@ricsam/quickjs-crypto 0.0.1 → 0.2.13

package/dist/mjs/subtle-crypto.mjs.map

@@ -0,0 +1,10 @@
+{
+  "version": 3,
+  "sources": ["../../src/subtle-crypto.ts"],
+  "sourcesContent": [
+    "import type { QuickJSContext, QuickJSHandle } from \"quickjs-emscripten\";\nimport type { CryptoKeyState, KeyUsage } from \"./types.mjs\";\nimport {\n  nextInstanceId,\n  registerInstance,\n  getInstanceStateById,\n  marshal,\n  unmarshal,\n} from \"@ricsam/quickjs-core\";\n\n/**\n * Helper to create a CryptoKey instance in QuickJS from a host CryptoKey\n *\n * This registers the host key in our state management and creates\n * a QuickJS CryptoKey object that references it via __instanceId__\n */\nexport function createCryptoKeyInstance(\n  context: QuickJSContext,\n  hostKey: globalThis.CryptoKey\n): QuickJSHandle {\n  const instanceId = nextInstanceId();\n\n  const state: CryptoKeyState = {\n    hostKey,\n    type: hostKey.type,\n    extractable: hostKey.extractable,\n    algorithm: hostKey.algorithm as KeyAlgorithm,\n    usages: Array.from(hostKey.usages) as KeyUsage[],\n  };\n\n  registerInstance(instanceId, \"CryptoKey\", state);\n\n  // Create instance via evalCode to properly instantiate with prototype chain\n  const result = context.evalCode(`\n    (function() {\n      const key = Object.create(CryptoKey.prototype);\n      Object.defineProperty(key, '__instanceId__', {\n        value: ${instanceId},\n        enumerable: false,\n        writable: false,\n        configurable: false\n      });\n      return key;\n    })()\n  `);\n\n  if (result.error) {\n    const err = context.dump(result.error);\n    result.error.dispose();\n    throw new Error(`Failed to create CryptoKey instance: ${JSON.stringify(err)}`);\n  }\n\n  return result.value;\n}\n\n/**\n * Helper to create a CryptoKeyPair object in QuickJS\n */\nfunction createCryptoKeyPairInstance(\n  context: QuickJSContext,\n  keyPair: globalThis.CryptoKeyPair\n): QuickJSHandle {\n  const publicKeyHandle = createCryptoKeyInstance(context, keyPair.publicKey);\n  const privateKeyHandle = createCryptoKeyInstance(context, keyPair.privateKey);\n\n  const obj = context.newObject();\n  context.setProp(obj, \"publicKey\", publicKeyHandle);\n  context.setProp(obj, \"privateKey\", privateKeyHandle);\n\n  publicKeyHandle.dispose();\n  privateKeyHandle.dispose();\n\n  return obj;\n}\n\n/**\n * Helper to get the host CryptoKey from a QuickJS CryptoKey handle\n */\nfunction getHostKey(context: QuickJSContext, keyHandle: QuickJSHandle): globalThis.CryptoKey {\n  const instanceIdHandle = context.getProp(keyHandle, \"__instanceId__\");\n  if (context.typeof(instanceIdHandle) !== \"number\") {\n    instanceIdHandle.dispose();\n    throw new Error(\"Invalid CryptoKey: missing __instanceId__\");\n  }\n\n  const instanceId = context.getNumber(instanceIdHandle);\n  instanceIdHandle.dispose();\n\n  const state = getInstanceStateById<CryptoKeyState>(instanceId);\n  if (!state) {\n    throw new Error(\"Invalid CryptoKey: state not found\");\n  }\n\n  return state.hostKey;\n}\n\n/**\n * Helper to safely get an argument from the args array\n */\nfunction getArg(args: QuickJSHandle[], index: number): QuickJSHandle {\n  const arg = args[index];\n  if (!arg) {\n    throw new Error(`Missing argument at index ${index}`);\n  }\n  return arg;\n}\n\n/**\n * Create an async SubtleCrypto method that handles CryptoKey marshalling\n *\n * @param unmarshalArgs - Function to unmarshal arguments synchronously before async work\n * @param implementation - Async implementation that receives unmarshaled args\n */\nfunction createSubtleMethod<T>(\n  context: QuickJSContext,\n  methodName: string,\n  unmarshalArgs: (context: QuickJSContext, args: QuickJSHandle[]) => T,\n  implementation: (context: QuickJSContext, unmarshaledArgs: T) => Promise<QuickJSHandle>\n): QuickJSHandle {\n  return context.newFunction(methodName, (...args) => {\n    const deferred = context.newPromise();\n\n    // Unmarshal arguments synchronously BEFORE scheduling async work\n    // This is critical because the QuickJS handles may be disposed before the microtask runs\n    let unmarshaledArgs: T;\n    try {\n      unmarshaledArgs = unmarshalArgs(context, args);\n    } catch (error) {\n      // If unmarshalling fails, reject immediately\n      const errorHandle = marshal(context, {\n        name: error instanceof Error ? error.name : \"Error\",\n        message: error instanceof Error ? error.message : String(error),\n      });\n      deferred.reject(errorHandle);\n      errorHandle.dispose();\n      context.runtime.executePendingJobs();\n      return deferred.handle;\n    }\n\n    // Run the async implementation in a microtask\n    Promise.resolve().then(async () => {\n      try {\n        const resultHandle = await implementation(context, unmarshaledArgs);\n        deferred.resolve(resultHandle);\n        resultHandle.dispose();\n      } catch (error) {\n        // Use marshal instead of newError to avoid issues with disposed context\n        const errorHandle = marshal(context, {\n          name: error instanceof Error ? error.name : \"Error\",\n          message: error instanceof Error ? error.message : String(error),\n        });\n        deferred.reject(errorHandle);\n        errorHandle.dispose();\n      }\n      context.runtime.executePendingJobs();\n    });\n\n    return deferred.handle;\n  });\n}\n\n// Type definitions for unmarshaled args\ninterface DigestArgs {\n  algorithm: AlgorithmIdentifier;\n  data: Uint8Array;\n}\n\ninterface GenerateKeyArgs {\n  algorithm: RsaHashedKeyGenParams | EcKeyGenParams | AesKeyGenParams | HmacKeyGenParams;\n  extractable: boolean;\n  keyUsages: globalThis.KeyUsage[];\n}\n\ninterface SignArgs {\n  algorithm: AlgorithmIdentifier;\n  key: globalThis.CryptoKey;\n  data: Uint8Array;\n}\n\ninterface VerifyArgs {\n  algorithm: AlgorithmIdentifier;\n  key: globalThis.CryptoKey;\n  signature: Uint8Array;\n  data: Uint8Array;\n}\n\ninterface EncryptDecryptArgs {\n  algorithm: AlgorithmIdentifier;\n  key: globalThis.CryptoKey;\n  data: Uint8Array;\n}\n\ninterface ImportKeyArgs {\n  format: \"raw\" | \"pkcs8\" | \"spki\" | \"jwk\";\n  keyData: Uint8Array | JsonWebKey;\n  algorithm: AlgorithmIdentifier;\n  extractable: boolean;\n  keyUsages: globalThis.KeyUsage[];\n}\n\ninterface ExportKeyArgs {\n  format: \"raw\" | \"pkcs8\" | \"spki\" | \"jwk\";\n  key: globalThis.CryptoKey;\n}\n\ninterface DeriveBitsArgs {\n  algorithm: Record<string, unknown>;\n  baseKey: globalThis.CryptoKey;\n  length: number;\n}\n\ninterface DeriveKeyArgs {\n  algorithm: Record<string, unknown>;\n  baseKey: globalThis.CryptoKey;\n  derivedKeyType: AlgorithmIdentifier;\n  extractable: boolean;\n  keyUsages: globalThis.KeyUsage[];\n}\n\ninterface WrapKeyArgs {\n  format: \"raw\" | \"pkcs8\" | \"spki\" | \"jwk\";\n  key: globalThis.CryptoKey;\n  wrappingKey: globalThis.CryptoKey;\n  wrapAlgorithm: AlgorithmIdentifier;\n}\n\ninterface UnwrapKeyArgs {\n  format: \"raw\" | \"pkcs8\" | \"spki\" | \"jwk\";\n  wrappedKey: Uint8Array;\n  unwrappingKey: globalThis.CryptoKey;\n  unwrapAlgorithm: AlgorithmIdentifier;\n  unwrappedKeyAlgorithm: AlgorithmIdentifier;\n  extractable: boolean;\n  keyUsages: globalThis.KeyUsage[];\n}\n\n/**\n * Create the SubtleCrypto object with all methods\n */\nexport function createSubtleCryptoObject(context: QuickJSContext): QuickJSHandle {\n  const subtle = context.newObject();\n\n  // digest(algorithm, data) -> ArrayBuffer\n  const digestFn = createSubtleMethod<DigestArgs>(\n    context,\n    \"digest\",\n    (ctx, args) => ({\n      algorithm: unmarshal(ctx, getArg(args, 0)) as AlgorithmIdentifier,\n      data: unmarshal(ctx, getArg(args, 1)) as Uint8Array,\n    }),\n    async (ctx, { algorithm, data }) => {\n      const result = await crypto.subtle.digest(algorithm, data as unknown as BufferSource);\n      return marshal(ctx, new Uint8Array(result));\n    }\n  );\n  context.setProp(subtle, \"digest\", digestFn);\n  digestFn.dispose();\n\n  // generateKey(algorithm, extractable, keyUsages) -> CryptoKey | CryptoKeyPair\n  const generateKeyFn = createSubtleMethod<GenerateKeyArgs>(\n    context,\n    \"generateKey\",\n    (ctx, args) => ({\n      algorithm: unmarshal(ctx, getArg(args, 0)) as GenerateKeyArgs[\"algorithm\"],\n      extractable: unmarshal(ctx, getArg(args, 1)) as boolean,\n      keyUsages: unmarshal(ctx, getArg(args, 2)) as globalThis.KeyUsage[],\n    }),\n    async (ctx, { algorithm, extractable, keyUsages }) => {\n      const result = await crypto.subtle.generateKey(algorithm, extractable, keyUsages);\n\n      // Check if it's a key pair or single key\n      if (\"publicKey\" in result && \"privateKey\" in result) {\n        return createCryptoKeyPairInstance(ctx, result);\n      } else {\n        return createCryptoKeyInstance(ctx, result as globalThis.CryptoKey);\n      }\n    }\n  );\n  context.setProp(subtle, \"generateKey\", generateKeyFn);\n  generateKeyFn.dispose();\n\n  // sign(algorithm, key, data) -> ArrayBuffer\n  const signFn = createSubtleMethod<SignArgs>(\n    context,\n    \"sign\",\n    (ctx, args) => ({\n      algorithm: unmarshal(ctx, getArg(args, 0)) as AlgorithmIdentifier,\n      key: getHostKey(ctx, getArg(args, 1)),\n      data: unmarshal(ctx, getArg(args, 2)) as Uint8Array,\n    }),\n    async (ctx, { algorithm, key, data }) => {\n      const result = await crypto.subtle.sign(algorithm, key, data as unknown as BufferSource);\n      return marshal(ctx, new Uint8Array(result));\n    }\n  );\n  context.setProp(subtle, \"sign\", signFn);\n  signFn.dispose();\n\n  // verify(algorithm, key, signature, data) -> boolean\n  const verifyFn = createSubtleMethod<VerifyArgs>(\n    context,\n    \"verify\",\n    (ctx, args) => ({\n      algorithm: unmarshal(ctx, getArg(args, 0)) as AlgorithmIdentifier,\n      key: getHostKey(ctx, getArg(args, 1)),\n      signature: unmarshal(ctx, getArg(args, 2)) as Uint8Array,\n      data: unmarshal(ctx, getArg(args, 3)) as Uint8Array,\n    }),\n    async (ctx, { algorithm, key, signature, data }) => {\n      const result = await crypto.subtle.verify(\n        algorithm,\n        key,\n        signature as unknown as BufferSource,\n        data as unknown as BufferSource\n      );\n      return marshal(ctx, result);\n    }\n  );\n  context.setProp(subtle, \"verify\", verifyFn);\n  verifyFn.dispose();\n\n  // encrypt(algorithm, key, data) -> ArrayBuffer\n  const encryptFn = createSubtleMethod<EncryptDecryptArgs>(\n    context,\n    \"encrypt\",\n    (ctx, args) => ({\n      algorithm: unmarshal(ctx, getArg(args, 0)) as AlgorithmIdentifier,\n      key: getHostKey(ctx, getArg(args, 1)),\n      data: unmarshal(ctx, getArg(args, 2)) as Uint8Array,\n    }),\n    async (ctx, { algorithm, key, data }) => {\n      const result = await crypto.subtle.encrypt(\n        algorithm,\n        key,\n        data as unknown as BufferSource\n      );\n      return marshal(ctx, new Uint8Array(result));\n    }\n  );\n  context.setProp(subtle, \"encrypt\", encryptFn);\n  encryptFn.dispose();\n\n  // decrypt(algorithm, key, data) -> ArrayBuffer\n  const decryptFn = createSubtleMethod<EncryptDecryptArgs>(\n    context,\n    \"decrypt\",\n    (ctx, args) => ({\n      algorithm: unmarshal(ctx, getArg(args, 0)) as AlgorithmIdentifier,\n      key: getHostKey(ctx, getArg(args, 1)),\n      data: unmarshal(ctx, getArg(args, 2)) as Uint8Array,\n    }),\n    async (ctx, { algorithm, key, data }) => {\n      const result = await crypto.subtle.decrypt(\n        algorithm,\n        key,\n        data as unknown as BufferSource\n      );\n      return marshal(ctx, new Uint8Array(result));\n    }\n  );\n  context.setProp(subtle, \"decrypt\", decryptFn);\n  decryptFn.dispose();\n\n  // importKey(format, keyData, algorithm, extractable, keyUsages) -> CryptoKey\n  const importKeyFn = createSubtleMethod<ImportKeyArgs>(\n    context,\n    \"importKey\",\n    (ctx, args) => ({\n      format: unmarshal(ctx, getArg(args, 0)) as ImportKeyArgs[\"format\"],\n      keyData: unmarshal(ctx, getArg(args, 1)) as Uint8Array | JsonWebKey,\n      algorithm: unmarshal(ctx, getArg(args, 2)) as AlgorithmIdentifier,\n      extractable: unmarshal(ctx, getArg(args, 3)) as boolean,\n      keyUsages: unmarshal(ctx, getArg(args, 4)) as globalThis.KeyUsage[],\n    }),\n    async (ctx, { format, keyData, algorithm, extractable, keyUsages }) => {\n      let result: globalThis.CryptoKey;\n\n      if (format === \"jwk\") {\n        // JWK format expects JsonWebKey\n        result = await crypto.subtle.importKey(\n          format,\n          keyData as JsonWebKey,\n          algorithm,\n          extractable,\n          keyUsages\n        );\n      } else {\n        // Non-jwk formats expect BufferSource\n        // Convert Uint8Array to ArrayBuffer\n        let data: BufferSource;\n        if (keyData instanceof Uint8Array) {\n          data = keyData.buffer.slice(keyData.byteOffset, keyData.byteOffset + keyData.byteLength) as ArrayBuffer;\n        } else {\n          data = keyData as BufferSource;\n        }\n\n        result = await crypto.subtle.importKey(\n          format,\n          data,\n          algorithm,\n          extractable,\n          keyUsages\n        ) as globalThis.CryptoKey;\n      }\n\n      return createCryptoKeyInstance(ctx, result);\n    }\n  );\n  context.setProp(subtle, \"importKey\", importKeyFn);\n  importKeyFn.dispose();\n\n  // exportKey(format, key) -> ArrayBuffer | JsonWebKey\n  const exportKeyFn = createSubtleMethod<ExportKeyArgs>(\n    context,\n    \"exportKey\",\n    (ctx, args) => ({\n      format: unmarshal(ctx, getArg(args, 0)) as ExportKeyArgs[\"format\"],\n      key: getHostKey(ctx, getArg(args, 1)),\n    }),\n    async (ctx, { format, key }) => {\n      const result = await crypto.subtle.exportKey(format, key);\n\n      if (result instanceof ArrayBuffer) {\n        return marshal(ctx, new Uint8Array(result));\n      } else {\n        // JsonWebKey - marshal as plain object\n        return marshal(ctx, result);\n      }\n    }\n  );\n  context.setProp(subtle, \"exportKey\", exportKeyFn);\n  exportKeyFn.dispose();\n\n  // deriveBits(algorithm, baseKey, length) -> ArrayBuffer\n  const deriveBitsFn = createSubtleMethod<DeriveBitsArgs>(\n    context,\n    \"deriveBits\",\n    (ctx, args) => {\n      const algorithmRaw = unmarshal(ctx, getArg(args, 0)) as Record<string, unknown>;\n      const baseKey = getHostKey(ctx, getArg(args, 1));\n      const length = unmarshal(ctx, getArg(args, 2)) as number;\n\n      // If the algorithm has a 'public' property, it needs to be a CryptoKey\n      let algorithm = algorithmRaw;\n      if (algorithmRaw.public && typeof algorithmRaw.public === \"object\") {\n        const publicKeyData = algorithmRaw.public as { __instanceId__?: number };\n        if (publicKeyData.__instanceId__ !== undefined) {\n          const publicKeyState = getInstanceStateById<CryptoKeyState>(publicKeyData.__instanceId__);\n          if (publicKeyState) {\n            algorithm = { ...algorithmRaw, public: publicKeyState.hostKey };\n          }\n        }\n      }\n\n      return { algorithm, baseKey, length };\n    },\n    async (ctx, { algorithm, baseKey, length }) => {\n      const result = await crypto.subtle.deriveBits(\n        algorithm as unknown as AlgorithmIdentifier,\n        baseKey,\n        length\n      );\n      return marshal(ctx, new Uint8Array(result));\n    }\n  );\n  context.setProp(subtle, \"deriveBits\", deriveBitsFn);\n  deriveBitsFn.dispose();\n\n  // deriveKey(algorithm, baseKey, derivedKeyType, extractable, keyUsages) -> CryptoKey\n  const deriveKeyFn = createSubtleMethod<DeriveKeyArgs>(\n    context,\n    \"deriveKey\",\n    (ctx, args) => {\n      const algorithmRaw = unmarshal(ctx, getArg(args, 0)) as Record<string, unknown>;\n      const baseKey = getHostKey(ctx, getArg(args, 1));\n      const derivedKeyType = unmarshal(ctx, getArg(args, 2)) as AlgorithmIdentifier;\n      const extractable = unmarshal(ctx, getArg(args, 3)) as boolean;\n      const keyUsages = unmarshal(ctx, getArg(args, 4)) as globalThis.KeyUsage[];\n\n      // If the algorithm has a 'public' property, it needs to be a CryptoKey\n      let algorithm = algorithmRaw;\n      if (algorithmRaw.public && typeof algorithmRaw.public === \"object\") {\n        const publicKeyData = algorithmRaw.public as { __instanceId__?: number };\n        if (publicKeyData.__instanceId__ !== undefined) {\n          const publicKeyState = getInstanceStateById<CryptoKeyState>(publicKeyData.__instanceId__);\n          if (publicKeyState) {\n            algorithm = { ...algorithmRaw, public: publicKeyState.hostKey };\n          }\n        }\n      }\n\n      return { algorithm, baseKey, derivedKeyType, extractable, keyUsages };\n    },\n    async (ctx, { algorithm, baseKey, derivedKeyType, extractable, keyUsages }) => {\n      const result = await crypto.subtle.deriveKey(\n        algorithm as unknown as AlgorithmIdentifier,\n        baseKey,\n        derivedKeyType,\n        extractable,\n        keyUsages\n      );\n\n      return createCryptoKeyInstance(ctx, result as globalThis.CryptoKey);\n    }\n  );\n  context.setProp(subtle, \"deriveKey\", deriveKeyFn);\n  deriveKeyFn.dispose();\n\n  // wrapKey(format, key, wrappingKey, wrapAlgorithm) -> ArrayBuffer\n  const wrapKeyFn = createSubtleMethod<WrapKeyArgs>(\n    context,\n    \"wrapKey\",\n    (ctx, args) => ({\n      format: unmarshal(ctx, getArg(args, 0)) as WrapKeyArgs[\"format\"],\n      key: getHostKey(ctx, getArg(args, 1)),\n      wrappingKey: getHostKey(ctx, getArg(args, 2)),\n      wrapAlgorithm: unmarshal(ctx, getArg(args, 3)) as AlgorithmIdentifier,\n    }),\n    async (ctx, { format, key, wrappingKey, wrapAlgorithm }) => {\n      const result = await crypto.subtle.wrapKey(format, key, wrappingKey, wrapAlgorithm);\n      return marshal(ctx, new Uint8Array(result));\n    }\n  );\n  context.setProp(subtle, \"wrapKey\", wrapKeyFn);\n  wrapKeyFn.dispose();\n\n  // unwrapKey(format, wrappedKey, unwrappingKey, unwrapAlgorithm, unwrappedKeyAlgorithm, extractable, keyUsages) -> CryptoKey\n  const unwrapKeyFn = createSubtleMethod<UnwrapKeyArgs>(\n    context,\n    \"unwrapKey\",\n    (ctx, args) => ({\n      format: unmarshal(ctx, getArg(args, 0)) as UnwrapKeyArgs[\"format\"],\n      wrappedKey: unmarshal(ctx, getArg(args, 1)) as Uint8Array,\n      unwrappingKey: getHostKey(ctx, getArg(args, 2)),\n      unwrapAlgorithm: unmarshal(ctx, getArg(args, 3)) as AlgorithmIdentifier,\n      unwrappedKeyAlgorithm: unmarshal(ctx, getArg(args, 4)) as AlgorithmIdentifier,\n      extractable: unmarshal(ctx, getArg(args, 5)) as boolean,\n      keyUsages: unmarshal(ctx, getArg(args, 6)) as globalThis.KeyUsage[],\n    }),\n    async (ctx, { format, wrappedKey, unwrappingKey, unwrapAlgorithm, unwrappedKeyAlgorithm, extractable, keyUsages }) => {\n      const result = await crypto.subtle.unwrapKey(\n        format,\n        wrappedKey as unknown as BufferSource,\n        unwrappingKey,\n        unwrapAlgorithm,\n        unwrappedKeyAlgorithm,\n        extractable,\n        keyUsages\n      );\n\n      return createCryptoKeyInstance(ctx, result as globalThis.CryptoKey);\n    }\n  );\n  context.setProp(subtle, \"unwrapKey\", unwrapKeyFn);\n  unwrapKeyFn.dispose();\n\n  return subtle;\n}\n"
+  ],
+  "mappings": ";;AAEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcO,SAAS,uBAAuB,CACrC,SACA,SACe;AAAA,EACf,MAAM,aAAa,eAAe;AAAA,EAElC,MAAM,QAAwB;AAAA,IAC5B;AAAA,IACA,MAAM,QAAQ;AAAA,IACd,aAAa,QAAQ;AAAA,IACrB,WAAW,QAAQ;AAAA,IACnB,QAAQ,MAAM,KAAK,QAAQ,MAAM;AAAA,EACnC;AAAA,EAEA,iBAAiB,YAAY,aAAa,KAAK;AAAA,EAG/C,MAAM,SAAS,QAAQ,SAAS;AAAA;AAAA;AAAA;AAAA,iBAIjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAOd;AAAA,EAED,IAAI,OAAO,OAAO;AAAA,IAChB,MAAM,MAAM,QAAQ,KAAK,OAAO,KAAK;AAAA,IACrC,OAAO,MAAM,QAAQ;AAAA,IACrB,MAAM,IAAI,MAAM,wCAAwC,KAAK,UAAU,GAAG,GAAG;AAAA,EAC/E;AAAA,EAEA,OAAO,OAAO;AAAA;AAMhB,SAAS,2BAA2B,CAClC,SACA,SACe;AAAA,EACf,MAAM,kBAAkB,wBAAwB,SAAS,QAAQ,SAAS;AAAA,EAC1E,MAAM,mBAAmB,wBAAwB,SAAS,QAAQ,UAAU;AAAA,EAE5E,MAAM,MAAM,QAAQ,UAAU;AAAA,EAC9B,QAAQ,QAAQ,KAAK,aAAa,eAAe;AAAA,EACjD,QAAQ,QAAQ,KAAK,cAAc,gBAAgB;AAAA,EAEnD,gBAAgB,QAAQ;AAAA,EACxB,iBAAiB,QAAQ;AAAA,EAEzB,OAAO;AAAA;AAMT,SAAS,UAAU,CAAC,SAAyB,WAAgD;AAAA,EAC3F,MAAM,mBAAmB,QAAQ,QAAQ,WAAW,gBAAgB;AAAA,EACpE,IAAI,QAAQ,OAAO,gBAAgB,MAAM,UAAU;AAAA,IACjD,iBAAiB,QAAQ;AAAA,IACzB,MAAM,IAAI,MAAM,2CAA2C;AAAA,EAC7D;AAAA,EAEA,MAAM,aAAa,QAAQ,UAAU,gBAAgB;AAAA,EACrD,iBAAiB,QAAQ;AAAA,EAEzB,MAAM,QAAQ,qBAAqC,UAAU;AAAA,EAC7D,IAAI,CAAC,OAAO;AAAA,IACV,MAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAAA,EAEA,OAAO,MAAM;AAAA;AAMf,SAAS,MAAM,CAAC,MAAuB,OAA8B;AAAA,EACnE,MAAM,MAAM,KAAK;AAAA,EACjB,IAAI,CAAC,KAAK;AAAA,IACR,MAAM,IAAI,MAAM,6BAA6B,OAAO;AAAA,EACtD;AAAA,EACA,OAAO;AAAA;AAST,SAAS,kBAAqB,CAC5B,SACA,YACA,eACA,gBACe;AAAA,EACf,OAAO,QAAQ,YAAY,YAAY,IAAI,SAAS;AAAA,IAClD,MAAM,WAAW,QAAQ,WAAW;AAAA,IAIpC,IAAI;AAAA,IACJ,IAAI;AAAA,MACF,kBAAkB,cAAc,SAAS,IAAI;AAAA,MAC7C,OAAO,OAAO;AAAA,MAEd,MAAM,cAAc,QAAQ,SAAS;AAAA,QACnC,MAAM,iBAAiB,QAAQ,MAAM,OAAO;AAAA,QAC5C,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,MAChE,CAAC;AAAA,MACD,SAAS,OAAO,WAAW;AAAA,MAC3B,YAAY,QAAQ;AAAA,MACpB,QAAQ,QAAQ,mBAAmB;AAAA,MACnC,OAAO,SAAS;AAAA;AAAA,IAIlB,QAAQ,QAAQ,EAAE,KAAK,YAAY;AAAA,MACjC,IAAI;AAAA,QACF,MAAM,eAAe,MAAM,eAAe,SAAS,eAAe;AAAA,QAClE,SAAS,QAAQ,YAAY;AAAA,QAC7B,aAAa,QAAQ;AAAA,QACrB,OAAO,OAAO;AAAA,QAEd,MAAM,cAAc,QAAQ,SAAS;AAAA,UACnC,MAAM,iBAAiB,QAAQ,MAAM,OAAO;AAAA,UAC5C,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QAChE,CAAC;AAAA,QACD,SAAS,OAAO,WAAW;AAAA,QAC3B,YAAY,QAAQ;AAAA;AAAA,MAEtB,QAAQ,QAAQ,mBAAmB;AAAA,KACpC;AAAA,IAED,OAAO,SAAS;AAAA,GACjB;AAAA;AAiFI,SAAS,wBAAwB,CAAC,SAAwC;AAAA,EAC/E,MAAM,SAAS,QAAQ,UAAU;AAAA,EAGjC,MAAM,WAAW,mBACf,SACA,UACA,CAAC,KAAK,UAAU;AAAA,IACd,WAAW,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACzC,MAAM,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,EACtC,IACA,OAAO,OAAO,WAAW,WAAW;AAAA,IAClC,MAAM,SAAS,MAAM,OAAO,OAAO,OAAO,WAAW,IAA+B;AAAA,IACpF,OAAO,QAAQ,KAAK,IAAI,WAAW,MAAM,CAAC;AAAA,GAE9C;AAAA,EACA,QAAQ,QAAQ,QAAQ,UAAU,QAAQ;AAAA,EAC1C,SAAS,QAAQ;AAAA,EAGjB,MAAM,gBAAgB,mBACpB,SACA,eACA,CAAC,KAAK,UAAU;AAAA,IACd,WAAW,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACzC,aAAa,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IAC3C,WAAW,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,EAC3C,IACA,OAAO,OAAO,WAAW,aAAa,gBAAgB;AAAA,IACpD,MAAM,SAAS,MAAM,OAAO,OAAO,YAAY,WAAW,aAAa,SAAS;AAAA,IAGhF,IAAI,eAAe,UAAU,gBAAgB,QAAQ;AAAA,MACnD,OAAO,4BAA4B,KAAK,MAAM;AAAA,IAChD,EAAO;AAAA,MACL,OAAO,wBAAwB,KAAK,MAA8B;AAAA;AAAA,GAGxE;AAAA,EACA,QAAQ,QAAQ,QAAQ,eAAe,aAAa;AAAA,EACpD,cAAc,QAAQ;AAAA,EAGtB,MAAM,SAAS,mBACb,SACA,QACA,CAAC,KAAK,UAAU;AAAA,IACd,WAAW,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACzC,KAAK,WAAW,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACpC,MAAM,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,EACtC,IACA,OAAO,OAAO,WAAW,KAAK,WAAW;AAAA,IACvC,MAAM,SAAS,MAAM,OAAO,OAAO,KAAK,WAAW,KAAK,IAA+B;AAAA,IACvF,OAAO,QAAQ,KAAK,IAAI,WAAW,MAAM,CAAC;AAAA,GAE9C;AAAA,EACA,QAAQ,QAAQ,QAAQ,QAAQ,MAAM;AAAA,EACtC,OAAO,QAAQ;AAAA,EAGf,MAAM,WAAW,mBACf,SACA,UACA,CAAC,KAAK,UAAU;AAAA,IACd,WAAW,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACzC,KAAK,WAAW,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACpC,WAAW,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACzC,MAAM,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,EACtC,IACA,OAAO,OAAO,WAAW,KAAK,WAAW,WAAW;AAAA,IAClD,MAAM,SAAS,MAAM,OAAO,OAAO,OACjC,WACA,KACA,WACA,IACF;AAAA,IACA,OAAO,QAAQ,KAAK,MAAM;AAAA,GAE9B;AAAA,EACA,QAAQ,QAAQ,QAAQ,UAAU,QAAQ;AAAA,EAC1C,SAAS,QAAQ;AAAA,EAGjB,MAAM,YAAY,mBAChB,SACA,WACA,CAAC,KAAK,UAAU;AAAA,IACd,WAAW,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACzC,KAAK,WAAW,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACpC,MAAM,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,EACtC,IACA,OAAO,OAAO,WAAW,KAAK,WAAW;AAAA,IACvC,MAAM,SAAS,MAAM,OAAO,OAAO,QACjC,WACA,KACA,IACF;AAAA,IACA,OAAO,QAAQ,KAAK,IAAI,WAAW,MAAM,CAAC;AAAA,GAE9C;AAAA,EACA,QAAQ,QAAQ,QAAQ,WAAW,SAAS;AAAA,EAC5C,UAAU,QAAQ;AAAA,EAGlB,MAAM,YAAY,mBAChB,SACA,WACA,CAAC,KAAK,UAAU;AAAA,IACd,WAAW,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACzC,KAAK,WAAW,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACpC,MAAM,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,EACtC,IACA,OAAO,OAAO,WAAW,KAAK,WAAW;AAAA,IACvC,MAAM,SAAS,MAAM,OAAO,OAAO,QACjC,WACA,KACA,IACF;AAAA,IACA,OAAO,QAAQ,KAAK,IAAI,WAAW,MAAM,CAAC;AAAA,GAE9C;AAAA,EACA,QAAQ,QAAQ,QAAQ,WAAW,SAAS;AAAA,EAC5C,UAAU,QAAQ;AAAA,EAGlB,MAAM,cAAc,mBAClB,SACA,aACA,CAAC,KAAK,UAAU;AAAA,IACd,QAAQ,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACtC,SAAS,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACvC,WAAW,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACzC,aAAa,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IAC3C,WAAW,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,EAC3C,IACA,OAAO,OAAO,QAAQ,SAAS,WAAW,aAAa,gBAAgB;AAAA,IACrE,IAAI;AAAA,IAEJ,IAAI,WAAW,OAAO;AAAA,MAEpB,SAAS,MAAM,OAAO,OAAO,UAC3B,QACA,SACA,WACA,aACA,SACF;AAAA,IACF,EAAO;AAAA,MAGL,IAAI;AAAA,MACJ,IAAI,mBAAmB,YAAY;AAAA,QACjC,OAAO,QAAQ,OAAO,MAAM,QAAQ,YAAY,QAAQ,aAAa,QAAQ,UAAU;AAAA,MACzF,EAAO;AAAA,QACL,OAAO;AAAA;AAAA,MAGT,SAAS,MAAM,OAAO,OAAO,UAC3B,QACA,MACA,WACA,aACA,SACF;AAAA;AAAA,IAGF,OAAO,wBAAwB,KAAK,MAAM;AAAA,GAE9C;AAAA,EACA,QAAQ,QAAQ,QAAQ,aAAa,WAAW;AAAA,EAChD,YAAY,QAAQ;AAAA,EAGpB,MAAM,cAAc,mBAClB,SACA,aACA,CAAC,KAAK,UAAU;AAAA,IACd,QAAQ,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACtC,KAAK,WAAW,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,EACtC,IACA,OAAO,OAAO,QAAQ,UAAU;AAAA,IAC9B,MAAM,SAAS,MAAM,OAAO,OAAO,UAAU,QAAQ,GAAG;AAAA,IAExD,IAAI,kBAAkB,aAAa;AAAA,MACjC,OAAO,QAAQ,KAAK,IAAI,WAAW,MAAM,CAAC;AAAA,IAC5C,EAAO;AAAA,MAEL,OAAO,QAAQ,KAAK,MAAM;AAAA;AAAA,GAGhC;AAAA,EACA,QAAQ,QAAQ,QAAQ,aAAa,WAAW;AAAA,EAChD,YAAY,QAAQ;AAAA,EAGpB,MAAM,eAAe,mBACnB,SACA,cACA,CAAC,KAAK,SAAS;AAAA,IACb,MAAM,eAAe,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACnD,MAAM,UAAU,WAAW,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IAC/C,MAAM,SAAS,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IAG7C,IAAI,YAAY;AAAA,IAChB,IAAI,aAAa,UAAU,OAAO,aAAa,WAAW,UAAU;AAAA,MAClE,MAAM,gBAAgB,aAAa;AAAA,MACnC,IAAI,cAAc,mBAAmB,WAAW;AAAA,QAC9C,MAAM,iBAAiB,qBAAqC,cAAc,cAAc;AAAA,QACxF,IAAI,gBAAgB;AAAA,UAClB,YAAY,KAAK,cAAc,QAAQ,eAAe,QAAQ;AAAA,QAChE;AAAA,MACF;AAAA,IACF;AAAA,IAEA,OAAO,EAAE,WAAW,SAAS,OAAO;AAAA,KAEtC,OAAO,OAAO,WAAW,SAAS,aAAa;AAAA,IAC7C,MAAM,SAAS,MAAM,OAAO,OAAO,WACjC,WACA,SACA,MACF;AAAA,IACA,OAAO,QAAQ,KAAK,IAAI,WAAW,MAAM,CAAC;AAAA,GAE9C;AAAA,EACA,QAAQ,QAAQ,QAAQ,cAAc,YAAY;AAAA,EAClD,aAAa,QAAQ;AAAA,EAGrB,MAAM,cAAc,mBAClB,SACA,aACA,CAAC,KAAK,SAAS;AAAA,IACb,MAAM,eAAe,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACnD,MAAM,UAAU,WAAW,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IAC/C,MAAM,iBAAiB,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACrD,MAAM,cAAc,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IAClD,MAAM,YAAY,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IAGhD,IAAI,YAAY;AAAA,IAChB,IAAI,aAAa,UAAU,OAAO,aAAa,WAAW,UAAU;AAAA,MAClE,MAAM,gBAAgB,aAAa;AAAA,MACnC,IAAI,cAAc,mBAAmB,WAAW;AAAA,QAC9C,MAAM,iBAAiB,qBAAqC,cAAc,cAAc;AAAA,QACxF,IAAI,gBAAgB;AAAA,UAClB,YAAY,KAAK,cAAc,QAAQ,eAAe,QAAQ;AAAA,QAChE;AAAA,MACF;AAAA,IACF;AAAA,IAEA,OAAO,EAAE,WAAW,SAAS,gBAAgB,aAAa,UAAU;AAAA,KAEtE,OAAO,OAAO,WAAW,SAAS,gBAAgB,aAAa,gBAAgB;AAAA,IAC7E,MAAM,SAAS,MAAM,OAAO,OAAO,UACjC,WACA,SACA,gBACA,aACA,SACF;AAAA,IAEA,OAAO,wBAAwB,KAAK,MAA8B;AAAA,GAEtE;AAAA,EACA,QAAQ,QAAQ,QAAQ,aAAa,WAAW;AAAA,EAChD,YAAY,QAAQ;AAAA,EAGpB,MAAM,YAAY,mBAChB,SACA,WACA,CAAC,KAAK,UAAU;AAAA,IACd,QAAQ,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACtC,KAAK,WAAW,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACpC,aAAa,WAAW,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IAC5C,eAAe,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,EAC/C,IACA,OAAO,OAAO,QAAQ,KAAK,aAAa,oBAAoB;AAAA,IAC1D,MAAM,SAAS,MAAM,OAAO,OAAO,QAAQ,QAAQ,KAAK,aAAa,aAAa;AAAA,IAClF,OAAO,QAAQ,KAAK,IAAI,WAAW,MAAM,CAAC;AAAA,GAE9C;AAAA,EACA,QAAQ,QAAQ,QAAQ,WAAW,SAAS;AAAA,EAC5C,UAAU,QAAQ;AAAA,EAGlB,MAAM,cAAc,mBAClB,SACA,aACA,CAAC,KAAK,UAAU;AAAA,IACd,QAAQ,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACtC,YAAY,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IAC1C,eAAe,WAAW,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IAC9C,iBAAiB,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IAC/C,uBAAuB,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IACrD,aAAa,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,IAC3C,WAAW,UAAU,KAAK,OAAO,MAAM,CAAC,CAAC;AAAA,EAC3C,IACA,OAAO,OAAO,QAAQ,YAAY,eAAe,iBAAiB,uBAAuB,aAAa,gBAAgB;AAAA,IACpH,MAAM,SAAS,MAAM,OAAO,OAAO,UACjC,QACA,YACA,eACA,iBACA,uBACA,aACA,SACF;AAAA,IAEA,OAAO,wBAAwB,KAAK,MAA8B;AAAA,GAEtE;AAAA,EACA,QAAQ,QAAQ,QAAQ,aAAa,WAAW;AAAA,EAChD,YAAY,QAAQ;AAAA,EAEpB,OAAO;AAAA;",
+  "debugId": "447E4B44811F04E864756E2164756E21",
+  "names": []
+}

package/dist/mjs/types.mjs

@@ -0,0 +1,3 @@
+// @bun
+
+//# debugId=6BB96AFC5414BDD964756E2164756E21

package/dist/mjs/types.mjs.map

@@ -0,0 +1,9 @@
+{
+  "version": 3,
+  "sources": [],
+  "sourcesContent": [
+  ],
+  "mappings": "",
+  "debugId": "6BB96AFC5414BDD964756E2164756E21",
+  "names": []
+}

package/dist/types/crypto-key.d.ts

@@ -0,0 +1,10 @@
+import type { QuickJSContext, QuickJSHandle } from "quickjs-emscripten";
+import type { StateMap } from "./types.ts";
+/**
+ * Create the CryptoKey class for the QuickJS context
+ *
+ * CryptoKey is an opaque type - the actual key material stays on the host.
+ * The QuickJS instance only holds metadata and an instanceId that maps
+ * to the host-side CryptoKey.
+ */
+export declare function createCryptoKeyClass(context: QuickJSContext, stateMap: StateMap): QuickJSHandle;

package/dist/types/index.d.ts

@@ -0,0 +1,3 @@
+export { setupCrypto } from "./setup.ts";
+export type { SetupCryptoOptions, CryptoHandle, CryptoKeyState, KeyUsage, KeyType, } from "./types.ts";
+export { createCryptoKeyInstance } from "./subtle-crypto.ts";

package/dist/types/quickjs.d.ts

@@ -0,0 +1,287 @@
+/**
+ * QuickJS Global Type Definitions for @ricsam/quickjs-crypto
+ *
+ * These types define the globals injected by setupCrypto() into a QuickJS context.
+ * Use these types to typecheck user code that will run inside QuickJS.
+ *
+ * @example
+ * // Generate random bytes
+ * const arr = new Uint8Array(16);
+ * crypto.getRandomValues(arr);
+ *
+ * // Generate UUID
+ * const uuid = crypto.randomUUID();
+ *
+ * // Use SubtleCrypto
+ * const key = await crypto.subtle.generateKey(
+ *   { name: "AES-GCM", length: 256 },
+ *   true,
+ *   ["encrypt", "decrypt"]
+ * );
+ */
+
+export {};
+
+declare global {
+  /**
+   * CryptoKey represents a cryptographic key.
+   * @see https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey
+   */
+  interface CryptoKey {
+    /**
+     * The type of key: "public", "private", or "secret".
+     */
+    readonly type: "public" | "private" | "secret";
+
+    /**
+     * Whether the key can be exported.
+     */
+    readonly extractable: boolean;
+
+    /**
+     * The algorithm used by this key.
+     */
+    readonly algorithm: KeyAlgorithm;
+
+    /**
+     * The usages allowed for this key.
+     */
+    readonly usages: ReadonlyArray<KeyUsage>;
+  }
+
+  /**
+   * CryptoKey constructor (keys cannot be constructed directly).
+   */
+  const CryptoKey: {
+    prototype: CryptoKey;
+  };
+
+  /**
+   * SubtleCrypto interface for cryptographic operations.
+   * @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto
+   */
+  interface SubtleCrypto {
+    /**
+     * Generate a digest (hash) of the given data.
+     *
+     * @param algorithm - Hash algorithm (e.g., "SHA-256", "SHA-384", "SHA-512")
+     * @param data - Data to hash
+     * @returns Promise resolving to the hash as ArrayBuffer
+     */
+    digest(
+      algorithm: AlgorithmIdentifier,
+      data: BufferSource
+    ): Promise<ArrayBuffer>;
+
+    /**
+     * Generate a new cryptographic key or key pair.
+     *
+     * @param algorithm - Key generation algorithm
+     * @param extractable - Whether the key can be exported
+     * @param keyUsages - Allowed key usages
+     * @returns Promise resolving to a CryptoKey or CryptoKeyPair
+     */
+    generateKey(
+      algorithm: RsaHashedKeyGenParams | EcKeyGenParams | AesKeyGenParams | HmacKeyGenParams,
+      extractable: boolean,
+      keyUsages: KeyUsage[]
+    ): Promise<CryptoKey | CryptoKeyPair>;
+
+    /**
+     * Sign data using a private key.
+     *
+     * @param algorithm - Signing algorithm
+     * @param key - Private key to sign with
+     * @param data - Data to sign
+     * @returns Promise resolving to the signature as ArrayBuffer
+     */
+    sign(
+      algorithm: AlgorithmIdentifier,
+      key: CryptoKey,
+      data: BufferSource
+    ): Promise<ArrayBuffer>;
+
+    /**
+     * Verify a signature.
+     *
+     * @param algorithm - Signing algorithm
+     * @param key - Public key to verify with
+     * @param signature - Signature to verify
+     * @param data - Data that was signed
+     * @returns Promise resolving to true if valid, false otherwise
+     */
+    verify(
+      algorithm: AlgorithmIdentifier,
+      key: CryptoKey,
+      signature: BufferSource,
+      data: BufferSource
+    ): Promise<boolean>;
+
+    /**
+     * Encrypt data.
+     *
+     * @param algorithm - Encryption algorithm
+     * @param key - Encryption key
+     * @param data - Data to encrypt
+     * @returns Promise resolving to encrypted data as ArrayBuffer
+     */
+    encrypt(
+      algorithm: AlgorithmIdentifier,
+      key: CryptoKey,
+      data: BufferSource
+    ): Promise<ArrayBuffer>;
+
+    /**
+     * Decrypt data.
+     *
+     * @param algorithm - Decryption algorithm
+     * @param key - Decryption key
+     * @param data - Data to decrypt
+     * @returns Promise resolving to decrypted data as ArrayBuffer
+     */
+    decrypt(
+      algorithm: AlgorithmIdentifier,
+      key: CryptoKey,
+      data: BufferSource
+    ): Promise<ArrayBuffer>;
+
+    /**
+     * Import a key from external data.
+     *
+     * @param format - Key format ("raw", "pkcs8", "spki", "jwk")
+     * @param keyData - Key data
+     * @param algorithm - Key algorithm
+     * @param extractable - Whether the key can be exported
+     * @param keyUsages - Allowed key usages
+     * @returns Promise resolving to a CryptoKey
+     */
+    importKey(
+      format: "raw" | "pkcs8" | "spki" | "jwk",
+      keyData: BufferSource | JsonWebKey,
+      algorithm: AlgorithmIdentifier,
+      extractable: boolean,
+      keyUsages: KeyUsage[]
+    ): Promise<CryptoKey>;
+
+    /**
+     * Export a key.
+     *
+     * @param format - Export format ("raw", "pkcs8", "spki", "jwk")
+     * @param key - Key to export
+     * @returns Promise resolving to ArrayBuffer or JsonWebKey
+     */
+    exportKey(
+      format: "raw" | "pkcs8" | "spki" | "jwk",
+      key: CryptoKey
+    ): Promise<ArrayBuffer | JsonWebKey>;
+
+    /**
+     * Derive bits from a key.
+     *
+     * @param algorithm - Derivation algorithm
+     * @param baseKey - Base key for derivation
+     * @param length - Number of bits to derive
+     * @returns Promise resolving to derived bits as ArrayBuffer
+     */
+    deriveBits(
+      algorithm: AlgorithmIdentifier,
+      baseKey: CryptoKey,
+      length: number
+    ): Promise<ArrayBuffer>;
+
+    /**
+     * Derive a new key from a base key.
+     *
+     * @param algorithm - Derivation algorithm
+     * @param baseKey - Base key for derivation
+     * @param derivedKeyType - Type of key to derive
+     * @param extractable - Whether the derived key can be exported
+     * @param keyUsages - Allowed usages for derived key
+     * @returns Promise resolving to a CryptoKey
+     */
+    deriveKey(
+      algorithm: AlgorithmIdentifier,
+      baseKey: CryptoKey,
+      derivedKeyType: AlgorithmIdentifier,
+      extractable: boolean,
+      keyUsages: KeyUsage[]
+    ): Promise<CryptoKey>;
+
+    /**
+     * Wrap a key for secure export.
+     *
+     * @param format - Key format
+     * @param key - Key to wrap
+     * @param wrappingKey - Key to wrap with
+     * @param wrapAlgorithm - Wrapping algorithm
+     * @returns Promise resolving to wrapped key as ArrayBuffer
+     */
+    wrapKey(
+      format: "raw" | "pkcs8" | "spki" | "jwk",
+      key: CryptoKey,
+      wrappingKey: CryptoKey,
+      wrapAlgorithm: AlgorithmIdentifier
+    ): Promise<ArrayBuffer>;
+
+    /**
+     * Unwrap a wrapped key.
+     *
+     * @param format - Key format
+     * @param wrappedKey - Wrapped key data
+     * @param unwrappingKey - Key to unwrap with
+     * @param unwrapAlgorithm - Unwrapping algorithm
+     * @param unwrappedKeyAlgorithm - Algorithm for the unwrapped key
+     * @param extractable - Whether the unwrapped key can be exported
+     * @param keyUsages - Allowed usages for unwrapped key
+     * @returns Promise resolving to a CryptoKey
+     */
+    unwrapKey(
+      format: "raw" | "pkcs8" | "spki" | "jwk",
+      wrappedKey: BufferSource,
+      unwrappingKey: CryptoKey,
+      unwrapAlgorithm: AlgorithmIdentifier,
+      unwrappedKeyAlgorithm: AlgorithmIdentifier,
+      extractable: boolean,
+      keyUsages: KeyUsage[]
+    ): Promise<CryptoKey>;
+  }
+
+  /**
+   * Crypto interface providing cryptographic functionality.
+   * @see https://developer.mozilla.org/en-US/docs/Web/API/Crypto
+   */
+  interface Crypto {
+    /**
+     * SubtleCrypto interface for cryptographic operations.
+     */
+    readonly subtle: SubtleCrypto;
+
+    /**
+     * Fill a TypedArray with cryptographically random values.
+     *
+     * @param array - TypedArray to fill (max 65536 bytes)
+     * @returns The same array, filled with random values
+     *
+     * @example
+     * const arr = new Uint8Array(16);
+     * crypto.getRandomValues(arr);
+     */
+    getRandomValues<T extends ArrayBufferView | null>(array: T): T;
+
+    /**
+     * Generate a random UUID v4.
+     *
+     * @returns A random UUID string
+     *
+     * @example
+     * const uuid = crypto.randomUUID();
+     * // "550e8400-e29b-41d4-a716-446655440000"
+     */
+    randomUUID(): string;
+  }
+
+  /**
+   * Crypto object providing cryptographic functionality.
+   */
+  const crypto: Crypto;
+}

package/dist/types/random.d.ts

@@ -0,0 +1,14 @@
+import type { QuickJSContext, QuickJSHandle } from "quickjs-emscripten";
+/**
+ * Create the getRandomValues function for the crypto global
+ *
+ * getRandomValues fills a TypedArray with cryptographically random values
+ * and returns the same array (modified in-place)
+ */
+export declare function createGetRandomValuesFunction(context: QuickJSContext): QuickJSHandle;
+/**
+ * Create the randomUUID function for the crypto global
+ *
+ * randomUUID returns a string containing a randomly generated UUID v4
+ */
+export declare function createRandomUUIDFunction(context: QuickJSContext): QuickJSHandle;

package/dist/types/setup.d.ts

@@ -0,0 +1,43 @@
+import type { QuickJSContext } from "quickjs-emscripten";
+import type { SetupCryptoOptions, CryptoHandle } from "./types.ts";
+/**
+ * Setup crypto globals in a QuickJS context
+ *
+ * Provides: crypto.subtle (SubtleCrypto), crypto.getRandomValues, crypto.randomUUID, CryptoKey
+ *
+ * @example
+ * ```typescript
+ * const handle = setupCrypto(context);
+ *
+ * context.evalCode(`
+ *   // Generate a random UUID
+ *   const uuid = crypto.randomUUID();
+ *
+ *   // Generate random bytes
+ *   const arr = new Uint8Array(16);
+ *   crypto.getRandomValues(arr);
+ *
+ *   // Use SubtleCrypto for encryption
+ *   const key = await crypto.subtle.generateKey(
+ *     { name: "AES-GCM", length: 256 },
+ *     true,
+ *     ["encrypt", "decrypt"]
+ *   );
+ *
+ *   const iv = crypto.getRandomValues(new Uint8Array(12));
+ *   const data = new TextEncoder().encode("secret message");
+ *   const encrypted = await crypto.subtle.encrypt(
+ *     { name: "AES-GCM", iv },
+ *     key,
+ *     data
+ *   );
+ * `);
+ *
+ * handle.dispose();
+ * ```
+ *
+ * @param context - QuickJS context
+ * @param options - Setup options
+ * @returns CryptoHandle for cleanup
+ */
+export declare function setupCrypto(context: QuickJSContext, options?: SetupCryptoOptions): CryptoHandle;

package/dist/types/subtle-crypto.d.ts

@@ -0,0 +1,12 @@
+import type { QuickJSContext, QuickJSHandle } from "quickjs-emscripten";
+/**
+ * Helper to create a CryptoKey instance in QuickJS from a host CryptoKey
+ *
+ * This registers the host key in our state management and creates
+ * a QuickJS CryptoKey object that references it via __instanceId__
+ */
+export declare function createCryptoKeyInstance(context: QuickJSContext, hostKey: globalThis.CryptoKey): QuickJSHandle;
+/**
+ * Create the SubtleCrypto object with all methods
+ */
+export declare function createSubtleCryptoObject(context: QuickJSContext): QuickJSHandle;

package/dist/types/types.d.ts

@@ -0,0 +1,44 @@
+import type { StateMap, CoreHandle } from "@ricsam/quickjs-core";
+export type { StateMap, CoreHandle };
+/**
+ * Key usage types as defined by Web Crypto API
+ */
+export type KeyUsage = "encrypt" | "decrypt" | "sign" | "verify" | "deriveKey" | "deriveBits" | "wrapKey" | "unwrapKey";
+/**
+ * Key type
+ */
+export type KeyType = "public" | "private" | "secret";
+/**
+ * Internal state for CryptoKey instances
+ * The actual CryptoKey stays on the host side
+ */
+export interface CryptoKeyState {
+    /** Reference to host crypto key (actual CryptoKey from host) */
+    hostKey: globalThis.CryptoKey;
+    /** Key type: public, private, or secret */
+    type: KeyType;
+    /** Whether the key can be exported */
+    extractable: boolean;
+    /** Algorithm information */
+    algorithm: KeyAlgorithm;
+    /** Allowed usages for this key */
+    usages: KeyUsage[];
+}
+/**
+ * Options for setupCrypto
+ */
+export interface SetupCryptoOptions {
+    /** Shared state map for instance tracking */
+    stateMap?: StateMap;
+    /** Core handle from setupCore */
+    coreHandle?: CoreHandle;
+}
+/**
+ * Handle returned from setupCrypto
+ */
+export interface CryptoHandle {
+    /** Shared state map */
+    readonly stateMap: StateMap;
+    /** Dispose and cleanup */
+    dispose(): void;
+}

package/package.json

@@ -1,10 +1,58 @@
 {
   "name": "@ricsam/quickjs-crypto",
-  "version": "0.0.1",
-  "description": "OIDC trusted publishing setup package for @ricsam/quickjs-crypto",
+  "version": "0.2.13",
+  "main": "./dist/cjs/index.cjs",
+  "types": "./dist/types/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/types/index.d.ts",
+      "require": "./dist/cjs/index.cjs",
+      "import": "./dist/mjs/index.mjs"
+    },
+    "./quickjs": {
+      "types": "./dist/types/quickjs.d.ts"
+    }
+  },
+  "scripts": {
+    "build": "bun build ./src/index.ts --outdir ./dist --target bun",
+    "test": "bun test",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@ricsam/quickjs-core": "^0.2.13",
+    "quickjs-emscripten": "^0.31.0"
+  },
+  "peerDependencies": {
+    "quickjs-emscripten": "^0.31.0"
+  },
+  "author": "Richard Samuelsson",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ricsam/richie-qjs.git"
+  },
+  "bugs": {
+    "url": "https://github.com/ricsam/richie-qjs/issues"
+  },
+  "homepage": "https://github.com/ricsam/richie-qjs#readme",
   "keywords": [
-    "oidc",
-    "trusted-publishing",
-    "setup"
+    "quickjs",
+    "sandbox",
+    "javascript",
+    "runtime",
+    "fetch",
+    "filesystem",
+    "streams",
+    "wasm",
+    "emscripten"
+  ],
+  "description": "Web Crypto API implementation for QuickJS runtime",
+  "module": "./dist/mjs/index.mjs",
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "dist",
+    "README.md"
   ]
-}
+}

package/README.md

@@ -1,45 +0,0 @@
-# @ricsam/quickjs-crypto
-
-## ⚠️ IMPORTANT NOTICE ⚠️
-
-**This package is created solely for the purpose of setting up OIDC (OpenID Connect) trusted publishing with npm.**
-
-This is **NOT** a functional package and contains **NO** code or functionality beyond the OIDC setup configuration.
-
-## Purpose
-
-This package exists to:
-1. Configure OIDC trusted publishing for the package name `@ricsam/quickjs-crypto`
-2. Enable secure, token-less publishing from CI/CD workflows
-3. Establish provenance for packages published under this name
-
-## What is OIDC Trusted Publishing?
-
-OIDC trusted publishing allows package maintainers to publish packages directly from their CI/CD workflows without needing to manage npm access tokens. Instead, it uses OpenID Connect to establish trust between the CI/CD provider (like GitHub Actions) and npm.
-
-## Setup Instructions
-
-To properly configure OIDC trusted publishing for this package:
-
-1. Go to [npmjs.com](https://www.npmjs.com/) and navigate to your package settings
-2. Configure the trusted publisher (e.g., GitHub Actions)
-3. Specify the repository and workflow that should be allowed to publish
-4. Use the configured workflow to publish your actual package
-
-## DO NOT USE THIS PACKAGE
-
-This package is a placeholder for OIDC configuration only. It:
-- Contains no executable code
-- Provides no functionality
-- Should not be installed as a dependency
-- Exists only for administrative purposes
-
-## More Information
-
-For more details about npm's trusted publishing feature, see:
-- [npm Trusted Publishing Documentation](https://docs.npmjs.com/generating-provenance-statements)
-- [GitHub Actions OIDC Documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)
-
----
-
-**Maintained for OIDC setup purposes only**