npm - @sesamy/capsule-server - Versions diffs - 0.1.0 - Mend

@sesamy/capsule-server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,763 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AES_KEY_SIZE: () => AES_KEY_SIZE,
+  CapsuleServer: () => CapsuleServer,
+  CmsEncryptor: () => CmsEncryptor,
+  CmsServer: () => CmsServer,
+  DEFAULT_BUCKET_PERIOD_SECONDS: () => DEFAULT_BUCKET_PERIOD_SECONDS,
+  GCM_IV_SIZE: () => GCM_IV_SIZE,
+  GCM_TAG_LENGTH: () => GCM_TAG_LENGTH,
+  SubscriptionServer: () => SubscriptionServer,
+  TotpKeyProvider: () => TotpKeyProvider,
+  createApiEncryptor: () => createApiEncryptor,
+  createCapsule: () => createCapsule,
+  createCmsServer: () => createCmsServer,
+  createSubscriptionServer: () => createSubscriptionServer,
+  createTotpEncryptor: () => createTotpEncryptor,
+  createTotpKeyProvider: () => createTotpKeyProvider,
+  decryptContent: () => decryptContent,
+  deriveBucketKey: () => deriveBucketKey,
+  encryptContent: () => encryptContent,
+  generateDek: () => generateDek,
+  generateIv: () => generateIv,
+  generateMasterSecret: () => generateMasterSecret,
+  getBucketExpiration: () => getBucketExpiration,
+  getBucketId: () => getBucketId,
+  getBucketKey: () => getBucketKey,
+  getBucketKeys: () => getBucketKeys,
+  getCurrentBucket: () => getCurrentBucket,
+  getNextBucket: () => getNextBucket,
+  getPreviousBucket: () => getPreviousBucket,
+  hkdf: () => hkdf,
+  isBucketValid: () => isBucketValid,
+  unwrapDek: () => unwrapDek,
+  wrapDek: () => wrapDek
+});
+module.exports = __toCommonJS(index_exports);
+// src/encryption.ts
+var import_crypto = require("crypto");
+var GCM_IV_SIZE = 12;
+var GCM_TAG_LENGTH = 16;
+var AES_KEY_SIZE = 32;
+function generateDek() {
+  return (0, import_crypto.randomBytes)(AES_KEY_SIZE);
+}
+function generateIv() {
+  return (0, import_crypto.randomBytes)(GCM_IV_SIZE);
+}
+function encryptContent(content, dek, iv) {
+  const actualIv = iv ?? generateIv();
+  const plaintext = typeof content === "string" ? Buffer.from(content, "utf-8") : content;
+  const cipher = (0, import_crypto.createCipheriv)("aes-256-gcm", dek, actualIv, {
+    authTagLength: GCM_TAG_LENGTH
+  });
+  const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  const combined = Buffer.concat([encrypted, authTag]);
+  return {
+    encryptedContent: combined,
+    iv: actualIv
+  };
+}
+function decryptContent(encryptedContent, dek, iv) {
+  const ciphertext = encryptedContent.subarray(0, -GCM_TAG_LENGTH);
+  const authTag = encryptedContent.subarray(-GCM_TAG_LENGTH);
+  const decipher = (0, import_crypto.createDecipheriv)("aes-256-gcm", dek, iv, {
+    authTagLength: GCM_TAG_LENGTH
+  });
+  decipher.setAuthTag(authTag);
+  return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+}
+function wrapDek(dek, wrappingKey) {
+  const iv = generateIv();
+  const { encryptedContent } = encryptContent(dek, wrappingKey, iv);
+  return Buffer.concat([iv, encryptedContent]);
+}
+function unwrapDek(wrappedDek, wrappingKey) {
+  const iv = wrappedDek.subarray(0, GCM_IV_SIZE);
+  const encryptedContent = wrappedDek.subarray(GCM_IV_SIZE);
+  return decryptContent(encryptedContent, wrappingKey, iv);
+}
+// src/time-buckets.ts
+var import_crypto2 = require("crypto");
+var DEFAULT_BUCKET_PERIOD_SECONDS = 30;
+function hkdfExtract(ikm, salt) {
+  return (0, import_crypto2.createHmac)("sha256", salt).update(ikm).digest();
+}
+function hkdfExpand(prk, info, length) {
+  const hashLen = 32;
+  const n = Math.ceil(length / hashLen);
+  const okm = Buffer.alloc(n * hashLen);
+  let t = Buffer.alloc(0);
+  for (let i = 1; i <= n; i++) {
+    const hmac = (0, import_crypto2.createHmac)("sha256", prk);
+    hmac.update(t);
+    hmac.update(info);
+    hmac.update(Buffer.from([i]));
+    t = hmac.digest();
+    t.copy(okm, (i - 1) * hashLen);
+  }
+  return okm.subarray(0, length);
+}
+function hkdf(ikm, salt, info, length) {
+  const saltBuf = typeof salt === "string" ? Buffer.from(salt) : salt;
+  const infoBuf = typeof info === "string" ? Buffer.from(info) : info;
+  const prk = hkdfExtract(ikm, saltBuf);
+  return hkdfExpand(prk, infoBuf, length);
+}
+function getBucketId(timestampMs = Date.now(), bucketPeriodSeconds = DEFAULT_BUCKET_PERIOD_SECONDS) {
+  const timestampSec = Math.floor(timestampMs / 1e3);
+  const bucketNum = Math.floor(timestampSec / bucketPeriodSeconds);
+  return bucketNum.toString();
+}
+function getCurrentBucket(bucketPeriodSeconds = DEFAULT_BUCKET_PERIOD_SECONDS) {
+  return getBucketId(Date.now(), bucketPeriodSeconds);
+}
+function getNextBucket(bucketPeriodSeconds = DEFAULT_BUCKET_PERIOD_SECONDS) {
+  const current = parseInt(getCurrentBucket(bucketPeriodSeconds));
+  return (current + 1).toString();
+}
+function getPreviousBucket(bucketPeriodSeconds = DEFAULT_BUCKET_PERIOD_SECONDS) {
+  const current = parseInt(getCurrentBucket(bucketPeriodSeconds));
+  return (current - 1).toString();
+}
+function getBucketExpiration(bucketId, bucketPeriodSeconds = DEFAULT_BUCKET_PERIOD_SECONDS) {
+  const bucketNum = parseInt(bucketId);
+  const expiresAtMs = (bucketNum + 1) * bucketPeriodSeconds * 1e3;
+  return new Date(expiresAtMs);
+}
+function isBucketValid(bucketId, bucketPeriodSeconds = DEFAULT_BUCKET_PERIOD_SECONDS) {
+  const current = getCurrentBucket(bucketPeriodSeconds);
+  const next = getNextBucket(bucketPeriodSeconds);
+  const previous = getPreviousBucket(bucketPeriodSeconds);
+  return bucketId === current || bucketId === next || bucketId === previous;
+}
+function deriveBucketKey(masterSecret, keyId, bucketId) {
+  const info = `capsule-bucket-${keyId}`;
+  return hkdf(masterSecret, bucketId, info, 32);
+}
+function getBucketKey(masterSecret, keyId, bucketId, bucketPeriodSeconds = DEFAULT_BUCKET_PERIOD_SECONDS) {
+  return {
+    bucketId,
+    key: deriveBucketKey(masterSecret, keyId, bucketId),
+    expiresAt: getBucketExpiration(bucketId, bucketPeriodSeconds)
+  };
+}
+function getBucketKeys(masterSecret, keyId, bucketPeriodSeconds = DEFAULT_BUCKET_PERIOD_SECONDS) {
+  const currentBucketId = getCurrentBucket(bucketPeriodSeconds);
+  const nextBucketId = getNextBucket(bucketPeriodSeconds);
+  return {
+    current: getBucketKey(masterSecret, keyId, currentBucketId, bucketPeriodSeconds),
+    next: getBucketKey(masterSecret, keyId, nextBucketId, bucketPeriodSeconds)
+  };
+}
+function generateMasterSecret() {
+  return (0, import_crypto2.randomBytes)(32);
+}
+// src/capsule.ts
+var CmsServer = class {
+  constructor(options) {
+    if (!options.getKeys) {
+      throw new Error("CmsServer requires a getKeys function");
+    }
+    this.getKeys = options.getKeys;
+    this.logger = options.logger ?? (() => {
+    });
+  }
+  /**
+   * Encrypt content with envelope encryption.
+   *
+   * The content is encrypted once with a unique DEK, then the DEK is wrapped
+   * with multiple key-wrapping keys (one for each keyId).
+   *
+   * @param articleId - Unique article identifier
+   * @param content - Plaintext content to encrypt
+   * @param options - Encryption options
+   * @returns Encrypted article data
+   *
+   * @example
+   * ```typescript
+   * const encrypted = await cms.encrypt('article-123', '<p>Premium content...</p>', {
+   *   keyIds: ['premium', 'enterprise'],
+   * });
+   * ```
+   *
+   * Returns (format: 'json'):
+   * ```json
+   * {
+   *   "articleId": "article-123",
+   *   "encryptedContent": "base64...",  // AES-256-GCM encrypted content
+   *   "iv": "base64...",                 // 12-byte initialization vector
+   *   "wrappedKeys": [
+   *     {
+   *       "keyId": "premium:1737158400",
+   *       "wrappedDek": "base64...",     // DEK wrapped with this key
+   *       "expiresAt": "2025-01-18T01:00:00.000Z"
+   *     },
+   *     {
+   *       "keyId": "premium:1737158430",
+   *       "wrappedDek": "base64...",
+   *       "expiresAt": "2025-01-18T01:00:30.000Z"
+   *     }
+   *   ]
+   * }
+   * ```
+   */
+  async encrypt(articleId, content, options) {
+    const {
+      keyIds,
+      format = "json",
+      htmlTag = "div",
+      htmlClass,
+      placeholder = "Loading encrypted content..."
+    } = options;
+    if (!keyIds || keyIds.length === 0) {
+      throw new Error("At least one keyId is required");
+    }
+    this.logger(
+      `Encrypting article: ${articleId} with keys: ${keyIds.join(", ")}`,
+      "info"
+    );
+    const keyEntries = await this.getKeys(keyIds);
+    if (keyEntries.length === 0) {
+      throw new Error(`No keys returned for keyIds: ${keyIds.join(", ")}`);
+    }
+    const keyConfigs = keyEntries.map((entry) => ({
+      keyId: entry.keyId,
+      key: Buffer.isBuffer(entry.key) ? entry.key : Buffer.from(entry.key, "base64"),
+      expiresAt: entry.expiresAt ? entry.expiresAt instanceof Date ? entry.expiresAt : new Date(entry.expiresAt) : void 0
+    }));
+    this.logger(`Got ${keyConfigs.length} keys from provider`, "info");
+    const dek = generateDek();
+    const { encryptedContent, iv } = encryptContent(content, dek);
+    const wrappedKeys = keyConfigs.map((config) => ({
+      keyId: config.keyId,
+      wrappedDek: wrapDek(dek, config.key).toString("base64"),
+      expiresAt: config.expiresAt?.toISOString()
+    }));
+    const result = {
+      articleId,
+      encryptedContent: encryptedContent.toString("base64"),
+      iv: iv.toString("base64"),
+      wrappedKeys
+    };
+    this.logger(`Encrypted with ${wrappedKeys.length} wrapped keys`, "info");
+    if (format === "html") {
+      const json = JSON.stringify(result);
+      const classAttr = htmlClass ? ` class="${htmlClass}"` : "";
+      return `<${htmlTag}${classAttr} data-capsule='${this.escapeHtml(
+        json
+      )}' data-capsule-id="${articleId}">${placeholder}</${htmlTag}>`;
+    }
+    if (format === "html-template") {
+      return JSON.stringify(result);
+    }
+    return result;
+  }
+  /**
+   * Encrypt and return data in multiple formats for templates.
+   *
+   * @returns Object with all template formats:
+   * - data: The EncryptedArticle object
+   * - json: JSON string
+   * - attribute: HTML-escaped JSON for data attributes
+   * - html: Complete HTML element
+   */
+  async encryptForTemplate(articleId, content, options) {
+    const data = await this.encrypt(articleId, content, {
+      ...options,
+      format: "json"
+    });
+    const json = JSON.stringify(data);
+    return {
+      data,
+      json,
+      attribute: this.escapeHtml(json),
+      html: await this.encrypt(articleId, content, {
+        ...options,
+        format: "html"
+      })
+    };
+  }
+  /**
+   * Escape HTML special characters for safe attribute embedding.
+   */
+  escapeHtml(str) {
+    return str.replace(/&/g, "&amp;").replace(/'/g, "&#39;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+  }
+};
+function createCmsServer(options) {
+  return new CmsServer(options);
+}
+var TotpKeyProvider = class {
+  constructor(options) {
+    this.masterSecret = Buffer.isBuffer(options.masterSecret) ? options.masterSecret : Buffer.from(options.masterSecret, "base64");
+    this.bucketPeriodSeconds = options.bucketPeriodSeconds ?? DEFAULT_BUCKET_PERIOD_SECONDS;
+  }
+  /**
+   * Get keys for the given key IDs.
+   *
+   * For each keyId, returns two keys:
+   * - Current bucket key (e.g., "premium:1737158400")
+   * - Next bucket key (e.g., "premium:1737158430")
+   *
+   * This ensures content encrypted near a bucket boundary
+   * can still be decrypted after the bucket rotates.
+   */
+  async getKeys(keyIds) {
+    const entries = [];
+    for (const keyId of keyIds) {
+      const bucketKeys = getBucketKeys(
+        this.masterSecret,
+        keyId,
+        this.bucketPeriodSeconds
+      );
+      entries.push({
+        keyId: `${keyId}:${bucketKeys.current.bucketId}`,
+        key: bucketKeys.current.key,
+        expiresAt: bucketKeys.current.expiresAt
+      });
+      entries.push({
+        keyId: `${keyId}:${bucketKeys.next.bucketId}`,
+        key: bucketKeys.next.key,
+        expiresAt: bucketKeys.next.expiresAt
+      });
+    }
+    return entries;
+  }
+  /**
+   * Derive a static key for an article (no time bucket).
+   * Useful for per-article purchase access.
+   */
+  async getArticleKey(articleId) {
+    const key = deriveBucketKey(this.masterSecret, "article", articleId);
+    return {
+      keyId: `article:${articleId}`,
+      key
+    };
+  }
+};
+function createTotpKeyProvider(options) {
+  return new TotpKeyProvider(options);
+}
+var CapsuleServer = CmsServer;
+var createCapsule = createCmsServer;
+// src/cms.ts
+var CmsEncryptor = class {
+  constructor(options = {}) {
+    this.masterSecret = options.masterSecret ? Buffer.from(options.masterSecret, "base64") : null;
+    this.subscriptionServerUrl = options.subscriptionServerUrl ?? null;
+    this.apiKey = options.apiKey ?? null;
+    this.bucketPeriodSeconds = options.bucketPeriodSeconds ?? DEFAULT_BUCKET_PERIOD_SECONDS;
+    if (!this.masterSecret && !this.subscriptionServerUrl) {
+      throw new Error(
+        "CmsEncryptor requires either masterSecret (TOTP mode) or subscriptionServerUrl (API mode)"
+      );
+    }
+  }
+  /**
+   * Get bucket keys for a key ID.
+   *
+   * In TOTP mode: derives from master secret locally.
+   * In API mode: fetches from subscription server.
+   */
+  async getBucketKeys(keyId) {
+    if (this.masterSecret) {
+      return getBucketKeys(this.masterSecret, keyId, this.bucketPeriodSeconds);
+    }
+    if (!this.subscriptionServerUrl || !this.apiKey) {
+      throw new Error("API mode requires subscriptionServerUrl and apiKey");
+    }
+    const response = await fetch(
+      `${this.subscriptionServerUrl}/api/cms/bucket-keys`,
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${this.apiKey}`
+        },
+        body: JSON.stringify({ keyId })
+      }
+    );
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Failed to fetch bucket keys: ${error}`);
+    }
+    const data = await response.json();
+    return {
+      current: {
+        bucketId: data.current.bucketId,
+        key: Buffer.from(data.current.key, "base64"),
+        expiresAt: new Date(data.current.expiresAt)
+      },
+      next: {
+        bucketId: data.next.bucketId,
+        key: Buffer.from(data.next.key, "base64"),
+        expiresAt: new Date(data.next.expiresAt)
+      }
+    };
+  }
+  /**
+   * Encrypt article content with envelope encryption.
+   *
+   * The content is encrypted once with a unique DEK, then the DEK is wrapped
+   * with multiple key-wrapping keys for different unlock paths.
+   *
+   * @param articleId - Unique article identifier
+   * @param content - Plaintext content to encrypt
+   * @param keyConfigs - Array of key-wrapping configurations
+   * @returns Encrypted article with wrapped keys
+   */
+  encryptArticle(articleId, content, keyConfigs) {
+    if (keyConfigs.length === 0) {
+      throw new Error("At least one key configuration is required");
+    }
+    const dek = generateDek();
+    const { encryptedContent, iv } = encryptContent(content, dek);
+    const wrappedKeys = keyConfigs.map((config) => ({
+      keyId: config.keyId,
+      wrappedDek: wrapDek(dek, config.key).toString("base64"),
+      expiresAt: config.expiresAt?.toISOString()
+    }));
+    return {
+      articleId,
+      encryptedContent: encryptedContent.toString("base64"),
+      iv: iv.toString("base64"),
+      wrappedKeys
+    };
+  }
+  /**
+   * Encrypt article with tier-based time-bucket keys.
+   *
+   * Automatically gets current and next bucket keys for the specified tier,
+   * plus any additional static keys (e.g., per-article keys).
+   *
+   * @param articleId - Unique article identifier
+   * @param content - Plaintext content to encrypt
+   * @param tier - Subscription tier (e.g., "premium")
+   * @param additionalKeys - Optional additional key configurations (e.g., per-article keys)
+   */
+  async encryptArticleWithTier(articleId, content, tier, additionalKeys = []) {
+    const bucketKeys = await this.getBucketKeys(tier);
+    const keyConfigs = [
+      // Current bucket key
+      {
+        keyId: `${tier}:${bucketKeys.current.bucketId}`,
+        key: bucketKeys.current.key,
+        expiresAt: bucketKeys.current.expiresAt
+      },
+      // Next bucket key (handles clock drift)
+      {
+        keyId: `${tier}:${bucketKeys.next.bucketId}`,
+        key: bucketKeys.next.key,
+        expiresAt: bucketKeys.next.expiresAt
+      },
+      // Additional keys (e.g., per-article access)
+      ...additionalKeys
+    ];
+    return this.encryptArticle(articleId, content, keyConfigs);
+  }
+};
+function createTotpEncryptor(masterSecret, bucketPeriodSeconds = DEFAULT_BUCKET_PERIOD_SECONDS) {
+  const secret = typeof masterSecret === "string" ? masterSecret : masterSecret.toString("base64");
+  return new CmsEncryptor({
+    masterSecret: secret,
+    bucketPeriodSeconds
+  });
+}
+function createApiEncryptor(subscriptionServerUrl, apiKey) {
+  return new CmsEncryptor({
+    subscriptionServerUrl,
+    apiKey
+  });
+}
+// src/subscription-server.ts
+var import_crypto3 = require("crypto");
+function isNumericBucketId(str) {
+  return /^\d+$/.test(str);
+}
+var SubscriptionServer = class {
+  constructor(options) {
+    this.masterSecret = Buffer.isBuffer(options.masterSecret) ? options.masterSecret : Buffer.from(options.masterSecret, "base64");
+    this.bucketPeriodSeconds = options.bucketPeriodSeconds ?? DEFAULT_BUCKET_PERIOD_SECONDS;
+  }
+  /**
+   * Get bucket keys for a key ID (for CMS).
+   *
+   * Returns current and next bucket keys so CMS can encrypt
+   * content that works across bucket boundaries.
+   */
+  getBucketKeysForCms(keyId) {
+    return getBucketKeys(this.masterSecret, keyId, this.bucketPeriodSeconds);
+  }
+  /**
+   * Get bucket keys formatted for API response.
+   */
+  getBucketKeysResponse(keyId) {
+    const keys = this.getBucketKeysForCms(keyId);
+    return {
+      current: {
+        bucketId: keys.current.bucketId,
+        key: keys.current.key.toString("base64"),
+        expiresAt: keys.current.expiresAt.toISOString()
+      },
+      next: {
+        bucketId: keys.next.bucketId,
+        key: keys.next.key.toString("base64"),
+        expiresAt: keys.next.expiresAt.toISOString()
+      }
+    };
+  }
+  /**
+   * Validate that a bucket ID is current or adjacent.
+   */
+  isBucketValid(bucketId) {
+    return isBucketValid(bucketId, this.bucketPeriodSeconds);
+  }
+  /**
+   * Unwrap a DEK and re-wrap it with a user's RSA public key.
+   *
+   * This is the core unlock operation:
+   * 1. Parse the wrapped key to extract keyId and bucket info
+   * 2. Derive the key-wrapping key from master secret
+   * 3. Unwrap the DEK
+   * 4. Re-wrap with user's RSA public key
+   *
+   * @param wrappedKey - The wrapped key entry from the article
+   * @param userPublicKeyB64 - User's RSA public key (Base64 SPKI format)
+   * @param staticKeyLookup - Optional function to look up static keys (for per-article keys). Can be sync or async.
+   */
+  async unlockForUser(wrappedKey, userPublicKeyB64, staticKeyLookup) {
+    const { keyId, wrappedDek } = wrappedKey;
+    const wrappedDekBuffer = Buffer.from(wrappedDek, "base64");
+    let keyWrappingKey;
+    let expiresAt;
+    if (staticKeyLookup) {
+      const staticKey = await Promise.resolve(staticKeyLookup(keyId));
+      if (staticKey) {
+        keyWrappingKey = staticKey;
+        const currentBucket = getCurrentBucket(this.bucketPeriodSeconds);
+        expiresAt = getBucketExpiration(
+          currentBucket,
+          this.bucketPeriodSeconds
+        );
+        return this.unwrapAndRewrap(
+          wrappedDekBuffer,
+          keyWrappingKey,
+          userPublicKeyB64,
+          keyId,
+          void 0,
+          expiresAt
+        );
+      }
+    }
+    const colonIndex = keyId.lastIndexOf(":");
+    if (colonIndex === -1) {
+      throw new Error(
+        `Invalid keyId format: ${keyId}. Expected 'tier:bucketId' or use staticKeyLookup for static keys.`
+      );
+    }
+    const baseKeyId = keyId.substring(0, colonIndex);
+    const suffix = keyId.substring(colonIndex + 1);
+    if (!isNumericBucketId(suffix)) {
+      throw new Error(
+        `No static key found for '${keyId}' and suffix '${suffix}' is not a valid bucket ID. Provide a staticKeyLookup function.`
+      );
+    }
+    const bucketId = suffix;
+    if (!this.isBucketValid(bucketId)) {
+      throw new Error(`Bucket ${bucketId} is expired or invalid`);
+    }
+    keyWrappingKey = deriveBucketKey(this.masterSecret, baseKeyId, bucketId);
+    expiresAt = getBucketExpiration(bucketId, this.bucketPeriodSeconds);
+    return this.unwrapAndRewrap(
+      wrappedDekBuffer,
+      keyWrappingKey,
+      userPublicKeyB64,
+      keyId,
+      bucketId,
+      expiresAt
+    );
+  }
+  /**
+   * Internal helper to unwrap DEK and re-wrap with user's public key.
+   */
+  async unwrapAndRewrap(wrappedDekBuffer, keyWrappingKey, userPublicKeyB64, keyId, bucketId, expiresAt) {
+    const dek = unwrapDek(wrappedDekBuffer, keyWrappingKey);
+    const publicKeyPem = this.convertToPem(userPublicKeyB64);
+    const pubKey = (0, import_crypto3.createPublicKey)(publicKeyPem);
+    const encryptedDek = (0, import_crypto3.publicEncrypt)(
+      {
+        key: pubKey,
+        padding: import_crypto3.constants.RSA_PKCS1_OAEP_PADDING,
+        oaepHash: "sha256"
+      },
+      dek
+    );
+    return {
+      encryptedDek: encryptedDek.toString("base64"),
+      keyId,
+      bucketId,
+      expiresAt: expiresAt.toISOString()
+    };
+  }
+  /**
+   * Simple unlock when you already have the key-wrapping key.
+   * Used when the unlock logic is separate from bucket key derivation.
+   */
+  wrapDekForUser(dek, userPublicKeyB64, keyId, expiresAt) {
+    const publicKeyPem = this.convertToPem(userPublicKeyB64);
+    const pubKey = (0, import_crypto3.createPublicKey)(publicKeyPem);
+    const encryptedDek = (0, import_crypto3.publicEncrypt)(
+      {
+        key: pubKey,
+        padding: import_crypto3.constants.RSA_PKCS1_OAEP_PADDING,
+        oaepHash: "sha256"
+      },
+      dek
+    );
+    let bucketId;
+    const colonIndex = keyId.lastIndexOf(":");
+    if (colonIndex !== -1) {
+      const suffix = keyId.substring(colonIndex + 1);
+      if (isNumericBucketId(suffix)) {
+        bucketId = suffix;
+      }
+    }
+    return {
+      encryptedDek: encryptedDek.toString("base64"),
+      keyId,
+      bucketId,
+      expiresAt: expiresAt.toISOString()
+    };
+  }
+  /**
+   * Get the key-wrapping key for a bucket key ID.
+   * Useful when you need the raw key for custom logic.
+   */
+  getBucketKey(keyId, bucketId) {
+    return deriveBucketKey(this.masterSecret, keyId, bucketId);
+  }
+  /**
+   * Get the key-wrapping key for a tier, wrapped with user's RSA public key.
+   *
+   * This enables "unlock once, access all" for tier content:
+   * - Client receives the AES-KW key (not the DEK)
+   * - Client can unwrap any article's DEK locally
+   * - No per-article unlock requests needed
+   *
+   * @param tier - The tier name (e.g., "premium")
+   * @param bucketId - The bucket ID to get the key for
+   * @param userPublicKeyB64 - User's RSA public key (Base64 SPKI format)
+   */
+  getTierKeyForUser(tier, bucketId, userPublicKeyB64) {
+    if (!this.isBucketValid(bucketId)) {
+      throw new Error(`Bucket ${bucketId} is expired or invalid`);
+    }
+    const keyWrappingKey = deriveBucketKey(this.masterSecret, tier, bucketId);
+    const expiresAt = getBucketExpiration(bucketId, this.bucketPeriodSeconds);
+    const publicKeyPem = this.convertToPem(userPublicKeyB64);
+    const pubKey = (0, import_crypto3.createPublicKey)(publicKeyPem);
+    const encryptedKey = (0, import_crypto3.publicEncrypt)(
+      {
+        key: pubKey,
+        padding: import_crypto3.constants.RSA_PKCS1_OAEP_PADDING,
+        oaepHash: "sha256"
+      },
+      keyWrappingKey
+    );
+    return {
+      encryptedDek: encryptedKey.toString("base64"),
+      // Actually the KEK, not DEK
+      keyId: `${tier}:${bucketId}`,
+      bucketId,
+      expiresAt: expiresAt.toISOString()
+    };
+  }
+  /**
+   * Convert Base64 SPKI to PEM format for Node.js crypto.
+   */
+  convertToPem(publicKeyB64) {
+    const keyDer = Buffer.from(publicKeyB64, "base64");
+    const base64Lines = [];
+    const base64 = keyDer.toString("base64");
+    for (let i = 0; i < base64.length; i += 64) {
+      base64Lines.push(base64.slice(i, i + 64));
+    }
+    return `-----BEGIN PUBLIC KEY-----
+${base64Lines.join(
+      "\n"
+    )}
+-----END PUBLIC KEY-----`;
+  }
+};
+function createSubscriptionServer(optionsOrSecret, bucketPeriodSeconds = DEFAULT_BUCKET_PERIOD_SECONDS) {
+  if (typeof optionsOrSecret === "object" && !Buffer.isBuffer(optionsOrSecret)) {
+    return new SubscriptionServer(optionsOrSecret);
+  }
+  const secret = typeof optionsOrSecret === "string" ? optionsOrSecret : optionsOrSecret.toString("base64");
+  return new SubscriptionServer({
+    masterSecret: secret,
+    bucketPeriodSeconds
+  });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AES_KEY_SIZE,
+  CapsuleServer,
+  CmsEncryptor,
+  CmsServer,
+  DEFAULT_BUCKET_PERIOD_SECONDS,
+  GCM_IV_SIZE,
+  GCM_TAG_LENGTH,
+  SubscriptionServer,
+  TotpKeyProvider,
+  createApiEncryptor,
+  createCapsule,
+  createCmsServer,
+  createSubscriptionServer,
+  createTotpEncryptor,
+  createTotpKeyProvider,
+  decryptContent,
+  deriveBucketKey,
+  encryptContent,
+  generateDek,
+  generateIv,
+  generateMasterSecret,
+  getBucketExpiration,
+  getBucketId,
+  getBucketKey,
+  getBucketKeys,
+  getCurrentBucket,
+  getNextBucket,
+  getPreviousBucket,
+  hkdf,
+  isBucketValid,
+  unwrapDek,
+  wrapDek
+});