@parmanasystems/crypto 1.0.19 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.js +9 -9
  2. package/dist/index.js.map +1 -1
  3. package/package.json +2 -2
package/dist/index.js CHANGED
@@ -1,6 +1,6 @@
1
1
  // src/keys.ts
2
- import fs from "fs";
3
- import path from "path";
2
+ import * as fs from "fs";
3
+ import * as path from "path";
4
4
  var PRIVATE_KEY_PATH = path.resolve(
5
5
  "./trust/root.key"
6
6
  );
@@ -21,8 +21,8 @@ function loadPublicKey() {
21
21
  }
22
22
 
23
23
  // src/persist.ts
24
- import fs2 from "fs";
25
- import path2 from "path";
24
+ import * as fs2 from "fs";
25
+ import * as path2 from "path";
26
26
  function writeSignature(signature, directory) {
27
27
  const signaturePath = path2.join(
28
28
  directory,
@@ -46,8 +46,8 @@ function readSignature(directory) {
46
46
  }
47
47
 
48
48
  // src/sign.ts
49
- import fs3 from "fs";
50
- import crypto from "crypto";
49
+ import * as fs3 from "fs";
50
+ import * as crypto from "crypto";
51
51
  import {
52
52
  canonicalize
53
53
  } from "@parmanasystems/bundle";
@@ -76,8 +76,8 @@ function signManifest(manifestPath) {
76
76
  }
77
77
 
78
78
  // src/verify.ts
79
- import fs4 from "fs";
80
- import crypto2 from "crypto";
79
+ import * as fs4 from "fs";
80
+ import * as crypto2 from "crypto";
81
81
  import {
82
82
  canonicalize as canonicalize2
83
83
  } from "@parmanasystems/bundle";
@@ -121,7 +121,7 @@ function verifyPayloadSignature(payload, signature, publicKey) {
121
121
  }
122
122
 
123
123
  // src/verify-manifest-signature.ts
124
- import crypto3 from "crypto";
124
+ import * as crypto3 from "crypto";
125
125
  function verifyManifestSignature(manifest, signature) {
126
126
  const publicKey = loadPublicKey();
127
127
  return crypto3.verify(
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/keys.ts","../src/persist.ts","../src/sign.ts","../src/verify.ts","../src/verify-manifest-signature.ts"],"sourcesContent":["import fs from \"fs\";\n\nimport path from \"path\";\n\nconst PRIVATE_KEY_PATH =\n path.resolve(\n \"./trust/root.key\"\n );\n\nconst PUBLIC_KEY_PATH =\n path.resolve(\n \"./trust/root.pub\"\n );\n\n/**\n * Reads the root trust private key PEM.\n *\n * Production deployments should inject this\n * via secure secret management.\n */\nexport function loadPrivateKey(): string {\n\n return fs.readFileSync(\n PRIVATE_KEY_PATH,\n \"utf8\"\n );\n}\n\n/**\n * Reads the root trust public key PEM.\n */\nexport function loadPublicKey(): string {\n\n return fs.readFileSync(\n PUBLIC_KEY_PATH,\n \"utf8\"\n );\n}","import fs from \"fs\";\nimport path from \"path\";\n\n/**\n * Writes a base64 signature string to `<directory>/bundle.sig`.\n * Overwrites any existing file at that path.\n */\nexport function writeSignature(\n signature: string,\n directory: string\n): void {\n const signaturePath = path.join(\n directory,\n \"bundle.sig\"\n );\n\n fs.writeFileSync(\n signaturePath,\n signature,\n \"utf8\"\n );\n}\n\n/** Reads and returns the raw base64 signature from `<directory>/bundle.sig`. */\nexport function readSignature(\n directory: string\n): string {\n const signaturePath = path.join(\n directory,\n \"bundle.sig\"\n );\n\n return fs.readFileSync(\n signaturePath,\n \"utf8\"\n );\n}\n\n\n\n\n","import fs from \"fs\";\n\nimport crypto from \"crypto\";\n\nimport {\n canonicalize,\n} from \"@parmanasystems/bundle\";\n\nimport {\n loadPrivateKey,\n} from \"./keys\";\n\n/**\n * Reads the manifest JSON at `manifestPath`, canonicalizes it, and returns a\n * base64-encoded Ed25519 signature produced with the dev private key.\n *\n * @param manifestPath - Absolute or CWD-relative path to a `bundle.manifest.json` file.\n * @returns Base64-encoded Ed25519 signature over the canonical manifest bytes.\n */\nexport function signManifest(\n manifestPath: string\n): string {\n\n const manifest =\n JSON.parse(\n fs.readFileSync(\n manifestPath,\n \"utf8\"\n )\n );\n\n const canonical =\n canonicalize(\n manifest\n );\n\n const privateKey =\n loadPrivateKey();\n\n const signature =\n crypto.sign(\n null,\n\n Buffer.from(\n canonical,\n \"utf8\"\n ),\n\n privateKey\n );\n\n return signature.toString(\n \"base64\"\n );\n}\n\n\n\n\n","import fs from \"fs\";\n\nimport crypto from \"crypto\";\n\nimport {\n canonicalize,\n} from \"@parmanasystems/bundle\";\n\nimport {\n loadPublicKey,\n} from \"./keys\";\n\n/**\n * Reads the manifest JSON at `manifestPath`, canonicalizes it, and verifies\n * `signature` (base64 Ed25519) against the dev public key.\n *\n * @param manifestPath - Path to the `bundle.manifest.json` file.\n * @param signature - Base64-encoded Ed25519 signature to verify.\n */\nexport function verifySignature(\n manifestPath: string,\n signature: string\n): boolean {\n\n const manifest =\n JSON.parse(\n fs.readFileSync(\n manifestPath,\n \"utf8\"\n )\n );\n\n const canonical =\n canonicalize(\n manifest\n );\n\n const publicKey =\n loadPublicKey();\n\n return crypto.verify(\n null,\n\n Buffer.from(\n canonical,\n \"utf8\"\n ),\n\n publicKey,\n\n Buffer.from(\n signature,\n \"base64\"\n )\n );\n}\n\n/**\n * Verifies a base64-encoded Ed25519 `signature` over an arbitrary UTF-8\n * `payload` using the provided `publicKey` PEM. Unlike `verifySignature`,\n * this function accepts any payload string rather than reading a manifest\n * file from disk.\n *\n * @param payload - The original signed UTF-8 string.\n * @param signature - Base64-encoded Ed25519 signature.\n * @param publicKey - PEM-encoded Ed25519 public key.\n */\nexport function verifyPayloadSignature(\n payload: string,\n signature: string,\n publicKey: string\n): boolean {\n\n return crypto.verify(\n null,\n\n Buffer.from(\n payload,\n \"utf8\"\n ),\n\n publicKey,\n\n Buffer.from(\n signature,\n \"base64\"\n )\n );\n}\n\n\n\n\n","import crypto from \"crypto\";\n\nimport {\n loadPublicKey,\n} from \"./keys\";\n\n/**\n * Verifies `signature` (base64 Ed25519) over the already-serialized canonical\n * `manifest` string against the dev public key.\n *\n * Unlike `verifySignature`, this function accepts the manifest bytes directly\n * rather than reading them from disk — suited for in-memory verification flows.\n *\n * @param manifest - Canonical manifest bytes (UTF-8 string).\n * @param signature - Base64-encoded Ed25519 signature.\n */\nexport function verifyManifestSignature(\n manifest: string,\n signature: string\n): boolean {\n\n const publicKey =\n loadPublicKey();\n\n return crypto.verify(\n null,\n\n Buffer.from(\n manifest\n ),\n\n publicKey,\n\n Buffer.from(\n signature,\n \"base64\"\n )\n );\n}\n\n\n\n\n"],"mappings":";AAAA,OAAO,QAAQ;AAEf,OAAO,UAAU;AAEjB,IAAM,mBACJ,KAAK;AAAA,EACH;AACF;AAEF,IAAM,kBACJ,KAAK;AAAA,EACH;AACF;AAQK,SAAS,iBAAyB;AAEvC,SAAO,GAAG;AAAA,IACR;AAAA,IACA;AAAA,EACF;AACF;AAKO,SAAS,gBAAwB;AAEtC,SAAO,GAAG;AAAA,IACR;AAAA,IACA;AAAA,EACF;AACF;;;ACrCA,OAAOA,SAAQ;AACf,OAAOC,WAAU;AAMV,SAAS,eACd,WACA,WACM;AACN,QAAM,gBAAgBA,MAAK;AAAA,IACzB;AAAA,IACA;AAAA,EACF;AAEA,EAAAD,IAAG;AAAA,IACD;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAGO,SAAS,cACd,WACQ;AACR,QAAM,gBAAgBC,MAAK;AAAA,IACzB;AAAA,IACA;AAAA,EACF;AAEA,SAAOD,IAAG;AAAA,IACR;AAAA,IACA;AAAA,EACF;AACF;;;ACpCA,OAAOE,SAAQ;AAEf,OAAO,YAAY;AAEnB;AAAA,EACE;AAAA,OACK;AAaA,SAAS,aACd,cACQ;AAER,QAAM,WACJ,KAAK;AAAA,IACHC,IAAG;AAAA,MACD;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEF,QAAM,YACJ;AAAA,IACE;AAAA,EACF;AAEF,QAAM,aACJ,eAAe;AAEjB,QAAM,YACJ,OAAO;AAAA,IACL;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,IAEA;AAAA,EACF;AAEF,SAAO,UAAU;AAAA,IACf;AAAA,EACF;AACF;;;ACtDA,OAAOC,SAAQ;AAEf,OAAOC,aAAY;AAEnB;AAAA,EACE,gBAAAC;AAAA,OACK;AAaA,SAAS,gBACd,cACA,WACS;AAET,QAAM,WACJ,KAAK;AAAA,IACHC,IAAG;AAAA,MACD;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEF,QAAM,YACJC;AAAA,IACE;AAAA,EACF;AAEF,QAAM,YACJ,cAAc;AAEhB,SAAOC,QAAO;AAAA,IACZ;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,IAEA;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAYO,SAAS,uBACd,SACA,WACA,WACS;AAET,SAAOA,QAAO;AAAA,IACZ;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,IAEA;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;;;ACxFA,OAAOC,aAAY;AAgBZ,SAAS,wBACd,UACA,WACS;AAET,QAAM,YACJ,cAAc;AAEhB,SAAOC,QAAO;AAAA,IACZ;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,IACF;AAAA,IAEA;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;","names":["fs","path","fs","fs","fs","crypto","canonicalize","fs","canonicalize","crypto","crypto","crypto"]}
1
+ {"version":3,"sources":["../src/keys.ts","../src/persist.ts","../src/sign.ts","../src/verify.ts","../src/verify-manifest-signature.ts"],"sourcesContent":["import * as fs from \"node:fs\";\r\n\r\nimport * as path from \"node:path\";\r\n\r\nconst PRIVATE_KEY_PATH =\r\n path.resolve(\r\n \"./trust/root.key\"\r\n );\r\n\r\nconst PUBLIC_KEY_PATH =\r\n path.resolve(\r\n \"./trust/root.pub\"\r\n );\r\n\r\n/**\r\n * Reads the root trust private key PEM.\r\n *\r\n * Production deployments should inject this\r\n * via secure secret management.\r\n */\r\nexport function loadPrivateKey(): string {\r\n\r\n return fs.readFileSync(\r\n PRIVATE_KEY_PATH,\r\n \"utf8\"\r\n );\r\n}\r\n\r\n/**\r\n * Reads the root trust public key PEM.\r\n */\r\nexport function loadPublicKey(): string {\r\n\r\n return fs.readFileSync(\r\n PUBLIC_KEY_PATH,\r\n \"utf8\"\r\n );\r\n}\r\n","import * as fs from \"node:fs\";\r\nimport * as path from \"node:path\";\r\n\r\n/**\r\n * Writes a base64 signature string to `<directory>/bundle.sig`.\r\n * Overwrites any existing file at that path.\r\n */\r\nexport function writeSignature(\r\n signature: string,\r\n directory: string\r\n): void {\r\n const signaturePath = path.join(\r\n directory,\r\n \"bundle.sig\"\r\n );\r\n\r\n fs.writeFileSync(\r\n signaturePath,\r\n signature,\r\n \"utf8\"\r\n );\r\n}\r\n\r\n/** Reads and returns the raw base64 signature from `<directory>/bundle.sig`. */\r\nexport function readSignature(\r\n directory: string\r\n): string {\r\n const signaturePath = path.join(\r\n directory,\r\n \"bundle.sig\"\r\n );\r\n\r\n return fs.readFileSync(\r\n signaturePath,\r\n \"utf8\"\r\n );\r\n}\r\n\r\n\r\n\r\n\r\n","import * as fs from \"node:fs\";\r\n\r\nimport * as crypto from \"node:crypto\";\r\nimport {\r\n canonicalize,\r\n} from \"@parmanasystems/bundle\";\r\n\r\nimport {\r\n loadPrivateKey,\r\n} from \"./keys.js\";\r\n\r\n/**\r\n * Reads the manifest JSON at `manifestPath`, canonicalizes it, and returns a\r\n * base64-encoded Ed25519 signature produced with the dev private key.\r\n *\r\n * @param manifestPath - Absolute or CWD-relative path to a `bundle.manifest.json` file.\r\n * @returns Base64-encoded Ed25519 signature over the canonical manifest bytes.\r\n */\r\nexport function signManifest(\r\n manifestPath: string\r\n): string {\r\n\r\n const manifest =\r\n JSON.parse(\r\n fs.readFileSync(\r\n manifestPath,\r\n \"utf8\"\r\n )\r\n );\r\n\r\n const canonical =\r\n canonicalize(\r\n manifest\r\n );\r\n\r\n const privateKey =\r\n loadPrivateKey();\r\n\r\n const signature =\r\n crypto.sign(\r\n null,\r\n\r\n Buffer.from(\r\n canonical,\r\n \"utf8\"\r\n ),\r\n\r\n privateKey\r\n );\r\n\r\n return signature.toString(\r\n \"base64\"\r\n );\r\n}\r\n\r\n\r\n\r\n\r\n","import * as fs from \"node:fs\";\r\n\r\nimport * as crypto from \"node:crypto\";\r\n\r\nimport {\r\n canonicalize,\r\n} from \"@parmanasystems/bundle\";\r\n\r\nimport {\r\n loadPublicKey,\r\n} from \"./keys.js\";\r\n\r\n/**\r\n * Reads the manifest JSON at `manifestPath`, canonicalizes it, and verifies\r\n * `signature` (base64 Ed25519) against the dev public key.\r\n *\r\n * @param manifestPath - Path to the `bundle.manifest.json` file.\r\n * @param signature - Base64-encoded Ed25519 signature to verify.\r\n */\r\nexport function verifySignature(\r\n manifestPath: string,\r\n signature: string\r\n): boolean {\r\n\r\n const manifest =\r\n JSON.parse(\r\n fs.readFileSync(\r\n manifestPath,\r\n \"utf8\"\r\n )\r\n );\r\n\r\n const canonical =\r\n canonicalize(\r\n manifest\r\n );\r\n\r\n const publicKey =\r\n loadPublicKey();\r\n\r\n return crypto.verify(\r\n null,\r\n\r\n Buffer.from(\r\n canonical,\r\n \"utf8\"\r\n ),\r\n\r\n publicKey,\r\n\r\n Buffer.from(\r\n signature,\r\n \"base64\"\r\n )\r\n );\r\n}\r\n\r\n/**\r\n * Verifies a base64-encoded Ed25519 `signature` over an arbitrary UTF-8\r\n * `payload` using the provided `publicKey` PEM. Unlike `verifySignature`,\r\n * this function accepts any payload string rather than reading a manifest\r\n * file from disk.\r\n *\r\n * @param payload - The original signed UTF-8 string.\r\n * @param signature - Base64-encoded Ed25519 signature.\r\n * @param publicKey - PEM-encoded Ed25519 public key.\r\n */\r\nexport function verifyPayloadSignature(\r\n payload: string,\r\n signature: string,\r\n publicKey: string\r\n): boolean {\r\n\r\n return crypto.verify(\r\n null,\r\n\r\n Buffer.from(\r\n payload,\r\n \"utf8\"\r\n ),\r\n\r\n publicKey,\r\n\r\n Buffer.from(\r\n signature,\r\n \"base64\"\r\n )\r\n );\r\n}\r\n\r\n\r\n\r\n\r\n","import * as crypto from \"node:crypto\";\r\n\r\nimport {\r\n loadPublicKey,\r\n} from \"./keys.js\";\r\n\r\n/**\r\n * Verifies `signature` (base64 Ed25519) over the already-serialized canonical\r\n * `manifest` string against the dev public key.\r\n *\r\n * Unlike `verifySignature`, this function accepts the manifest bytes directly\r\n * rather than reading them from disk — suited for in-memory verification flows.\r\n *\r\n * @param manifest - Canonical manifest bytes (UTF-8 string).\r\n * @param signature - Base64-encoded Ed25519 signature.\r\n */\r\nexport function verifyManifestSignature(\r\n manifest: string,\r\n signature: string\r\n): boolean {\r\n\r\n const publicKey =\r\n loadPublicKey();\r\n\r\n return crypto.verify(\r\n null,\r\n\r\n Buffer.from(\r\n manifest\r\n ),\r\n\r\n publicKey,\r\n\r\n Buffer.from(\r\n signature,\r\n \"base64\"\r\n )\r\n );\r\n}\r\n\r\n\r\n\r\n\r\n"],"mappings":";AAAA,YAAY,QAAQ;AAEpB,YAAY,UAAU;AAEtB,IAAM,mBACC;AAAA,EACH;AACF;AAEF,IAAM,kBACC;AAAA,EACH;AACF;AAQK,SAAS,iBAAyB;AAEvC,SAAU;AAAA,IACR;AAAA,IACA;AAAA,EACF;AACF;AAKO,SAAS,gBAAwB;AAEtC,SAAU;AAAA,IACR;AAAA,IACA;AAAA,EACF;AACF;;;ACrCA,YAAYA,SAAQ;AACpB,YAAYC,WAAU;AAMf,SAAS,eACd,WACA,WACM;AACN,QAAM,gBAAqB;AAAA,IACzB;AAAA,IACA;AAAA,EACF;AAEA,EAAG;AAAA,IACD;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAGO,SAAS,cACd,WACQ;AACR,QAAM,gBAAqB;AAAA,IACzB;AAAA,IACA;AAAA,EACF;AAEA,SAAU;AAAA,IACR;AAAA,IACA;AAAA,EACF;AACF;;;ACpCA,YAAYC,SAAQ;AAEpB,YAAY,YAAY;AACxB;AAAA,EACE;AAAA,OACK;AAaA,SAAS,aACd,cACQ;AAER,QAAM,WACJ,KAAK;AAAA,IACA;AAAA,MACD;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEF,QAAM,YACJ;AAAA,IACE;AAAA,EACF;AAEF,QAAM,aACJ,eAAe;AAEjB,QAAM,YACG;AAAA,IACL;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,IAEA;AAAA,EACF;AAEF,SAAO,UAAU;AAAA,IACf;AAAA,EACF;AACF;;;ACrDA,YAAYC,SAAQ;AAEpB,YAAYC,aAAY;AAExB;AAAA,EACE,gBAAAC;AAAA,OACK;AAaA,SAAS,gBACd,cACA,WACS;AAET,QAAM,WACJ,KAAK;AAAA,IACA;AAAA,MACD;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEF,QAAM,YACJC;AAAA,IACE;AAAA,EACF;AAEF,QAAM,YACJ,cAAc;AAEhB,SAAc;AAAA,IACZ;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,IAEA;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAYO,SAAS,uBACd,SACA,WACA,WACS;AAET,SAAc;AAAA,IACZ;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,IAEA;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;;;ACxFA,YAAYC,aAAY;AAgBjB,SAAS,wBACd,UACA,WACS;AAET,QAAM,YACJ,cAAc;AAEhB,SAAc;AAAA,IACZ;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,IACF;AAAA,IAEA;AAAA,IAEA,OAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;","names":["fs","path","fs","fs","crypto","canonicalize","canonicalize","crypto"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@parmanasystems/crypto",
3
- "version": "1.0.19",
3
+ "version": "1.3.0",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "scripts": {
@@ -18,7 +18,7 @@
18
18
  ],
19
19
  "sideEffects": false,
20
20
  "dependencies": {
21
- "@parmanasystems/bundle": "^1.0.19"
21
+ "@parmanasystems/bundle": "^1.3.0"
22
22
  },
23
23
  "description": "Signing and verification primitives for deterministic governance infrastructure.",
24
24
  "license": "Apache-2.0",