npm - @sd-jwt/crypto-nodejs - Versions diffs - 0.17.2-next.0 → 0.17.2-next.2 - Mend

@sd-jwt/crypto-nodejs 0.17.2-next.0 → 0.17.2-next.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -2,8 +2,66 @@ import * as crypto from 'crypto';
 declare const generateSalt: (length: number) => string;
 declare const digest: (data: string | ArrayBuffer, algorithm?: string) => Uint8Array;
+type GenerateKeyAlgorithm = RsaHashedKeyGenParams | EcKeyGenParams;
+type ImportKeyAlgorithm = AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm;
+type SignAlgorithm = AlgorithmIdentifier | RsaPssParams | EcdsaParams;
+type VerifyAlgorithm = AlgorithmIdentifier | RsaPssParams | EcdsaParams;
+declare function generateKeyPair(keyAlgorithm: GenerateKeyAlgorithm): Promise<{
+    publicKey: crypto.webcrypto.JsonWebKey;
+    privateKey: crypto.webcrypto.JsonWebKey;
+}>;
+declare function getSigner(privateKeyJWK: object, keyAlgorithm: ImportKeyAlgorithm, signAlgorithm: SignAlgorithm): Promise<(data: string) => Promise<string>>;
+declare function getVerifier(publicKeyJWK: object, keyAlgorithm: ImportKeyAlgorithm, verifyAlgorithm: VerifyAlgorithm): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
 declare const ES256: {
     alg: string;
+    _keyAlgorithm: {
+        name: string;
+        namedCurve: string;
+    };
+    _hashAlgorithm: {
+        name: string;
+        hash: {
+            name: string;
+        };
+    };
+    generateKeyPair(): Promise<{
+        publicKey: crypto.webcrypto.JsonWebKey;
+        privateKey: crypto.webcrypto.JsonWebKey;
+    }>;
+    getSigner(privateKeyJWK: object): Promise<(data: string) => Promise<string>>;
+    getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
+};
+declare const ES384: {
+    alg: string;
+    _keyAlgorithm: {
+        name: string;
+        namedCurve: string;
+    };
+    _hashAlgorithm: {
+        name: string;
+        hash: {
+            name: string;
+        };
+    };
+    generateKeyPair(): Promise<{
+        publicKey: crypto.webcrypto.JsonWebKey;
+        privateKey: crypto.webcrypto.JsonWebKey;
+    }>;
+    getSigner(privateKeyJWK: object): Promise<(data: string) => Promise<string>>;
+    getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
+};
+declare const ES512: {
+    alg: string;
+    _keyAlgorithm: {
+        name: string;
+        namedCurve: string;
+    };
+    _hashAlgorithm: {
+        name: string;
+        hash: {
+            name: string;
+        };
+    };
     generateKeyPair(): Promise<{
         publicKey: crypto.webcrypto.JsonWebKey;
         privateKey: crypto.webcrypto.JsonWebKey;
@@ -12,4 +70,4 @@ declare const ES256: {
     getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
 };
-export { ES256, digest, generateSalt };
+export { ES256, ES384, ES512, digest, generateKeyPair, generateSalt, getSigner, getVerifier };

package/dist/index.d.ts CHANGED Viewed

@@ -2,8 +2,66 @@ import * as crypto from 'crypto';
 declare const generateSalt: (length: number) => string;
 declare const digest: (data: string | ArrayBuffer, algorithm?: string) => Uint8Array;
+type GenerateKeyAlgorithm = RsaHashedKeyGenParams | EcKeyGenParams;
+type ImportKeyAlgorithm = AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm;
+type SignAlgorithm = AlgorithmIdentifier | RsaPssParams | EcdsaParams;
+type VerifyAlgorithm = AlgorithmIdentifier | RsaPssParams | EcdsaParams;
+declare function generateKeyPair(keyAlgorithm: GenerateKeyAlgorithm): Promise<{
+    publicKey: crypto.webcrypto.JsonWebKey;
+    privateKey: crypto.webcrypto.JsonWebKey;
+}>;
+declare function getSigner(privateKeyJWK: object, keyAlgorithm: ImportKeyAlgorithm, signAlgorithm: SignAlgorithm): Promise<(data: string) => Promise<string>>;
+declare function getVerifier(publicKeyJWK: object, keyAlgorithm: ImportKeyAlgorithm, verifyAlgorithm: VerifyAlgorithm): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
 declare const ES256: {
     alg: string;
+    _keyAlgorithm: {
+        name: string;
+        namedCurve: string;
+    };
+    _hashAlgorithm: {
+        name: string;
+        hash: {
+            name: string;
+        };
+    };
+    generateKeyPair(): Promise<{
+        publicKey: crypto.webcrypto.JsonWebKey;
+        privateKey: crypto.webcrypto.JsonWebKey;
+    }>;
+    getSigner(privateKeyJWK: object): Promise<(data: string) => Promise<string>>;
+    getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
+};
+declare const ES384: {
+    alg: string;
+    _keyAlgorithm: {
+        name: string;
+        namedCurve: string;
+    };
+    _hashAlgorithm: {
+        name: string;
+        hash: {
+            name: string;
+        };
+    };
+    generateKeyPair(): Promise<{
+        publicKey: crypto.webcrypto.JsonWebKey;
+        privateKey: crypto.webcrypto.JsonWebKey;
+    }>;
+    getSigner(privateKeyJWK: object): Promise<(data: string) => Promise<string>>;
+    getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
+};
+declare const ES512: {
+    alg: string;
+    _keyAlgorithm: {
+        name: string;
+        namedCurve: string;
+    };
+    _hashAlgorithm: {
+        name: string;
+        hash: {
+            name: string;
+        };
+    };
     generateKeyPair(): Promise<{
         publicKey: crypto.webcrypto.JsonWebKey;
         privateKey: crypto.webcrypto.JsonWebKey;
@@ -12,4 +70,4 @@ declare const ES256: {
     getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
 };
-export { ES256, digest, generateSalt };
+export { ES256, ES384, ES512, digest, generateKeyPair, generateSalt, getSigner, getVerifier };

package/dist/index.js CHANGED Viewed

@@ -41,8 +41,13 @@ var __async = (__this, __arguments, generator) => {
 var index_exports = {};
 __export(index_exports, {
   ES256: () => ES256,
+  ES384: () => ES384,
+  ES512: () => ES512,
   digest: () => digest,
-  generateSalt: () => generateSalt
+  generateKeyPair: () => generateKeyPair,
+  generateSalt: () => generateSalt,
+  getSigner: () => getSigner,
+  getVerifier: () => getVerifier
 });
 module.exports = __toCommonJS(index_exports);
@@ -68,93 +73,177 @@ var digest = (data, algorithm = "sha-256") => {
   return new Uint8Array(hashBuffer);
 };
 var toNodeCryptoAlg = (hashAlg) => hashAlg.replace("-", "").toLowerCase();
+function generateKeyPair(keyAlgorithm) {
+  return __async(this, null, function* () {
+    const keyPair = yield import_node_crypto.subtle.generateKey(
+      keyAlgorithm,
+      true,
+      // whether the key is extractable (i.e., can be used in exportKey)
+      ["sign", "verify"]
+      // can be used to sign and verify signatures
+    );
+    const publicKeyJWK = yield import_node_crypto.subtle.exportKey("jwk", keyPair.publicKey);
+    const privateKeyJWK = yield import_node_crypto.subtle.exportKey("jwk", keyPair.privateKey);
+    return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+  });
+}
+function getSigner(privateKeyJWK, keyAlgorithm, signAlgorithm) {
+  return __async(this, null, function* () {
+    const privateKey = yield import_node_crypto.subtle.importKey(
+      "jwk",
+      privateKeyJWK,
+      keyAlgorithm,
+      true,
+      // whether the key is extractable (i.e., can be used in exportKey)
+      ["sign"]
+    );
+    return (data) => __async(null, null, function* () {
+      const encoder = new TextEncoder();
+      const signature = yield import_node_crypto.subtle.sign(
+        signAlgorithm,
+        privateKey,
+        encoder.encode(data)
+      );
+      return btoa(String.fromCharCode(...new Uint8Array(signature))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+    });
+  });
+}
+function getVerifier(publicKeyJWK, keyAlgorithm, verifyAlgorithm) {
+  return __async(this, null, function* () {
+    const publicKey = yield import_node_crypto.subtle.importKey(
+      "jwk",
+      publicKeyJWK,
+      keyAlgorithm,
+      true,
+      // whether the key is extractable (i.e., can be used in exportKey)
+      ["verify"]
+    );
+    return (data, signatureBase64url) => __async(null, null, function* () {
+      const encoder = new TextEncoder();
+      const signature = Uint8Array.from(
+        atob(signatureBase64url.replace(/-/g, "+").replace(/_/g, "/")),
+        (c) => c.charCodeAt(0)
+      );
+      const isValid = yield import_node_crypto.subtle.verify(
+        verifyAlgorithm,
+        publicKey,
+        signature,
+        encoder.encode(data)
+      );
+      return isValid;
+    });
+  });
+}
 var ES256 = {
   alg: "ES256",
+  _keyAlgorithm: {
+    name: "ECDSA",
+    namedCurve: "P-256"
+  },
+  _hashAlgorithm: {
+    name: "ECDSA",
+    hash: { name: "sha-256" }
+  },
   generateKeyPair() {
     return __async(this, null, function* () {
-      const keyPair = yield import_node_crypto.subtle.generateKey(
-        {
-          name: "ECDSA",
-          namedCurve: "P-256"
-          // ES256
-        },
-        true,
-        // whether the key is extractable (i.e., can be used in exportKey)
-        ["sign", "verify"]
-        // can be used to sign and verify signatures
+      return yield generateKeyPair(ES256._keyAlgorithm);
+    });
+  },
+  getSigner(privateKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getSigner(
+        privateKeyJWK,
+        ES256._keyAlgorithm,
+        ES256._hashAlgorithm
+      );
+    });
+  },
+  getVerifier(publicKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getVerifier(
+        publicKeyJWK,
+        ES256._keyAlgorithm,
+        ES256._hashAlgorithm
       );
-      const publicKeyJWK = yield import_node_crypto.subtle.exportKey("jwk", keyPair.publicKey);
-      const privateKeyJWK = yield import_node_crypto.subtle.exportKey("jwk", keyPair.privateKey);
-      return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+    });
+  }
+};
+var ES384 = {
+  alg: "ES384",
+  _keyAlgorithm: {
+    name: "ECDSA",
+    namedCurve: "P-384"
+  },
+  _hashAlgorithm: {
+    name: "ECDSA",
+    hash: { name: "sha-384" }
+  },
+  generateKeyPair() {
+    return __async(this, null, function* () {
+      return yield generateKeyPair(ES384._keyAlgorithm);
+    });
+  },
+  getSigner(privateKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getSigner(
+        privateKeyJWK,
+        ES384._keyAlgorithm,
+        ES384._hashAlgorithm
+      );
+    });
+  },
+  getVerifier(publicKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getVerifier(
+        publicKeyJWK,
+        ES384._keyAlgorithm,
+        ES384._hashAlgorithm
+      );
+    });
+  }
+};
+var ES512 = {
+  alg: "ES512",
+  _keyAlgorithm: {
+    name: "ECDSA",
+    namedCurve: "P-521"
+  },
+  _hashAlgorithm: {
+    name: "ECDSA",
+    hash: { name: "sha-512" }
+  },
+  generateKeyPair() {
+    return __async(this, null, function* () {
+      return yield generateKeyPair(ES512._keyAlgorithm);
     });
   },
   getSigner(privateKeyJWK) {
     return __async(this, null, function* () {
-      const privateKey = yield import_node_crypto.subtle.importKey(
-        "jwk",
+      return yield getSigner(
         privateKeyJWK,
-        {
-          name: "ECDSA",
-          namedCurve: "P-256"
-          // Must match the curve used to generate the key
-        },
-        true,
-        // whether the key is extractable (i.e., can be used in exportKey)
-        ["sign"]
+        ES512._keyAlgorithm,
+        ES512._hashAlgorithm
       );
-      return (data) => __async(null, null, function* () {
-        const encoder = new TextEncoder();
-        const signature = yield import_node_crypto.subtle.sign(
-          {
-            name: "ECDSA",
-            hash: { name: "sha-256" }
-            // Required for ES256
-          },
-          privateKey,
-          encoder.encode(data)
-        );
-        return btoa(String.fromCharCode(...new Uint8Array(signature))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-      });
     });
   },
   getVerifier(publicKeyJWK) {
     return __async(this, null, function* () {
-      const publicKey = yield import_node_crypto.subtle.importKey(
-        "jwk",
+      return yield getVerifier(
         publicKeyJWK,
-        {
-          name: "ECDSA",
-          namedCurve: "P-256"
-          // Must match the curve used to generate the key
-        },
-        true,
-        // whether the key is extractable (i.e., can be used in exportKey)
-        ["verify"]
+        ES512._keyAlgorithm,
+        ES512._hashAlgorithm
       );
-      return (data, signatureBase64url) => __async(null, null, function* () {
-        const encoder = new TextEncoder();
-        const signature = Uint8Array.from(
-          atob(signatureBase64url.replace(/-/g, "+").replace(/_/g, "/")),
-          (c) => c.charCodeAt(0)
-        );
-        const isValid = yield import_node_crypto.subtle.verify(
-          {
-            name: "ECDSA",
-            hash: { name: "sha-256" }
-            // Required for ES256
-          },
-          publicKey,
-          signature,
-          encoder.encode(data)
-        );
-        return isValid;
-      });
     });
   }
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   ES256,
+  ES384,
+  ES512,
   digest,
-  generateSalt
+  generateKeyPair,
+  generateSalt,
+  getSigner,
+  getVerifier
 });

package/dist/index.mjs CHANGED Viewed

@@ -41,92 +41,176 @@ var digest = (data, algorithm = "sha-256") => {
   return new Uint8Array(hashBuffer);
 };
 var toNodeCryptoAlg = (hashAlg) => hashAlg.replace("-", "").toLowerCase();
+function generateKeyPair(keyAlgorithm) {
+  return __async(this, null, function* () {
+    const keyPair = yield subtle.generateKey(
+      keyAlgorithm,
+      true,
+      // whether the key is extractable (i.e., can be used in exportKey)
+      ["sign", "verify"]
+      // can be used to sign and verify signatures
+    );
+    const publicKeyJWK = yield subtle.exportKey("jwk", keyPair.publicKey);
+    const privateKeyJWK = yield subtle.exportKey("jwk", keyPair.privateKey);
+    return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+  });
+}
+function getSigner(privateKeyJWK, keyAlgorithm, signAlgorithm) {
+  return __async(this, null, function* () {
+    const privateKey = yield subtle.importKey(
+      "jwk",
+      privateKeyJWK,
+      keyAlgorithm,
+      true,
+      // whether the key is extractable (i.e., can be used in exportKey)
+      ["sign"]
+    );
+    return (data) => __async(null, null, function* () {
+      const encoder = new TextEncoder();
+      const signature = yield subtle.sign(
+        signAlgorithm,
+        privateKey,
+        encoder.encode(data)
+      );
+      return btoa(String.fromCharCode(...new Uint8Array(signature))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+    });
+  });
+}
+function getVerifier(publicKeyJWK, keyAlgorithm, verifyAlgorithm) {
+  return __async(this, null, function* () {
+    const publicKey = yield subtle.importKey(
+      "jwk",
+      publicKeyJWK,
+      keyAlgorithm,
+      true,
+      // whether the key is extractable (i.e., can be used in exportKey)
+      ["verify"]
+    );
+    return (data, signatureBase64url) => __async(null, null, function* () {
+      const encoder = new TextEncoder();
+      const signature = Uint8Array.from(
+        atob(signatureBase64url.replace(/-/g, "+").replace(/_/g, "/")),
+        (c) => c.charCodeAt(0)
+      );
+      const isValid = yield subtle.verify(
+        verifyAlgorithm,
+        publicKey,
+        signature,
+        encoder.encode(data)
+      );
+      return isValid;
+    });
+  });
+}
 var ES256 = {
   alg: "ES256",
+  _keyAlgorithm: {
+    name: "ECDSA",
+    namedCurve: "P-256"
+  },
+  _hashAlgorithm: {
+    name: "ECDSA",
+    hash: { name: "sha-256" }
+  },
   generateKeyPair() {
     return __async(this, null, function* () {
-      const keyPair = yield subtle.generateKey(
-        {
-          name: "ECDSA",
-          namedCurve: "P-256"
-          // ES256
-        },
-        true,
-        // whether the key is extractable (i.e., can be used in exportKey)
-        ["sign", "verify"]
-        // can be used to sign and verify signatures
+      return yield generateKeyPair(ES256._keyAlgorithm);
+    });
+  },
+  getSigner(privateKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getSigner(
+        privateKeyJWK,
+        ES256._keyAlgorithm,
+        ES256._hashAlgorithm
+      );
+    });
+  },
+  getVerifier(publicKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getVerifier(
+        publicKeyJWK,
+        ES256._keyAlgorithm,
+        ES256._hashAlgorithm
       );
-      const publicKeyJWK = yield subtle.exportKey("jwk", keyPair.publicKey);
-      const privateKeyJWK = yield subtle.exportKey("jwk", keyPair.privateKey);
-      return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+    });
+  }
+};
+var ES384 = {
+  alg: "ES384",
+  _keyAlgorithm: {
+    name: "ECDSA",
+    namedCurve: "P-384"
+  },
+  _hashAlgorithm: {
+    name: "ECDSA",
+    hash: { name: "sha-384" }
+  },
+  generateKeyPair() {
+    return __async(this, null, function* () {
+      return yield generateKeyPair(ES384._keyAlgorithm);
+    });
+  },
+  getSigner(privateKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getSigner(
+        privateKeyJWK,
+        ES384._keyAlgorithm,
+        ES384._hashAlgorithm
+      );
+    });
+  },
+  getVerifier(publicKeyJWK) {
+    return __async(this, null, function* () {
+      return yield getVerifier(
+        publicKeyJWK,
+        ES384._keyAlgorithm,
+        ES384._hashAlgorithm
+      );
+    });
+  }
+};
+var ES512 = {
+  alg: "ES512",
+  _keyAlgorithm: {
+    name: "ECDSA",
+    namedCurve: "P-521"
+  },
+  _hashAlgorithm: {
+    name: "ECDSA",
+    hash: { name: "sha-512" }
+  },
+  generateKeyPair() {
+    return __async(this, null, function* () {
+      return yield generateKeyPair(ES512._keyAlgorithm);
     });
   },
   getSigner(privateKeyJWK) {
     return __async(this, null, function* () {
-      const privateKey = yield subtle.importKey(
-        "jwk",
+      return yield getSigner(
         privateKeyJWK,
-        {
-          name: "ECDSA",
-          namedCurve: "P-256"
-          // Must match the curve used to generate the key
-        },
-        true,
-        // whether the key is extractable (i.e., can be used in exportKey)
-        ["sign"]
+        ES512._keyAlgorithm,
+        ES512._hashAlgorithm
       );
-      return (data) => __async(null, null, function* () {
-        const encoder = new TextEncoder();
-        const signature = yield subtle.sign(
-          {
-            name: "ECDSA",
-            hash: { name: "sha-256" }
-            // Required for ES256
-          },
-          privateKey,
-          encoder.encode(data)
-        );
-        return btoa(String.fromCharCode(...new Uint8Array(signature))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-      });
     });
   },
   getVerifier(publicKeyJWK) {
     return __async(this, null, function* () {
-      const publicKey = yield subtle.importKey(
-        "jwk",
+      return yield getVerifier(
         publicKeyJWK,
-        {
-          name: "ECDSA",
-          namedCurve: "P-256"
-          // Must match the curve used to generate the key
-        },
-        true,
-        // whether the key is extractable (i.e., can be used in exportKey)
-        ["verify"]
+        ES512._keyAlgorithm,
+        ES512._hashAlgorithm
       );
-      return (data, signatureBase64url) => __async(null, null, function* () {
-        const encoder = new TextEncoder();
-        const signature = Uint8Array.from(
-          atob(signatureBase64url.replace(/-/g, "+").replace(/_/g, "/")),
-          (c) => c.charCodeAt(0)
-        );
-        const isValid = yield subtle.verify(
-          {
-            name: "ECDSA",
-            hash: { name: "sha-256" }
-            // Required for ES256
-          },
-          publicKey,
-          signature,
-          encoder.encode(data)
-        );
-        return isValid;
-      });
     });
   }
 };
 export {
   ES256,
+  ES384,
+  ES512,
   digest,
-  generateSalt
+  generateKeyPair,
+  generateSalt,
+  getSigner,
+  getVerifier
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sd-jwt/crypto-nodejs",
-  "version": "0.17.2-next.0+1301a03",
+  "version": "0.17.2-next.2+4a4c1b0",
   "description": "sd-jwt draft 7 implementation in typescript",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -51,5 +51,5 @@
       "esm"
     ]
   },
-  "gitHead": "1301a03484b285711d7afd7448457348bad96569"
+  "gitHead": "4a4c1b0c04615bcf0e455d51cd1b9234cbcd0d78"
 }

package/src/crypto.ts CHANGED Viewed

@@ -27,85 +27,187 @@ export const digest = (
 const toNodeCryptoAlg = (hashAlg: string): string =>
   hashAlg.replace('-', '').toLowerCase();
+// All derived from the subtle functions being called below
+type GenerateKeyAlgorithm = RsaHashedKeyGenParams | EcKeyGenParams;
+type ImportKeyAlgorithm =
+  | AlgorithmIdentifier
+  | RsaHashedImportParams
+  | EcKeyImportParams
+  | HmacImportParams
+  | AesKeyAlgorithm;
+type SignAlgorithm = AlgorithmIdentifier | RsaPssParams | EcdsaParams;
+type VerifyAlgorithm = AlgorithmIdentifier | RsaPssParams | EcdsaParams;
+export async function generateKeyPair(keyAlgorithm: GenerateKeyAlgorithm) {
+  const keyPair = await subtle.generateKey(
+    keyAlgorithm,
+    true, // whether the key is extractable (i.e., can be used in exportKey)
+    ['sign', 'verify'], // can be used to sign and verify signatures
+  );
+  // Export the public and private keys in JWK format
+  const publicKeyJWK = await subtle.exportKey('jwk', keyPair.publicKey);
+  const privateKeyJWK = await subtle.exportKey('jwk', keyPair.privateKey);
+  return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+}
+export async function getSigner(
+  privateKeyJWK: object,
+  keyAlgorithm: ImportKeyAlgorithm,
+  signAlgorithm: SignAlgorithm,
+) {
+  const privateKey = await subtle.importKey(
+    'jwk',
+    privateKeyJWK,
+    keyAlgorithm,
+    true, // whether the key is extractable (i.e., can be used in exportKey)
+    ['sign'],
+  );
+  return async (data: string) => {
+    const encoder = new TextEncoder();
+    const signature = await subtle.sign(
+      signAlgorithm,
+      privateKey,
+      encoder.encode(data),
+    );
+    return btoa(String.fromCharCode(...new Uint8Array(signature)))
+      .replace(/\+/g, '-')
+      .replace(/\//g, '_')
+      .replace(/=+$/, ''); // Convert to base64url format
+  };
+}
+export async function getVerifier(
+  publicKeyJWK: object,
+  keyAlgorithm: ImportKeyAlgorithm,
+  verifyAlgorithm: VerifyAlgorithm,
+) {
+  const publicKey = await subtle.importKey(
+    'jwk',
+    publicKeyJWK,
+    keyAlgorithm,
+    true, // whether the key is extractable (i.e., can be used in exportKey)
+    ['verify'],
+  );
+  return async (data: string, signatureBase64url: string) => {
+    const encoder = new TextEncoder();
+    const signature = Uint8Array.from(
+      atob(signatureBase64url.replace(/-/g, '+').replace(/_/g, '/')),
+      (c) => c.charCodeAt(0),
+    );
+    const isValid = await subtle.verify(
+      verifyAlgorithm,
+      publicKey,
+      signature,
+      encoder.encode(data),
+    );
+    return isValid;
+  };
+}
 export const ES256 = {
   alg: 'ES256',
+  _keyAlgorithm: {
+    name: 'ECDSA',
+    namedCurve: 'P-256',
+  },
+  _hashAlgorithm: {
+    name: 'ECDSA',
+    hash: { name: 'sha-256' },
+  },
   async generateKeyPair() {
-    const keyPair = await subtle.generateKey(
-      {
-        name: 'ECDSA',
-        namedCurve: 'P-256', // ES256
-      },
-      true, // whether the key is extractable (i.e., can be used in exportKey)
-      ['sign', 'verify'], // can be used to sign and verify signatures
+    return await generateKeyPair(ES256._keyAlgorithm);
+  },
+  async getSigner(privateKeyJWK: object) {
+    return await getSigner(
+      privateKeyJWK,
+      ES256._keyAlgorithm,
+      ES256._hashAlgorithm,
+    );
+  },
+  async getVerifier(publicKeyJWK: object) {
+    return await getVerifier(
+      publicKeyJWK,
+      ES256._keyAlgorithm,
+      ES256._hashAlgorithm,
     );
+  },
+};
-    // Export the public and private keys in JWK format
-    const publicKeyJWK = await subtle.exportKey('jwk', keyPair.publicKey);
-    const privateKeyJWK = await subtle.exportKey('jwk', keyPair.privateKey);
+export const ES384 = {
+  alg: 'ES384',
+  _keyAlgorithm: {
+    name: 'ECDSA',
+    namedCurve: 'P-384',
+  },
-    return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+  _hashAlgorithm: {
+    name: 'ECDSA',
+    hash: { name: 'sha-384' },
+  },
+  async generateKeyPair() {
+    return await generateKeyPair(ES384._keyAlgorithm);
   },
   async getSigner(privateKeyJWK: object) {
-    const privateKey = await subtle.importKey(
-      'jwk',
+    return await getSigner(
       privateKeyJWK,
-      {
-        name: 'ECDSA',
-        namedCurve: 'P-256', // Must match the curve used to generate the key
-      },
-      true, // whether the key is extractable (i.e., can be used in exportKey)
-      ['sign'],
+      ES384._keyAlgorithm,
+      ES384._hashAlgorithm,
     );
-    return async (data: string) => {
-      const encoder = new TextEncoder();
-      const signature = await subtle.sign(
-        {
-          name: 'ECDSA',
-          hash: { name: 'sha-256' }, // Required for ES256
-        },
-        privateKey,
-        encoder.encode(data),
-      );
-      return btoa(String.fromCharCode(...new Uint8Array(signature)))
-        .replace(/\+/g, '-')
-        .replace(/\//g, '_')
-        .replace(/=+$/, ''); // Convert to base64url format
-    };
   },
   async getVerifier(publicKeyJWK: object) {
-    const publicKey = await subtle.importKey(
-      'jwk',
+    return await getVerifier(
       publicKeyJWK,
-      {
-        name: 'ECDSA',
-        namedCurve: 'P-256', // Must match the curve used to generate the key
-      },
-      true, // whether the key is extractable (i.e., can be used in exportKey)
-      ['verify'],
+      ES384._keyAlgorithm,
+      ES384._hashAlgorithm,
+    );
+  },
+};
+export const ES512 = {
+  alg: 'ES512',
+  _keyAlgorithm: {
+    name: 'ECDSA',
+    namedCurve: 'P-521',
+  },
+  _hashAlgorithm: {
+    name: 'ECDSA',
+    hash: { name: 'sha-512' },
+  },
+  async generateKeyPair() {
+    return await generateKeyPair(ES512._keyAlgorithm);
+  },
+  async getSigner(privateKeyJWK: object) {
+    return await getSigner(
+      privateKeyJWK,
+      ES512._keyAlgorithm,
+      ES512._hashAlgorithm,
     );
+  },
-    return async (data: string, signatureBase64url: string) => {
-      const encoder = new TextEncoder();
-      const signature = Uint8Array.from(
-        atob(signatureBase64url.replace(/-/g, '+').replace(/_/g, '/')),
-        (c) => c.charCodeAt(0),
-      );
-      const isValid = await subtle.verify(
-        {
-          name: 'ECDSA',
-          hash: { name: 'sha-256' }, // Required for ES256
-        },
-        publicKey,
-        signature,
-        encoder.encode(data),
-      );
-      return isValid;
-    };
+  async getVerifier(publicKeyJWK: object) {
+    return await getVerifier(
+      publicKeyJWK,
+      ES512._keyAlgorithm,
+      ES512._hashAlgorithm,
+    );
   },
 };

package/src/test/crypto.spec.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { describe, expect, test } from 'vitest';
-import { digest, ES256, generateSalt } from '../index';
+import { digest, ES256, ES384, ES512, generateSalt } from '../index';
 // Extract the major version as a number
 const nodeVersionMajor = Number.parseInt(
@@ -34,22 +34,24 @@ describe('This file is for utility functions', () => {
     expect(s1.length).toBe(64);
   });
-  (nodeVersionMajor < 20 ? test.skip : test)('ES256', async () => {
-    const { privateKey, publicKey } = await ES256.generateKeyPair();
-    expect(privateKey).toBeDefined();
-    expect(publicKey).toBeDefined();
-    expect(typeof privateKey).toBe('object');
-    expect(typeof publicKey).toBe('object');
-    const data =
-      'In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase.';
-    const signer = await ES256.getSigner(privateKey);
-    const signature = await signer(data);
-    expect(signature).toBeDefined();
-    expect(typeof signature).toBe('string');
-    const verifier = await ES256.getVerifier(publicKey);
-    const result = await verifier(data, signature);
-    expect(result).toBe(true);
-  });
+  for (const algObj of [ES256, ES384, ES512]) {
+    (nodeVersionMajor < 20 ? test.skip : test)(algObj.alg, async () => {
+      const { privateKey, publicKey } = await algObj.generateKeyPair();
+      expect(privateKey).toBeDefined();
+      expect(publicKey).toBeDefined();
+      expect(typeof privateKey).toBe('object');
+      expect(typeof publicKey).toBe('object');
+      const data =
+        'In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase.';
+      const signer = await algObj.getSigner(privateKey);
+      const signature = await signer(data);
+      expect(signature).toBeDefined();
+      expect(typeof signature).toBe('string');
+      const verifier = await algObj.getVerifier(publicKey);
+      const result = await verifier(data, signature);
+      expect(result).toBe(true);
+    });
+  }
 });