8Array} signatureBytes - The raw ECDSA signature bytes.
+ * @returns {{ r: Uint8Array; s: Uint8Array }} An object containing the r and s values as Uint8Arrays.
+ * @throws {Error} If the validation of the signature fails.
+ */
+function extractRSValuesFromSignature(signatureBytes) {
+    // Split the raw signature into r and s values
+    const halfLength = Math.floor(signatureBytes.length / 2);
+    const rValue = signatureBytes.slice(0, halfLength);
+    const sValue = signatureBytes.slice(halfLength);
+    // Correct validation
+    if (!concatAndCompareUint8Arrays(rValue, sValue, signatureBytes)) {
+        throw new errors_js_1.ConfigurationError('invalid ECDSA signature');
+    }
+    return {
+        r: rValue,
+        s: sValue,
+    };
+}
+exports.extractRSValuesFromSignature = extractRSValuesFromSignature;
+function concatAndCompareUint8Arrays(arr1, arr2, arr3) {
+    // Create a new Uint8Array with the combined length of arr1 and arr2
+    const concatenated = new Uint8Array(arr1.length + arr2.length);
+    // Copy arr1 and arr2 into the new array
+    concatenated.set(arr1, 0);
+    concatenated.set(arr2, arr1.length);
+    // Check if the lengths are the same
+    if (concatenated.length !== arr3.length) {
+        return false;
+    }
+    // Compare each element
+    for (let i = 0; i < concatenated.length; i++) {
+        if (concatenated[i] !== arr3[i]) {
+            return false;
+        }
+    }
+    return true;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZWNkc2FTaWduYXR1cmUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvbmFub3RkZi1jcnlwdG8vZWNkc2FTaWduYXR1cmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNENBQWtEO0FBQ2xELDJEQUE2RDtBQUU3RDs7Ozs7Ozs7O0dBU0c7QUFDSSxLQUFLLFVBQVUsZUFBZSxDQUNuQyxVQUFxQixFQUNyQixJQUFnQjtJQUVoQixNQUFNLFNBQVMsR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUN4QztRQUNFLElBQUksRUFBRSx3QkFBYSxDQUFDLEtBQUs7UUFDekIsSUFBSSxFQUFFLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTtLQUMxQixFQUNELFVBQVUsRUFDVixJQUFJLENBQ0wsQ0FBQztJQUNGLE9BQU8sU0FBUyxDQUFDO0FBQ25CLENBQUM7QUFiRCwwQ0FhQztBQUVEOzs7Ozs7Ozs7O0dBVUc7QUFDSSxLQUFLLFVBQVUsb0JBQW9CLENBQ3hDLFNBQW9CLEVBQ3BCLFNBQXFCLEVBQ3JCLElBQWdCO0lBRWhCLE1BQU0sT0FBTyxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQ3hDO1FBQ0UsSUFBSSxFQUFFLHdCQUFhLENBQUMsS0FBSztRQUN6QixJQUFJLEVBQUUsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFO0tBQzFCLEVBQ0QsU0FBUyxFQUNULFNBQVMsRUFDVCxJQUFJLENBQ0wsQ0FBQztJQUNGLE9BQU8sT0FBTyxDQUFDO0FBQ2pCLENBQUM7QUFmRCxvREFlQztBQUVEOzs7Ozs7R0FNRztBQUNILFNBQWdCLDRCQUE0QixDQUFDLGNBQTBCO0lBSXJFLDhDQUE4QztJQUM5QyxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUM7SUFDekQsTUFBTSxNQUFNLEdBQUcsY0FBYyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsVUFBVSxDQUFDLENBQUM7SUFDbkQsTUFBTSxNQUFNLEdBQUcsY0FBYyxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUVoRCxxQkFBcUI7SUFDckIsSUFBSSxDQUFDLDJCQUEyQixDQUFDLE1BQU0sRUFBRSxNQUFNLEVBQUUsY0FBYyxDQUFDLEVBQUU7UUFDaEUsTUFBTSxJQUFJLDhCQUFrQixDQUFDLHlCQUF5QixDQUFDLENBQUM7S0FDekQ7SUFFRCxPQUFPO1FBQ0wsQ0FBQyxFQUFFLE1BQU07UUFDVCxDQUFDLEVBQUUsTUFBTTtLQUNWLENBQUM7QUFDSixDQUFDO0FBbEJELG9FQWtCQztBQUVELFNBQVMsMkJBQTJCLENBQ2xDLElBQWdCLEVBQ2hCLElBQWdCLEVBQ2hCLElBQWdCO0lBRWhCLG9FQUFvRTtJQUNwRSxNQUFNLFlBQVksR0FBRyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUUvRCx3Q0FBd0M7SUFDeEMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDMUIsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRXBDLG9DQUFvQztJQUNwQyxJQUFJLFlBQVksQ0FBQyxNQUFNLEtBQUssSUFBSSxDQUFDLE1BQU0sRUFBRTtRQUN2QyxPQUFPLEtBQUssQ0FBQztLQUNkO0lBRUQsdUJBQXVCO0lBQ3ZCLEtBQUssSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxZQUFZLENBQUMsTUFBTSxFQUFFLENBQUMsRUFBRSxFQUFFO1FBQzVDLElBQUksWUFBWSxDQUFDLENBQUMsQ0FBQyxLQUFLLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRTtZQUMvQixPQUFPLEtBQUssQ0FBQztTQUNkO0tBQ0Y7SUFFRCxPQUFPLElBQUksQ0FBQztBQUNkLENBQUMifQ==

package/dist/cjs/src/nanotdf-crypto/encrypt.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const ciphers_js_1 = require("./ciphers.js");
+/**
+ * Encrypt plaintext buffer to ciphertext buffer
+ *
+ * Only supports AES-GCM
+ * @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/decrypt
+ *
+ * @param key Encryption key
+ * @param plaintext Bytes to encrypt
+ * @param iv Initialization vector
+ * @param tagLength Size (bits) of authentication tag
+ * @returns Resolves ciphertext buffer
+ */
+async function encrypt(key, plaintext, iv, tagLength) {
+    return crypto.subtle.encrypt({
+        name: ciphers_js_1.Ciphers.AesGcm,
+        iv,
+        tagLength: tagLength || ciphers_js_1.CipherTagLengths.AesGcm,
+    }, key, plaintext);
+}
+exports.default = encrypt;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW5jcnlwdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9uYW5vdGRmLWNyeXB0by9lbmNyeXB0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsNkNBQXlEO0FBRXpEOzs7Ozs7Ozs7OztHQVdHO0FBQ1ksS0FBSyxVQUFVLE9BQU8sQ0FDbkMsR0FBYyxFQUNkLFNBQXFCLEVBQ3JCLEVBQWMsRUFDZCxTQUFrQjtJQUVsQixPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUMxQjtRQUNFLElBQUksRUFBRSxvQkFBTyxDQUFDLE1BQU07UUFDcEIsRUFBRTtRQUNGLFNBQVMsRUFBRSxTQUFTLElBQUksNkJBQWdCLENBQUMsTUFBTTtLQUNoRCxFQUNELEdBQUcsRUFDSCxTQUFTLENBQ1YsQ0FBQztBQUNKLENBQUM7QUFmRCwwQkFlQyJ9

package/dist/cjs/src/nanotdf-crypto/enums.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeyUsageType = exports.KeyType = exports.KeyFormat = exports.HashType = exports.CipherType = exports.NamedCurve = exports.AlgorithmName = void 0;
+var AlgorithmName;
+(function (AlgorithmName) {
+    AlgorithmName["ECDH"] = "ECDH";
+    AlgorithmName["ECDSA"] = "ECDSA";
+    AlgorithmName["ES256"] = "ES256";
+    AlgorithmName["HKDF"] = "HKDF";
+    AlgorithmName["RSA_OAEP"] = "RSA-OAEP";
+    AlgorithmName["RSA_PSS"] = "RSA-PSS";
+})(AlgorithmName || (exports.AlgorithmName = AlgorithmName = {}));
+var NamedCurve;
+(function (NamedCurve) {
+    NamedCurve["P256"] = "P-256";
+    NamedCurve["P384"] = "P-384";
+    NamedCurve["P512"] = "P-512";
+})(NamedCurve || (exports.NamedCurve = NamedCurve = {}));
+var CipherType;
+(function (CipherType) {
+    CipherType["AesGcm"] = "AES-GCM";
+})(CipherType || (exports.CipherType = CipherType = {}));
+var HashType;
+(function (HashType) {
+    HashType["Sha1"] = "SHA-1";
+    HashType["Sha256"] = "SHA-256";
+    HashType["Sha384"] = "SHA-384";
+    HashType["Sha512"] = "SHA-512";
+})(HashType || (exports.HashType = HashType = {}));
+var KeyFormat;
+(function (KeyFormat) {
+    KeyFormat["Raw"] = "raw";
+    KeyFormat["Pkcs8"] = "pkcs8";
+    KeyFormat["Spki"] = "spki";
+})(KeyFormat || (exports.KeyFormat = KeyFormat = {}));
+var KeyType;
+(function (KeyType) {
+    KeyType["Private"] = "private";
+    KeyType["Public"] = "public";
+})(KeyType || (exports.KeyType = KeyType = {}));
+var KeyUsageType;
+(function (KeyUsageType) {
+    KeyUsageType["Encrypt"] = "encrypt";
+    KeyUsageType["Decrypt"] = "decrypt";
+    KeyUsageType["DeriveBits"] = "deriveBits";
+    KeyUsageType["DeriveKey"] = "deriveKey";
+    KeyUsageType["Verify"] = "verify";
+    KeyUsageType["Sign"] = "sign";
+    KeyUsageType["UnwrapKey"] = "unwrapKey";
+    KeyUsageType["WrapKey"] = "wrapKey";
+})(KeyUsageType || (exports.KeyUsageType = KeyUsageType = {}));
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW51bXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvbmFub3RkZi1jcnlwdG8vZW51bXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsSUFBWSxhQU9YO0FBUEQsV0FBWSxhQUFhO0lBQ3ZCLDhCQUFhLENBQUE7SUFDYixnQ0FBZSxDQUFBO0lBQ2YsZ0NBQWUsQ0FBQTtJQUNmLDhCQUFhLENBQUE7SUFDYixzQ0FBcUIsQ0FBQTtJQUNyQixvQ0FBbUIsQ0FBQTtBQUNyQixDQUFDLEVBUFcsYUFBYSw2QkFBYixhQUFhLFFBT3hCO0FBRUQsSUFBWSxVQUlYO0FBSkQsV0FBWSxVQUFVO0lBQ3BCLDRCQUFjLENBQUE7SUFDZCw0QkFBYyxDQUFBO0lBQ2QsNEJBQWMsQ0FBQTtBQUNoQixDQUFDLEVBSlcsVUFBVSwwQkFBVixVQUFVLFFBSXJCO0FBRUQsSUFBWSxVQUVYO0FBRkQsV0FBWSxVQUFVO0lBQ3BCLGdDQUFrQixDQUFBO0FBQ3BCLENBQUMsRUFGVyxVQUFVLDBCQUFWLFVBQVUsUUFFckI7QUFFRCxJQUFZLFFBS1g7QUFMRCxXQUFZLFFBQVE7SUFDbEIsMEJBQWMsQ0FBQTtJQUNkLDhCQUFrQixDQUFBO0lBQ2xCLDhCQUFrQixDQUFBO0lBQ2xCLDhCQUFrQixDQUFBO0FBQ3BCLENBQUMsRUFMVyxRQUFRLHdCQUFSLFFBQVEsUUFLbkI7QUFFRCxJQUFZLFNBSVg7QUFKRCxXQUFZLFNBQVM7SUFDbkIsd0JBQVcsQ0FBQTtJQUNYLDRCQUFlLENBQUE7SUFDZiwwQkFBYSxDQUFBO0FBQ2YsQ0FBQyxFQUpXLFNBQVMseUJBQVQsU0FBUyxRQUlwQjtBQUVELElBQVksT0FHWDtBQUhELFdBQVksT0FBTztJQUNqQiw4QkFBbUIsQ0FBQTtJQUNuQiw0QkFBaUIsQ0FBQTtBQUNuQixDQUFDLEVBSFcsT0FBTyx1QkFBUCxPQUFPLFFBR2xCO0FBRUQsSUFBWSxZQVNYO0FBVEQsV0FBWSxZQUFZO0lBQ3RCLG1DQUFtQixDQUFBO0lBQ25CLG1DQUFtQixDQUFBO0lBQ25CLHlDQUF5QixDQUFBO0lBQ3pCLHVDQUF1QixDQUFBO0lBQ3ZCLGlDQUFpQixDQUFBO0lBQ2pCLDZCQUFhLENBQUE7SUFDYix1Q0FBdUIsQ0FBQTtJQUN2QixtQ0FBbUIsQ0FBQTtBQUNyQixDQUFDLEVBVFcsWUFBWSw0QkFBWixZQUFZLFFBU3ZCIn0=

package/dist/cjs/src/nanotdf-crypto/exportCryptoKey.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ *
+ * Export to PEM format to binary buffer
+ * - key    {CryptoKey}     default: "undefined" CryptoKey generated by WebCrypto API
+ */
+async function exportCryptoKey(key) {
+    const exportedKey = await crypto.subtle.exportKey('raw', key);
+    const keyBuffer = new Uint8Array(exportedKey);
+    const len = keyBuffer.byteLength;
+    const xPoint = keyBuffer.slice(0, (1 + len) >>> 1); // drop `y`
+    xPoint[0] = 0x2 | (keyBuffer[len - 1] & 0x01); // encode sign of `y` in first bit
+    // Copy to Arraybuffer
+    const compressedPubKeyBuf = new ArrayBuffer(xPoint.byteLength);
+    new Uint8Array(compressedPubKeyBuf).set(new Uint8Array(xPoint));
+    return compressedPubKeyBuf;
+}
+exports.default = exportCryptoKey;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXhwb3J0Q3J5cHRvS2V5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYtY3J5cHRvL2V4cG9ydENyeXB0b0tleS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBOzs7O0dBSUc7QUFDWSxLQUFLLFVBQVUsZUFBZSxDQUFDLEdBQWM7SUFDMUQsTUFBTSxXQUFXLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLENBQUM7SUFDOUQsTUFBTSxTQUFTLEdBQUcsSUFBSSxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDOUMsTUFBTSxHQUFHLEdBQUcsU0FBUyxDQUFDLFVBQVUsQ0FBQztJQUNqQyxNQUFNLE1BQU0sR0FBRyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLFdBQVc7SUFDL0QsTUFBTSxDQUFDLENBQUMsQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDLFNBQVMsQ0FBQyxHQUFHLEdBQUcsQ0FBQyxDQUFDLEdBQUcsSUFBSSxDQUFDLENBQUMsQ0FBQyxrQ0FBa0M7SUFFakYsc0JBQXNCO0lBQ3RCLE1BQU0sbUJBQW1CLEdBQUcsSUFBSSxXQUFXLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQy9ELElBQUksVUFBVSxDQUFDLG1CQUFtQixDQUFDLENBQUMsR0FBRyxDQUFDLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7SUFDaEUsT0FBTyxtQkFBbUIsQ0FBQztBQUM3QixDQUFDO0FBWEQsa0NBV0MifQ==

package/dist/cjs/src/nanotdf-crypto/generateKeyPair.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const enums_js_1 = require("./enums.js");
+async function generateKeyPair({ type: name, curve: namedCurve, keyUsages, isExtractable } = {
+    type: enums_js_1.AlgorithmName.ECDH,
+    curve: enums_js_1.NamedCurve.P256,
+    keyUsages: [enums_js_1.KeyUsageType.DeriveBits, enums_js_1.KeyUsageType.DeriveKey],
+    isExtractable: true,
+}) {
+    return crypto.subtle.generateKey({ name, namedCurve }, isExtractable, keyUsages);
+}
+exports.default = generateKeyPair;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJhdGVLZXlQYWlyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYtY3J5cHRvL2dlbmVyYXRlS2V5UGFpci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLHlDQUFxRTtBQVN0RCxLQUFLLFVBQVUsZUFBZSxDQUMzQyxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsS0FBSyxFQUFFLFVBQVUsRUFBRSxTQUFTLEVBQUUsYUFBYSxLQUE2QjtJQUNwRixJQUFJLEVBQUUsd0JBQWEsQ0FBQyxJQUFJO0lBQ3hCLEtBQUssRUFBRSxxQkFBVSxDQUFDLElBQUk7SUFDdEIsU0FBUyxFQUFFLENBQUMsdUJBQVksQ0FBQyxVQUFVLEVBQUUsdUJBQVksQ0FBQyxTQUFTLENBQUM7SUFDNUQsYUFBYSxFQUFFLElBQUk7Q0FDcEI7SUFFRCxPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxFQUFFLGFBQWEsRUFBRSxTQUFTLENBQUMsQ0FBQztBQUNuRixDQUFDO0FBVEQsa0NBU0MifQ==

package/dist/cjs/src/nanotdf-crypto/generateRandomNumber.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * Generate a random number of given length
+ */
+function generateRandomNumber(length) {
+    const byteArray = new Uint8Array(length);
+    crypto.getRandomValues(byteArray);
+    return byteArray;
+}
+exports.default = generateRandomNumber;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJhdGVSYW5kb21OdW1iZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvbmFub3RkZi1jcnlwdG8vZ2VuZXJhdGVSYW5kb21OdW1iZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQTs7R0FFRztBQUNILFNBQXdCLG9CQUFvQixDQUFDLE1BQWM7SUFDekQsTUFBTSxTQUFTLEdBQUcsSUFBSSxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDekMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUNsQyxPQUFPLFNBQVMsQ0FBQztBQUNuQixDQUFDO0FBSkQsdUNBSUMifQ==

package/dist/cjs/src/nanotdf-crypto/importRawKey.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const enums_js_1 = require("./enums.js");
+/**
+ * Import raw key
+ *
+ * A specific implementation of the importKey method to import raw keys. Specifies some defaults
+ * to ensure security.
+ *
+ * @param key Key which needs to be imported
+ * @param keyUsages How the key will be used
+ * @param isExtractable Whether key is extractable
+ */
+async function importRawKey(key, keyUsages, isExtractable = false) {
+    return crypto.subtle.importKey(enums_js_1.KeyFormat.Raw, key, enums_js_1.CipherType.AesGcm, isExtractable, keyUsages);
+}
+exports.default = importRawKey;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW1wb3J0UmF3S2V5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYtY3J5cHRvL2ltcG9ydFJhd0tleS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLHlDQUFpRTtBQUVqRTs7Ozs7Ozs7O0dBU0c7QUFDWSxLQUFLLFVBQVUsWUFBWSxDQUN4QyxHQUFnQixFQUNoQixTQUE4QixFQUM5QixhQUFhLEdBQUcsS0FBSztJQUVyQixPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLG9CQUFTLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxxQkFBVSxDQUFDLE1BQU0sRUFBRSxhQUFhLEVBQUUsU0FBUyxDQUFDLENBQUM7QUFDbEcsQ0FBQztBQU5ELCtCQU1DIn0=

package/dist/cjs/src/nanotdf-crypto/index.js

@@ -0,0 +1,52 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.enums = exports.pemCertToCrypto = exports.pemPublicToCrypto = exports.generateRandomNumber = exports.exportCryptoKey = exports.keyAgreement = exports.importRawKey = exports.generateKeyPair = exports.encrypt = exports.digest = exports.decrypt = exports.Ciphers = void 0;
+var ciphers_js_1 = require("./ciphers.js");
+Object.defineProperty(exports, "Ciphers", { enumerable: true, get: function () { return ciphers_js_1.Ciphers; } });
+var decrypt_js_1 = require("./decrypt.js");
+Object.defineProperty(exports, "decrypt", { enumerable: true, get: function () { return __importDefault(decrypt_js_1).default; } });
+var digest_js_1 = require("./digest.js");
+Object.defineProperty(exports, "digest", { enumerable: true, get: function () { return __importDefault(digest_js_1).default; } });
+var encrypt_js_1 = require("./encrypt.js");
+Object.defineProperty(exports, "encrypt", { enumerable: true, get: function () { return __importDefault(encrypt_js_1).default; } });
+var generateKeyPair_js_1 = require("./generateKeyPair.js");
+Object.defineProperty(exports, "generateKeyPair", { enumerable: true, get: function () { return __importDefault(generateKeyPair_js_1).default; } });
+var importRawKey_js_1 = require("./importRawKey.js");
+Object.defineProperty(exports, "importRawKey", { enumerable: true, get: function () { return __importDefault(importRawKey_js_1).default; } });
+var keyAgreement_js_1 = require("./keyAgreement.js");
+Object.defineProperty(exports, "keyAgreement", { enumerable: true, get: function () { return keyAgreement_js_1.keyAgreement; } });
+var exportCryptoKey_js_1 = require("./exportCryptoKey.js");
+Object.defineProperty(exports, "exportCryptoKey", { enumerable: true, get: function () { return __importDefault(exportCryptoKey_js_1).default; } });
+var generateRandomNumber_js_1 = require("./generateRandomNumber.js");
+Object.defineProperty(exports, "generateRandomNumber", { enumerable: true, get: function () { return __importDefault(generateRandomNumber_js_1).default; } });
+var pemPublicToCrypto_js_1 = require("./pemPublicToCrypto.js");
+Object.defineProperty(exports, "pemPublicToCrypto", { enumerable: true, get: function () { return pemPublicToCrypto_js_1.pemPublicToCrypto; } });
+Object.defineProperty(exports, "pemCertToCrypto", { enumerable: true, get: function () { return pemPublicToCrypto_js_1.pemCertToCrypto; } });
+exports.enums = __importStar(require("./enums.js"));
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvbmFub3RkZi1jcnlwdG8vaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSwyQ0FBdUM7QUFBOUIscUdBQUEsT0FBTyxPQUFBO0FBQ2hCLDJDQUFrRDtBQUF6QyxzSEFBQSxPQUFPLE9BQVc7QUFDM0IseUNBQWdEO0FBQXZDLG9IQUFBLE9BQU8sT0FBVTtBQUMxQiwyQ0FBa0Q7QUFBekMsc0hBQUEsT0FBTyxPQUFXO0FBQzNCLDJEQUFrRTtBQUF6RCxzSUFBQSxPQUFPLE9BQW1CO0FBQ25DLHFEQUE0RDtBQUFuRCxnSUFBQSxPQUFPLE9BQWdCO0FBQ2hDLHFEQUFpRDtBQUF4QywrR0FBQSxZQUFZLE9BQUE7QUFDckIsMkRBQWtFO0FBQXpELHNJQUFBLE9BQU8sT0FBbUI7QUFDbkMscUVBQTRFO0FBQW5FLGdKQUFBLE9BQU8sT0FBd0I7QUFDeEMsK0RBQTRFO0FBQW5FLHlIQUFBLGlCQUFpQixPQUFBO0FBQUUsdUhBQUEsZUFBZSxPQUFBO0FBQzNDLG9EQUFvQyJ9

package/dist/cjs/src/nanotdf-crypto/keyAgreement.js

@@ -0,0 +1,91 @@
+"use strict";
+/**
+ *
+ * Copyright (c) 2016 SafeBash
+ * Cryptography consultant: Andrew Kozlik, Ph.D.
+ *
+ * @link https://github.com/safebash/opencrypto
+ *
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.keyAgreement = void 0;
+/**
+ * MIT License
+ *
+ * Copyright (c) 2016 SafeBash
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
+ * NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+ * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+const errors_js_1 = require("../errors.js");
+const enums_js_1 = require("./enums.js");
+const KEY_USAGE_DERIVE_KEY = 'deriveKey';
+/**
+ *
+ * ECDH Key Agreement
+ * - publicKey          {CryptoKey}     default: "undefined"
+ * - privateKey         {CryptoKey}     default: "undefined"
+ * - options            {Object}        default: { bitLength: 256, hkdfHash: 'SHA-512', hkdfSalt: "new UInt8Array()", hkdfInfo: "new UInt8Array()", keyCipher: 'AES-GCM', keyLength: 256, keyUsages: ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'], isExtractable: true }
+ */
+async function keyAgreement(privateKey, publicKey, options = {
+    bitLength: 256,
+    hkdfHash: enums_js_1.HashType.Sha256,
+    hkdfInfo: new Uint8Array(),
+    hkdfSalt: new Uint8Array(),
+    keyCipher: enums_js_1.CipherType.AesGcm,
+    keyLength: 256,
+    keyUsages: [
+        enums_js_1.KeyUsageType.Encrypt,
+        enums_js_1.KeyUsageType.Decrypt,
+        enums_js_1.KeyUsageType.UnwrapKey,
+        enums_js_1.KeyUsageType.WrapKey,
+    ],
+    isExtractable: true,
+}) {
+    if (publicKey?.algorithm?.name !== enums_js_1.AlgorithmName.ECDSA &&
+        publicKey?.algorithm?.name !== enums_js_1.AlgorithmName.ECDH) {
+        throw new errors_js_1.ConfigurationError('CryptoKey is expected to be of type ECDSA or ECDH');
+    }
+    if (privateKey.type !== enums_js_1.KeyType.Private) {
+        throw new errors_js_1.ConfigurationError('Expected input of privateKey to be a CryptoKey of type private');
+    }
+    if (publicKey.type !== enums_js_1.KeyType.Public) {
+        throw new errors_js_1.ConfigurationError('Expected input of publicKey to be a CryptoKey of type public');
+    }
+    const { bitLength = 256, hkdfHash = enums_js_1.HashType.Sha256, hkdfInfo = new Uint8Array(), hkdfSalt = new Uint8Array(), keyCipher = enums_js_1.CipherType.AesGcm, keyLength = 256, isExtractable = true, keyUsages = [
+        enums_js_1.KeyUsageType.Encrypt,
+        enums_js_1.KeyUsageType.Decrypt,
+        enums_js_1.KeyUsageType.UnwrapKey,
+        enums_js_1.KeyUsageType.WrapKey,
+    ], } = options;
+    const derivedBits = await crypto.subtle.deriveBits({
+        name: enums_js_1.AlgorithmName.ECDH,
+        public: publicKey,
+    }, privateKey, bitLength);
+    const derivedKey = await crypto.subtle.importKey(enums_js_1.KeyFormat.Raw, derivedBits, {
+        name: enums_js_1.AlgorithmName.HKDF,
+    }, false, [KEY_USAGE_DERIVE_KEY]);
+    const symmetricKey = await crypto.subtle.deriveKey({
+        name: enums_js_1.AlgorithmName.HKDF,
+        hash: hkdfHash,
+        salt: hkdfSalt,
+        info: hkdfInfo,
+    }, derivedKey, {
+        name: keyCipher,
+        length: keyLength,
+    }, isExtractable, keyUsages);
+    return symmetricKey;
+}
+exports.keyAgreement = keyAgreement;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5QWdyZWVtZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYtY3J5cHRvL2tleUFncmVlbWVudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUE7Ozs7Ozs7R0FPRzs7O0FBRUg7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQWtCRztBQUVILDRDQUFrRDtBQUNsRCx5Q0FBbUc7QUFFbkcsTUFBTSxvQkFBb0IsR0FBRyxXQUFXLENBQUM7QUFhekM7Ozs7OztHQU1HO0FBQ0ksS0FBSyxVQUFVLFlBQVksQ0FDaEMsVUFBcUIsRUFDckIsU0FBb0IsRUFDcEIsVUFBd0M7SUFDdEMsU0FBUyxFQUFFLEdBQUc7SUFDZCxRQUFRLEVBQUUsbUJBQVEsQ0FBQyxNQUFNO0lBQ3pCLFFBQVEsRUFBRSxJQUFJLFVBQVUsRUFBRTtJQUMxQixRQUFRLEVBQUUsSUFBSSxVQUFVLEVBQUU7SUFDMUIsU0FBUyxFQUFFLHFCQUFVLENBQUMsTUFBTTtJQUM1QixTQUFTLEVBQUUsR0FBRztJQUNkLFNBQVMsRUFBRTtRQUNULHVCQUFZLENBQUMsT0FBTztRQUNwQix1QkFBWSxDQUFDLE9BQU87UUFDcEIsdUJBQVksQ0FBQyxTQUFTO1FBQ3RCLHVCQUFZLENBQUMsT0FBTztLQUNyQjtJQUNELGFBQWEsRUFBRSxJQUFJO0NBQ3BCO0lBRUQsSUFDRSxTQUFTLEVBQUUsU0FBUyxFQUFFLElBQUksS0FBSyx3QkFBYSxDQUFDLEtBQUs7UUFDbEQsU0FBUyxFQUFFLFNBQVMsRUFBRSxJQUFJLEtBQUssd0JBQWEsQ0FBQyxJQUFJLEVBQ2pEO1FBQ0EsTUFBTSxJQUFJLDhCQUFrQixDQUFDLG1EQUFtRCxDQUFDLENBQUM7S0FDbkY7SUFFRCxJQUFJLFVBQVUsQ0FBQyxJQUFJLEtBQUssa0JBQU8sQ0FBQyxPQUFPLEVBQUU7UUFDdkMsTUFBTSxJQUFJLDhCQUFrQixDQUFDLGdFQUFnRSxDQUFDLENBQUM7S0FDaEc7SUFFRCxJQUFJLFNBQVMsQ0FBQyxJQUFJLEtBQUssa0JBQU8sQ0FBQyxNQUFNLEVBQUU7UUFDckMsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDhEQUE4RCxDQUFDLENBQUM7S0FDOUY7SUFFRCxNQUFNLEVBQ0osU0FBUyxHQUFHLEdBQUcsRUFDZixRQUFRLEdBQUcsbUJBQVEsQ0FBQyxNQUFNLEVBQzFCLFFBQVEsR0FBRyxJQUFJLFVBQVUsRUFBRSxFQUMzQixRQUFRLEdBQUcsSUFBSSxVQUFVLEVBQUUsRUFDM0IsU0FBUyxHQUFHLHFCQUFVLENBQUMsTUFBTSxFQUM3QixTQUFTLEdBQUcsR0FBRyxFQUNmLGFBQWEsR0FBRyxJQUFJLEVBQ3BCLFNBQVMsR0FBRztRQUNWLHVCQUFZLENBQUMsT0FBTztRQUNwQix1QkFBWSxDQUFDLE9BQU87UUFDcEIsdUJBQVksQ0FBQyxTQUFTO1FBQ3RCLHVCQUFZLENBQUMsT0FBTztLQUNyQixHQUNGLEdBQUcsT0FBTyxDQUFDO0lBRVosTUFBTSxXQUFXLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FDaEQ7UUFDRSxJQUFJLEVBQUUsd0JBQWEsQ0FBQyxJQUFJO1FBQ3hCLE1BQU0sRUFBRSxTQUFTO0tBQ2xCLEVBQ0QsVUFBVSxFQUNWLFNBQVMsQ0FDVixDQUFDO0lBRUYsTUFBTSxVQUFVLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDOUMsb0JBQVMsQ0FBQyxHQUFHLEVBQ2IsV0FBVyxFQUNYO1FBQ0UsSUFBSSxFQUFFLHdCQUFhLENBQUMsSUFBSTtLQUN6QixFQUNELEtBQUssRUFDTCxDQUFDLG9CQUFvQixDQUFDLENBQ3ZCLENBQUM7SUFFRixNQUFNLFlBQVksR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUNoRDtRQUNFLElBQUksRUFBRSx3QkFBYSxDQUFDLElBQUk7UUFDeEIsSUFBSSxFQUFFLFFBQVE7UUFDZCxJQUFJLEVBQUUsUUFBUTtRQUNkLElBQUksRUFBRSxRQUFRO0tBQ2YsRUFDRCxVQUFVLEVBQ1Y7UUFDRSxJQUFJLEVBQUUsU0FBUztRQUNmLE1BQU0sRUFBRSxTQUFTO0tBQ2xCLEVBQ0QsYUFBYSxFQUNiLFNBQVMsQ0FDVixDQUFDO0lBRUYsT0FBTyxZQUFZLENBQUM7QUFDdEIsQ0FBQztBQXRGRCxvQ0FzRkMifQ==