@signalapp/libsignal-client 0.60.0 → 0.60.2

package/Native.d.ts

@@ -143,6 +143,8 @@ type Serialized<T> = Buffer;
 export function registerErrors(errorsModule: Record<string, unknown>): void;
 
 export const enum LogLevel { Error = 1, Warn, Info, Debug, Trace }
+export function AccountEntropyPool_DeriveBackupKey(accountEntropy: string): Buffer;
+export function AccountEntropyPool_DeriveSvrKey(accountEntropy: string): Buffer;
 export function AccountEntropyPool_Generate(): string;
 export function Aes256GcmSiv_Decrypt(aesGcmSiv: Wrapper<Aes256GcmSiv>, ctext: Buffer, nonce: Buffer, associatedData: Buffer): Buffer;
 export function Aes256GcmSiv_Encrypt(aesGcmSivObj: Wrapper<Aes256GcmSiv>, ptext: Buffer, nonce: Buffer, associatedData: Buffer): Buffer;
@@ -170,6 +172,12 @@ export function BackupAuthCredential_GetBackupId(credentialBytes: Buffer): Buffe
 export function BackupAuthCredential_GetBackupLevel(credentialBytes: Buffer): number;
 export function BackupAuthCredential_GetType(credentialBytes: Buffer): number;
 export function BackupAuthCredential_PresentDeterministic(credentialBytes: Buffer, serverParamsBytes: Buffer, randomness: Buffer): Buffer;
+export function BackupKey_DeriveBackupId(backupKey: Buffer, aci: Buffer): Buffer;
+export function BackupKey_DeriveEcKey(backupKey: Buffer, aci: Buffer): PrivateKey;
+export function BackupKey_DeriveLocalBackupMetadataKey(backupKey: Buffer): Buffer;
+export function BackupKey_DeriveMediaEncryptionKey(backupKey: Buffer, mediaId: Buffer): Buffer;
+export function BackupKey_DeriveMediaId(backupKey: Buffer, mediaName: string): Buffer;
+export function BackupKey_DeriveThumbnailTransitEncryptionKey(backupKey: Buffer, mediaId: Buffer): Buffer;
 export function CallLinkAuthCredentialPresentation_CheckValidContents(presentationBytes: Buffer): void;
 export function CallLinkAuthCredentialPresentation_GetUserId(presentationBytes: Buffer): Serialized<UuidCiphertext>;
 export function CallLinkAuthCredentialPresentation_Verify(presentationBytes: Buffer, now: Timestamp, serverParamsBytes: Buffer, callLinkParamsBytes: Buffer): void;
@@ -314,6 +322,8 @@ export function LookupRequest_setToken(request: Wrapper<LookupRequest>, token: B
 export function MessageBackupKey_FromAccountEntropyPool(accountEntropy: string, aci: Buffer): MessageBackupKey;
 export function MessageBackupKey_FromBackupKeyAndBackupId(backupKey: Buffer, backupId: Buffer): MessageBackupKey;
 export function MessageBackupKey_FromMasterKey(masterKey: Buffer, aci: Buffer): MessageBackupKey;
+export function MessageBackupKey_GetAesKey(key: Wrapper<MessageBackupKey>): Buffer;
+export function MessageBackupKey_GetHmacKey(key: Wrapper<MessageBackupKey>): Buffer;
 export function MessageBackupValidator_Validate(key: Wrapper<MessageBackupKey>, firstStream: InputStream, secondStream: InputStream, len: bigint, purpose: number): Promise<MessageBackupValidationOutcome>;
 export function MinidumpToJSONString(buffer: Buffer): string;
 export function Mp4Sanitizer_Sanitize(input: InputStream, len: bigint): Promise<SanitizedMetadata>;

package/dist/AccountKeys.d.ts

@@ -1,3 +1,7 @@
+/// <reference types="node" />
+import ByteArray from './zkgroup/internal/ByteArray';
+import { Aci } from './Address';
+import { PrivateKey } from './EcKeys';
 /**
  * The randomly-generated user-memorized entropy used to derive the backup key,
  *    with other possible future uses.
@@ -6,10 +10,87 @@
  */
 export declare class AccountEntropyPool {
     /**
-     * Randomly generates an Account Entropy Pool and returns the cannonical string
+     * Randomly generates an Account Entropy Pool and returns the canonical string
      *  representation of that pool.
      *
      * @returns cryptographically random 64 character string of characters a-z, 0-9
      */
     static generate(): string;
+    /**
+     * Derives an SVR key from the given account entropy pool.
+     *
+     * `accountEntropyPool` must be a **validated** account entropy pool;
+     * passing an arbitrary string here is considered a programmer error.
+     */
+    static deriveSvrKey(accountEntropyPool: string): Buffer;
+    /**
+     * Derives a backup key from the given account entropy pool.
+     *
+     * `accountEntropyPool` must be a **validated** account entropy pool;
+     * passing an arbitrary string here is considered a programmer error.
+     *
+     * @see {@link BackupKey.generateRandom}
+     */
+    static deriveBackupKey(accountEntropyPool: string): BackupKey;
+}
+/**
+ * A key used for many aspects of backups.
+ *
+ * Clients are typically concerned with two long-lived keys: a "messages" key (sometimes called "the
+ * root backup key" or just "the backup key") that's derived from an {@link AccountEntropyPool}, and
+ * a "media" key (formally the "media root backup key") that's not derived from anything else.
+ */
+export declare class BackupKey extends ByteArray {
+    private readonly __type?;
+    static SIZE: number;
+    constructor(contents: Buffer);
+    /**
+     * Generates a random backup key.
+     *
+     * Useful for tests and for the media root backup key, which is not derived from anything else.
+     *
+     * @see {@link AccountEntropyPool.deriveBackupKey}
+     */
+    static generateRandom(): BackupKey;
+    /**
+     * Derives the backup ID to use given the current device's ACI.
+     *
+     * Used for both message and media backups.
+     */
+    deriveBackupId(aci: Aci): Buffer;
+    /**
+     * Derives the backup EC key to use given the current device's ACI.
+     *
+     * Used for both message and media backups.
+     */
+    deriveEcKey(aci: Aci): PrivateKey;
+    /**
+     * Derives the AES key used for encrypted fields in local backup metadata.
+     *
+     * Only relevant for message backup keys.
+     */
+    deriveLocalBackupMetadataKey(): Buffer;
+    /**
+     * Derives the ID for uploading media with the name `mediaName`.
+     *
+     * Only relevant for media backup keys.
+     */
+    deriveMediaId(mediaName: string): Buffer;
+    /**
+     * Derives the composite encryption key for re-encrypting media with the given ID.
+     *
+     * This is a concatenation of an HMAC key (32 bytes) and an AES-CBC key (also 32 bytes).
+     *
+     * Only relevant for media backup keys.
+     */
+    deriveMediaEncryptionKey(mediaId: Buffer): Buffer;
+    /**
+     * Derives the composite encryption key for uploading thumbnails with the given ID to the "transit
+     * tier" CDN.
+     *
+     * This is a concatenation of an HMAC key (32 bytes) and an AES-CBC key (also 32 bytes).
+     *
+     * Only relevant for media backup keys.
+     */
+    deriveThumbnailTransitEncryptionKey(mediaId: Buffer): Buffer;
 }

package/dist/AccountKeys.js

@@ -4,7 +4,7 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AccountEntropyPool = void 0;
+exports.BackupKey = exports.AccountEntropyPool = void 0;
 /**
  * Cryptographic hashing, randomness generation, etc. related to SVR/Backup Keys.
  *
@@ -12,7 +12,10 @@ exports.AccountEntropyPool = void 0;
  *
  * @module AccountKeys
  */
+const crypto = require("node:crypto");
 const Native = require("../Native");
+const ByteArray_1 = require("./zkgroup/internal/ByteArray");
+const EcKeys_1 = require("./EcKeys");
 /**
  * The randomly-generated user-memorized entropy used to derive the backup key,
  *    with other possible future uses.
@@ -21,7 +24,7 @@ const Native = require("../Native");
  */
 class AccountEntropyPool {
     /**
-     * Randomly generates an Account Entropy Pool and returns the cannonical string
+     * Randomly generates an Account Entropy Pool and returns the canonical string
      *  representation of that pool.
      *
      * @returns cryptographically random 64 character string of characters a-z, 0-9
@@ -29,6 +32,104 @@ class AccountEntropyPool {
     static generate() {
         return Native.AccountEntropyPool_Generate();
     }
+    /**
+     * Derives an SVR key from the given account entropy pool.
+     *
+     * `accountEntropyPool` must be a **validated** account entropy pool;
+     * passing an arbitrary string here is considered a programmer error.
+     */
+    static deriveSvrKey(accountEntropyPool) {
+        return Native.AccountEntropyPool_DeriveSvrKey(accountEntropyPool);
+    }
+    /**
+     * Derives a backup key from the given account entropy pool.
+     *
+     * `accountEntropyPool` must be a **validated** account entropy pool;
+     * passing an arbitrary string here is considered a programmer error.
+     *
+     * @see {@link BackupKey.generateRandom}
+     */
+    static deriveBackupKey(accountEntropyPool) {
+        return new BackupKey(Native.AccountEntropyPool_DeriveBackupKey(accountEntropyPool));
+    }
 }
 exports.AccountEntropyPool = AccountEntropyPool;
+/**
+ * A key used for many aspects of backups.
+ *
+ * Clients are typically concerned with two long-lived keys: a "messages" key (sometimes called "the
+ * root backup key" or just "the backup key") that's derived from an {@link AccountEntropyPool}, and
+ * a "media" key (formally the "media root backup key") that's not derived from anything else.
+ */
+class BackupKey extends ByteArray_1.default {
+    constructor(contents) {
+        super(contents, BackupKey.checkLength(BackupKey.SIZE));
+    }
+    /**
+     * Generates a random backup key.
+     *
+     * Useful for tests and for the media root backup key, which is not derived from anything else.
+     *
+     * @see {@link AccountEntropyPool.deriveBackupKey}
+     */
+    static generateRandom() {
+        const bytes = crypto.randomBytes(BackupKey.SIZE);
+        return new BackupKey(bytes);
+    }
+    /**
+     * Derives the backup ID to use given the current device's ACI.
+     *
+     * Used for both message and media backups.
+     */
+    deriveBackupId(aci) {
+        return Native.BackupKey_DeriveBackupId(this.contents, aci.getServiceIdFixedWidthBinary());
+    }
+    /**
+     * Derives the backup EC key to use given the current device's ACI.
+     *
+     * Used for both message and media backups.
+     */
+    deriveEcKey(aci) {
+        return EcKeys_1.PrivateKey._fromNativeHandle(Native.BackupKey_DeriveEcKey(this.contents, aci.getServiceIdFixedWidthBinary()));
+    }
+    /**
+     * Derives the AES key used for encrypted fields in local backup metadata.
+     *
+     * Only relevant for message backup keys.
+     */
+    deriveLocalBackupMetadataKey() {
+        return Native.BackupKey_DeriveLocalBackupMetadataKey(this.contents);
+    }
+    /**
+     * Derives the ID for uploading media with the name `mediaName`.
+     *
+     * Only relevant for media backup keys.
+     */
+    deriveMediaId(mediaName) {
+        return Native.BackupKey_DeriveMediaId(this.contents, mediaName);
+    }
+    /**
+     * Derives the composite encryption key for re-encrypting media with the given ID.
+     *
+     * This is a concatenation of an HMAC key (32 bytes) and an AES-CBC key (also 32 bytes).
+     *
+     * Only relevant for media backup keys.
+     */
+    deriveMediaEncryptionKey(mediaId) {
+        return Native.BackupKey_DeriveMediaEncryptionKey(this.contents, mediaId);
+    }
+    /**
+     * Derives the composite encryption key for uploading thumbnails with the given ID to the "transit
+     * tier" CDN.
+     *
+     * This is a concatenation of an HMAC key (32 bytes) and an AES-CBC key (also 32 bytes).
+     *
+     * Only relevant for media backup keys.
+     */
+    deriveThumbnailTransitEncryptionKey(mediaId) {
+        return Native.BackupKey_DeriveThumbnailTransitEncryptionKey(this.contents, mediaId);
+    }
+}
+exports.BackupKey = BackupKey;
+BackupKey.SIZE = 32;
 //# sourceMappingURL=AccountKeys.js.map

package/dist/EcKeys.d.ts

@@ -0,0 +1,33 @@
+/// <reference types="node" />
+import * as Native from '../Native';
+export declare class PublicKey {
+    readonly _nativeHandle: Native.PublicKey;
+    private constructor();
+    static _fromNativeHandle(handle: Native.PublicKey): PublicKey;
+    static deserialize(buf: Buffer): PublicKey;
+    compare(other: PublicKey): number;
+    serialize(): Buffer;
+    getPublicKeyBytes(): Buffer;
+    verify(msg: Buffer, sig: Buffer): boolean;
+    verifyAlternateIdentity(other: PublicKey, signature: Buffer): boolean;
+}
+export declare class PrivateKey {
+    readonly _nativeHandle: Native.PrivateKey;
+    private constructor();
+    static _fromNativeHandle(handle: Native.PrivateKey): PrivateKey;
+    static generate(): PrivateKey;
+    static deserialize(buf: Buffer): PrivateKey;
+    serialize(): Buffer;
+    sign(msg: Buffer): Buffer;
+    agree(other_key: PublicKey): Buffer;
+    getPublicKey(): PublicKey;
+}
+export declare class IdentityKeyPair {
+    readonly publicKey: PublicKey;
+    readonly privateKey: PrivateKey;
+    constructor(publicKey: PublicKey, privateKey: PrivateKey);
+    static generate(): IdentityKeyPair;
+    static deserialize(buffer: Buffer): IdentityKeyPair;
+    serialize(): Buffer;
+    signAlternateIdentity(other: PublicKey): Buffer;
+}

package/dist/EcKeys.js

@@ -0,0 +1,85 @@
+"use strict";
+//
+// Copyright 2020-2022 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IdentityKeyPair = exports.PrivateKey = exports.PublicKey = void 0;
+const Native = require("../Native");
+class PublicKey {
+    constructor(handle) {
+        this._nativeHandle = handle;
+    }
+    static _fromNativeHandle(handle) {
+        return new PublicKey(handle);
+    }
+    static deserialize(buf) {
+        return new PublicKey(Native.PublicKey_Deserialize(buf));
+    }
+    /// Returns -1, 0, or 1
+    compare(other) {
+        return Native.PublicKey_Compare(this, other);
+    }
+    serialize() {
+        return Native.PublicKey_Serialize(this);
+    }
+    getPublicKeyBytes() {
+        return Native.PublicKey_GetPublicKeyBytes(this);
+    }
+    verify(msg, sig) {
+        return Native.PublicKey_Verify(this, msg, sig);
+    }
+    verifyAlternateIdentity(other, signature) {
+        return Native.IdentityKey_VerifyAlternateIdentity(this, other, signature);
+    }
+}
+exports.PublicKey = PublicKey;
+class PrivateKey {
+    constructor(handle) {
+        this._nativeHandle = handle;
+    }
+    static _fromNativeHandle(handle) {
+        return new PrivateKey(handle);
+    }
+    static generate() {
+        return new PrivateKey(Native.PrivateKey_Generate());
+    }
+    static deserialize(buf) {
+        return new PrivateKey(Native.PrivateKey_Deserialize(buf));
+    }
+    serialize() {
+        return Native.PrivateKey_Serialize(this);
+    }
+    sign(msg) {
+        return Native.PrivateKey_Sign(this, msg);
+    }
+    agree(other_key) {
+        return Native.PrivateKey_Agree(this, other_key);
+    }
+    getPublicKey() {
+        return PublicKey._fromNativeHandle(Native.PrivateKey_GetPublicKey(this));
+    }
+}
+exports.PrivateKey = PrivateKey;
+class IdentityKeyPair {
+    constructor(publicKey, privateKey) {
+        this.publicKey = publicKey;
+        this.privateKey = privateKey;
+    }
+    static generate() {
+        const privateKey = PrivateKey.generate();
+        return new IdentityKeyPair(privateKey.getPublicKey(), privateKey);
+    }
+    static deserialize(buffer) {
+        const { privateKey, publicKey } = Native.IdentityKeyPair_Deserialize(buffer);
+        return new IdentityKeyPair(PublicKey._fromNativeHandle(publicKey), PrivateKey._fromNativeHandle(privateKey));
+    }
+    serialize() {
+        return Native.IdentityKeyPair_Serialize(this.publicKey, this.privateKey);
+    }
+    signAlternateIdentity(other) {
+        return Native.IdentityKeyPair_SignAlternateIdentity(this.publicKey, this.privateKey, other);
+    }
+}
+exports.IdentityKeyPair = IdentityKeyPair;
+//# sourceMappingURL=EcKeys.js.map

package/dist/MessageBackup.d.ts

@@ -5,6 +5,7 @@
  * @module MessageBackup
  */
 import * as Native from '../Native';
+import { BackupKey } from './AccountKeys';
 import { Aci } from './Address';
 import { InputStream } from './io';
 export type InputStreamFactory = () => InputStream;
@@ -33,11 +34,13 @@ export type MessageBackupKeyInput = Readonly<{
     accountEntropy: string;
     aci: Aci;
 } | {
-    backupKey: Buffer;
+    backupKey: BackupKey | Buffer;
     backupId: Buffer;
 }>;
 /**
  * Key used to encrypt and decrypt a message backup bundle.
+ *
+ * @see {@link BackupKey}
  */
 export declare class MessageBackupKey {
     readonly _nativeHandle: Native.MessageBackupKey;
@@ -60,6 +63,10 @@ export declare class MessageBackupKey {
      * a programmer error. Similarly, passing a backup key or ID of the wrong length is also an error.
      */
     constructor(input: MessageBackupKeyInput);
+    /** An HMAC key used to sign a backup file. */
+    get hmacKey(): Buffer;
+    /** An AES-256-CBC key used to encrypt a backup file. */
+    get aesKey(): Buffer;
 }
 export declare enum Purpose {
     DeviceTransfer = 0,

package/dist/MessageBackup.js

@@ -11,6 +11,7 @@ exports.ComparableBackup = exports.validate = exports.Purpose = exports.MessageB
  * @module MessageBackup
  */
 const Native = require("../Native");
+const AccountKeys_1 = require("./AccountKeys");
 /**
  * Result of validating a message backup bundle.
  */
@@ -32,6 +33,8 @@ class ValidationOutcome {
 exports.ValidationOutcome = ValidationOutcome;
 /**
  * Key used to encrypt and decrypt a message backup bundle.
+ *
+ * @see {@link BackupKey}
  */
 class MessageBackupKey {
     constructor(inputOrMasterKeyBytes, maybeAci) {
@@ -45,10 +48,22 @@ class MessageBackupKey {
             this._nativeHandle = Native.MessageBackupKey_FromAccountEntropyPool(accountEntropy, aci.getServiceIdFixedWidthBinary());
         }
         else {
-            const { backupKey, backupId } = inputOrMasterKeyBytes;
+            const { backupId } = inputOrMasterKeyBytes;
+            let { backupKey } = inputOrMasterKeyBytes;
+            if (backupKey instanceof AccountKeys_1.BackupKey) {
+                backupKey = backupKey.contents;
+            }
             this._nativeHandle = Native.MessageBackupKey_FromBackupKeyAndBackupId(backupKey, backupId);
         }
     }
+    /** An HMAC key used to sign a backup file. */
+    get hmacKey() {
+        return Native.MessageBackupKey_GetHmacKey(this);
+    }
+    /** An AES-256-CBC key used to encrypt a backup file. */
+    get aesKey() {
+        return Native.MessageBackupKey_GetAesKey(this);
+    }
 }
 exports.MessageBackupKey = MessageBackupKey;
 // This must match the Rust version of the enum.

package/dist/acknowledgments.md

@@ -669,7 +669,7 @@ For more information on this, and how to apply and follow the GNU AGPL, see
 
 ```
 
-## libsignal-account-keys 0.1.0, attest 0.1.0, libsignal-ffi 0.60.0, libsignal-jni 0.60.0, libsignal-jni-testing 0.60.0, libsignal-node 0.60.0, signal-neon-futures 0.1.0, signal-neon-futures-tests 0.1.0, libsignal-bridge 0.1.0, libsignal-bridge-macros 0.1.0, libsignal-bridge-testing 0.1.0, libsignal-bridge-types 0.1.0, libsignal-core 0.1.0, signal-crypto 0.1.0, device-transfer 0.1.0, libsignal-keytrans 0.0.1, signal-media 0.1.0, libsignal-message-backup 0.1.0, libsignal-message-backup-macros 0.1.0, libsignal-net 0.1.0, libsignal-net-infra 0.1.0, poksho 0.7.0, libsignal-protocol 0.1.0, libsignal-svr3 0.1.0, usernames 0.1.0, zkcredential 0.1.0, zkgroup 0.9.0
+## libsignal-account-keys 0.1.0, attest 0.1.0, libsignal-ffi 0.60.2, libsignal-jni 0.60.2, libsignal-jni-testing 0.60.2, libsignal-node 0.60.2, signal-neon-futures 0.1.0, signal-neon-futures-tests 0.1.0, libsignal-bridge 0.1.0, libsignal-bridge-macros 0.1.0, libsignal-bridge-testing 0.1.0, libsignal-bridge-types 0.1.0, libsignal-core 0.1.0, signal-crypto 0.1.0, device-transfer 0.1.0, libsignal-keytrans 0.0.1, signal-media 0.1.0, libsignal-message-backup 0.1.0, libsignal-message-backup-macros 0.1.0, libsignal-net 0.1.0, libsignal-net-infra 0.1.0, poksho 0.7.0, libsignal-protocol 0.1.0, libsignal-svr3 0.1.0, usernames 0.1.0, zkcredential 0.1.0, zkgroup 0.9.0
 
 ```
 GNU AFFERO GENERAL PUBLIC LICENSE

package/dist/index.d.ts

@@ -2,6 +2,8 @@
 export * from './Errors';
 import { Aci, ProtocolAddress, ServiceId } from './Address';
 export * from './Address';
+import { PrivateKey, PublicKey } from './EcKeys';
+export * from './EcKeys';
 export * as usernames from './usernames';
 export * as io from './io';
 export * as Net from './net';
@@ -59,28 +61,6 @@ export declare class Aes256GcmSiv {
     encrypt(message: Buffer, nonce: Buffer, associated_data: Buffer): Buffer;
     decrypt(message: Buffer, nonce: Buffer, associated_data: Buffer): Buffer;
 }
-export declare class PublicKey {
-    readonly _nativeHandle: Native.PublicKey;
-    private constructor();
-    static _fromNativeHandle(handle: Native.PublicKey): PublicKey;
-    static deserialize(buf: Buffer): PublicKey;
-    compare(other: PublicKey): number;
-    serialize(): Buffer;
-    getPublicKeyBytes(): Buffer;
-    verify(msg: Buffer, sig: Buffer): boolean;
-    verifyAlternateIdentity(other: PublicKey, signature: Buffer): boolean;
-}
-export declare class PrivateKey {
-    readonly _nativeHandle: Native.PrivateKey;
-    private constructor();
-    static _fromNativeHandle(handle: Native.PrivateKey): PrivateKey;
-    static generate(): PrivateKey;
-    static deserialize(buf: Buffer): PrivateKey;
-    serialize(): Buffer;
-    sign(msg: Buffer): Buffer;
-    agree(other_key: PublicKey): Buffer;
-    getPublicKey(): PublicKey;
-}
 export declare class KEMPublicKey {
     readonly _nativeHandle: Native.KyberPublicKey;
     private constructor();
@@ -103,15 +83,6 @@ export declare class KEMKeyPair {
     getPublicKey(): KEMPublicKey;
     getSecretKey(): KEMSecretKey;
 }
-export declare class IdentityKeyPair {
-    readonly publicKey: PublicKey;
-    readonly privateKey: PrivateKey;
-    constructor(publicKey: PublicKey, privateKey: PrivateKey);
-    static generate(): IdentityKeyPair;
-    static deserialize(buffer: Buffer): IdentityKeyPair;
-    serialize(): Buffer;
-    signAlternateIdentity(other: PublicKey): Buffer;
-}
 export declare class PreKeyBundle {
     readonly _nativeHandle: Native.PreKeyBundle;
     private constructor();

package/dist/index.js

@@ -18,13 +18,15 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.signalDecryptPreKey = exports.signalDecrypt = exports.signalEncrypt = exports.processPreKeyBundle = exports.DecryptionErrorMessage = exports.PlaintextContent = exports.CiphertextMessage = exports.SealedSenderDecryptionResult = exports.groupDecrypt = exports.groupEncrypt = exports.SenderKeyStore = exports.KyberPreKeyStore = exports.SignedPreKeyStore = exports.PreKeyStore = exports.IdentityKeyStore = exports.SessionStore = exports.UnidentifiedSenderMessageContent = exports.SenderKeyMessage = exports.processSenderKeyDistributionMessage = exports.SenderKeyDistributionMessage = exports.SenderCertificate = exports.SenderKeyRecord = exports.ServerCertificate = exports.SessionRecord = exports.PreKeySignalMessage = exports.SignalMessage = exports.KyberPreKeyRecord = exports.SignedPreKeyRecord = exports.PreKeyRecord = exports.PreKeyBundle = exports.IdentityKeyPair = exports.KEMKeyPair = exports.KEMSecretKey = exports.KEMPublicKey = exports.PrivateKey = exports.PublicKey = exports.Aes256GcmSiv = exports.Fingerprint = exports.DisplayableFingerprint = exports.ScannableFingerprint = exports.hkdf = exports.HKDF = exports.ContentHint = exports.Direction = exports.CiphertextMessageType = exports.WebpSanitizer = exports.Mp4Sanitizer = exports.Net = exports.io = exports.usernames = void 0;
-exports.initLogger = exports.LogLevel = exports.HsmEnclaveClient = exports.Cds2Client = exports.sealedSenderDecryptToUsmc = exports.sealedSenderDecryptMessage = exports.sealedSenderMultiRecipientMessageForSingleRecipient = exports.sealedSenderMultiRecipientEncrypt = exports.sealedSenderEncrypt = exports.sealedSenderEncryptMessage = void 0;
+exports.sealedSenderMultiRecipientEncrypt = exports.sealedSenderEncrypt = exports.sealedSenderEncryptMessage = exports.signalDecryptPreKey = exports.signalDecrypt = exports.signalEncrypt = exports.processPreKeyBundle = exports.DecryptionErrorMessage = exports.PlaintextContent = exports.CiphertextMessage = exports.SealedSenderDecryptionResult = exports.groupDecrypt = exports.groupEncrypt = exports.SenderKeyStore = exports.KyberPreKeyStore = exports.SignedPreKeyStore = exports.PreKeyStore = exports.IdentityKeyStore = exports.SessionStore = exports.UnidentifiedSenderMessageContent = exports.SenderKeyMessage = exports.processSenderKeyDistributionMessage = exports.SenderKeyDistributionMessage = exports.SenderCertificate = exports.SenderKeyRecord = exports.ServerCertificate = exports.SessionRecord = exports.PreKeySignalMessage = exports.SignalMessage = exports.KyberPreKeyRecord = exports.SignedPreKeyRecord = exports.PreKeyRecord = exports.PreKeyBundle = exports.KEMKeyPair = exports.KEMSecretKey = exports.KEMPublicKey = exports.Aes256GcmSiv = exports.Fingerprint = exports.DisplayableFingerprint = exports.ScannableFingerprint = exports.hkdf = exports.HKDF = exports.ContentHint = exports.Direction = exports.CiphertextMessageType = exports.WebpSanitizer = exports.Mp4Sanitizer = exports.Net = exports.io = exports.usernames = void 0;
+exports.initLogger = exports.LogLevel = exports.HsmEnclaveClient = exports.Cds2Client = exports.sealedSenderDecryptToUsmc = exports.sealedSenderDecryptMessage = exports.sealedSenderMultiRecipientMessageForSingleRecipient = void 0;
 const uuid = require("uuid");
 const Errors = require("./Errors");
 __exportStar(require("./Errors"), exports);
 const Address_1 = require("./Address");
 __exportStar(require("./Address"), exports);
+const EcKeys_1 = require("./EcKeys");
+__exportStar(require("./EcKeys"), exports);
 exports.usernames = require("./usernames");
 exports.io = require("./io");
 exports.Net = require("./net");
@@ -128,61 +130,6 @@ class Aes256GcmSiv {
     }
 }
 exports.Aes256GcmSiv = Aes256GcmSiv;
-class PublicKey {
-    constructor(handle) {
-        this._nativeHandle = handle;
-    }
-    static _fromNativeHandle(handle) {
-        return new PublicKey(handle);
-    }
-    static deserialize(buf) {
-        return new PublicKey(Native.PublicKey_Deserialize(buf));
-    }
-    /// Returns -1, 0, or 1
-    compare(other) {
-        return Native.PublicKey_Compare(this, other);
-    }
-    serialize() {
-        return Native.PublicKey_Serialize(this);
-    }
-    getPublicKeyBytes() {
-        return Native.PublicKey_GetPublicKeyBytes(this);
-    }
-    verify(msg, sig) {
-        return Native.PublicKey_Verify(this, msg, sig);
-    }
-    verifyAlternateIdentity(other, signature) {
-        return Native.IdentityKey_VerifyAlternateIdentity(this, other, signature);
-    }
-}
-exports.PublicKey = PublicKey;
-class PrivateKey {
-    constructor(handle) {
-        this._nativeHandle = handle;
-    }
-    static _fromNativeHandle(handle) {
-        return new PrivateKey(handle);
-    }
-    static generate() {
-        return new PrivateKey(Native.PrivateKey_Generate());
-    }
-    static deserialize(buf) {
-        return new PrivateKey(Native.PrivateKey_Deserialize(buf));
-    }
-    serialize() {
-        return Native.PrivateKey_Serialize(this);
-    }
-    sign(msg) {
-        return Native.PrivateKey_Sign(this, msg);
-    }
-    agree(other_key) {
-        return Native.PrivateKey_Agree(this, other_key);
-    }
-    getPublicKey() {
-        return PublicKey._fromNativeHandle(Native.PrivateKey_GetPublicKey(this));
-    }
-}
-exports.PrivateKey = PrivateKey;
 class KEMPublicKey {
     constructor(handle) {
         this._nativeHandle = handle;
@@ -231,27 +178,6 @@ class KEMKeyPair {
     }
 }
 exports.KEMKeyPair = KEMKeyPair;
-class IdentityKeyPair {
-    constructor(publicKey, privateKey) {
-        this.publicKey = publicKey;
-        this.privateKey = privateKey;
-    }
-    static generate() {
-        const privateKey = PrivateKey.generate();
-        return new IdentityKeyPair(privateKey.getPublicKey(), privateKey);
-    }
-    static deserialize(buffer) {
-        const { privateKey, publicKey } = Native.IdentityKeyPair_Deserialize(buffer);
-        return new IdentityKeyPair(PublicKey._fromNativeHandle(publicKey), PrivateKey._fromNativeHandle(privateKey));
-    }
-    serialize() {
-        return Native.IdentityKeyPair_Serialize(this.publicKey, this.privateKey);
-    }
-    signAlternateIdentity(other) {
-        return Native.IdentityKeyPair_SignAlternateIdentity(this.publicKey, this.privateKey, other);
-    }
-}
-exports.IdentityKeyPair = IdentityKeyPair;
 class PreKeyBundle {
     constructor(handle) {
         this._nativeHandle = handle;
@@ -265,7 +191,7 @@ class PreKeyBundle {
         return Native.PreKeyBundle_GetDeviceId(this);
     }
     identityKey() {
-        return PublicKey._fromNativeHandle(Native.PreKeyBundle_GetIdentityKey(this));
+        return EcKeys_1.PublicKey._fromNativeHandle(Native.PreKeyBundle_GetIdentityKey(this));
     }
     preKeyId() {
         return Native.PreKeyBundle_GetPreKeyId(this);
@@ -276,7 +202,7 @@ class PreKeyBundle {
             return null;
         }
         else {
-            return PublicKey._fromNativeHandle(handle);
+            return EcKeys_1.PublicKey._fromNativeHandle(handle);
         }
     }
     registrationId() {
@@ -286,7 +212,7 @@ class PreKeyBundle {
         return Native.PreKeyBundle_GetSignedPreKeyId(this);
     }
     signedPreKeyPublic() {
-        return PublicKey._fromNativeHandle(Native.PreKeyBundle_GetSignedPreKeyPublic(this));
+        return EcKeys_1.PublicKey._fromNativeHandle(Native.PreKeyBundle_GetSignedPreKeyPublic(this));
     }
     signedPreKeySignature() {
         return Native.PreKeyBundle_GetSignedPreKeySignature(this);
@@ -321,10 +247,10 @@ class PreKeyRecord {
         return Native.PreKeyRecord_GetId(this);
     }
     privateKey() {
-        return PrivateKey._fromNativeHandle(Native.PreKeyRecord_GetPrivateKey(this));
+        return EcKeys_1.PrivateKey._fromNativeHandle(Native.PreKeyRecord_GetPrivateKey(this));
     }
     publicKey() {
-        return PublicKey._fromNativeHandle(Native.PreKeyRecord_GetPublicKey(this));
+        return EcKeys_1.PublicKey._fromNativeHandle(Native.PreKeyRecord_GetPublicKey(this));
     }
     serialize() {
         return Native.PreKeyRecord_Serialize(this);
@@ -348,10 +274,10 @@ class SignedPreKeyRecord {
         return Native.SignedPreKeyRecord_GetId(this);
     }
     privateKey() {
-        return PrivateKey._fromNativeHandle(Native.SignedPreKeyRecord_GetPrivateKey(this));
+        return EcKeys_1.PrivateKey._fromNativeHandle(Native.SignedPreKeyRecord_GetPrivateKey(this));
     }
     publicKey() {
-        return PublicKey._fromNativeHandle(Native.SignedPreKeyRecord_GetPublicKey(this));
+        return EcKeys_1.PublicKey._fromNativeHandle(Native.SignedPreKeyRecord_GetPublicKey(this));
     }
     serialize() {
         return Native.SignedPreKeyRecord_Serialize(this);
@@ -506,7 +432,7 @@ class ServerCertificate {
         return Native.ServerCertificate_GetCertificate(this);
     }
     key() {
-        return PublicKey._fromNativeHandle(Native.ServerCertificate_GetKey(this));
+        return EcKeys_1.PublicKey._fromNativeHandle(Native.ServerCertificate_GetKey(this));
     }
     keyId() {
         return Native.ServerCertificate_GetKeyId(this);
@@ -560,7 +486,7 @@ class SenderCertificate {
         return Native.SenderCertificate_GetExpiration(this);
     }
     key() {
-        return PublicKey._fromNativeHandle(Native.SenderCertificate_GetKey(this));
+        return EcKeys_1.PublicKey._fromNativeHandle(Native.SenderCertificate_GetKey(this));
     }
     senderE164() {
         return Native.SenderCertificate_GetSenderE164(this);
@@ -717,11 +643,11 @@ class IdentityKeyStore {
         return this.getLocalRegistrationId();
     }
     async _saveIdentity(name, key) {
-        return this.saveIdentity(Address_1.ProtocolAddress._fromNativeHandle(name), PublicKey._fromNativeHandle(key));
+        return this.saveIdentity(Address_1.ProtocolAddress._fromNativeHandle(name), EcKeys_1.PublicKey._fromNativeHandle(key));
     }
     async _isTrustedIdentity(name, key, sending) {
         const direction = sending ? Direction.Sending : Direction.Receiving;
-        return this.isTrustedIdentity(Address_1.ProtocolAddress._fromNativeHandle(name), PublicKey._fromNativeHandle(key), direction);
+        return this.isTrustedIdentity(Address_1.ProtocolAddress._fromNativeHandle(name), EcKeys_1.PublicKey._fromNativeHandle(key), direction);
     }
     async _getIdentity(name) {
         const key = await this.getIdentity(Address_1.ProtocolAddress._fromNativeHandle(name));
@@ -894,7 +820,7 @@ class DecryptionErrorMessage {
     ratchetKey() {
         const keyHandle = Native.DecryptionErrorMessage_GetRatchetKey(this);
         if (keyHandle) {
-            return PublicKey._fromNativeHandle(keyHandle);
+            return EcKeys_1.PublicKey._fromNativeHandle(keyHandle);
         }
         else {
             return undefined;

package/dist/zkgroup/backups/BackupAuthCredentialRequestContext.d.ts

@@ -4,7 +4,7 @@ import BackupAuthCredentialRequest from './BackupAuthCredentialRequest';
 import BackupAuthCredentialResponse from './BackupAuthCredentialResponse';
 import BackupAuthCredential from './BackupAuthCredential';
 import GenericServerPublicParams from '../GenericServerPublicParams';
-import { Uuid } from '../..';
+import type { Uuid } from '../..';
 export default class BackupAuthCredentialRequestContext extends ByteArray {
     private readonly __type?;
     constructor(contents: Buffer);

package/dist/zkgroup/index.d.ts

@@ -48,6 +48,7 @@ export { default as BackupAuthCredentialPresentation } from './backups/BackupAut
 export { default as BackupAuthCredentialRequest } from './backups/BackupAuthCredentialRequest';
 export { default as BackupAuthCredentialRequestContext } from './backups/BackupAuthCredentialRequestContext';
 export { default as BackupAuthCredentialResponse } from './backups/BackupAuthCredentialResponse';
+export { default as BackupCredentialType } from './backups/BackupCredentialType';
 export { default as BackupLevel } from './backups/BackupLevel';
 export { default as GroupSendDerivedKeyPair } from './groupsend/GroupSendDerivedKeyPair';
 export { default as GroupSendEndorsement } from './groupsend/GroupSendEndorsement';

package/dist/zkgroup/index.js

@@ -5,7 +5,7 @@
 //
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.BackupAuthCredentialResponse = exports.BackupAuthCredentialRequestContext = exports.BackupAuthCredentialRequest = exports.BackupAuthCredentialPresentation = exports.BackupAuthCredential = exports.CreateCallLinkCredentialResponse = exports.CreateCallLinkCredentialRequestContext = exports.CreateCallLinkCredentialRequest = exports.CreateCallLinkCredentialPresentation = exports.CreateCallLinkCredential = exports.CallLinkAuthCredentialResponse = exports.CallLinkAuthCredentialPresentation = exports.CallLinkAuthCredential = exports.CallLinkSecretParams = exports.CallLinkPublicParams = exports.ReceiptSerial = exports.ReceiptCredentialResponse = exports.ReceiptCredentialRequestContext = exports.ReceiptCredentialRequest = exports.ReceiptCredentialPresentation = exports.ReceiptCredential = exports.ServerZkReceiptOperations = exports.ClientZkReceiptOperations = exports.ExpiringProfileKeyCredentialResponse = exports.ExpiringProfileKeyCredential = exports.ProfileKeyVersion = exports.ProfileKeyCredentialRequestContext = exports.ProfileKeyCredentialRequest = exports.ProfileKeyCredentialPresentation = exports.ProfileKeyCommitment = exports.ProfileKey = exports.ServerZkProfileOperations = exports.ClientZkProfileOperations = exports.UuidCiphertext = exports.ProfileKeyCiphertext = exports.GroupSecretParams = exports.GroupPublicParams = exports.GroupMasterKey = exports.GroupIdentifier = exports.ClientZkGroupCipher = exports.AuthCredentialWithPniResponse = exports.AuthCredentialWithPni = exports.AuthCredentialPresentation = exports.ServerZkAuthOperations = exports.ClientZkAuthOperations = exports.NotarySignature = exports.GenericServerSecretParams = exports.GenericServerPublicParams = exports.ServerSecretParams = exports.ServerPublicParams = void 0;
-exports.GroupSendToken = exports.GroupSendFullToken = exports.GroupSendEndorsementsResponse = exports.GroupSendEndorsement = exports.GroupSendDerivedKeyPair = exports.BackupLevel = void 0;
+exports.GroupSendToken = exports.GroupSendFullToken = exports.GroupSendEndorsementsResponse = exports.GroupSendEndorsement = exports.GroupSendDerivedKeyPair = exports.BackupLevel = exports.BackupCredentialType = void 0;
 // Root
 var ServerPublicParams_1 = require("./ServerPublicParams");
 Object.defineProperty(exports, "ServerPublicParams", { enumerable: true, get: function () { return ServerPublicParams_1.default; } });
@@ -113,6 +113,8 @@ var BackupAuthCredentialRequestContext_1 = require("./backups/BackupAuthCredenti
 Object.defineProperty(exports, "BackupAuthCredentialRequestContext", { enumerable: true, get: function () { return BackupAuthCredentialRequestContext_1.default; } });
 var BackupAuthCredentialResponse_1 = require("./backups/BackupAuthCredentialResponse");
 Object.defineProperty(exports, "BackupAuthCredentialResponse", { enumerable: true, get: function () { return BackupAuthCredentialResponse_1.default; } });
+var BackupCredentialType_1 = require("./backups/BackupCredentialType");
+Object.defineProperty(exports, "BackupCredentialType", { enumerable: true, get: function () { return BackupCredentialType_1.default; } });
 var BackupLevel_1 = require("./backups/BackupLevel");
 Object.defineProperty(exports, "BackupLevel", { enumerable: true, get: function () { return BackupLevel_1.default; } });
 // Group Send

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.60.0",
+  "version": "0.60.2",
   "license": "AGPL-3.0-only",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",