@peac/crypto 0.10.6 → 0.10.8

package/dist/base64url.d.ts

@@ -1,21 +1,37 @@
 /**
  * Base64url encoding/decoding (RFC 4648 §5)
- * Used for JWS compact serialization
+ *
+ * Platform-agnostic implementation that works in Node.js, browser, and edge runtimes.
+ * No Buffer dependency - uses pure JavaScript for maximum portability.
+ *
+ * @packageDocumentation
  */
 /**
  * Encode bytes to base64url string (no padding)
+ *
+ * @param bytes - Byte array to encode
+ * @returns Base64url encoded string (no padding)
  */
 export declare function base64urlEncode(bytes: Uint8Array): string;
 /**
  * Decode base64url string to bytes
+ *
+ * @param str - Base64url encoded string
+ * @returns Decoded bytes
  */
 export declare function base64urlDecode(str: string): Uint8Array;
 /**
  * Encode UTF-8 string to base64url
+ *
+ * @param str - UTF-8 string to encode
+ * @returns Base64url encoded string
  */
 export declare function base64urlEncodeString(str: string): string;
 /**
  * Decode base64url to UTF-8 string
+ *
+ * @param str - Base64url encoded string
+ * @returns Decoded UTF-8 string
  */
 export declare function base64urlDecodeString(str: string): string;
 //# sourceMappingURL=base64url.d.ts.map

package/dist/base64url.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"base64url.d.ts","sourceRoot":"","sources":["../src/base64url.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAGzD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAYvD;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEzD;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEzD"}
+{"version":3,"file":"base64url.d.ts","sourceRoot":"","sources":["../src/base64url.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAkBH;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAmBzD;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CA4BvD;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEzD;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEzD"}

package/dist/base64url.js

@@ -1,42 +1,96 @@
 "use strict";
 /**
  * Base64url encoding/decoding (RFC 4648 §5)
- * Used for JWS compact serialization
+ *
+ * Platform-agnostic implementation that works in Node.js, browser, and edge runtimes.
+ * No Buffer dependency - uses pure JavaScript for maximum portability.
+ *
+ * @packageDocumentation
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.base64urlEncode = base64urlEncode;
 exports.base64urlDecode = base64urlDecode;
 exports.base64urlEncodeString = base64urlEncodeString;
 exports.base64urlDecodeString = base64urlDecodeString;
+// Standard base64 alphabet
+const BASE64_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+// Reverse lookup table (lazily initialized)
+let base64Lookup = null;
+function getBase64Lookup() {
+    if (!base64Lookup) {
+        base64Lookup = new Map();
+        for (let i = 0; i < BASE64_ALPHABET.length; i++) {
+            base64Lookup.set(BASE64_ALPHABET[i], i);
+        }
+    }
+    return base64Lookup;
+}
 /**
  * Encode bytes to base64url string (no padding)
+ *
+ * @param bytes - Byte array to encode
+ * @returns Base64url encoded string (no padding)
  */
 function base64urlEncode(bytes) {
-    const base64 = Buffer.from(bytes).toString('base64');
-    return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+    let result = '';
+    let i = 0;
+    while (i < bytes.length) {
+        const a = bytes[i++];
+        const b = bytes[i++] ?? 0;
+        const c = bytes[i++] ?? 0;
+        const triplet = (a << 16) | (b << 8) | c;
+        result += BASE64_ALPHABET[(triplet >> 18) & 0x3f];
+        result += BASE64_ALPHABET[(triplet >> 12) & 0x3f];
+        result += i - 2 < bytes.length ? BASE64_ALPHABET[(triplet >> 6) & 0x3f] : '';
+        result += i - 1 < bytes.length ? BASE64_ALPHABET[triplet & 0x3f] : '';
+    }
+    // Convert to base64url (no padding)
+    return result.replace(/\+/g, '-').replace(/\//g, '_');
 }
 /**
  * Decode base64url string to bytes
+ *
+ * @param str - Base64url encoded string
+ * @returns Decoded bytes
  */
 function base64urlDecode(str) {
+    // Convert base64url to base64
+    let base64 = str.replace(/-/g, '+').replace(/_/g, '/');
     // Add padding if needed
-    let padded = str;
-    const mod = str.length % 4;
-    if (mod > 0) {
-        padded += '='.repeat(4 - mod);
+    while (base64.length % 4 !== 0) {
+        base64 += '=';
     }
-    // Convert base64url to base64
-    const base64 = padded.replace(/-/g, '+').replace(/_/g, '/');
-    return new Uint8Array(Buffer.from(base64, 'base64'));
+    const lookup = getBase64Lookup();
+    const bytes = [];
+    for (let i = 0; i < base64.length; i += 4) {
+        const a = lookup.get(base64[i]) ?? 0;
+        const b = lookup.get(base64[i + 1]) ?? 0;
+        const c = lookup.get(base64[i + 2]) ?? 0;
+        const d = lookup.get(base64[i + 3]) ?? 0;
+        bytes.push((a << 2) | (b >> 4));
+        if (base64[i + 2] !== '=') {
+            bytes.push(((b & 0x0f) << 4) | (c >> 2));
+        }
+        if (base64[i + 3] !== '=') {
+            bytes.push(((c & 0x03) << 6) | d);
+        }
+    }
+    return new Uint8Array(bytes);
 }
 /**
  * Encode UTF-8 string to base64url
+ *
+ * @param str - UTF-8 string to encode
+ * @returns Base64url encoded string
  */
 function base64urlEncodeString(str) {
     return base64urlEncode(new TextEncoder().encode(str));
 }
 /**
  * Decode base64url to UTF-8 string
+ *
+ * @param str - Base64url encoded string
+ * @returns Decoded UTF-8 string
  */
 function base64urlDecodeString(str) {
     return new TextDecoder().decode(base64urlDecode(str));

package/dist/base64url.js.map

@@ -1 +1 @@
-{"version":3,"file":"base64url.js","sourceRoot":"","sources":["../src/base64url.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAKH,0CAGC;AAKD,0CAYC;AAKD,sDAEC;AAKD,sDAEC;AArCD;;GAEG;AACH,SAAgB,eAAe,CAAC,KAAiB;IAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrD,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,GAAW;IACzC,wBAAwB;IACxB,IAAI,MAAM,GAAG,GAAG,CAAC;IACjB,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IAC3B,IAAI,GAAG,GAAG,CAAC,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;IAChC,CAAC;IAED,8BAA8B;IAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAE5D,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;AACvD,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,GAAW;IAC/C,OAAO,eAAe,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,GAAW;IAC/C,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;AACxD,CAAC"}
+{"version":3,"file":"base64url.js","sourceRoot":"","sources":["../src/base64url.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAwBH,0CAmBC;AAQD,0CA4BC;AAQD,sDAEC;AAQD,sDAEC;AAjGD,2BAA2B;AAC3B,MAAM,eAAe,GAAG,kEAAkE,CAAC;AAE3F,4CAA4C;AAC5C,IAAI,YAAY,GAA+B,IAAI,CAAC;AAEpD,SAAS,eAAe;IACtB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,IAAI,GAAG,EAAE,CAAC;QACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,eAAe,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChD,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,eAAe,CAAC,KAAiB;IAC/C,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAC1B,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAE1B,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAEzC,MAAM,IAAI,eAAe,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QAClD,MAAM,IAAI,eAAe,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QAClD,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACxE,CAAC;IAED,oCAAoC;IACpC,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;AACxD,CAAC;AAED;;;;;GAKG;AACH,SAAgB,eAAe,CAAC,GAAW;IACzC,8BAA8B;IAC9B,IAAI,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAEvD,wBAAwB;IACxB,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,CAAC;IAChB,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAEzC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YAC1B,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;QACD,IAAI,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YAC1B,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;GAKG;AACH,SAAgB,qBAAqB,CAAC,GAAW;IAC/C,OAAO,eAAe,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AACxD,CAAC;AAED;;;;;GAKG;AACH,SAAgB,qBAAqB,CAAC,GAAW;IAC/C,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;AACxD,CAAC"}

package/dist/hash.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Cryptographic hash utilities
+ *
+ * Platform-agnostic SHA-256 implementation that works in Node.js, browser, and edge runtimes.
+ * Uses Web Crypto API with Node.js crypto fallback.
+ *
+ * @packageDocumentation
+ */
+/**
+ * Compute SHA-256 hash of data and return as lowercase hex string
+ *
+ * Uses Web Crypto API if available, falls back to Node.js crypto.
+ *
+ * @param data - Data to hash (Uint8Array or string)
+ * @returns Lowercase hex string (64 characters)
+ */
+export declare function sha256Hex(data: Uint8Array | string): Promise<string>;
+/**
+ * Compute SHA-256 hash of data and return as Uint8Array (32 bytes)
+ *
+ * @param data - Data to hash (Uint8Array or string)
+ * @returns Hash as Uint8Array (32 bytes)
+ */
+export declare function sha256Bytes(data: Uint8Array | string): Promise<Uint8Array>;
+/**
+ * Convert hex string to Uint8Array
+ *
+ * @param hex - Lowercase hex string
+ * @returns Uint8Array
+ */
+export declare function hexToBytes(hex: string): Uint8Array;
+/**
+ * Convert Uint8Array to lowercase hex string
+ *
+ * @param bytes - Byte array
+ * @returns Lowercase hex string
+ */
+export declare function bytesToHex(bytes: Uint8Array): string;
+/**
+ * JWK structure for Ed25519 public keys (minimal required fields for thumbprint)
+ */
+export interface JWKThumbprintInput {
+    /** Key type - must be "OKP" for Ed25519 */
+    kty: string;
+    /** Curve - must be "Ed25519" */
+    crv: string;
+    /** Public key (base64url) */
+    x: string;
+}
+/**
+ * Compute RFC 7638 JWK Thumbprint (base64url, SHA-256)
+ *
+ * For Ed25519 keys, the canonical JSON is: {"crv":"Ed25519","kty":"OKP","x":"<base64url>"}
+ * Returns base64url-encoded SHA-256 hash (43 characters).
+ *
+ * @param jwk - JWK with kty, crv, x fields
+ * @returns Base64url-encoded SHA-256 thumbprint (43 characters)
+ */
+export declare function computeJwkThumbprint(jwk: JWKThumbprintInput): Promise<string>;
+/**
+ * Convert JWK to Ed25519 public key bytes (32 bytes)
+ *
+ * @param jwk - JWK with kty, crv, x fields
+ * @returns Public key as 32-byte Uint8Array
+ */
+export declare function jwkToPublicKeyBytes(jwk: JWKThumbprintInput): Uint8Array;
+//# sourceMappingURL=hash.d.ts.map

package/dist/hash.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../src/hash.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH;;;;;;;GAOG;AACH,wBAAsB,SAAS,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAqB1E;AAED;;;;;GAKG;AACH,wBAAsB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAkBhF;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAalD;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAIpD;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,2CAA2C;IAC3C,GAAG,EAAE,MAAM,CAAC;IACZ,gCAAgC;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,6BAA6B;IAC7B,CAAC,EAAE,MAAM,CAAC;CACX;AAED;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,CAcnF;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,kBAAkB,GAAG,UAAU,CAWvE"}

package/dist/hash.js

@@ -0,0 +1,171 @@
+"use strict";
+/**
+ * Cryptographic hash utilities
+ *
+ * Platform-agnostic SHA-256 implementation that works in Node.js, browser, and edge runtimes.
+ * Uses Web Crypto API with Node.js crypto fallback.
+ *
+ * @packageDocumentation
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sha256Hex = sha256Hex;
+exports.sha256Bytes = sha256Bytes;
+exports.hexToBytes = hexToBytes;
+exports.bytesToHex = bytesToHex;
+exports.computeJwkThumbprint = computeJwkThumbprint;
+exports.jwkToPublicKeyBytes = jwkToPublicKeyBytes;
+const base64url_js_1 = require("./base64url.js");
+/**
+ * Compute SHA-256 hash of data and return as lowercase hex string
+ *
+ * Uses Web Crypto API if available, falls back to Node.js crypto.
+ *
+ * @param data - Data to hash (Uint8Array or string)
+ * @returns Lowercase hex string (64 characters)
+ */
+async function sha256Hex(data) {
+    const bytes = typeof data === 'string' ? new TextEncoder().encode(data) : data;
+    // Try Web Crypto API first (works in browser, edge, and Node 20+)
+    if (typeof globalThis.crypto?.subtle?.digest === 'function') {
+        const hashBuffer = await globalThis.crypto.subtle.digest('SHA-256', bytes);
+        const hashArray = Array.from(new Uint8Array(hashBuffer));
+        return hashArray.map((b) => b.toString(16).padStart(2, '0')).join('');
+    }
+    // Fallback to Node.js crypto
+    try {
+        const { createHash } = await Promise.resolve().then(() => __importStar(require('crypto')));
+        const hash = createHash('sha256');
+        hash.update(bytes);
+        return hash.digest('hex');
+    }
+    catch {
+        throw new Error('No SHA-256 implementation available. Ensure Web Crypto API or Node.js crypto is available.');
+    }
+}
+/**
+ * Compute SHA-256 hash of data and return as Uint8Array (32 bytes)
+ *
+ * @param data - Data to hash (Uint8Array or string)
+ * @returns Hash as Uint8Array (32 bytes)
+ */
+async function sha256Bytes(data) {
+    const bytes = typeof data === 'string' ? new TextEncoder().encode(data) : data;
+    // Try Web Crypto API first
+    if (typeof globalThis.crypto?.subtle?.digest === 'function') {
+        const hashBuffer = await globalThis.crypto.subtle.digest('SHA-256', bytes);
+        return new Uint8Array(hashBuffer);
+    }
+    // Fallback to Node.js crypto
+    try {
+        const { createHash } = await Promise.resolve().then(() => __importStar(require('crypto')));
+        const hash = createHash('sha256');
+        hash.update(bytes);
+        return new Uint8Array(hash.digest());
+    }
+    catch {
+        throw new Error('No SHA-256 implementation available.');
+    }
+}
+/**
+ * Convert hex string to Uint8Array
+ *
+ * @param hex - Lowercase hex string
+ * @returns Uint8Array
+ */
+function hexToBytes(hex) {
+    // Validate: must be even length and contain only hex characters
+    if (hex.length % 2 !== 0 || !/^[0-9a-fA-F]*$/.test(hex)) {
+        throw new Error('Invalid hex string');
+    }
+    if (hex.length === 0) {
+        return new Uint8Array([]);
+    }
+    const matches = hex.match(/.{2}/g);
+    if (!matches) {
+        throw new Error('Invalid hex string');
+    }
+    return new Uint8Array(matches.map((byte) => parseInt(byte, 16)));
+}
+/**
+ * Convert Uint8Array to lowercase hex string
+ *
+ * @param bytes - Byte array
+ * @returns Lowercase hex string
+ */
+function bytesToHex(bytes) {
+    return Array.from(bytes)
+        .map((b) => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+/**
+ * Compute RFC 7638 JWK Thumbprint (base64url, SHA-256)
+ *
+ * For Ed25519 keys, the canonical JSON is: {"crv":"Ed25519","kty":"OKP","x":"<base64url>"}
+ * Returns base64url-encoded SHA-256 hash (43 characters).
+ *
+ * @param jwk - JWK with kty, crv, x fields
+ * @returns Base64url-encoded SHA-256 thumbprint (43 characters)
+ */
+async function computeJwkThumbprint(jwk) {
+    if (jwk.kty !== 'OKP' || jwk.crv !== 'Ed25519') {
+        throw new Error('Only Ed25519 keys (OKP/Ed25519) are supported for thumbprint computation');
+    }
+    // Canonical JSON per RFC 7638 (alphabetically sorted members, no whitespace)
+    const canonical = JSON.stringify({
+        crv: jwk.crv,
+        kty: jwk.kty,
+        x: jwk.x,
+    });
+    const hashBytes = await sha256Bytes(canonical);
+    return (0, base64url_js_1.base64urlEncode)(hashBytes);
+}
+/**
+ * Convert JWK to Ed25519 public key bytes (32 bytes)
+ *
+ * @param jwk - JWK with kty, crv, x fields
+ * @returns Public key as 32-byte Uint8Array
+ */
+function jwkToPublicKeyBytes(jwk) {
+    if (jwk.kty !== 'OKP' || jwk.crv !== 'Ed25519') {
+        throw new Error('Only Ed25519 keys (OKP/Ed25519) are supported');
+    }
+    const xBytes = (0, base64url_js_1.base64urlDecode)(jwk.x);
+    if (xBytes.length !== 32) {
+        throw new Error(`Ed25519 public key must be 32 bytes, got ${xBytes.length}`);
+    }
+    return xBytes;
+}
+//# sourceMappingURL=hash.js.map

package/dist/hash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash.js","sourceRoot":"","sources":["../src/hash.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYH,8BAqBC;AAQD,kCAkBC;AAQD,gCAaC;AAQD,gCAIC;AAuBD,oDAcC;AAQD,kDAWC;AAlJD,iDAAkE;AAElE;;;;;;;GAOG;AACI,KAAK,UAAU,SAAS,CAAC,IAAyB;IACvD,MAAM,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE/E,kEAAkE;IAClE,IAAI,OAAO,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,UAAU,EAAE,CAAC;QAC5D,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAC3E,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QACzD,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC;QACH,MAAM,EAAE,UAAU,EAAE,GAAG,wDAAa,QAAQ,GAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,4FAA4F,CAC7F,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,WAAW,CAAC,IAAyB;IACzD,MAAM,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE/E,2BAA2B;IAC3B,IAAI,OAAO,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,UAAU,EAAE,CAAC;QAC5D,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAC3E,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;IACpC,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC;QACH,MAAM,EAAE,UAAU,EAAE,GAAG,wDAAa,QAAQ,GAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnB,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,GAAW;IACpC,gEAAgE;IAChE,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,OAAO,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC5B,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACnC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,IAAI,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;AACnE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,KAAiB;IAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SACrB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAcD;;;;;;;;GAQG;AACI,KAAK,UAAU,oBAAoB,CAAC,GAAuB;IAChE,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IAED,6EAA6E;IAC7E,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAC/B,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,CAAC,EAAE,GAAG,CAAC,CAAC;KACT,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,CAAC;IAC/C,OAAO,IAAA,8BAAe,EAAC,SAAS,CAAC,CAAC;AACpC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,GAAuB;IACzD,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,8BAAe,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACtC,IAAI,MAAM,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,4CAA4C,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/index.d.ts

@@ -1,9 +1,16 @@
 /**
  * PEAC Protocol Crypto Package
- * Ed25519 JWS signing/verification and JSON Canonicalization (RFC 8785)
+ *
+ * Ed25519 JWS signing/verification, JSON Canonicalization (RFC 8785),
+ * and platform-agnostic cryptographic utilities.
+ *
+ * All primitives are runtime-agnostic (Node.js, browser, edge workers).
+ *
+ * @packageDocumentation
  */
 export * from './base64url';
 export * from './errors';
+export * from './hash';
 export * from './jcs';
 export * from './jws';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,aAAa,CAAC;AAC5B,cAAc,UAAU,CAAC;AACzB,cAAc,OAAO,CAAC;AACtB,cAAc,OAAO,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,cAAc,aAAa,CAAC;AAC5B,cAAc,UAAU,CAAC;AACzB,cAAc,QAAQ,CAAC;AACvB,cAAc,OAAO,CAAC;AACtB,cAAc,OAAO,CAAC"}

package/dist/index.js

@@ -1,7 +1,13 @@
 "use strict";
 /**
  * PEAC Protocol Crypto Package
- * Ed25519 JWS signing/verification and JSON Canonicalization (RFC 8785)
+ *
+ * Ed25519 JWS signing/verification, JSON Canonicalization (RFC 8785),
+ * and platform-agnostic cryptographic utilities.
+ *
+ * All primitives are runtime-agnostic (Node.js, browser, edge workers).
+ *
+ * @packageDocumentation
  */
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
@@ -20,6 +26,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./base64url"), exports);
 __exportStar(require("./errors"), exports);
+__exportStar(require("./hash"), exports);
 __exportStar(require("./jcs"), exports);
 __exportStar(require("./jws"), exports);
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;AAEH,8CAA4B;AAC5B,2CAAyB;AACzB,wCAAsB;AACtB,wCAAsB"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;;;;;AAEH,8CAA4B;AAC5B,2CAAyB;AACzB,yCAAuB;AACvB,wCAAsB;AACtB,wCAAsB"}

package/dist/jcs.d.ts

@@ -1,9 +1,54 @@
 /**
  * JSON Canonicalization Scheme (RFC 8785)
  * Deterministic JSON serialization for cryptographic hashing
+ *
+ * PROTOCOL DECISION: JavaScript `undefined` Handling
+ * ===================================================
+ *
+ * RFC 8785 canonicalizes JSON values, and `undefined` is NOT a JSON value.
+ * This implementation adopts "JS-ergonomic" semantics that match JSON.stringify:
+ *
+ * 1. **Object properties with undefined values are OMITTED**
+ *    - `canonicalize({a: 1, b: undefined})` -> `{"a":1}`
+ *    - Matches: `JSON.stringify({a: 1, b: undefined})` -> `{"a":1}`
+ *
+ * 2. **Array elements that are undefined become null**
+ *    - `canonicalize([1, undefined, 3])` -> `[1,null,3]`
+ *    - Matches: `JSON.stringify([1, undefined, 3])` -> `[1,null,3]`
+ *
+ * 3. **Top-level undefined THROWS**
+ *    - `canonicalize(undefined)` -> throws Error
+ *    - Rationale: No valid JSON representation exists
+ *
+ * CROSS-LANGUAGE INTEROPERABILITY WARNING:
+ * =========================================
+ * Cross-language producers MUST NOT rely on "undefined" semantics. To achieve
+ * identical hashes across implementations, explicitly encode `null` in arrays
+ * and omit keys in objects. Other language implementations (Go, Rust, Python)
+ * will never produce `undefined` since it's JavaScript-specific.
+ *
+ * Guidelines:
+ * - Producers MUST emit explicit `null` or omit keys; do NOT rely on coercion
+ * - Verifiers SHOULD sanitize inputs before hashing (remove undefined properties)
+ * - The canonical output is identical whether you pass `{a: undefined}` or `{}`
+ *
+ * This behavior is NORMATIVE for PEAC hashing and MUST NOT change without
+ * a wire format version bump.
  */
 /**
- * Canonicalize a JSON value according to RFC 8785
+ * Canonicalize a JSON value according to RFC 8785.
+ *
+ * @param obj - The value to canonicalize. Must be a valid JSON type (null, boolean,
+ *              number, string, array, object). Functions and Symbols throw.
+ * @returns Canonical JSON string with sorted keys and no whitespace.
+ * @throws Error if the value cannot be canonicalized (undefined at top level,
+ *         non-finite numbers, functions, symbols).
+ *
+ * @example
+ * ```ts
+ * canonicalize({ b: 2, a: 1 })  // '{"a":1,"b":2}'
+ * canonicalize([1, null, "x"])   // '[1,null,"x"]'
+ * ```
  */
 export declare function canonicalize(obj: unknown): string;
 /**

package/dist/jcs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jcs.d.ts","sourceRoot":"","sources":["../src/jcs.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CA8CjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,OAAO,GAAG,UAAU,CAG1D;AAED;;GAEG;AACH,wBAAsB,OAAO,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAO3D"}
+{"version":3,"file":"jcs.d.ts","sourceRoot":"","sources":["../src/jcs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAEH;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAsDjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,OAAO,GAAG,UAAU,CAG1D;AAED;;GAEG;AACH,wBAAsB,OAAO,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAO3D"}

package/dist/jcs.js

@@ -2,13 +2,58 @@
 /**
  * JSON Canonicalization Scheme (RFC 8785)
  * Deterministic JSON serialization for cryptographic hashing
+ *
+ * PROTOCOL DECISION: JavaScript `undefined` Handling
+ * ===================================================
+ *
+ * RFC 8785 canonicalizes JSON values, and `undefined` is NOT a JSON value.
+ * This implementation adopts "JS-ergonomic" semantics that match JSON.stringify:
+ *
+ * 1. **Object properties with undefined values are OMITTED**
+ *    - `canonicalize({a: 1, b: undefined})` -> `{"a":1}`
+ *    - Matches: `JSON.stringify({a: 1, b: undefined})` -> `{"a":1}`
+ *
+ * 2. **Array elements that are undefined become null**
+ *    - `canonicalize([1, undefined, 3])` -> `[1,null,3]`
+ *    - Matches: `JSON.stringify([1, undefined, 3])` -> `[1,null,3]`
+ *
+ * 3. **Top-level undefined THROWS**
+ *    - `canonicalize(undefined)` -> throws Error
+ *    - Rationale: No valid JSON representation exists
+ *
+ * CROSS-LANGUAGE INTEROPERABILITY WARNING:
+ * =========================================
+ * Cross-language producers MUST NOT rely on "undefined" semantics. To achieve
+ * identical hashes across implementations, explicitly encode `null` in arrays
+ * and omit keys in objects. Other language implementations (Go, Rust, Python)
+ * will never produce `undefined` since it's JavaScript-specific.
+ *
+ * Guidelines:
+ * - Producers MUST emit explicit `null` or omit keys; do NOT rely on coercion
+ * - Verifiers SHOULD sanitize inputs before hashing (remove undefined properties)
+ * - The canonical output is identical whether you pass `{a: undefined}` or `{}`
+ *
+ * This behavior is NORMATIVE for PEAC hashing and MUST NOT change without
+ * a wire format version bump.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.canonicalize = canonicalize;
 exports.canonicalizeBytes = canonicalizeBytes;
 exports.jcsHash = jcsHash;
 /**
- * Canonicalize a JSON value according to RFC 8785
+ * Canonicalize a JSON value according to RFC 8785.
+ *
+ * @param obj - The value to canonicalize. Must be a valid JSON type (null, boolean,
+ *              number, string, array, object). Functions and Symbols throw.
+ * @returns Canonical JSON string with sorted keys and no whitespace.
+ * @throws Error if the value cannot be canonicalized (undefined at top level,
+ *         non-finite numbers, functions, symbols).
+ *
+ * @example
+ * ```ts
+ * canonicalize({ b: 2, a: 1 })  // '{"a":1,"b":2}'
+ * canonicalize([1, null, "x"])   // '[1,null,"x"]'
+ * ```
  */
 function canonicalize(obj) {
     if (obj === null) {
@@ -37,16 +82,24 @@ function canonicalize(obj) {
         return JSON.stringify(obj);
     }
     if (Array.isArray(obj)) {
-        const elements = obj.map(canonicalize);
+        // PROTOCOL DECISION: undefined in arrays becomes null (matches JSON.stringify)
+        // See module-level documentation for cross-language interoperability notes.
+        const elements = obj.map((el) => (el === undefined ? 'null' : canonicalize(el)));
         return `[${elements.join(',')}]`;
     }
     if (typeof obj === 'object') {
-        // Sort keys lexicographically by UTF-16 code unit
+        // Sort keys lexicographically by UTF-16 code unit (RFC 8785 requirement)
         const keys = Object.keys(obj).sort();
-        const pairs = keys.map((key) => {
+        const pairs = [];
+        for (const key of keys) {
             const value = obj[key];
-            return `${JSON.stringify(key)}:${canonicalize(value)}`;
-        });
+            // PROTOCOL DECISION: Skip undefined values (matches JSON.stringify)
+            // See module-level documentation for cross-language interoperability notes.
+            if (value === undefined) {
+                continue;
+            }
+            pairs.push(`${JSON.stringify(key)}:${canonicalize(value)}`);
+        }
         return `{${pairs.join(',')}}`;
     }
     throw new Error(`Cannot canonicalize type: ${typeof obj}`);

package/dist/jcs.js.map

@@ -1 +1 @@
-{"version":3,"file":"jcs.js","sourceRoot":"","sources":["../src/jcs.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAKH,oCA8CC;AAKD,8CAGC;AAKD,0BAOC;AArED;;GAEG;AACH,SAAgB,YAAY,CAAC,GAAY;IACvC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;IAChC,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,sFAAsF;QACtF,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,MAAM,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC;QACb,CAAC;QACD,+DAA+D;QAC/D,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAChC,8CAA8C;QAC9C,IAAI,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACvC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;IACnC,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,kDAAkD;QAClD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7B,MAAM,KAAK,GAAI,GAA+B,CAAC,GAAG,CAAC,CAAC;YACpD,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;IAChC,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,GAAG,EAAE,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,GAAY;IAC5C,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACpC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,OAAO,CAAC,GAAY;IACxC,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAChE,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;IAC7C,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;SACzB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC"}
+{"version":3,"file":"jcs.js","sourceRoot":"","sources":["../src/jcs.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;;AAiBH,oCAsDC;AAKD,8CAGC;AAKD,0BAOC;AAzFD;;;;;;;;;;;;;;GAcG;AACH,SAAgB,YAAY,CAAC,GAAY;IACvC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;IAChC,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,sFAAsF;QACtF,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,MAAM,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC;QACb,CAAC;QACD,+DAA+D;QAC/D,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAChC,8CAA8C;QAC9C,IAAI,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,+EAA+E;QAC/E,4EAA4E;QAC5E,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACjF,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;IACnC,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,yEAAyE;QACzE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACrC,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,KAAK,GAAI,GAA+B,CAAC,GAAG,CAAC,CAAC;YACpD,oEAAoE;YACpE,4EAA4E;YAC5E,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACxB,SAAS;YACX,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;IAChC,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,GAAG,EAAE,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,GAAY;IAC5C,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACpC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,OAAO,CAAC,GAAY;IACxC,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAChE,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;IAC7C,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;SACzB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC"}

package/dist/jws.d.ts

@@ -55,4 +55,47 @@ export declare function generateKeypair(): Promise<{
     privateKey: Uint8Array;
     publicKey: Uint8Array;
 }>;
+/**
+ * Ed25519 JWK interface for private keys
+ */
+export interface Ed25519PrivateJwk {
+    kty: 'OKP';
+    crv: 'Ed25519';
+    /** Public key (base64url encoded, 32 bytes) */
+    x: string;
+    /** Private key (base64url encoded, 32 bytes) */
+    d: string;
+}
+/**
+ * Derive the Ed25519 public key from a private key
+ *
+ * @param privateKey - Ed25519 private key (32 bytes)
+ * @returns Public key (32 bytes)
+ */
+export declare function derivePublicKey(privateKey: Uint8Array): Promise<Uint8Array>;
+/**
+ * Validate that an Ed25519 JWK has a consistent keypair
+ *
+ * Derives the public key from the private key (d) and verifies it matches
+ * the declared public key (x). This catches configuration errors where
+ * the wrong key components are paired.
+ *
+ * @param jwk - Ed25519 JWK with both public (x) and private (d) components
+ * @returns true if the keypair is consistent, false otherwise
+ *
+ * @example
+ * ```typescript
+ * const jwk = {
+ *   kty: 'OKP',
+ *   crv: 'Ed25519',
+ *   x: 'base64url-encoded-public-key',
+ *   d: 'base64url-encoded-private-key',
+ * };
+ *
+ * if (!await validateKeypair(jwk)) {
+ *   throw new Error('Invalid keypair: d does not derive to x');
+ * }
+ * ```
+ */
+export declare function validateKeypair(jwk: Ed25519PrivateJwk): Promise<boolean>;
 //# sourceMappingURL=jws.d.ts.map

package/dist/jws.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jws.d.ts","sourceRoot":"","sources":["../src/jws.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AASvD;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,OAAO,aAAa,CAAC;IAC1B,GAAG,EAAE,OAAO,QAAQ,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,YAAY,CAAC,CAAC,GAAG,OAAO;IACvC,MAAM,EAAE,SAAS,CAAC;IAClB,OAAO,EAAE,CAAC,CAAC;IACX,KAAK,EAAE,OAAO,CAAC;CAChB;AAED;;;;;;;GAOG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA4BjG;AAED;;;;;;GAMG;AACH,wBAAsB,MAAM,CAAC,CAAC,GAAG,OAAO,EACtC,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAoD1B;AAED;;;;;GAKG;AACH,wBAAgB,MAAM,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,CAAC,CAAA;CAAE,CAkBlF;AAED;;;;GAIG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,UAAU,EAAE,UAAU,CAAC;IACvB,SAAS,EAAE,UAAU,CAAC;CACvB,CAAC,CAKD"}
+{"version":3,"file":"jws.d.ts","sourceRoot":"","sources":["../src/jws.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AASvD;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,OAAO,aAAa,CAAC;IAC1B,GAAG,EAAE,OAAO,QAAQ,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,YAAY,CAAC,CAAC,GAAG,OAAO;IACvC,MAAM,EAAE,SAAS,CAAC;IAClB,OAAO,EAAE,CAAC,CAAC;IACX,KAAK,EAAE,OAAO,CAAC;CAChB;AAED;;;;;;;GAOG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA4BjG;AAED;;;;;;GAMG;AACH,wBAAsB,MAAM,CAAC,CAAC,GAAG,OAAO,EACtC,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAoD1B;AAED;;;;;GAKG;AACH,wBAAgB,MAAM,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,CAAC,CAAA;CAAE,CAkBlF;AAED;;;;GAIG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,UAAU,EAAE,UAAU,CAAC;IACvB,SAAS,EAAE,UAAU,CAAC;CACvB,CAAC,CAKD;AAMD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,KAAK,CAAC;IACX,GAAG,EAAE,SAAS,CAAC;IACf,+CAA+C;IAC/C,CAAC,EAAE,MAAM,CAAC;IACV,gDAAgD;IAChD,CAAC,EAAE,MAAM,CAAC;CACX;AAED;;;;;GAKG;AACH,wBAAsB,eAAe,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAKjF;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,eAAe,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,CAqC9E"}

package/dist/jws.js

@@ -41,6 +41,8 @@ exports.sign = sign;
 exports.verify = verify;
 exports.decode = decode;
 exports.generateKeypair = generateKeypair;
+exports.derivePublicKey = derivePublicKey;
+exports.validateKeypair = validateKeypair;
 const ed25519 = __importStar(require("@noble/ed25519"));
 const schema_1 = require("@peac/schema");
 const base64url_1 = require("./base64url");
@@ -146,7 +148,72 @@ async function generateKeypair() {
     const publicKey = await ed25519.getPublicKeyAsync(privateKey);
     return { privateKey, publicKey };
 }
-// NOTE: generateKeypairFromSeed has been moved to @peac/crypto/testkit
-// It's intentionally NOT exported from the main module to prevent accidental
-// use in production. Use: import { generateKeypairFromSeed } from '@peac/crypto/testkit'
+/**
+ * Derive the Ed25519 public key from a private key
+ *
+ * @param privateKey - Ed25519 private key (32 bytes)
+ * @returns Public key (32 bytes)
+ */
+async function derivePublicKey(privateKey) {
+    if (privateKey.length !== 32) {
+        throw new errors_1.CryptoError('CRYPTO_INVALID_KEY_LENGTH', 'Ed25519 private key must be 32 bytes');
+    }
+    return ed25519.getPublicKeyAsync(privateKey);
+}
+/**
+ * Validate that an Ed25519 JWK has a consistent keypair
+ *
+ * Derives the public key from the private key (d) and verifies it matches
+ * the declared public key (x). This catches configuration errors where
+ * the wrong key components are paired.
+ *
+ * @param jwk - Ed25519 JWK with both public (x) and private (d) components
+ * @returns true if the keypair is consistent, false otherwise
+ *
+ * @example
+ * ```typescript
+ * const jwk = {
+ *   kty: 'OKP',
+ *   crv: 'Ed25519',
+ *   x: 'base64url-encoded-public-key',
+ *   d: 'base64url-encoded-private-key',
+ * };
+ *
+ * if (!await validateKeypair(jwk)) {
+ *   throw new Error('Invalid keypair: d does not derive to x');
+ * }
+ * ```
+ */
+async function validateKeypair(jwk) {
+    // Validate JWK structure
+    if (jwk.kty !== 'OKP' || jwk.crv !== 'Ed25519') {
+        return false;
+    }
+    // Decode the keys
+    let privateKeyBytes;
+    let declaredPublicKeyBytes;
+    try {
+        privateKeyBytes = (0, base64url_1.base64urlDecode)(jwk.d);
+        declaredPublicKeyBytes = (0, base64url_1.base64urlDecode)(jwk.x);
+    }
+    catch {
+        return false;
+    }
+    // Validate lengths
+    if (privateKeyBytes.length !== 32 || declaredPublicKeyBytes.length !== 32) {
+        return false;
+    }
+    // Derive the actual public key from the private key
+    const derivedPublicKeyBytes = await ed25519.getPublicKeyAsync(privateKeyBytes);
+    // Compare derived public key with declared public key
+    if (derivedPublicKeyBytes.length !== declaredPublicKeyBytes.length) {
+        return false;
+    }
+    for (let i = 0; i < derivedPublicKeyBytes.length; i++) {
+        if (derivedPublicKeyBytes[i] !== declaredPublicKeyBytes[i]) {
+            return false;
+        }
+    }
+    return true;
+}
 //# sourceMappingURL=jws.js.map

package/dist/jws.js.map

@@ -1 +1 @@
-{"version":3,"file":"jws.js","sourceRoot":"","sources":["../src/jws.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsCH,oBA4BC;AASD,wBAuDC;AAQD,wBAkBC;AAOD,0CAQC;AAzKD,wDAA0C;AAC1C,yCAAuD;AACvD,2CAKqB;AACrB,qCAAuC;AAoBvC;;;;;;;GAOG;AACI,KAAK,UAAU,IAAI,CAAC,OAAgB,EAAE,UAAsB,EAAE,GAAW;IAC9E,IAAI,UAAU,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,oBAAW,CAAC,2BAA2B,EAAE,sCAAsC,CAAC,CAAC;IAC7F,CAAC;IAED,gBAAgB;IAChB,MAAM,MAAM,GAAc;QACxB,GAAG,EAAE,sBAAa;QAClB,GAAG,EAAE,iBAAQ;QACb,GAAG;KACJ,CAAC;IAEF,4BAA4B;IAC5B,MAAM,SAAS,GAAG,IAAA,iCAAqB,EAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,IAAA,iCAAqB,EAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IAElE,uBAAuB;IACvB,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAClD,MAAM,iBAAiB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAEjE,oBAAoB;IACpB,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;IAE9E,mBAAmB;IACnB,MAAM,YAAY,GAAG,IAAA,2BAAe,EAAC,cAAc,CAAC,CAAC;IAErD,mCAAmC;IACnC,OAAO,GAAG,YAAY,IAAI,YAAY,EAAE,CAAC;AAC3C,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,MAAM,CAC1B,GAAW,EACX,SAAqB;IAErB,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC5B,MAAM,IAAI,oBAAW,CAAC,2BAA2B,EAAE,qCAAqC,CAAC,CAAC;IAC5F,CAAC;IAED,YAAY;IACZ,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,oBAAW,CACnB,2BAA2B,EAC3B,kDAAkD,CACnD,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC,GAAG,KAAK,CAAC;IAEpD,gBAAgB;IAChB,MAAM,UAAU,GAAG,IAAA,iCAAqB,EAAC,SAAS,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAc,CAAC;IAEnD,kBAAkB;IAClB,IAAI,MAAM,CAAC,GAAG,KAAK,sBAAa,EAAE,CAAC;QACjC,MAAM,IAAI,oBAAW,CACnB,oBAAoB,EACpB,yBAAyB,sBAAa,SAAS,MAAM,CAAC,GAAG,EAAE,CAC5D,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,KAAK,iBAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,oBAAW,CACnB,oBAAoB,EACpB,yBAAyB,iBAAQ,SAAS,MAAM,CAAC,GAAG,EAAE,CACvD,CAAC;IACJ,CAAC;IAED,iBAAiB;IACjB,MAAM,WAAW,GAAG,IAAA,iCAAqB,EAAC,UAAU,CAAC,CAAC;IACtD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAM,CAAC;IAE7C,mBAAmB;IACnB,MAAM,cAAc,GAAG,IAAA,2BAAe,EAAC,YAAY,CAAC,CAAC;IAErD,mBAAmB;IACnB,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAClD,MAAM,iBAAiB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAEjE,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAEtF,OAAO;QACL,MAAM;QACN,OAAO;QACP,KAAK;KACN,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,MAAM,CAAc,GAAW;IAC7C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,oBAAW,CACnB,2BAA2B,EAC3B,kDAAkD,CACnD,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,KAAK,CAAC;IAEtC,MAAM,UAAU,GAAG,IAAA,iCAAqB,EAAC,SAAS,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAc,CAAC;IAEnD,MAAM,WAAW,GAAG,IAAA,iCAAqB,EAAC,UAAU,CAAC,CAAC;IACtD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAM,CAAC;IAE7C,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;AAC7B,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,eAAe;IAInC,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IACpD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAE9D,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AACnC,CAAC;AAED,uEAAuE;AACvE,6EAA6E;AAC7E,yFAAyF"}
+{"version":3,"file":"jws.js","sourceRoot":"","sources":["../src/jws.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsCH,oBA4BC;AASD,wBAuDC;AAQD,wBAkBC;AAOD,0CAQC;AAwBD,0CAKC;AA0BD,0CAqCC;AArQD,wDAA0C;AAC1C,yCAAuD;AACvD,2CAKqB;AACrB,qCAAuC;AAoBvC;;;;;;;GAOG;AACI,KAAK,UAAU,IAAI,CAAC,OAAgB,EAAE,UAAsB,EAAE,GAAW;IAC9E,IAAI,UAAU,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,oBAAW,CAAC,2BAA2B,EAAE,sCAAsC,CAAC,CAAC;IAC7F,CAAC;IAED,gBAAgB;IAChB,MAAM,MAAM,GAAc;QACxB,GAAG,EAAE,sBAAa;QAClB,GAAG,EAAE,iBAAQ;QACb,GAAG;KACJ,CAAC;IAEF,4BAA4B;IAC5B,MAAM,SAAS,GAAG,IAAA,iCAAqB,EAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,IAAA,iCAAqB,EAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IAElE,uBAAuB;IACvB,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAClD,MAAM,iBAAiB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAEjE,oBAAoB;IACpB,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;IAE9E,mBAAmB;IACnB,MAAM,YAAY,GAAG,IAAA,2BAAe,EAAC,cAAc,CAAC,CAAC;IAErD,mCAAmC;IACnC,OAAO,GAAG,YAAY,IAAI,YAAY,EAAE,CAAC;AAC3C,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,MAAM,CAC1B,GAAW,EACX,SAAqB;IAErB,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC5B,MAAM,IAAI,oBAAW,CAAC,2BAA2B,EAAE,qCAAqC,CAAC,CAAC;IAC5F,CAAC;IAED,YAAY;IACZ,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,oBAAW,CACnB,2BAA2B,EAC3B,kDAAkD,CACnD,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC,GAAG,KAAK,CAAC;IAEpD,gBAAgB;IAChB,MAAM,UAAU,GAAG,IAAA,iCAAqB,EAAC,SAAS,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAc,CAAC;IAEnD,kBAAkB;IAClB,IAAI,MAAM,CAAC,GAAG,KAAK,sBAAa,EAAE,CAAC;QACjC,MAAM,IAAI,oBAAW,CACnB,oBAAoB,EACpB,yBAAyB,sBAAa,SAAS,MAAM,CAAC,GAAG,EAAE,CAC5D,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,KAAK,iBAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,oBAAW,CACnB,oBAAoB,EACpB,yBAAyB,iBAAQ,SAAS,MAAM,CAAC,GAAG,EAAE,CACvD,CAAC;IACJ,CAAC;IAED,iBAAiB;IACjB,MAAM,WAAW,GAAG,IAAA,iCAAqB,EAAC,UAAU,CAAC,CAAC;IACtD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAM,CAAC;IAE7C,mBAAmB;IACnB,MAAM,cAAc,GAAG,IAAA,2BAAe,EAAC,YAAY,CAAC,CAAC;IAErD,mBAAmB;IACnB,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAClD,MAAM,iBAAiB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAEjE,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAEtF,OAAO;QACL,MAAM;QACN,OAAO;QACP,KAAK;KACN,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,MAAM,CAAc,GAAW;IAC7C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,oBAAW,CACnB,2BAA2B,EAC3B,kDAAkD,CACnD,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,KAAK,CAAC;IAEtC,MAAM,UAAU,GAAG,IAAA,iCAAqB,EAAC,SAAS,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAc,CAAC;IAEnD,MAAM,WAAW,GAAG,IAAA,iCAAqB,EAAC,UAAU,CAAC,CAAC;IACtD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAM,CAAC;IAE7C,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;AAC7B,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,eAAe;IAInC,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IACpD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAE9D,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AACnC,CAAC;AAkBD;;;;;GAKG;AACI,KAAK,UAAU,eAAe,CAAC,UAAsB;IAC1D,IAAI,UAAU,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,oBAAW,CAAC,2BAA2B,EAAE,sCAAsC,CAAC,CAAC;IAC7F,CAAC;IACD,OAAO,OAAO,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;AAC/C,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACI,KAAK,UAAU,eAAe,CAAC,GAAsB;IAC1D,yBAAyB;IACzB,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;QAC/C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kBAAkB;IAClB,IAAI,eAA2B,CAAC;IAChC,IAAI,sBAAkC,CAAC;IAEvC,IAAI,CAAC;QACH,eAAe,GAAG,IAAA,2BAAe,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACzC,sBAAsB,GAAG,IAAA,2BAAe,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,mBAAmB;IACnB,IAAI,eAAe,CAAC,MAAM,KAAK,EAAE,IAAI,sBAAsB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC1E,OAAO,KAAK,CAAC;IACf,CAAC;IAED,oDAAoD;IACpD,MAAM,qBAAqB,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC;IAE/E,sDAAsD;IACtD,IAAI,qBAAqB,CAAC,MAAM,KAAK,sBAAsB,CAAC,MAAM,EAAE,CAAC;QACnE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,qBAAqB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtD,IAAI,qBAAqB,CAAC,CAAC,CAAC,KAAK,sBAAsB,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3D,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/crypto",
-  "version": "0.10.6",
+  "version": "0.10.8",
   "description": "Ed25519 JWS signing and verification for PEAC protocol",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -38,7 +38,7 @@
   },
   "dependencies": {
     "@noble/ed25519": "^2.0.0",
-    "@peac/schema": "0.10.6"
+    "@peac/schema": "0.10.8"
   },
   "devDependencies": {
     "@types/node": "^20.10.0",