@signalapp/libsignal-client 0.60.1 → 0.60.2

package/Native.d.ts

@@ -177,6 +177,7 @@ export function BackupKey_DeriveEcKey(backupKey: Buffer, aci: Buffer): PrivateKe
 export function BackupKey_DeriveLocalBackupMetadataKey(backupKey: Buffer): Buffer;
 export function BackupKey_DeriveMediaEncryptionKey(backupKey: Buffer, mediaId: Buffer): Buffer;
 export function BackupKey_DeriveMediaId(backupKey: Buffer, mediaName: string): Buffer;
+export function BackupKey_DeriveThumbnailTransitEncryptionKey(backupKey: Buffer, mediaId: Buffer): Buffer;
 export function CallLinkAuthCredentialPresentation_CheckValidContents(presentationBytes: Buffer): void;
 export function CallLinkAuthCredentialPresentation_GetUserId(presentationBytes: Buffer): Serialized<UuidCiphertext>;
 export function CallLinkAuthCredentialPresentation_Verify(presentationBytes: Buffer, now: Timestamp, serverParamsBytes: Buffer, callLinkParamsBytes: Buffer): void;

package/dist/AccountKeys.d.ts

@@ -33,7 +33,13 @@ export declare class AccountEntropyPool {
      */
     static deriveBackupKey(accountEntropyPool: string): BackupKey;
 }
-/** A key used for many aspects of backups. */
+/**
+ * A key used for many aspects of backups.
+ *
+ * Clients are typically concerned with two long-lived keys: a "messages" key (sometimes called "the
+ * root backup key" or just "the backup key") that's derived from an {@link AccountEntropyPool}, and
+ * a "media" key (formally the "media root backup key") that's not derived from anything else.
+ */
 export declare class BackupKey extends ByteArray {
     private readonly __type?;
     static SIZE: number;
@@ -46,18 +52,45 @@ export declare class BackupKey extends ByteArray {
      * @see {@link AccountEntropyPool.deriveBackupKey}
      */
     static generateRandom(): BackupKey;
-    /** Derives the backup ID to use given the current device's ACI. */
+    /**
+     * Derives the backup ID to use given the current device's ACI.
+     *
+     * Used for both message and media backups.
+     */
     deriveBackupId(aci: Aci): Buffer;
-    /** Derives the backup EC key to use given the current device's ACI. */
+    /**
+     * Derives the backup EC key to use given the current device's ACI.
+     *
+     * Used for both message and media backups.
+     */
     deriveEcKey(aci: Aci): PrivateKey;
-    /** Derives the AES key used for encrypted fields in local backup metadata. */
+    /**
+     * Derives the AES key used for encrypted fields in local backup metadata.
+     *
+     * Only relevant for message backup keys.
+     */
     deriveLocalBackupMetadataKey(): Buffer;
-    /** Derives the ID for uploading media with the name `mediaName`. */
+    /**
+     * Derives the ID for uploading media with the name `mediaName`.
+     *
+     * Only relevant for media backup keys.
+     */
     deriveMediaId(mediaName: string): Buffer;
     /**
-     * Derives the composite encryption key for uploading media with the given ID.
+     * Derives the composite encryption key for re-encrypting media with the given ID.
      *
      * This is a concatenation of an HMAC key (32 bytes) and an AES-CBC key (also 32 bytes).
+     *
+     * Only relevant for media backup keys.
      */
     deriveMediaEncryptionKey(mediaId: Buffer): Buffer;
+    /**
+     * Derives the composite encryption key for uploading thumbnails with the given ID to the "transit
+     * tier" CDN.
+     *
+     * This is a concatenation of an HMAC key (32 bytes) and an AES-CBC key (also 32 bytes).
+     *
+     * Only relevant for media backup keys.
+     */
+    deriveThumbnailTransitEncryptionKey(mediaId: Buffer): Buffer;
 }

package/dist/AccountKeys.js

@@ -54,7 +54,13 @@ class AccountEntropyPool {
     }
 }
 exports.AccountEntropyPool = AccountEntropyPool;
-/** A key used for many aspects of backups. */
+/**
+ * A key used for many aspects of backups.
+ *
+ * Clients are typically concerned with two long-lived keys: a "messages" key (sometimes called "the
+ * root backup key" or just "the backup key") that's derived from an {@link AccountEntropyPool}, and
+ * a "media" key (formally the "media root backup key") that's not derived from anything else.
+ */
 class BackupKey extends ByteArray_1.default {
     constructor(contents) {
         super(contents, BackupKey.checkLength(BackupKey.SIZE));
@@ -70,30 +76,59 @@ class BackupKey extends ByteArray_1.default {
         const bytes = crypto.randomBytes(BackupKey.SIZE);
         return new BackupKey(bytes);
     }
-    /** Derives the backup ID to use given the current device's ACI. */
+    /**
+     * Derives the backup ID to use given the current device's ACI.
+     *
+     * Used for both message and media backups.
+     */
     deriveBackupId(aci) {
         return Native.BackupKey_DeriveBackupId(this.contents, aci.getServiceIdFixedWidthBinary());
     }
-    /** Derives the backup EC key to use given the current device's ACI. */
+    /**
+     * Derives the backup EC key to use given the current device's ACI.
+     *
+     * Used for both message and media backups.
+     */
     deriveEcKey(aci) {
         return EcKeys_1.PrivateKey._fromNativeHandle(Native.BackupKey_DeriveEcKey(this.contents, aci.getServiceIdFixedWidthBinary()));
     }
-    /** Derives the AES key used for encrypted fields in local backup metadata. */
+    /**
+     * Derives the AES key used for encrypted fields in local backup metadata.
+     *
+     * Only relevant for message backup keys.
+     */
     deriveLocalBackupMetadataKey() {
         return Native.BackupKey_DeriveLocalBackupMetadataKey(this.contents);
     }
-    /** Derives the ID for uploading media with the name `mediaName`. */
+    /**
+     * Derives the ID for uploading media with the name `mediaName`.
+     *
+     * Only relevant for media backup keys.
+     */
     deriveMediaId(mediaName) {
         return Native.BackupKey_DeriveMediaId(this.contents, mediaName);
     }
     /**
-     * Derives the composite encryption key for uploading media with the given ID.
+     * Derives the composite encryption key for re-encrypting media with the given ID.
      *
      * This is a concatenation of an HMAC key (32 bytes) and an AES-CBC key (also 32 bytes).
+     *
+     * Only relevant for media backup keys.
      */
     deriveMediaEncryptionKey(mediaId) {
         return Native.BackupKey_DeriveMediaEncryptionKey(this.contents, mediaId);
     }
+    /**
+     * Derives the composite encryption key for uploading thumbnails with the given ID to the "transit
+     * tier" CDN.
+     *
+     * This is a concatenation of an HMAC key (32 bytes) and an AES-CBC key (also 32 bytes).
+     *
+     * Only relevant for media backup keys.
+     */
+    deriveThumbnailTransitEncryptionKey(mediaId) {
+        return Native.BackupKey_DeriveThumbnailTransitEncryptionKey(this.contents, mediaId);
+    }
 }
 exports.BackupKey = BackupKey;
 BackupKey.SIZE = 32;

package/dist/MessageBackup.d.ts

@@ -39,6 +39,8 @@ export type MessageBackupKeyInput = Readonly<{
 }>;
 /**
  * Key used to encrypt and decrypt a message backup bundle.
+ *
+ * @see {@link BackupKey}
  */
 export declare class MessageBackupKey {
     readonly _nativeHandle: Native.MessageBackupKey;

package/dist/MessageBackup.js

@@ -33,6 +33,8 @@ class ValidationOutcome {
 exports.ValidationOutcome = ValidationOutcome;
 /**
  * Key used to encrypt and decrypt a message backup bundle.
+ *
+ * @see {@link BackupKey}
  */
 class MessageBackupKey {
     constructor(inputOrMasterKeyBytes, maybeAci) {

package/dist/acknowledgments.md

@@ -669,7 +669,7 @@ For more information on this, and how to apply and follow the GNU AGPL, see
 
 ```
 
-## libsignal-account-keys 0.1.0, attest 0.1.0, libsignal-ffi 0.60.1, libsignal-jni 0.60.1, libsignal-jni-testing 0.60.1, libsignal-node 0.60.1, signal-neon-futures 0.1.0, signal-neon-futures-tests 0.1.0, libsignal-bridge 0.1.0, libsignal-bridge-macros 0.1.0, libsignal-bridge-testing 0.1.0, libsignal-bridge-types 0.1.0, libsignal-core 0.1.0, signal-crypto 0.1.0, device-transfer 0.1.0, libsignal-keytrans 0.0.1, signal-media 0.1.0, libsignal-message-backup 0.1.0, libsignal-message-backup-macros 0.1.0, libsignal-net 0.1.0, libsignal-net-infra 0.1.0, poksho 0.7.0, libsignal-protocol 0.1.0, libsignal-svr3 0.1.0, usernames 0.1.0, zkcredential 0.1.0, zkgroup 0.9.0
+## libsignal-account-keys 0.1.0, attest 0.1.0, libsignal-ffi 0.60.2, libsignal-jni 0.60.2, libsignal-jni-testing 0.60.2, libsignal-node 0.60.2, signal-neon-futures 0.1.0, signal-neon-futures-tests 0.1.0, libsignal-bridge 0.1.0, libsignal-bridge-macros 0.1.0, libsignal-bridge-testing 0.1.0, libsignal-bridge-types 0.1.0, libsignal-core 0.1.0, signal-crypto 0.1.0, device-transfer 0.1.0, libsignal-keytrans 0.0.1, signal-media 0.1.0, libsignal-message-backup 0.1.0, libsignal-message-backup-macros 0.1.0, libsignal-net 0.1.0, libsignal-net-infra 0.1.0, poksho 0.7.0, libsignal-protocol 0.1.0, libsignal-svr3 0.1.0, usernames 0.1.0, zkcredential 0.1.0, zkgroup 0.9.0
 
 ```
 GNU AFFERO GENERAL PUBLIC LICENSE

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.60.1",
+  "version": "0.60.2",
   "license": "AGPL-3.0-only",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",