@sphereon/ssi-sdk-ext.key-utils 0.24.0 → 0.24.1-next.100

package/dist/types/key-util-types.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ENC_KEY_ALGS = exports.SIG_KEY_ALGS = exports.KeyType = exports.KeyCurve = exports.JwkKeyUse = exports.Key = exports.JWK_JCS_PUB_PREFIX = exports.JWK_JCS_PUB_NAME = void 0;
+exports.SignatureAlgorithmJwa = exports.ENC_KEY_ALGS = exports.SIG_KEY_ALGS = exports.KeyType = exports.KeyCurve = exports.JwkKeyUse = exports.Key = exports.JWK_JCS_PUB_PREFIX = exports.JWK_JCS_PUB_NAME = void 0;
 exports.JWK_JCS_PUB_NAME = 'jwk_jcs-pub';
 exports.JWK_JCS_PUB_PREFIX = 0xeb51;
 var Key;
@@ -29,9 +29,19 @@ var KeyType;
 })(KeyType || (exports.KeyType = KeyType = {}));
 exports.SIG_KEY_ALGS = ['ES256', 'ES384', 'ES512', 'EdDSA', 'ES256K', 'Ed25519', 'Secp256k1', 'Secp256r1', 'Bls12381G1', 'Bls12381G2'];
 exports.ENC_KEY_ALGS = ['X25519', 'ECDH_ES_A256KW', 'RSA_OAEP_256'];
-/*
-// Needed to make a single property required
-type WithRequiredProperty<Type, Key extends keyof Type> = Type & {
-  [Property in Key]-?: Type[Property]
-}*/
+var SignatureAlgorithmJwa;
+(function (SignatureAlgorithmJwa) {
+    // todo: Compare to spec and to kmp lib
+    SignatureAlgorithmJwa["EdDSA"] = "EdDSA";
+    SignatureAlgorithmJwa["ES256"] = "ES256";
+    SignatureAlgorithmJwa["ES384"] = "ES384";
+    SignatureAlgorithmJwa["ES512"] = "ES512";
+    SignatureAlgorithmJwa["ES256K"] = "ES256K";
+    SignatureAlgorithmJwa["RS256"] = "RS256";
+    SignatureAlgorithmJwa["RS384"] = "RS384";
+    SignatureAlgorithmJwa["RS512"] = "RS512";
+    SignatureAlgorithmJwa["PS256"] = "PS256";
+    SignatureAlgorithmJwa["PS384"] = "PS384";
+    SignatureAlgorithmJwa["PS512"] = "PS512";
+})(SignatureAlgorithmJwa || (exports.SignatureAlgorithmJwa = SignatureAlgorithmJwa = {}));
 //# sourceMappingURL=key-util-types.js.map

package/dist/types/key-util-types.js.map

@@ -1 +1 @@
-{"version":3,"file":"key-util-types.js","sourceRoot":"","sources":["../../src/types/key-util-types.ts"],"names":[],"mappings":";;;AAEa,QAAA,gBAAgB,GAAG,aAAsB,CAAA;AACzC,QAAA,kBAAkB,GAAG,MAAM,CAAA;AAIxC,IAAY,GAIX;AAJD,WAAY,GAAG;IACb,0BAAmB,CAAA;IACnB,8BAAuB,CAAA;IACvB,8BAAuB,CAAA;AACzB,CAAC,EAJW,GAAG,mBAAH,GAAG,QAId;AAED,IAAY,SAGX;AAHD,WAAY,SAAS;IACnB,+BAAkB,CAAA;IAClB,8BAAiB,CAAA;AACnB,CAAC,EAHW,SAAS,yBAAT,SAAS,QAGpB;AAED,IAAY,QAKX;AALD,WAAY,QAAQ;IAClB,mCAAuB,CAAA;IACvB,2BAAe,CAAA;IACf,+BAAmB,CAAA;IACnB,6BAAiB,CAAA;AACnB,CAAC,EALW,QAAQ,wBAAR,QAAQ,QAKnB;AAED,IAAY,OAIX;AAJD,WAAY,OAAO;IACjB,oBAAS,CAAA;IACT,sBAAW,CAAA;IACX,sBAAW,CAAA;AACb,CAAC,EAJW,OAAO,uBAAP,OAAO,QAIlB;AAEY,QAAA,YAAY,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,CAAC,CAAA;AAC9H,QAAA,YAAY,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAA;AAyDxE;;;;GAIG"}
+{"version":3,"file":"key-util-types.js","sourceRoot":"","sources":["../../src/types/key-util-types.ts"],"names":[],"mappings":";;;AAEa,QAAA,gBAAgB,GAAG,aAAsB,CAAA;AACzC,QAAA,kBAAkB,GAAG,MAAM,CAAA;AAIxC,IAAY,GAIX;AAJD,WAAY,GAAG;IACb,0BAAmB,CAAA;IACnB,8BAAuB,CAAA;IACvB,8BAAuB,CAAA;AACzB,CAAC,EAJW,GAAG,mBAAH,GAAG,QAId;AAED,IAAY,SAGX;AAHD,WAAY,SAAS;IACnB,+BAAkB,CAAA;IAClB,8BAAiB,CAAA;AACnB,CAAC,EAHW,SAAS,yBAAT,SAAS,QAGpB;AAED,IAAY,QAKX;AALD,WAAY,QAAQ;IAClB,mCAAuB,CAAA;IACvB,2BAAe,CAAA;IACf,+BAAmB,CAAA;IACnB,6BAAiB,CAAA;AACnB,CAAC,EALW,QAAQ,wBAAR,QAAQ,QAKnB;AAED,IAAY,OAIX;AAJD,WAAY,OAAO;IACjB,oBAAS,CAAA;IACT,sBAAW,CAAA;IACX,sBAAW,CAAA;AACb,CAAC,EAJW,OAAO,uBAAP,OAAO,QAIlB;AAEY,QAAA,YAAY,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,CAAC,CAAA;AAC9H,QAAA,YAAY,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAA;AAExE,IAAY,qBAcX;AAdD,WAAY,qBAAqB;IAC/B,uCAAuC;IAEvC,wCAAe,CAAA;IACf,wCAAe,CAAA;IACf,wCAAe,CAAA;IACf,wCAAe,CAAA;IACf,0CAAiB,CAAA;IACjB,wCAAe,CAAA;IACf,wCAAe,CAAA;IACf,wCAAe,CAAA;IACf,wCAAe,CAAA;IACf,wCAAe,CAAA;IACf,wCAAe,CAAA;AACjB,CAAC,EAdW,qBAAqB,qCAArB,qBAAqB,QAchC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@sphereon/ssi-sdk-ext.key-utils",
   "description": "Sphereon SSI-SDK plugin for key creation.",
-  "version": "0.24.0",
+  "version": "0.24.1-next.100+28fb763",
   "source": "src/index.ts",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -11,9 +11,12 @@
   },
   "dependencies": {
     "@ethersproject/random": "^5.7.0",
+    "@sphereon/ssi-sdk-ext.x509-utils": "0.24.1-next.100+28fb763",
+    "@sphereon/ssi-types": "0.29.1-unstable.75",
     "@stablelib/ed25519": "^1.0.3",
     "@stablelib/sha256": "^1.0.1",
     "@stablelib/sha512": "^1.0.1",
+    "@trust/keyto": "^1.0.1",
     "@veramo/core": "4.2.0",
     "base64url": "^3.0.1",
     "debug": "^4.3.4",
@@ -38,7 +41,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "repository": "git@github.com:Sphereon-OpenSource/ssi-sdk.git",
+  "repository": "git@github.com:Sphereon-OpenSource/SSI-SDK-crypto-extensions.git",
   "author": "Sphereon <dev@sphereon.com>",
   "license": "Apache-2.0",
   "keywords": [
@@ -46,5 +49,5 @@
     "DID",
     "Veramo"
   ],
-  "gitHead": "a69d4668ab18a6deec35ff686b737b4877857808"
+  "gitHead": "28fb763f611e845d64342c8f726cea9fd38bd95e"
 }

package/src/functions.ts

@@ -1,16 +1,30 @@
 import { randomBytes } from '@ethersproject/random'
+import { generateRSAKeyAsPEM, hexToBase64, hexToPEM, PEMToJwk, privateKeyHexFromPEM } from '@sphereon/ssi-sdk-ext.x509-utils'
+import { Loggers } from '@sphereon/ssi-types'
 import { generateKeyPair as generateSigningKeyPair } from '@stablelib/ed25519'
 import { IAgentContext, IKey, IKeyManager, ManagedKeyInfo, MinimalImportableKey } from '@veramo/core'
-import Debug from 'debug'
 
 import { JsonWebKey } from 'did-resolver'
 import elliptic from 'elliptic'
 import * as u8a from 'uint8arrays'
 import { digestMethodParams } from './digest-methods'
-import { ENC_KEY_ALGS, IImportProvidedOrGeneratedKeyArgs, JWK, JwkKeyUse, KeyCurve, KeyType, SIG_KEY_ALGS, TKeyType } from './types'
-import { generateRSAKeyAsPEM, hexToBase64, hexToPEM, PEMToJwk, privateKeyHexFromPEM } from './x509'
+import {
+  ENC_KEY_ALGS,
+  IImportProvidedOrGeneratedKeyArgs,
+  JWK,
+  JwkKeyUse,
+  KeyCurve,
+  KeyType,
+  KeyTypeFromCryptographicSuiteArgs,
+  SIG_KEY_ALGS,
+  SignatureAlgorithmFromKeyArgs,
+  SignatureAlgorithmFromKeyTypeArgs,
+  SignatureAlgorithmJwa,
+  TKeyType,
+} from './types'
+
+export const logger = Loggers.DEFAULT.get('sphereon:key-utils')
 
-const debug = Debug('sphereon:kms:local')
 /**
  * Generates a random Private Hex Key for the specified key type
  * @param type The key type
@@ -37,6 +51,23 @@ export const generatePrivateKeyHex = async (type: TKeyType): Promise<string> =>
   }
 }
 
+const keyMetaAlgorithmsFromKeyType = (type: string | TKeyType) => {
+  switch (type) {
+    case 'Ed25519':
+      return ['Ed25519', 'EdDSA']
+    case 'ES256K':
+    case 'Secp256k1':
+      return ['ES256K', 'ES256K-R', 'eth_signTransaction', 'eth_signTypedData', 'eth_signMessage', 'eth_rawSign']
+    case 'Secp256r1':
+      return ['ES256']
+    case 'X25519':
+      return ['ECDH', 'ECDH-ES', 'ECDH-1PU']
+    case 'RSA':
+      return ['RS256', 'RS512', 'PS256', 'PS512']
+  }
+  return [type]
+}
+
 /**
  * We optionally generate and then import our own keys.
  *
@@ -76,15 +107,23 @@ export async function importProvidedOrGeneratedKey(
       privateKeyHex = privateKeyHexFromPEM(key.meta.x509.privateKeyPEM)
     }
   }
-  if (!privateKeyHex) {
-    privateKeyHex = await generatePrivateKeyHex(type)
+  if (privateKeyHex) {
+    return context.agent.keyManagerImport({
+      ...key,
+      kms: args.kms,
+      type,
+      privateKeyHex: privateKeyHex!,
+    })
   }
 
-  return context.agent.keyManagerImport({
-    ...key,
-    kms: args.kms,
+  return context.agent.keyManagerCreate({
     type,
-    privateKeyHex: privateKeyHex!,
+    kms: args.kms,
+    meta: {
+      ...key?.meta,
+      algorithms: keyMetaAlgorithmsFromKeyType(type),
+      keyAlias: args.alias,
+    },
   })
 }
 
@@ -150,6 +189,11 @@ export const calculateJwkThumbprint = (args: { jwk: JWK; digestAlgorithm?: 'sha2
     : digestMethodParams('SHA-256').digestMethod(data, 'base64url')
 }
 
+export const toJwkFromKey = (key: IKey | MinimalImportableKey | ManagedKeyInfo, opts?: { use?: JwkKeyUse; noKidThumbprint?: boolean }): JWK => {
+  const isPrivateKey = 'privateKeyHex' in key
+  return toJwk(key.publicKeyHex!, key.type, { ...opts, key, isPrivateKey })
+}
+
 /**
  * Converts a public key in hex format to a JWK
  * @param publicKeyHex public key in hex
@@ -236,7 +280,7 @@ const assertProperKeyLength = (keyHex: string, expectedKeyLength: number | numbe
  */
 const toSecp256k1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?: boolean }): JWK => {
   const { use } = opts ?? {}
-  debug(`toSecp256k1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`)
+  logger.debug(`toSecp256k1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`)
   if (opts?.isPrivateKey) {
     assertProperKeyLength(keyHex, [64])
   } else {
@@ -267,7 +311,7 @@ const toSecp256k1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?:
  */
 const toSecp256r1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?: boolean }): JWK => {
   const { use } = opts ?? {}
-  debug(`toSecp256r1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`)
+  logger.debug(`toSecp256r1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`)
   if (opts?.isPrivateKey) {
     assertProperKeyLength(keyHex, [64])
   } else {
@@ -276,7 +320,7 @@ const toSecp256r1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?:
 
   const secp256r1 = new elliptic.ec('p256')
   const keyBytes = u8a.fromString(keyHex, 'base16')
-  debug(`keyBytes length: ${keyBytes}`)
+  logger.debug(`keyBytes length: ${keyBytes}`)
   const keyPair = opts?.isPrivateKey ? secp256r1.keyFromPrivate(keyBytes) : secp256r1.keyFromPublic(keyBytes)
   const pubPoint = keyPair.getPublic()
   return {
@@ -341,3 +385,153 @@ export const padLeft = (args: { data: string; size?: number; padString?: string
   const length = padString.length
   return padString.repeat((size - data.length) / length) + data
 }
+
+enum OIDType {
+  Secp256k1,
+  Secp256r1,
+  Ed25519,
+}
+
+const OID: Record<OIDType, Uint8Array> = {
+  [OIDType.Secp256k1]: new Uint8Array([0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01]),
+  [OIDType.Secp256r1]: new Uint8Array([0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07]),
+  [OIDType.Ed25519]: new Uint8Array([0x06, 0x03, 0x2b, 0x65, 0x70]),
+}
+
+const compareUint8Arrays = (a: Uint8Array, b: Uint8Array): boolean => {
+  if (a.length !== b.length) {
+    return false
+  }
+  for (let i = 0; i < a.length; i++) {
+    if (a[i] !== b[i]) {
+      return false
+    }
+  }
+  return true
+}
+
+const findSubarray = (haystack: Uint8Array, needle: Uint8Array): number => {
+  for (let i = 0; i <= haystack.length - needle.length; i++) {
+    if (compareUint8Arrays(haystack.subarray(i, i + needle.length), needle)) {
+      return i
+    }
+  }
+  return -1
+}
+
+const getTargetOID = (keyType: TKeyType) => {
+  switch (keyType) {
+    case 'Secp256k1':
+      return OID[OIDType.Secp256k1]
+    case 'Secp256r1':
+      return OID[OIDType.Secp256r1]
+    case 'Ed25519':
+      return OID[OIDType.Ed25519]
+    default:
+      throw new Error(`Unsupported key type: ${keyType}`)
+  }
+}
+
+export const isAsn1Der = (key: Uint8Array): boolean => key[0] === 0x30
+
+export const asn1DerToRawPublicKey = (derKey: Uint8Array, keyType: TKeyType): Uint8Array => {
+  if (!isAsn1Der(derKey)) {
+    throw new Error('Invalid DER encoding: Expected to start with sequence tag')
+  }
+
+  let index = 2
+  if (derKey[1] & 0x80) {
+    const lengthBytesCount = derKey[1] & 0x7f
+    index += lengthBytesCount
+  }
+  const targetOid = getTargetOID(keyType)
+  const oidIndex = findSubarray(derKey, targetOid)
+  if (oidIndex === -1) {
+    throw new Error(`OID for ${keyType} not found in DER encoding`)
+  }
+
+  index = oidIndex + targetOid.length
+
+  while (index < derKey.length && derKey[index] !== 0x03) {
+    index++
+  }
+
+  if (index >= derKey.length) {
+    throw new Error('Invalid DER encoding: Bit string not found')
+  }
+
+  // Skip the bit string tag (0x03) and length byte
+  index += 2
+
+  // Skip the unused bits count byte
+  index++
+
+  return derKey.slice(index)
+}
+
+export const isRawCompressedPublicKey = (key: Uint8Array): boolean => key.length === 33 && (key[0] === 0x02 || key[0] === 0x03)
+
+export const toRawCompressedHexPublicKey = (rawPublicKey: Uint8Array, keyType: TKeyType): string => {
+  if (isRawCompressedPublicKey(rawPublicKey)) {
+    throw new Error('Invalid public key format, an uncompressed raw public key is required as input, not a raw')
+  }
+
+  if (keyType === 'Secp256k1' || keyType === 'Secp256r1') {
+    if (rawPublicKey[0] === 0x04 && rawPublicKey.length === 65) {
+      const xCoordinate = rawPublicKey.slice(1, 33)
+      const yCoordinate = rawPublicKey.slice(33)
+      const prefix = new Uint8Array([yCoordinate[31] % 2 === 0 ? 0x02 : 0x03])
+      const resultKey = hexStringFromUint8Array(new Uint8Array([...prefix, ...xCoordinate]))
+      logger.debug(`converted public key ${hexStringFromUint8Array(rawPublicKey)} to ${resultKey}`)
+      return resultKey
+    }
+    return u8a.toString(rawPublicKey, 'base16')
+  } else if (keyType === 'Ed25519') {
+    // Ed25519 keys are always in compressed form
+    return u8a.toString(rawPublicKey, 'base16')
+  }
+
+  throw new Error(`Unsupported key type: ${keyType}`)
+}
+
+export const hexStringFromUint8Array = (value: Uint8Array): string => u8a.toString(value, 'base16')
+
+export const signatureAlgorithmFromKey = async (args: SignatureAlgorithmFromKeyArgs): Promise<SignatureAlgorithmJwa> => {
+  const { key } = args
+  return signatureAlgorithmFromKeyType({ type: key.type })
+}
+
+export const signatureAlgorithmFromKeyType = (args: SignatureAlgorithmFromKeyTypeArgs): SignatureAlgorithmJwa => {
+  const { type } = args
+  switch (type) {
+    case 'Ed25519':
+    case 'X25519':
+      return SignatureAlgorithmJwa.EdDSA
+    case 'Secp256r1':
+      return SignatureAlgorithmJwa.ES256
+    case 'Secp256k1':
+      return SignatureAlgorithmJwa.ES256K
+    default:
+      throw new Error(`Key type '${type}' not supported`)
+  }
+}
+
+// TODO improve this conversion for jwt and jsonld, not a fan of current structure
+export const keyTypeFromCryptographicSuite = (args: KeyTypeFromCryptographicSuiteArgs): TKeyType => {
+  const { suite } = args
+  switch (suite) {
+    case 'EdDSA':
+    case 'Ed25519Signature2018':
+    case 'Ed25519Signature2020':
+    case 'JcsEd25519Signature2020':
+      return 'Ed25519'
+    case 'JsonWebSignature2020':
+    case 'ES256':
+      return 'Secp256r1'
+    case 'EcdsaSecp256k1Signature2019':
+    case 'ES256K':
+      return 'Secp256k1'
+    default:
+      throw new Error(`Cryptographic suite '${suite}' not supported`)
+  }
+}

package/src/index.ts

@@ -4,9 +4,7 @@
  *
  * @packageDocumentation
  */
-export * from './x509'
 export * from './functions'
 export * from './jwk-jcs'
 export * from './types'
-export * from './x509/x509-utils'
 export * from './digest-methods'

package/src/jwk-jcs.ts

@@ -1,7 +1,6 @@
 import { TextDecoder, TextEncoder } from 'web-encoding'
 import isPlainObject from 'lodash.isplainobject'
 import type { ByteView } from 'multiformats/codecs/interface'
-import type { JsonWebKey } from 'did-resolver'
 
 const textEncoder = new TextEncoder()
 const textDecoder = new TextDecoder()
@@ -74,7 +73,7 @@ function validateJwk(jwk: any) {
  * @param jwk - The JWK to canonicalize.
  * @returns The JWK with only the required members, ordered lexicographically.
  */
-function minimalJwk(jwk: any) {
+export function minimalJwk(jwk: any) {
   // "default" case is not needed
   // eslint-disable-next-line default-case
   switch (jwk.kty) {

package/src/types/key-util-types.ts

@@ -1,4 +1,4 @@
-import { MinimalImportableKey } from '@veramo/core'
+import { IKey, MinimalImportableKey } from '@veramo/core'
 
 export const JWK_JCS_PUB_NAME = 'jwk_jcs-pub' as const
 export const JWK_JCS_PUB_PREFIX = 0xeb51
@@ -32,19 +32,30 @@ export enum KeyType {
 export const SIG_KEY_ALGS = ['ES256', 'ES384', 'ES512', 'EdDSA', 'ES256K', 'Ed25519', 'Secp256k1', 'Secp256r1', 'Bls12381G1', 'Bls12381G2']
 export const ENC_KEY_ALGS = ['X25519', 'ECDH_ES_A256KW', 'RSA_OAEP_256']
 
-export interface JWK {
-  alg?: string
-  crv?: string
+export enum SignatureAlgorithmJwa {
+  // todo: Compare to spec and to kmp lib
+
+  EdDSA = 'EdDSA',
+  ES256 = 'ES256',
+  ES384 = 'ES384',
+  ES512 = 'ES512',
+  ES256K = 'ES256K',
+  RS256 = 'RS256',
+  RS384 = 'RS384',
+  RS512 = 'RS512',
+  PS256 = 'PS256',
+  PS384 = 'PS384',
+  PS512 = 'PS512',
+}
+
+export interface JWK extends BaseJWK {
   d?: string
   dp?: string
   dq?: string
-  e?: string
   ext?: boolean
   k?: string
   key_ops?: string[]
   kid?: string
-  kty?: string
-  n?: string
   oth?: Array<{
     d?: string
     r?: string
@@ -54,8 +65,6 @@ export interface JWK {
   q?: string
   qi?: string
   use?: string
-  x?: string
-  y?: string
   /** JWK "x5c" (X.509 Certificate Chain) Parameter. */
   x5c?: string[]
   /** JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. */
@@ -67,6 +76,15 @@ export interface JWK {
   [propName: string]: unknown
 }
 
+export interface BaseJWK {
+  kty: string
+  crv?: string
+  x?: string
+  y?: string
+  e?: string
+  n?: string
+}
+
 export type KeyVisibility = 'public' | 'private'
 
 export interface X509Opts {
@@ -79,6 +97,7 @@ export interface X509Opts {
 
 export interface IImportProvidedOrGeneratedKeyArgs {
   kms?: string
+  alias?: string
   options?: IKeyOpts
 }
 export interface IKeyOpts {
@@ -92,3 +111,15 @@ export interface IKeyOpts {
 type WithRequiredProperty<Type, Key extends keyof Type> = Type & {
   [Property in Key]-?: Type[Property]
 }*/
+
+export type SignatureAlgorithmFromKeyArgs = {
+  key: IKey
+}
+
+export type SignatureAlgorithmFromKeyTypeArgs = {
+  type: TKeyType
+}
+
+export type KeyTypeFromCryptographicSuiteArgs = {
+  suite: string
+}

package/dist/x509/index.d.ts

@@ -1,4 +0,0 @@
-export * from './rsa-key';
-export * from './rsa-signer';
-export * from './x509-utils';
-//# sourceMappingURL=index.d.ts.map

package/dist/x509/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/x509/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAA;AACzB,cAAc,cAAc,CAAA;AAC5B,cAAc,cAAc,CAAA"}

package/dist/x509/index.js

@@ -1,20 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./rsa-key"), exports);
-__exportStar(require("./rsa-signer"), exports);
-__exportStar(require("./x509-utils"), exports);
-//# sourceMappingURL=index.js.map

package/dist/x509/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/x509/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,4CAAyB;AACzB,+CAA4B;AAC5B,+CAA4B"}

package/dist/x509/rsa-key.d.ts

@@ -1,11 +0,0 @@
-import { HashAlgorithm } from '../digest-methods';
-import { JWK } from '../types';
-export type RSASignatureSchemes = 'RSASSA-PKCS1-V1_5' | 'RSA-PSS';
-export type RSAEncryptionSchemes = 'RSAES-PKCS-v1_5 ' | 'RSAES-OAEP';
-export declare const signAlgorithmToSchemeAndHashAlg: (signingAlg: string) => {
-    scheme: "RSASSA-PKCS1-V1_5" | "RSA-PSS";
-    hashAlgorithm: HashAlgorithm;
-};
-export declare const cryptoSubtleImportRSAKey: (jwk: JWK, scheme: RSAEncryptionSchemes | RSASignatureSchemes, hashAlgorithm?: HashAlgorithm) => Promise<CryptoKey>;
-export declare const generateRSAKeyAsPEM: (scheme: RSAEncryptionSchemes | RSASignatureSchemes, hashAlgorithm?: HashAlgorithm, modulusLength?: number) => Promise<string>;
-//# sourceMappingURL=rsa-key.d.ts.map

package/dist/x509/rsa-key.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"rsa-key.d.ts","sourceRoot":"","sources":["../../src/x509/rsa-key.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AACjD,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAG9B,MAAM,MAAM,mBAAmB,GAAG,mBAAmB,GAAG,SAAS,CAAA;AAEjE,MAAM,MAAM,oBAAoB,GAAG,kBAAkB,GAAG,YAAY,CAAA;AA2BpE,eAAO,MAAM,+BAA+B,eAAgB,MAAM;;;CAajE,CAAA;AAED,eAAO,MAAM,wBAAwB,QAC9B,GAAG,UACA,oBAAoB,GAAG,mBAAmB,kBAClC,aAAa,KAC5B,QAAQ,SAAS,CAKnB,CAAA;AAED,eAAO,MAAM,mBAAmB,WACtB,oBAAoB,GAAG,mBAAmB,kBAClC,aAAa,kBACb,MAAM,KACrB,QAAQ,MAAM,CAgBhB,CAAA"}

package/dist/x509/rsa-key.js

@@ -1,101 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateRSAKeyAsPEM = exports.cryptoSubtleImportRSAKey = exports.signAlgorithmToSchemeAndHashAlg = void 0;
-const u8a = __importStar(require("uint8arrays"));
-const x509_utils_1 = require("./x509-utils");
-const usage = (jwk) => {
-    var _a, _b, _c, _d;
-    if (jwk.key_ops && jwk.key_ops.length > 0) {
-        return jwk.key_ops;
-    }
-    if (jwk.use) {
-        const usages = [];
-        if (jwk.use.includes('sig')) {
-            usages.push('sign', 'verify');
-        }
-        else if (jwk.use.includes('enc')) {
-            usages.push('encrypt', 'decrypt');
-        }
-        if (usages.length > 0) {
-            return usages;
-        }
-    }
-    if (jwk.kty === 'RSA') {
-        if (jwk.d) {
-            return ((_b = (_a = jwk.alg) === null || _a === void 0 ? void 0 : _a.toUpperCase()) === null || _b === void 0 ? void 0 : _b.includes('QAEP')) ? ['encrypt'] : ['sign'];
-        }
-        return ((_d = (_c = jwk.alg) === null || _c === void 0 ? void 0 : _c.toUpperCase()) === null || _d === void 0 ? void 0 : _d.includes('QAEP')) ? ['decrypt'] : ['verify'];
-    }
-    // "decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey";
-    return jwk.d && jwk.kty !== 'RSA' ? ['sign', 'decrypt', 'verify', 'encrypt'] : ['verify'];
-};
-const signAlgorithmToSchemeAndHashAlg = (signingAlg) => {
-    const alg = signingAlg.toUpperCase();
-    let scheme;
-    if (alg.startsWith('RS')) {
-        scheme = 'RSASSA-PKCS1-V1_5';
-    }
-    else if (alg.startsWith('PS')) {
-        scheme = 'RSA-PSS';
-    }
-    else {
-        throw Error(`Invalid signing algorithm supplied ${signingAlg}`);
-    }
-    const hashAlgorithm = `SHA-${alg.substring(2)}`;
-    return { scheme, hashAlgorithm };
-};
-exports.signAlgorithmToSchemeAndHashAlg = signAlgorithmToSchemeAndHashAlg;
-const cryptoSubtleImportRSAKey = (jwk, scheme, hashAlgorithm) => __awaiter(void 0, void 0, void 0, function* () {
-    const hashName = hashAlgorithm ? hashAlgorithm : jwk.alg ? `SHA-${jwk.alg.substring(2)}` : 'SHA-256';
-    const importParams = { name: scheme, hash: hashName };
-    return yield crypto.subtle.importKey('jwk', jwk, importParams, false, usage(jwk));
-});
-exports.cryptoSubtleImportRSAKey = cryptoSubtleImportRSAKey;
-const generateRSAKeyAsPEM = (scheme, hashAlgorithm, modulusLength) => __awaiter(void 0, void 0, void 0, function* () {
-    const hashName = hashAlgorithm ? hashAlgorithm : 'SHA-256';
-    const params = {
-        name: scheme,
-        hash: hashName,
-        modulusLength: modulusLength ? modulusLength : 2048,
-        publicExponent: new Uint8Array([1, 0, 1]),
-    };
-    const keyUsage = scheme === 'RSA-PSS' || scheme === 'RSASSA-PKCS1-V1_5' ? ['sign', 'verify'] : ['encrypt', 'decrypt'];
-    const keypair = yield crypto.subtle.generateKey(params, true, keyUsage);
-    const pkcs8 = yield crypto.subtle.exportKey('pkcs8', keypair.privateKey);
-    const uint8Array = new Uint8Array(pkcs8);
-    return (0, x509_utils_1.base64ToPEM)(u8a.toString(uint8Array, 'base64pad'), 'RSA PRIVATE KEY');
-});
-exports.generateRSAKeyAsPEM = generateRSAKeyAsPEM;
-//# sourceMappingURL=rsa-key.js.map

package/dist/x509/rsa-key.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"rsa-key.js","sourceRoot":"","sources":["../../src/x509/rsa-key.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAkC;AAGlC,6CAA0C;AAM1C,MAAM,KAAK,GAAG,CAAC,GAAQ,EAAc,EAAE;;IACrC,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1C,OAAO,GAAG,CAAC,OAAqB,CAAA;IAClC,CAAC;IACD,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;QACZ,MAAM,MAAM,GAAe,EAAE,CAAA;QAC7B,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;QAC/B,CAAC;aAAM,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;QACnC,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,MAAM,CAAA;QACf,CAAC;IACH,CAAC;IACD,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;QACtB,IAAI,GAAG,CAAC,CAAC,EAAE,CAAC;YACV,OAAO,CAAA,MAAA,MAAA,GAAG,CAAC,GAAG,0CAAE,WAAW,EAAE,0CAAE,QAAQ,CAAC,MAAM,CAAC,EAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;QAC1E,CAAC;QACD,OAAO,CAAA,MAAA,MAAA,GAAG,CAAC,GAAG,0CAAE,WAAW,EAAE,0CAAE,QAAQ,CAAC,MAAM,CAAC,EAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAA;IAC5E,CAAC;IACD,oGAAoG;IACpG,OAAO,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAA;AAC3F,CAAC,CAAA;AAEM,MAAM,+BAA+B,GAAG,CAAC,UAAkB,EAAE,EAAE;IACpE,MAAM,GAAG,GAAG,UAAU,CAAC,WAAW,EAAE,CAAA;IACpC,IAAI,MAAkD,CAAA;IACtD,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,MAAM,GAAG,mBAAmB,CAAA;IAC9B,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,MAAM,GAAG,SAAS,CAAA;IACpB,CAAC;SAAM,CAAC;QACN,MAAM,KAAK,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAA;IACjE,CAAC;IAED,MAAM,aAAa,GAAG,OAAO,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAmB,CAAA;IAChE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAA;AAClC,CAAC,CAAA;AAbY,QAAA,+BAA+B,mCAa3C;AAEM,MAAM,wBAAwB,GAAG,CACtC,GAAQ,EACR,MAAkD,EAClD,aAA6B,EACT,EAAE;IACtB,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;IAEpG,MAAM,YAAY,GAA0B,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;IAC5E,OAAO,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAiB,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;AACjG,CAAC,CAAA,CAAA;AATY,QAAA,wBAAwB,4BASpC;AAEM,MAAM,mBAAmB,GAAG,CACjC,MAAkD,EAClD,aAA6B,EAC7B,aAAsB,EACL,EAAE;IACnB,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAA;IAE1D,MAAM,MAAM,GAA0B;QACpC,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,QAAQ;QACd,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI;QACnD,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;KAC1C,CAAA;IACD,MAAM,QAAQ,GAAe,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,mBAAmB,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;IAEjI,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;IACvE,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,CAAA;IAExE,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAA;IACxC,OAAO,IAAA,wBAAW,EAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,iBAAiB,CAAC,CAAA;AAC9E,CAAC,CAAA,CAAA;AApBY,QAAA,mBAAmB,uBAoB/B"}

package/dist/x509/rsa-signer.d.ts

@@ -1,25 +0,0 @@
-import { HashAlgorithm } from '../digest-methods';
-import { JWK, KeyVisibility } from '../types';
-import { RSAEncryptionSchemes, RSASignatureSchemes } from './rsa-key';
-export declare class RSASigner {
-    private readonly hashAlgorithm;
-    private readonly jwk;
-    private key;
-    private readonly scheme;
-    /**
-     *
-     * @param key Either in PEM or JWK format (no raw hex keys here!)
-     * @param opts The algorithm and signature/encryption schemes
-     */
-    constructor(key: string | JWK, opts?: {
-        hashAlgorithm?: HashAlgorithm;
-        scheme?: RSAEncryptionSchemes | RSASignatureSchemes;
-        visibility?: KeyVisibility;
-    });
-    private getImportParams;
-    private getKey;
-    private bufferToString;
-    sign(data: Uint8Array): Promise<string>;
-    verify(data: string | Uint8Array, signature: string): Promise<boolean>;
-}
-//# sourceMappingURL=rsa-signer.d.ts.map

package/dist/x509/rsa-signer.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"rsa-signer.d.ts","sourceRoot":"","sources":["../../src/x509/rsa-signer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AACjD,OAAO,EAAE,GAAG,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAC7C,OAAO,EAA4B,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAA;AAG/F,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAe;IAC7C,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAK;IAEzB,OAAO,CAAC,GAAG,CAAuB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA4C;IAEnE;;;;OAIG;gBAED,GAAG,EAAE,MAAM,GAAG,GAAG,EACjB,IAAI,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,aAAa,CAAC;QAAC,MAAM,CAAC,EAAE,oBAAoB,GAAG,mBAAmB,CAAC;QAAC,UAAU,CAAC,EAAE,aAAa,CAAA;KAAE;IAY3H,OAAO,CAAC,eAAe;YAQT,MAAM;IAOpB,OAAO,CAAC,cAAc;IAKT,IAAI,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAYvC,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAgBpF"}