@polkadot-apps/crypto 0.1.3 → 0.2.0

package/dist/aes.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Encrypt binary data with AES-256-GCM.
+ * Generates a random 12-byte nonce.
+ */
+export declare function aesGcmEncrypt(data: Uint8Array, key: Uint8Array): Promise<{
+    ciphertext: Uint8Array;
+    nonce: Uint8Array;
+}>;
+/**
+ * Decrypt binary data with AES-256-GCM.
+ */
+export declare function aesGcmDecrypt(ciphertext: Uint8Array, key: Uint8Array, nonce: Uint8Array): Promise<Uint8Array>;
+/**
+ * Encrypt a string with AES-256-GCM.
+ * Handles UTF-8 encoding.
+ */
+export declare function aesGcmEncryptText(plaintext: string, key: Uint8Array): Promise<{
+    ciphertext: Uint8Array;
+    nonce: Uint8Array;
+}>;
+/**
+ * Decrypt to a string with AES-256-GCM.
+ * Handles UTF-8 decoding.
+ */
+export declare function aesGcmDecryptText(ciphertext: Uint8Array, key: Uint8Array, nonce: Uint8Array): Promise<string>;
+//# sourceMappingURL=aes.d.ts.map

package/dist/aes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes.d.ts","sourceRoot":"","sources":["../src/aes.ts"],"names":[],"mappings":"AAiBA;;;GAGG;AACH,wBAAsB,aAAa,CAC/B,IAAI,EAAE,UAAU,EAChB,GAAG,EAAE,UAAU,GAChB,OAAO,CAAC;IAAE,UAAU,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,UAAU,CAAA;CAAE,CAAC,CASxD;AAED;;GAEG;AACH,wBAAsB,aAAa,CAC/B,UAAU,EAAE,UAAU,EACtB,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,GAClB,OAAO,CAAC,UAAU,CAAC,CAQrB;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CACnC,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,UAAU,GAChB,OAAO,CAAC;IAAE,UAAU,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,UAAU,CAAA;CAAE,CAAC,CAExD;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CACnC,UAAU,EAAE,UAAU,EACtB,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,GAClB,OAAO,CAAC,MAAM,CAAC,CAGjB"}

package/dist/aes.js

@@ -0,0 +1,76 @@
+const NONCE_LENGTH = 12;
+const AES_KEY_LENGTH = 32;
+async function importKey(key, usage) {
+    if (key.length !== AES_KEY_LENGTH) {
+        throw new Error(`AES-256-GCM requires a 32-byte key, got ${key.length}`);
+    }
+    return crypto.subtle.importKey("raw", key, { name: "AES-GCM" }, false, [usage]);
+}
+/**
+ * Encrypt binary data with AES-256-GCM.
+ * Generates a random 12-byte nonce.
+ */
+export async function aesGcmEncrypt(data, key) {
+    const nonce = crypto.getRandomValues(new Uint8Array(NONCE_LENGTH));
+    const imported = await importKey(key, "encrypt");
+    const ciphertext = await crypto.subtle.encrypt({ name: "AES-GCM", iv: nonce }, imported, data);
+    return { ciphertext: new Uint8Array(ciphertext), nonce };
+}
+/**
+ * Decrypt binary data with AES-256-GCM.
+ */
+export async function aesGcmDecrypt(ciphertext, key, nonce) {
+    const imported = await importKey(key, "decrypt");
+    const plaintext = await crypto.subtle.decrypt({ name: "AES-GCM", iv: nonce }, imported, ciphertext);
+    return new Uint8Array(plaintext);
+}
+/**
+ * Encrypt a string with AES-256-GCM.
+ * Handles UTF-8 encoding.
+ */
+export async function aesGcmEncryptText(plaintext, key) {
+    return aesGcmEncrypt(new TextEncoder().encode(plaintext), key);
+}
+/**
+ * Decrypt to a string with AES-256-GCM.
+ * Handles UTF-8 decoding.
+ */
+export async function aesGcmDecryptText(ciphertext, key, nonce) {
+    const data = await aesGcmDecrypt(ciphertext, key, nonce);
+    return new TextDecoder().decode(data);
+}
+if (import.meta.vitest) {
+    const { test, expect } = import.meta.vitest;
+    const { randomBytes } = await import("@noble/hashes/utils.js");
+    test("text round-trip", async () => {
+        const key = randomBytes(32);
+        const message = "hello world";
+        const { ciphertext, nonce } = await aesGcmEncryptText(message, key);
+        const decrypted = await aesGcmDecryptText(ciphertext, key, nonce);
+        expect(decrypted).toBe(message);
+    });
+    test("binary round-trip", async () => {
+        const key = randomBytes(32);
+        const data = randomBytes(64);
+        const { ciphertext, nonce } = await aesGcmEncrypt(data, key);
+        const decrypted = await aesGcmDecrypt(ciphertext, key, nonce);
+        expect(decrypted).toEqual(data);
+    });
+    test("wrong key fails", async () => {
+        const key = randomBytes(32);
+        const wrongKey = randomBytes(32);
+        const { ciphertext, nonce } = await aesGcmEncryptText("secret", key);
+        await expect(aesGcmDecryptText(ciphertext, wrongKey, nonce)).rejects.toThrow();
+    });
+    test("rejects non-32-byte key", async () => {
+        await expect(aesGcmEncryptText("test", randomBytes(16))).rejects.toThrow("32-byte key");
+        await expect(aesGcmEncryptText("test", randomBytes(64))).rejects.toThrow("32-byte key");
+    });
+    test("unique nonces per encryption", async () => {
+        const key = randomBytes(32);
+        const a = await aesGcmEncryptText("test", key);
+        const b = await aesGcmEncryptText("test", key);
+        expect(a.nonce).not.toEqual(b.nonce);
+    });
+}
+//# sourceMappingURL=aes.js.map

package/dist/aes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes.js","sourceRoot":"","sources":["../src/aes.ts"],"names":[],"mappings":"AAAA,MAAM,YAAY,GAAG,EAAE,CAAC;AAExB,MAAM,cAAc,GAAG,EAAE,CAAC;AAE1B,KAAK,UAAU,SAAS,CAAC,GAAe,EAAE,KAA4B;IAClE,IAAI,GAAG,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,2CAA2C,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC1B,KAAK,EACL,GAA8B,EAC9B,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,KAAK,CAAC,CACV,CAAC;AACN,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAC/B,IAAgB,EAChB,GAAe;IAEf,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC1C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,EAC9B,QAAQ,EACR,IAA+B,CAClC,CAAC;IACF,OAAO,EAAE,UAAU,EAAE,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAC/B,UAAsB,EACtB,GAAe,EACf,KAAiB;IAEjB,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACzC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,KAAgC,EAAE,EACzD,QAAQ,EACR,UAAqC,CACxC,CAAC;IACF,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;AACrC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACnC,SAAiB,EACjB,GAAe;IAEf,OAAO,aAAa,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,GAAG,CAAC,CAAC;AACnE,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACnC,UAAsB,EACtB,GAAe,EACf,KAAiB;IAEjB,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,UAAU,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACzD,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;IACrB,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;IAC5C,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;IAE/D,IAAI,CAAC,iBAAiB,EAAE,KAAK,IAAI,EAAE;QAC/B,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC5B,MAAM,OAAO,GAAG,aAAa,CAAC;QAC9B,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,MAAM,iBAAiB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACpE,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,UAAU,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAClE,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,mBAAmB,EAAE,KAAK,IAAI,EAAE;QACjC,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC5B,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC7B,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,UAAU,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAC9D,MAAM,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,iBAAiB,EAAE,KAAK,IAAI,EAAE;QAC/B,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC5B,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QACjC,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,MAAM,iBAAiB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACrE,MAAM,MAAM,CAAC,iBAAiB,CAAC,UAAU,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;IACnF,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;QACvC,MAAM,MAAM,CAAC,iBAAiB,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACxF,MAAM,MAAM,CAAC,iBAAiB,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5F,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC5B,MAAM,CAAC,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC/C,MAAM,CAAC,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC/C,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/encoding.d.ts

@@ -0,0 +1,2 @@
+export { randomBytes, bytesToHex, hexToBytes, utf8ToBytes, concatBytes, } from "@noble/hashes/utils.js";
+//# sourceMappingURL=encoding.d.ts.map

package/dist/encoding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.d.ts","sourceRoot":"","sources":["../src/encoding.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,WAAW,EACX,UAAU,EACV,UAAU,EACV,WAAW,EACX,WAAW,GACd,MAAM,wBAAwB,CAAC"}

package/dist/encoding.js

@@ -0,0 +1,2 @@
+export { randomBytes, bytesToHex, hexToBytes, utf8ToBytes, concatBytes, } from "@noble/hashes/utils.js";
+//# sourceMappingURL=encoding.js.map

package/dist/encoding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.js","sourceRoot":"","sources":["../src/encoding.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,WAAW,EACX,UAAU,EACV,UAAU,EACV,WAAW,EACX,WAAW,GACd,MAAM,wBAAwB,CAAC"}

package/dist/hkdf.d.ts

@@ -0,0 +1,7 @@
+export { hkdf, extract, expand } from "@noble/hashes/hkdf.js";
+/**
+ * HKDF-SHA256 key derivation.
+ * Returns a 32-byte derived key. Accepts string or Uint8Array for salt and info.
+ */
+export declare function deriveKey(ikm: Uint8Array, salt: Uint8Array | string, info: Uint8Array | string): Uint8Array;
+//# sourceMappingURL=hkdf.d.ts.map

package/dist/hkdf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hkdf.d.ts","sourceRoot":"","sources":["../src/hkdf.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE9D;;;GAGG;AACH,wBAAgB,SAAS,CACrB,GAAG,EAAE,UAAU,EACf,IAAI,EAAE,UAAU,GAAG,MAAM,EACzB,IAAI,EAAE,UAAU,GAAG,MAAM,GAC1B,UAAU,CAIZ"}

package/dist/hkdf.js

@@ -0,0 +1,31 @@
+import { hkdf } from "@noble/hashes/hkdf.js";
+import { sha256 } from "@noble/hashes/sha2.js";
+export { hkdf, extract, expand } from "@noble/hashes/hkdf.js";
+/**
+ * HKDF-SHA256 key derivation.
+ * Returns a 32-byte derived key. Accepts string or Uint8Array for salt and info.
+ */
+export function deriveKey(ikm, salt, info) {
+    const saltBytes = typeof salt === "string" ? new TextEncoder().encode(salt) : salt;
+    const infoBytes = typeof info === "string" ? new TextEncoder().encode(info) : info;
+    return hkdf(sha256, ikm, saltBytes, infoBytes, 32);
+}
+if (import.meta.vitest) {
+    const { test, expect } = import.meta.vitest;
+    test("deriveKey is deterministic with 32-byte output", () => {
+        const ikm = new Uint8Array(32).fill(0xab);
+        const a = deriveKey(ikm, "salt", "info");
+        const b = deriveKey(ikm, "salt", "info");
+        expect(a).toEqual(b);
+        expect(a.length).toBe(32);
+    });
+    test("deriveKey accepts string and Uint8Array params", () => {
+        const ikm = new Uint8Array(32).fill(0xcd);
+        const saltBytes = new TextEncoder().encode("salt");
+        const infoBytes = new TextEncoder().encode("info");
+        const fromStrings = deriveKey(ikm, "salt", "info");
+        const fromBytes = deriveKey(ikm, saltBytes, infoBytes);
+        expect(fromStrings).toEqual(fromBytes);
+    });
+}
+//# sourceMappingURL=hkdf.js.map

package/dist/hkdf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hkdf.js","sourceRoot":"","sources":["../src/hkdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE9D;;;GAGG;AACH,MAAM,UAAU,SAAS,CACrB,GAAe,EACf,IAAyB,EACzB,IAAyB;IAEzB,MAAM,SAAS,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACnF,MAAM,SAAS,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACnF,OAAO,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;IACrB,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;IAE5C,IAAI,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,CAAC,GAAG,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,GAAG,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACrB,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACnD,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QACvD,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/index.d.ts

@@ -1,2 +1,5 @@
-export declare const foo = "crypto";
+export * from "./aes.js";
+export * from "./hkdf.js";
+export * from "./nacl.js";
+export * from "./encoding.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,GAAG,WAAW,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC"}

package/dist/index.js

@@ -1,8 +1,5 @@
-export const foo = "crypto";
-if (import.meta.vitest) {
-    const { test, expect } = import.meta.vitest;
-    test("foo is crypto", () => {
-        expect(foo).toBe("crypto");
-    });
-}
+export * from "./aes.js";
+export * from "./hkdf.js";
+export * from "./nacl.js";
+export * from "./encoding.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,GAAG,GAAG,QAAQ,CAAC;AAE5B,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;IACrB,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;IAE5C,IAAI,CAAC,eAAe,EAAE,GAAG,EAAE;QACvB,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACP,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC"}

package/dist/nacl.d.ts

@@ -0,0 +1,12 @@
+export { default as nacl } from "tweetnacl";
+/**
+ * Sealed box encrypt: uses an ephemeral keypair so the recipient cannot identify the sender.
+ * Output format: ephemeralPubKey(32) || nonce(24) || ciphertext
+ */
+export declare function sealedBoxEncrypt(message: Uint8Array, recipientPublicKey: Uint8Array): Uint8Array;
+/**
+ * Sealed box decrypt: extract ephemeral public key and nonce, then open with recipient's secret key.
+ * Input format: ephemeralPubKey(32) || nonce(24) || ciphertext
+ */
+export declare function sealedBoxDecrypt(sealed: Uint8Array, recipientSecretKey: Uint8Array): Uint8Array;
+//# sourceMappingURL=nacl.d.ts.map

package/dist/nacl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nacl.d.ts","sourceRoot":"","sources":["../src/nacl.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,IAAI,IAAI,EAAE,MAAM,WAAW,CAAC;AAM5C;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,UAAU,GAAG,UAAU,CAehG;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,UAAU,EAAE,kBAAkB,EAAE,UAAU,GAAG,UAAU,CAe/F"}

package/dist/nacl.js

@@ -0,0 +1,60 @@
+import nacl from "tweetnacl";
+export { default as nacl } from "tweetnacl";
+const PUBKEY_LEN = 32;
+const NONCE_LEN = 24;
+const OVERHEAD = PUBKEY_LEN + NONCE_LEN;
+/**
+ * Sealed box encrypt: uses an ephemeral keypair so the recipient cannot identify the sender.
+ * Output format: ephemeralPubKey(32) || nonce(24) || ciphertext
+ */
+export function sealedBoxEncrypt(message, recipientPublicKey) {
+    const ephemeral = nacl.box.keyPair();
+    const nonce = nacl.randomBytes(NONCE_LEN);
+    const encrypted = nacl.box(message, nonce, recipientPublicKey, ephemeral.secretKey);
+    if (!encrypted) {
+        throw new Error("Encryption failed");
+    }
+    const result = new Uint8Array(OVERHEAD + encrypted.length);
+    result.set(ephemeral.publicKey, 0);
+    result.set(nonce, PUBKEY_LEN);
+    result.set(encrypted, OVERHEAD);
+    return result;
+}
+/**
+ * Sealed box decrypt: extract ephemeral public key and nonce, then open with recipient's secret key.
+ * Input format: ephemeralPubKey(32) || nonce(24) || ciphertext
+ */
+export function sealedBoxDecrypt(sealed, recipientSecretKey) {
+    if (sealed.length < OVERHEAD + nacl.box.overheadLength) {
+        throw new Error("Sealed data too short");
+    }
+    const ephemeralPubKey = sealed.subarray(0, PUBKEY_LEN);
+    const nonce = sealed.subarray(PUBKEY_LEN, OVERHEAD);
+    const ciphertext = sealed.subarray(OVERHEAD);
+    const decrypted = nacl.box.open(ciphertext, nonce, ephemeralPubKey, recipientSecretKey);
+    if (!decrypted) {
+        throw new Error("Decryption failed - invalid key or corrupted data");
+    }
+    return decrypted;
+}
+if (import.meta.vitest) {
+    const { test, expect } = import.meta.vitest;
+    test("sealed box round-trip", () => {
+        const recipient = nacl.box.keyPair();
+        const message = new TextEncoder().encode("hello sealed box");
+        const sealed = sealedBoxEncrypt(message, recipient.publicKey);
+        const decrypted = sealedBoxDecrypt(sealed, recipient.secretKey);
+        expect(new TextDecoder().decode(decrypted)).toBe("hello sealed box");
+    });
+    test("sealed box wrong key fails", () => {
+        const recipient = nacl.box.keyPair();
+        const wrongRecipient = nacl.box.keyPair();
+        const message = new TextEncoder().encode("secret");
+        const sealed = sealedBoxEncrypt(message, recipient.publicKey);
+        expect(() => sealedBoxDecrypt(sealed, wrongRecipient.secretKey)).toThrow();
+    });
+    test("sealed box rejects truncated data", () => {
+        expect(() => sealedBoxDecrypt(new Uint8Array(10), nacl.box.keyPair().secretKey)).toThrow("Sealed data too short");
+    });
+}
+//# sourceMappingURL=nacl.js.map

package/dist/nacl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nacl.js","sourceRoot":"","sources":["../src/nacl.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,OAAO,IAAI,IAAI,EAAE,MAAM,WAAW,CAAC;AAE5C,MAAM,UAAU,GAAG,EAAE,CAAC;AACtB,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,QAAQ,GAAG,UAAU,GAAG,SAAS,CAAC;AAExC;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAmB,EAAE,kBAA8B;IAChF,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IAE1C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IACpF,IAAI,CAAC,SAAS,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACzC,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAC3D,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IACnC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAC9B,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEhC,OAAO,MAAM,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAkB,EAAE,kBAA8B;IAC/E,IAAI,MAAM,CAAC,MAAM,GAAG,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;QACrD,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC7C,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAE7C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,eAAe,EAAE,kBAAkB,CAAC,CAAC;IACxF,IAAI,CAAC,SAAS,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACzE,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC;AAED,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;IACrB,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;IAE5C,IAAI,CAAC,uBAAuB,EAAE,GAAG,EAAE;QAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QACrC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;QAChE,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QACrC,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;QAC9D,MAAM,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,MAAM,EAAE,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IAC/E,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CACpF,uBAAuB,CAC1B,CAAC;IACN,CAAC,CAAC,CAAC;AACP,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@polkadot-apps/crypto",
-  "version": "0.1.3",
+  "version": "0.2.0",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -17,6 +17,7 @@
     "access": "public"
   },
   "dependencies": {
+    "@noble/hashes": "^2.0.1",
     "tweetnacl": "^1.0.3"
   },
   "devDependencies": {