@sd-jwt/crypto-browser 0.17.2-next.0 → 0.17.2-next.2

package/dist/index.d.mts

@@ -3,6 +3,54 @@ declare function digest(data: string | ArrayBuffer, algorithm?: string): Promise
 declare const getHasher: (algorithm?: string) => (data: string) => Promise<Uint8Array<ArrayBufferLike>>;
 declare const ES256: {
     alg: string;
+    _keyAlgorithm: {
+        name: string;
+        namedCurve: string;
+    };
+    _hashAlgorithm: {
+        name: string;
+        hash: {
+            name: string;
+        };
+    };
+    generateKeyPair(): Promise<{
+        publicKey: JsonWebKey;
+        privateKey: JsonWebKey;
+    }>;
+    getSigner(privateKeyJWK: object): Promise<(data: string) => Promise<string>>;
+    getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
+};
+declare const ES384: {
+    alg: string;
+    _keyAlgorithm: {
+        name: string;
+        namedCurve: string;
+    };
+    _hashAlgorithm: {
+        name: string;
+        hash: {
+            name: string;
+        };
+    };
+    generateKeyPair(): Promise<{
+        publicKey: JsonWebKey;
+        privateKey: JsonWebKey;
+    }>;
+    getSigner(privateKeyJWK: object): Promise<(data: string) => Promise<string>>;
+    getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
+};
+declare const ES512: {
+    alg: string;
+    _keyAlgorithm: {
+        name: string;
+        namedCurve: string;
+    };
+    _hashAlgorithm: {
+        name: string;
+        hash: {
+            name: string;
+        };
+    };
     generateKeyPair(): Promise<{
         publicKey: JsonWebKey;
         privateKey: JsonWebKey;
@@ -11,4 +59,4 @@ declare const ES256: {
     getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
 };
 
-export { ES256, digest, generateSalt, getHasher };
+export { ES256, ES384, ES512, digest, generateSalt, getHasher };

package/dist/index.d.ts

@@ -3,6 +3,54 @@ declare function digest(data: string | ArrayBuffer, algorithm?: string): Promise
 declare const getHasher: (algorithm?: string) => (data: string) => Promise<Uint8Array<ArrayBufferLike>>;
 declare const ES256: {
     alg: string;
+    _keyAlgorithm: {
+        name: string;
+        namedCurve: string;
+    };
+    _hashAlgorithm: {
+        name: string;
+        hash: {
+            name: string;
+        };
+    };
+    generateKeyPair(): Promise<{
+        publicKey: JsonWebKey;
+        privateKey: JsonWebKey;
+    }>;
+    getSigner(privateKeyJWK: object): Promise<(data: string) => Promise<string>>;
+    getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
+};
+declare const ES384: {
+    alg: string;
+    _keyAlgorithm: {
+        name: string;
+        namedCurve: string;
+    };
+    _hashAlgorithm: {
+        name: string;
+        hash: {
+            name: string;
+        };
+    };
+    generateKeyPair(): Promise<{
+        publicKey: JsonWebKey;
+        privateKey: JsonWebKey;
+    }>;
+    getSigner(privateKeyJWK: object): Promise<(data: string) => Promise<string>>;
+    getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
+};
+declare const ES512: {
+    alg: string;
+    _keyAlgorithm: {
+        name: string;
+        namedCurve: string;
+    };
+    _hashAlgorithm: {
+        name: string;
+        hash: {
+            name: string;
+        };
+    };
     generateKeyPair(): Promise<{
         publicKey: JsonWebKey;
         privateKey: JsonWebKey;
@@ -11,4 +59,4 @@ declare const ES256: {
     getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
 };
 
-export { ES256, digest, generateSalt, getHasher };
+export { ES256, ES384, ES512, digest, generateSalt, getHasher };

package/dist/index.js

@@ -41,6 +41,8 @@ var __async = (__this, __arguments, generator) => {
 var index_exports = {};
 __export(index_exports, {
   ES256: () => ES256,
+  ES384: () => ES384,
+  ES512: () => ES512,
   digest: () => digest,
   generateSalt: () => generateSalt,
   getHasher: () => getHasher
@@ -53,7 +55,7 @@ var generateSalt = (length) => {
     return "";
   }
   const array = new Uint8Array(length / 2);
-  window.crypto.getRandomValues(array);
+  globalThis.crypto.getRandomValues(array);
   const salt = Array.from(
     array,
     (byte) => byte.toString(16).padStart(2, "0")
@@ -63,7 +65,7 @@ var generateSalt = (length) => {
 function digest(data, algorithm = "sha-256") {
   return __async(this, null, function* () {
     const ec = new TextEncoder();
-    const digest2 = yield window.crypto.subtle.digest(
+    const digest2 = yield globalThis.crypto.subtle.digest(
       algorithm,
       typeof data === "string" ? ec.encode(data) : data
     );
@@ -73,99 +75,180 @@ function digest(data, algorithm = "sha-256") {
 var getHasher = (algorithm = "sha-256") => {
   return (data) => digest(data, algorithm);
 };
+function generateKeyPair(keyAlgorithm) {
+  return __async(this, null, function* () {
+    const keyPair = yield globalThis.crypto.subtle.generateKey(
+      keyAlgorithm,
+      true,
+      // whether the key is extractable (i.e., can be used in exportKey)
+      ["sign", "verify"]
+      // can be used to sign and verify signatures
+    );
+    const publicKeyJWK = yield globalThis.crypto.subtle.exportKey(
+      "jwk",
+      keyPair.publicKey
+    );
+    const privateKeyJWK = yield globalThis.crypto.subtle.exportKey(
+      "jwk",
+      keyPair.privateKey
+    );
+    return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+  });
+}
+function getSigner(privateKeyJWK, keyAlgorithm, signAlgorithm) {
+  return __async(this, null, function* () {
+    const privateKey = yield globalThis.crypto.subtle.importKey(
+      "jwk",
+      privateKeyJWK,
+      keyAlgorithm,
+      true,
+      // whether the key is extractable (i.e., can be used in exportKey)
+      ["sign"]
+    );
+    return (data) => __async(null, null, function* () {
+      const encoder = new TextEncoder();
+      const signature = yield globalThis.crypto.subtle.sign(
+        signAlgorithm,
+        privateKey,
+        encoder.encode(data)
+      );
+      return btoa(String.fromCharCode(...new Uint8Array(signature))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+    });
+  });
+}
+function getVerifier(publicKeyJWK, keyAlgorithm, verifyAlgorithm) {
+  return __async(this, null, function* () {
+    const publicKey = yield globalThis.crypto.subtle.importKey(
+      "jwk",
+      publicKeyJWK,
+      keyAlgorithm,
+      true,
+      // whether the key is extractable (i.e., can be used in exportKey)
+      ["verify"]
+    );
+    return (data, signatureBase64url) => __async(null, null, function* () {
+      const encoder = new TextEncoder();
+      const signature = Uint8Array.from(
+        atob(signatureBase64url.replace(/-/g, "+").replace(/_/g, "/")),
+        (c) => c.charCodeAt(0)
+      );
+      const isValid = yield globalThis.crypto.subtle.verify(
+        verifyAlgorithm,
+        publicKey,
+        signature,
+        encoder.encode(data)
+      );
+      return isValid;
+    });
+  });
+}
 var ES256 = {
   alg: "ES256",
+  _keyAlgorithm: {
+    name: "ECDSA",
+    namedCurve: "P-256"
+  },
+  _hashAlgorithm: {
+    name: "ECDSA",
+    hash: { name: "sha-256" }
+  },
   generateKeyPair() {
     return __async(this, null, function* () {
-      const keyPair = yield window.crypto.subtle.generateKey(
-        {
-          name: "ECDSA",
-          namedCurve: "P-256"
-          // ES256
-        },
-        true,
-        // whether the key is extractable (i.e., can be used in exportKey)
-        ["sign", "verify"]
-        // can be used to sign and verify signatures
+      return yield generateKeyPair(ES256._keyAlgorithm);
+    });
+  },
+  getSigner(privateKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getSigner(
+        privateKeyJWK,
+        ES256._keyAlgorithm,
+        ES256._hashAlgorithm
+      );
+    });
+  },
+  getVerifier(publicKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getVerifier(
+        publicKeyJWK,
+        ES256._keyAlgorithm,
+        ES256._hashAlgorithm
       );
-      const publicKeyJWK = yield window.crypto.subtle.exportKey(
-        "jwk",
-        keyPair.publicKey
+    });
+  }
+};
+var ES384 = {
+  alg: "ES384",
+  _keyAlgorithm: {
+    name: "ECDSA",
+    namedCurve: "P-384"
+  },
+  _hashAlgorithm: {
+    name: "ECDSA",
+    hash: { name: "sha-384" }
+  },
+  generateKeyPair() {
+    return __async(this, null, function* () {
+      return yield generateKeyPair(ES384._keyAlgorithm);
+    });
+  },
+  getSigner(privateKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getSigner(
+        privateKeyJWK,
+        ES384._keyAlgorithm,
+        ES384._hashAlgorithm
       );
-      const privateKeyJWK = yield window.crypto.subtle.exportKey(
-        "jwk",
-        keyPair.privateKey
+    });
+  },
+  getVerifier(publicKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getVerifier(
+        publicKeyJWK,
+        ES384._keyAlgorithm,
+        ES384._hashAlgorithm
       );
-      return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+    });
+  }
+};
+var ES512 = {
+  alg: "ES512",
+  _keyAlgorithm: {
+    name: "ECDSA",
+    namedCurve: "P-521"
+  },
+  _hashAlgorithm: {
+    name: "ECDSA",
+    hash: { name: "sha-512" }
+  },
+  generateKeyPair() {
+    return __async(this, null, function* () {
+      return yield generateKeyPair(ES512._keyAlgorithm);
     });
   },
   getSigner(privateKeyJWK) {
     return __async(this, null, function* () {
-      const privateKey = yield window.crypto.subtle.importKey(
-        "jwk",
+      return yield getSigner(
         privateKeyJWK,
-        {
-          name: "ECDSA",
-          namedCurve: "P-256"
-          // Must match the curve used to generate the key
-        },
-        true,
-        // whether the key is extractable (i.e., can be used in exportKey)
-        ["sign"]
+        ES512._keyAlgorithm,
+        ES512._hashAlgorithm
       );
-      return (data) => __async(null, null, function* () {
-        const encoder = new TextEncoder();
-        const signature = yield window.crypto.subtle.sign(
-          {
-            name: "ECDSA",
-            hash: { name: "sha-256" }
-            // Required for ES256
-          },
-          privateKey,
-          encoder.encode(data)
-        );
-        return window.btoa(String.fromCharCode(...new Uint8Array(signature))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-      });
     });
   },
   getVerifier(publicKeyJWK) {
     return __async(this, null, function* () {
-      const publicKey = yield window.crypto.subtle.importKey(
-        "jwk",
+      return yield getVerifier(
         publicKeyJWK,
-        {
-          name: "ECDSA",
-          namedCurve: "P-256"
-          // Must match the curve used to generate the key
-        },
-        true,
-        // whether the key is extractable (i.e., can be used in exportKey)
-        ["verify"]
+        ES512._keyAlgorithm,
+        ES512._hashAlgorithm
       );
-      return (data, signatureBase64url) => __async(null, null, function* () {
-        const encoder = new TextEncoder();
-        const signature = Uint8Array.from(
-          atob(signatureBase64url.replace(/-/g, "+").replace(/_/g, "/")),
-          (c) => c.charCodeAt(0)
-        );
-        const isValid = yield window.crypto.subtle.verify(
-          {
-            name: "ECDSA",
-            hash: { name: "sha-256" }
-            // Required for ES256
-          },
-          publicKey,
-          signature,
-          encoder.encode(data)
-        );
-        return isValid;
-      });
     });
   }
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   ES256,
+  ES384,
+  ES512,
   digest,
   generateSalt,
   getHasher

package/dist/index.mjs

@@ -25,7 +25,7 @@ var generateSalt = (length) => {
     return "";
   }
   const array = new Uint8Array(length / 2);
-  window.crypto.getRandomValues(array);
+  globalThis.crypto.getRandomValues(array);
   const salt = Array.from(
     array,
     (byte) => byte.toString(16).padStart(2, "0")
@@ -35,7 +35,7 @@ var generateSalt = (length) => {
 function digest(data, algorithm = "sha-256") {
   return __async(this, null, function* () {
     const ec = new TextEncoder();
-    const digest2 = yield window.crypto.subtle.digest(
+    const digest2 = yield globalThis.crypto.subtle.digest(
       algorithm,
       typeof data === "string" ? ec.encode(data) : data
     );
@@ -45,98 +45,179 @@ function digest(data, algorithm = "sha-256") {
 var getHasher = (algorithm = "sha-256") => {
   return (data) => digest(data, algorithm);
 };
+function generateKeyPair(keyAlgorithm) {
+  return __async(this, null, function* () {
+    const keyPair = yield globalThis.crypto.subtle.generateKey(
+      keyAlgorithm,
+      true,
+      // whether the key is extractable (i.e., can be used in exportKey)
+      ["sign", "verify"]
+      // can be used to sign and verify signatures
+    );
+    const publicKeyJWK = yield globalThis.crypto.subtle.exportKey(
+      "jwk",
+      keyPair.publicKey
+    );
+    const privateKeyJWK = yield globalThis.crypto.subtle.exportKey(
+      "jwk",
+      keyPair.privateKey
+    );
+    return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+  });
+}
+function getSigner(privateKeyJWK, keyAlgorithm, signAlgorithm) {
+  return __async(this, null, function* () {
+    const privateKey = yield globalThis.crypto.subtle.importKey(
+      "jwk",
+      privateKeyJWK,
+      keyAlgorithm,
+      true,
+      // whether the key is extractable (i.e., can be used in exportKey)
+      ["sign"]
+    );
+    return (data) => __async(null, null, function* () {
+      const encoder = new TextEncoder();
+      const signature = yield globalThis.crypto.subtle.sign(
+        signAlgorithm,
+        privateKey,
+        encoder.encode(data)
+      );
+      return btoa(String.fromCharCode(...new Uint8Array(signature))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+    });
+  });
+}
+function getVerifier(publicKeyJWK, keyAlgorithm, verifyAlgorithm) {
+  return __async(this, null, function* () {
+    const publicKey = yield globalThis.crypto.subtle.importKey(
+      "jwk",
+      publicKeyJWK,
+      keyAlgorithm,
+      true,
+      // whether the key is extractable (i.e., can be used in exportKey)
+      ["verify"]
+    );
+    return (data, signatureBase64url) => __async(null, null, function* () {
+      const encoder = new TextEncoder();
+      const signature = Uint8Array.from(
+        atob(signatureBase64url.replace(/-/g, "+").replace(/_/g, "/")),
+        (c) => c.charCodeAt(0)
+      );
+      const isValid = yield globalThis.crypto.subtle.verify(
+        verifyAlgorithm,
+        publicKey,
+        signature,
+        encoder.encode(data)
+      );
+      return isValid;
+    });
+  });
+}
 var ES256 = {
   alg: "ES256",
+  _keyAlgorithm: {
+    name: "ECDSA",
+    namedCurve: "P-256"
+  },
+  _hashAlgorithm: {
+    name: "ECDSA",
+    hash: { name: "sha-256" }
+  },
   generateKeyPair() {
     return __async(this, null, function* () {
-      const keyPair = yield window.crypto.subtle.generateKey(
-        {
-          name: "ECDSA",
-          namedCurve: "P-256"
-          // ES256
-        },
-        true,
-        // whether the key is extractable (i.e., can be used in exportKey)
-        ["sign", "verify"]
-        // can be used to sign and verify signatures
+      return yield generateKeyPair(ES256._keyAlgorithm);
+    });
+  },
+  getSigner(privateKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getSigner(
+        privateKeyJWK,
+        ES256._keyAlgorithm,
+        ES256._hashAlgorithm
+      );
+    });
+  },
+  getVerifier(publicKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getVerifier(
+        publicKeyJWK,
+        ES256._keyAlgorithm,
+        ES256._hashAlgorithm
       );
-      const publicKeyJWK = yield window.crypto.subtle.exportKey(
-        "jwk",
-        keyPair.publicKey
+    });
+  }
+};
+var ES384 = {
+  alg: "ES384",
+  _keyAlgorithm: {
+    name: "ECDSA",
+    namedCurve: "P-384"
+  },
+  _hashAlgorithm: {
+    name: "ECDSA",
+    hash: { name: "sha-384" }
+  },
+  generateKeyPair() {
+    return __async(this, null, function* () {
+      return yield generateKeyPair(ES384._keyAlgorithm);
+    });
+  },
+  getSigner(privateKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getSigner(
+        privateKeyJWK,
+        ES384._keyAlgorithm,
+        ES384._hashAlgorithm
       );
-      const privateKeyJWK = yield window.crypto.subtle.exportKey(
-        "jwk",
-        keyPair.privateKey
+    });
+  },
+  getVerifier(publicKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getVerifier(
+        publicKeyJWK,
+        ES384._keyAlgorithm,
+        ES384._hashAlgorithm
       );
-      return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+    });
+  }
+};
+var ES512 = {
+  alg: "ES512",
+  _keyAlgorithm: {
+    name: "ECDSA",
+    namedCurve: "P-521"
+  },
+  _hashAlgorithm: {
+    name: "ECDSA",
+    hash: { name: "sha-512" }
+  },
+  generateKeyPair() {
+    return __async(this, null, function* () {
+      return yield generateKeyPair(ES512._keyAlgorithm);
     });
   },
   getSigner(privateKeyJWK) {
     return __async(this, null, function* () {
-      const privateKey = yield window.crypto.subtle.importKey(
-        "jwk",
+      return yield getSigner(
         privateKeyJWK,
-        {
-          name: "ECDSA",
-          namedCurve: "P-256"
-          // Must match the curve used to generate the key
-        },
-        true,
-        // whether the key is extractable (i.e., can be used in exportKey)
-        ["sign"]
+        ES512._keyAlgorithm,
+        ES512._hashAlgorithm
       );
-      return (data) => __async(null, null, function* () {
-        const encoder = new TextEncoder();
-        const signature = yield window.crypto.subtle.sign(
-          {
-            name: "ECDSA",
-            hash: { name: "sha-256" }
-            // Required for ES256
-          },
-          privateKey,
-          encoder.encode(data)
-        );
-        return window.btoa(String.fromCharCode(...new Uint8Array(signature))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-      });
     });
   },
   getVerifier(publicKeyJWK) {
     return __async(this, null, function* () {
-      const publicKey = yield window.crypto.subtle.importKey(
-        "jwk",
+      return yield getVerifier(
         publicKeyJWK,
-        {
-          name: "ECDSA",
-          namedCurve: "P-256"
-          // Must match the curve used to generate the key
-        },
-        true,
-        // whether the key is extractable (i.e., can be used in exportKey)
-        ["verify"]
+        ES512._keyAlgorithm,
+        ES512._hashAlgorithm
       );
-      return (data, signatureBase64url) => __async(null, null, function* () {
-        const encoder = new TextEncoder();
-        const signature = Uint8Array.from(
-          atob(signatureBase64url.replace(/-/g, "+").replace(/_/g, "/")),
-          (c) => c.charCodeAt(0)
-        );
-        const isValid = yield window.crypto.subtle.verify(
-          {
-            name: "ECDSA",
-            hash: { name: "sha-256" }
-            // Required for ES256
-          },
-          publicKey,
-          signature,
-          encoder.encode(data)
-        );
-        return isValid;
-      });
     });
   }
 };
 export {
   ES256,
+  ES384,
+  ES512,
   digest,
   generateSalt,
   getHasher

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sd-jwt/crypto-browser",
-  "version": "0.17.2-next.0+1301a03",
+  "version": "0.17.2-next.2+4a4c1b0",
   "description": "sd-jwt draft 7 implementation in typescript",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -48,5 +48,5 @@
       "esm"
     ]
   },
-  "gitHead": "1301a03484b285711d7afd7448457348bad96569"
+  "gitHead": "4a4c1b0c04615bcf0e455d51cd1b9234cbcd0d78"
 }

package/src/crypto.ts

@@ -4,7 +4,7 @@ export const generateSalt = (length: number): string => {
   }
   // a hex is represented by 2 characters, so we split the length by 2
   const array = new Uint8Array(length / 2);
-  window.crypto.getRandomValues(array);
+  globalThis.crypto.getRandomValues(array);
 
   const salt = Array.from(array, (byte) =>
     byte.toString(16).padStart(2, '0'),
@@ -18,7 +18,7 @@ export async function digest(
   algorithm = 'sha-256',
 ): Promise<Uint8Array> {
   const ec = new TextEncoder();
-  const digest = await window.crypto.subtle.digest(
+  const digest = await globalThis.crypto.subtle.digest(
     algorithm,
     typeof data === 'string' ? ec.encode(data) : data,
   );
@@ -29,92 +29,193 @@ export const getHasher = (algorithm = 'sha-256') => {
   return (data: string) => digest(data, algorithm);
 };
 
+// All derived from the subtle functions being called below
+type GenerateKeyAlgorithm = RsaHashedKeyGenParams | EcKeyGenParams;
+type ImportKeyAlgorithm =
+  | AlgorithmIdentifier
+  | RsaHashedImportParams
+  | EcKeyImportParams
+  | HmacImportParams
+  | AesKeyAlgorithm;
+type SignAlgorithm = AlgorithmIdentifier | RsaPssParams | EcdsaParams;
+type VerifyAlgorithm = AlgorithmIdentifier | RsaPssParams | EcdsaParams;
+
+async function generateKeyPair(keyAlgorithm: GenerateKeyAlgorithm) {
+  const keyPair = await globalThis.crypto.subtle.generateKey(
+    keyAlgorithm,
+    true, // whether the key is extractable (i.e., can be used in exportKey)
+    ['sign', 'verify'], // can be used to sign and verify signatures
+  );
+
+  // Export the public and private keys in JWK format
+  const publicKeyJWK = await globalThis.crypto.subtle.exportKey(
+    'jwk',
+    keyPair.publicKey,
+  );
+  const privateKeyJWK = await globalThis.crypto.subtle.exportKey(
+    'jwk',
+    keyPair.privateKey,
+  );
+
+  return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+}
+
+async function getSigner(
+  privateKeyJWK: object,
+  keyAlgorithm: ImportKeyAlgorithm,
+  signAlgorithm: SignAlgorithm,
+) {
+  const privateKey = await globalThis.crypto.subtle.importKey(
+    'jwk',
+    privateKeyJWK,
+    keyAlgorithm,
+    true, // whether the key is extractable (i.e., can be used in exportKey)
+    ['sign'],
+  );
+
+  return async (data: string) => {
+    const encoder = new TextEncoder();
+    const signature = await globalThis.crypto.subtle.sign(
+      signAlgorithm,
+      privateKey,
+      encoder.encode(data),
+    );
+
+    return btoa(String.fromCharCode(...new Uint8Array(signature)))
+      .replace(/\+/g, '-')
+      .replace(/\//g, '_')
+      .replace(/=+$/, ''); // Convert to base64url format
+  };
+}
+
+async function getVerifier(
+  publicKeyJWK: object,
+  keyAlgorithm: ImportKeyAlgorithm,
+  verifyAlgorithm: VerifyAlgorithm,
+) {
+  const publicKey = await globalThis.crypto.subtle.importKey(
+    'jwk',
+    publicKeyJWK,
+    keyAlgorithm,
+    true, // whether the key is extractable (i.e., can be used in exportKey)
+    ['verify'],
+  );
+
+  return async (data: string, signatureBase64url: string) => {
+    const encoder = new TextEncoder();
+    const signature = Uint8Array.from(
+      atob(signatureBase64url.replace(/-/g, '+').replace(/_/g, '/')),
+      (c) => c.charCodeAt(0),
+    );
+    const isValid = await globalThis.crypto.subtle.verify(
+      verifyAlgorithm,
+      publicKey,
+      signature,
+      encoder.encode(data),
+    );
+
+    return isValid;
+  };
+}
+
 export const ES256 = {
   alg: 'ES256',
 
+  _keyAlgorithm: {
+    name: 'ECDSA',
+    namedCurve: 'P-256',
+  },
+
+  _hashAlgorithm: {
+    name: 'ECDSA',
+    hash: { name: 'sha-256' },
+  },
+
   async generateKeyPair() {
-    const keyPair = await window.crypto.subtle.generateKey(
-      {
-        name: 'ECDSA',
-        namedCurve: 'P-256', // ES256
-      },
-      true, // whether the key is extractable (i.e., can be used in exportKey)
-      ['sign', 'verify'], // can be used to sign and verify signatures
-    );
+    return await generateKeyPair(ES256._keyAlgorithm);
+  },
 
-    // Export the public and private keys in JWK format
-    const publicKeyJWK = await window.crypto.subtle.exportKey(
-      'jwk',
-      keyPair.publicKey,
+  async getSigner(privateKeyJWK: object) {
+    return await getSigner(
+      privateKeyJWK,
+      ES256._keyAlgorithm,
+      ES256._hashAlgorithm,
     );
-    const privateKeyJWK = await window.crypto.subtle.exportKey(
-      'jwk',
-      keyPair.privateKey,
+  },
+
+  async getVerifier(publicKeyJWK: object) {
+    return await getVerifier(
+      publicKeyJWK,
+      ES256._keyAlgorithm,
+      ES256._hashAlgorithm,
     );
+  },
+};
+
+export const ES384 = {
+  alg: 'ES384',
+
+  _keyAlgorithm: {
+    name: 'ECDSA',
+    namedCurve: 'P-384',
+  },
 
-    return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+  _hashAlgorithm: {
+    name: 'ECDSA',
+    hash: { name: 'sha-384' },
+  },
+
+  async generateKeyPair() {
+    return await generateKeyPair(ES384._keyAlgorithm);
   },
 
   async getSigner(privateKeyJWK: object) {
-    const privateKey = await window.crypto.subtle.importKey(
-      'jwk',
+    return await getSigner(
       privateKeyJWK,
-      {
-        name: 'ECDSA',
-        namedCurve: 'P-256', // Must match the curve used to generate the key
-      },
-      true, // whether the key is extractable (i.e., can be used in exportKey)
-      ['sign'],
+      ES384._keyAlgorithm,
+      ES384._hashAlgorithm,
     );
-
-    return async (data: string) => {
-      const encoder = new TextEncoder();
-      const signature = await window.crypto.subtle.sign(
-        {
-          name: 'ECDSA',
-          hash: { name: 'sha-256' }, // Required for ES256
-        },
-        privateKey,
-        encoder.encode(data),
-      );
-
-      return window
-        .btoa(String.fromCharCode(...new Uint8Array(signature)))
-        .replace(/\+/g, '-')
-        .replace(/\//g, '_')
-        .replace(/=+$/, ''); // Convert to base64url format
-    };
   },
 
   async getVerifier(publicKeyJWK: object) {
-    const publicKey = await window.crypto.subtle.importKey(
-      'jwk',
+    return await getVerifier(
       publicKeyJWK,
-      {
-        name: 'ECDSA',
-        namedCurve: 'P-256', // Must match the curve used to generate the key
-      },
-      true, // whether the key is extractable (i.e., can be used in exportKey)
-      ['verify'],
+      ES384._keyAlgorithm,
+      ES384._hashAlgorithm,
+    );
+  },
+};
+
+export const ES512 = {
+  alg: 'ES512',
+
+  _keyAlgorithm: {
+    name: 'ECDSA',
+    namedCurve: 'P-521',
+  },
+
+  _hashAlgorithm: {
+    name: 'ECDSA',
+    hash: { name: 'sha-512' },
+  },
+
+  async generateKeyPair() {
+    return await generateKeyPair(ES512._keyAlgorithm);
+  },
+
+  async getSigner(privateKeyJWK: object) {
+    return await getSigner(
+      privateKeyJWK,
+      ES512._keyAlgorithm,
+      ES512._hashAlgorithm,
     );
+  },
 
-    return async (data: string, signatureBase64url: string) => {
-      const encoder = new TextEncoder();
-      const signature = Uint8Array.from(
-        atob(signatureBase64url.replace(/-/g, '+').replace(/_/g, '/')),
-        (c) => c.charCodeAt(0),
-      );
-      const isValid = await window.crypto.subtle.verify(
-        {
-          name: 'ECDSA',
-          hash: { name: 'sha-256' }, // Required for ES256
-        },
-        publicKey,
-        signature,
-        encoder.encode(data),
-      );
-
-      return isValid;
-    };
+  async getVerifier(publicKeyJWK: object) {
+    return await getVerifier(
+      publicKeyJWK,
+      ES512._keyAlgorithm,
+      ES512._hashAlgorithm,
+    );
   },
 };

package/src/test/crypto.spec.ts

@@ -1,5 +1,5 @@
 import { describe, expect, test } from 'vitest';
-import { digest, ES256, generateSalt, getHasher } from '../index';
+import { digest, ES256, ES384, ES512, generateSalt, getHasher } from '../index';
 
 // Extract the major version as a number
 const nodeVersionMajor = Number.parseInt(
@@ -42,24 +42,42 @@ describe('This file is for utility functions', () => {
     expect(hash).toBeDefined();
   });
 
-  (nodeVersionMajor < 20 ? test.skip : test)('ES256 alg', () => {
-    expect(ES256.alg).toBe('ES256');
-  });
+  for (const algLib of [
+    {
+      name: 'ES256',
+      lib: ES256,
+    },
+    {
+      name: 'ES384',
+      lib: ES384,
+    },
+    {
+      name: 'ES512',
+      lib: ES512,
+    },
+  ]) {
+    (nodeVersionMajor < 20 ? test.skip : test)(`${algLib.name} alg`, () => {
+      expect(algLib.lib.alg).toBe(algLib.name);
+    });
 
-  (nodeVersionMajor < 20 ? test.skip : test)('ES256', async () => {
-    const { privateKey, publicKey } = await ES256.generateKeyPair();
-    expect(privateKey).toBeDefined();
-    expect(publicKey).toBeDefined();
-    expect(typeof privateKey).toBe('object');
-    expect(typeof publicKey).toBe('object');
+    (nodeVersionMajor < 20 ? test.skip : test)(algLib.name, async () => {
+      const { privateKey, publicKey } = await algLib.lib.generateKeyPair();
+      expect(privateKey).toBeDefined();
+      expect(publicKey).toBeDefined();
+      expect(typeof privateKey).toBe('object');
+      expect(typeof publicKey).toBe('object');
 
-    const data =
-      'In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase.';
-    const signature = await (await ES256.getSigner(privateKey))(data);
-    expect(signature).toBeDefined();
-    expect(typeof signature).toBe('string');
+      const data =
+        'In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase.';
+      const signature = await (await algLib.lib.getSigner(privateKey))(data);
+      expect(signature).toBeDefined();
+      expect(typeof signature).toBe('string');
 
-    const result = await (await ES256.getVerifier(publicKey))(data, signature);
-    expect(result).toBe(true);
-  });
+      const result = await (await algLib.lib.getVerifier(publicKey))(
+        data,
+        signature,
+      );
+      expect(result).toBe(true);
+    });
+  }
 });