@storacha/encrypt-upload-client 0.0.39 → 1.0.0-0

package/dist/types.d.ts

@@ -1,57 +1,153 @@
 import { Wallet } from 'ethers';
 import { UnknownLink } from 'multiformats';
 import { Client as StorachaClient } from '@storacha/client';
-import { Result, Failure, Block } from '@ucanto/interface';
-import { LitNodeClient } from '@lit-protocol/lit-node-client';
+import { Result, Failure, Block, Proof } from '@ucanto/interface';
 import { AccessControlConditions, AuthMethod, AuthSig, SessionSigsMap } from '@lit-protocol/types';
-import type { BlobLike, AnyLink, Signer, DID, SigAlg } from '@storacha/client/types';
+import type { BlobLike, AnyLink, Signer, DID, SigAlg, UploadOptions } from '@storacha/client/types';
 export type { IPLDBlock } from '@ucanto/interface';
-export type { SpaceDID } from '@storacha/capabilities/utils';
+export type { SpaceDID } from '@storacha/capabilities/types';
 export type { UnknownFormat } from '@storacha/capabilities/types';
 export type { Result, UnknownLink };
 export type { BlobLike, AnyLink };
+export type { UploadOptions } from '@storacha/client/types';
+import type { SpaceDID } from '@storacha/capabilities/types';
 export interface EncryptedClient {
-    uploadEncryptedFile(file: BlobLike): Promise<AnyLink>;
-    retrieveAndDecryptFile(signer: LitWalletSigner | LitPkpSigner, cid: AnyLink, delegationCAR: Uint8Array): Promise<ReadableStream>;
+    encryptAndUploadFile(file: BlobLike, config: EncryptionConfig, uploadOptions?: UploadOptions): Promise<AnyLink>;
+    retrieveAndDecryptFile(cid: AnyLink, delegationCAR: Uint8Array, decryptionOptions: DecryptionOptions): Promise<ReadableStream>;
 }
 export type EncryptedClientOptions = {
     storachaClient: StorachaClient;
     cryptoAdapter: CryptoAdapter;
-    litClient?: LitNodeClient;
     gatewayURL?: URL;
 };
-export interface CryptoAdapter {
-    encryptStream(data: BlobLike): Promise<EncryptOutput>;
-    decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): Promise<ReadableStream>;
-}
 export interface EncryptOutput {
     key: Uint8Array;
     iv: Uint8Array;
     encryptedStream: ReadableStream;
 }
-export type EncryptedPayload = {
-    identityBoundCiphertext: string;
+export interface SymmetricCrypto {
+    encryptStream(data: BlobLike): Promise<EncryptOutput>;
+    decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): Promise<ReadableStream>;
+    combineKeyAndIV(key: Uint8Array, iv: Uint8Array): Uint8Array;
+    splitKeyAndIV(combined: Uint8Array): {
+        key: Uint8Array;
+        iv: Uint8Array;
+    };
+}
+export interface CryptoAdapter {
+    encryptStream(data: BlobLike): Promise<EncryptOutput>;
+    decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): Promise<ReadableStream>;
+    encryptSymmetricKey(key: Uint8Array, iv: Uint8Array, encryptionConfig: EncryptionConfig): Promise<EncryptedKeyResult>;
+    decryptSymmetricKey(encryptedKey: string, configs: {
+        decryptionOptions: DecryptionOptions;
+        metadata: ExtractedMetadata;
+        delegationCAR: Uint8Array;
+        resourceCID: AnyLink;
+        issuer: Signer<DID, SigAlg>;
+        audience: DID;
+    }): Promise<{
+        key: Uint8Array;
+        iv: Uint8Array;
+    }>;
+    extractEncryptedMetadata(car: Uint8Array): ExtractedMetadata;
+    getEncryptedKey(metadata: ExtractedMetadata): string;
+    encodeMetadata(encryptedDataCID: string, encryptedKey: string, metadata: LitKeyMetadata | KMSKeyMetadata): Promise<{
+        cid: AnyLink;
+        bytes: Uint8Array;
+    }>;
+}
+export interface EncryptionConfig {
+    /**
+     * The issuer of the encryption request
+     */
+    issuer: Signer<DID, SigAlg>;
+    /**
+     * The DID of the space to encrypt the file for
+     */
+    spaceDID: SpaceDID;
+    /**
+     * The location of the KMS key to use for encryption
+     */
+    location?: string;
+    /**
+     * The keyring of the KMS key to use for encryption
+     */
+    keyring?: string;
+}
+export interface DecryptionOptions {
+    wallet?: Wallet;
+    sessionSigs?: SessionSigsMap;
+    pkpPublicKey?: string;
+    authMethod?: AuthMethod;
+    spaceDID?: SpaceDID;
+    delegationProof?: Proof;
+}
+export interface EncryptedKeyResult {
+    strategy: EncryptionStrategy;
+    encryptedKey: string;
+    metadata: LitKeyMetadata | KMSKeyMetadata;
+}
+export type EncryptionStrategy = 'lit' | 'kms';
+export interface LitKeyMetadata {
     plaintextKeyHash: string;
+    accessControlConditions: AccessControlConditions;
+}
+export interface KMSKeyMetadata {
+    space: SpaceDID;
+    kms: {
+        provider: string;
+        keyId: string;
+        algorithm: string;
+    };
+}
+export type EncryptionPayload = {
+    strategy: EncryptionStrategy;
+    encryptedKey: string;
+    metadata: LitKeyMetadata | KMSKeyMetadata;
     encryptedBlobLike: BlobLike;
 };
 export type GenericAccessControlCondition = [Record<string, any>];
-export interface EncryptedMetadataInput {
+export interface LitMetadataInput {
     encryptedDataCID: string;
     identityBoundCiphertext: string;
     plaintextKeyHash: string;
-    accessControlConditions: GenericAccessControlCondition;
+    accessControlConditions: AccessControlConditions;
 }
-export interface EncryptedMetadata {
+export interface LitMetadata {
     encryptedDataCID: UnknownLink;
     identityBoundCiphertext: Uint8Array;
     plaintextKeyHash: Uint8Array;
-    accessControlConditions: GenericAccessControlCondition;
+    accessControlConditions: AccessControlConditions;
 }
-export interface EncryptedMetadataView extends EncryptedMetadata {
+export interface LitMetadataView extends LitMetadata {
     /** Encode it to a CAR file. */
-    archive(): Promise<Result<Uint8Array>>;
     archiveBlock(): Promise<Block>;
-    toJSON(): EncryptedMetadataInput;
+    toJSON(): LitMetadataInput;
+}
+export interface KMSMetadata {
+    encryptedDataCID: UnknownLink;
+    encryptedSymmetricKey: string;
+    space: SpaceDID;
+    kms: {
+        provider: string;
+        keyId: string;
+        algorithm: string;
+    };
+}
+export interface KMSMetadataInput {
+    encryptedDataCID: string;
+    encryptedSymmetricKey: string;
+    space: string;
+    kms: {
+        provider: string;
+        keyId: string;
+        algorithm: string;
+    };
+}
+export interface KMSMetadataView extends KMSMetadata {
+    /** Encode it to a CAR file. */
+    archiveBlock(): Promise<Block>;
+    toJSON(): KMSMetadataInput;
 }
 export interface DecodeFailure extends Failure {
     name: 'DecodeFailure';
@@ -94,4 +190,23 @@ export interface ExecuteUcanValidationOptions {
     accessControlConditions: AccessControlConditions;
     wrappedInvocationJSON: string;
 }
+export type ExtractedMetadata = LitExtractedMetadata | KMSExtractedMetadata;
+export interface LitExtractedMetadata {
+    strategy: 'lit';
+    encryptedDataCID: string;
+    identityBoundCiphertext: string;
+    plaintextKeyHash: string;
+    accessControlConditions: AccessControlConditions;
+}
+export interface KMSExtractedMetadata {
+    strategy: 'kms';
+    encryptedDataCID: string;
+    encryptedSymmetricKey: string;
+    space: SpaceDID;
+    kms: {
+        provider: string;
+        keyId: string;
+        algorithm: string;
+    };
+}
 //# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC/B,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAAE,MAAM,IAAI,cAAc,EAAE,MAAM,kBAAkB,CAAA;AAC3D,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAA;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAA;AAC7D,OAAO,EACL,uBAAuB,EACvB,UAAU,EACV,OAAO,EACP,cAAc,EACf,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EACV,QAAQ,EACR,OAAO,EACP,MAAM,EACN,GAAG,EACH,MAAM,EACP,MAAM,wBAAwB,CAAA;AAE/B,YAAY,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAClD,YAAY,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAA;AAC5D,YAAY,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAA;AACjE,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;AACnC,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;AAEjC,MAAM,WAAW,eAAe;IAC9B,mBAAmB,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IACrD,sBAAsB,CACpB,MAAM,EAAE,eAAe,GAAG,YAAY,EACtC,GAAG,EAAE,OAAO,EACZ,aAAa,EAAE,UAAU,GACxB,OAAO,CAAC,cAAc,CAAC,CAAA;CAC3B;AAED,MAAM,MAAM,sBAAsB,GAAG;IACnC,cAAc,EAAE,cAAc,CAAA;IAC9B,aAAa,EAAE,aAAa,CAAA;IAC5B,SAAS,CAAC,EAAE,aAAa,CAAA;IACzB,UAAU,CAAC,EAAE,GAAG,CAAA;CACjB,CAAA;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,aAAa,CAAC,CAAA;IACrD,aAAa,CACX,aAAa,EAAE,cAAc,EAC7B,GAAG,EAAE,UAAU,EACf,EAAE,EAAE,UAAU,GACb,OAAO,CAAC,cAAc,CAAC,CAAA;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,UAAU,CAAA;IACf,EAAE,EAAE,UAAU,CAAA;IACd,eAAe,EAAE,cAAc,CAAA;CAChC;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,uBAAuB,EAAE,MAAM,CAAA;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,iBAAiB,EAAE,QAAQ,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAA;AAEjE,MAAM,WAAW,sBAAsB;IACrC,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,MAAM,CAAA;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,6BAA6B,CAAA;CACvD;AAED,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,EAAE,WAAW,CAAA;IAC7B,uBAAuB,EAAE,UAAU,CAAA;IACnC,gBAAgB,EAAE,UAAU,CAAA;IAC5B,uBAAuB,EAAE,6BAA6B,CAAA;CACvD;AAED,MAAM,WAAW,qBAAsB,SAAQ,iBAAiB;IAC9D,+BAA+B;IAC/B,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAA;IACtC,YAAY,IAAI,OAAO,CAAC,KAAK,CAAC,CAAA;IAC9B,MAAM,IAAI,sBAAsB,CAAA;CACjC;AAED,MAAM,WAAW,aAAc,SAAQ,OAAO;IAC5C,IAAI,EAAE,eAAe,CAAA;CACtB;AAED,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,CAAA;IACd,uBAAuB,EAAE,uBAAuB,CAAA;IAChD,iBAAiB,EAAE,MAAM,CAAA;IACzB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,kBAAkB,CAAC,EAAE,OAAO,EAAE,CAAA;CAC/B;AAED,MAAM,WAAW,0BAA0B;IACzC,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,UAAU,CAAA;IACtB,uBAAuB,EAAE,uBAAuB,CAAA;IAChD,iBAAiB,EAAE,MAAM,CAAA;IACzB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,kBAAkB,CAAC,EAAE,OAAO,EAAE,CAAA;CAC/B;AAED,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,UAAU,CAAA;CACvB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAA;CACf;AAED,MAAM,WAAW,qCAAqC;IACpD,aAAa,EAAE,UAAU,CAAA;IACzB,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;IAC3B,QAAQ,EAAE,OAAO,MAAM,IAAI,MAAM,EAAE,CAAA;IACnC,QAAQ,EAAE,WAAW,MAAM,EAAE,CAAA;IAC7B,WAAW,EAAE,OAAO,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,cAAc,CAAA;IAC3B,QAAQ,EAAE,WAAW,MAAM,EAAE,CAAA;IAC7B,uBAAuB,EAAE,MAAM,CAAA;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,uBAAuB,CAAA;IAChD,qBAAqB,EAAE,MAAM,CAAA;CAC9B"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC/B,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAAE,MAAM,IAAI,cAAc,EAAE,MAAM,kBAAkB,CAAA;AAC3D,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAA;AACjE,OAAO,EACL,uBAAuB,EACvB,UAAU,EACV,OAAO,EACP,cAAc,EACf,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EACV,QAAQ,EACR,OAAO,EACP,MAAM,EACN,GAAG,EACH,MAAM,EACN,aAAa,EACd,MAAM,wBAAwB,CAAA;AAE/B,YAAY,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAClD,YAAY,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAA;AAC5D,YAAY,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAA;AACjE,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;AACnC,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;AACjC,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AAG3D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAA;AAE5D,MAAM,WAAW,eAAe;IAC9B,oBAAoB,CAClB,IAAI,EAAE,QAAQ,EACd,MAAM,EAAE,gBAAgB,EACxB,aAAa,CAAC,EAAE,aAAa,GAC5B,OAAO,CAAC,OAAO,CAAC,CAAA;IACnB,sBAAsB,CACpB,GAAG,EAAE,OAAO,EACZ,aAAa,EAAE,UAAU,EACzB,iBAAiB,EAAE,iBAAiB,GACnC,OAAO,CAAC,cAAc,CAAC,CAAA;CAC3B;AAED,MAAM,MAAM,sBAAsB,GAAG;IACnC,cAAc,EAAE,cAAc,CAAA;IAC9B,aAAa,EAAE,aAAa,CAAA;IAC5B,UAAU,CAAC,EAAE,GAAG,CAAA;CACjB,CAAA;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,UAAU,CAAA;IACf,EAAE,EAAE,UAAU,CAAA;IACd,eAAe,EAAE,cAAc,CAAA;CAChC;AAED,MAAM,WAAW,eAAe;IAC9B,aAAa,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,aAAa,CAAC,CAAA;IACrD,aAAa,CACX,aAAa,EAAE,cAAc,EAC7B,GAAG,EAAE,UAAU,EACf,EAAE,EAAE,UAAU,GACb,OAAO,CAAC,cAAc,CAAC,CAAA;IAG1B,eAAe,CAAC,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,GAAG,UAAU,CAAA;IAC5D,aAAa,CAAC,QAAQ,EAAE,UAAU,GAAG;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,EAAE,EAAE,UAAU,CAAA;KAAE,CAAA;CACzE;AAED,MAAM,WAAW,aAAa;IAE5B,aAAa,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,aAAa,CAAC,CAAA;IACrD,aAAa,CACX,aAAa,EAAE,cAAc,EAC7B,GAAG,EAAE,UAAU,EACf,EAAE,EAAE,UAAU,GACb,OAAO,CAAC,cAAc,CAAC,CAAA;IAG1B,mBAAmB,CACjB,GAAG,EAAE,UAAU,EACf,EAAE,EAAE,UAAU,EACd,gBAAgB,EAAE,gBAAgB,GACjC,OAAO,CAAC,kBAAkB,CAAC,CAAA;IAC9B,mBAAmB,CACjB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE;QACP,iBAAiB,EAAE,iBAAiB,CAAA;QACpC,QAAQ,EAAE,iBAAiB,CAAA;QAC3B,aAAa,EAAE,UAAU,CAAA;QACzB,WAAW,EAAE,OAAO,CAAA;QACpB,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;QAC3B,QAAQ,EAAE,GAAG,CAAA;KACd,GACA,OAAO,CAAC;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,EAAE,EAAE,UAAU,CAAA;KAAE,CAAC,CAAA;IAC/C,wBAAwB,CAAC,GAAG,EAAE,UAAU,GAAG,iBAAiB,CAAA;IAC5D,eAAe,CAAC,QAAQ,EAAE,iBAAiB,GAAG,MAAM,CAAA;IACpD,cAAc,CACZ,gBAAgB,EAAE,MAAM,EACxB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,cAAc,GAAG,cAAc,GACxC,OAAO,CAAC;QAAE,GAAG,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,UAAU,CAAA;KAAE,CAAC,CAAA;CAChD;AAGD,MAAM,WAAW,gBAAgB;IAC/B;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;IAE3B;;OAEG;IACH,QAAQ,EAAE,QAAQ,CAAA;IAElB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IAEjB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,iBAAiB;IAGhC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,WAAW,CAAC,EAAE,cAAc,CAAA;IAE5B,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,UAAU,CAAA;IAEvB,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,eAAe,CAAC,EAAE,KAAK,CAAA;CACxB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,YAAY,EAAE,MAAM,CAAA;IACpB,QAAQ,EAAE,cAAc,GAAG,cAAc,CAAA;CAC1C;AAED,MAAM,MAAM,kBAAkB,GAAG,KAAK,GAAG,KAAK,CAAA;AAE9C,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,uBAAuB,CAAA;CACjD;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,QAAQ,CAAA;IACf,GAAG,EAAE;QACH,QAAQ,EAAE,MAAM,CAAA;QAChB,KAAK,EAAE,MAAM,CAAA;QACb,SAAS,EAAE,MAAM,CAAA;KAClB,CAAA;CACF;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,YAAY,EAAE,MAAM,CAAA;IACpB,QAAQ,EAAE,cAAc,GAAG,cAAc,CAAA;IACzC,iBAAiB,EAAE,QAAQ,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAA;AAEjE,MAAM,WAAW,gBAAgB;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,MAAM,CAAA;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,uBAAuB,CAAA;CACjD;AAED,MAAM,WAAW,WAAW;IAC1B,gBAAgB,EAAE,WAAW,CAAA;IAC7B,uBAAuB,EAAE,UAAU,CAAA;IACnC,gBAAgB,EAAE,UAAU,CAAA;IAC5B,uBAAuB,EAAE,uBAAuB,CAAA;CACjD;AAED,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,+BAA+B;IAC/B,YAAY,IAAI,OAAO,CAAC,KAAK,CAAC,CAAA;IAC9B,MAAM,IAAI,gBAAgB,CAAA;CAC3B;AAGD,MAAM,WAAW,WAAW;IAC1B,gBAAgB,EAAE,WAAW,CAAA;IAC7B,qBAAqB,EAAE,MAAM,CAAA;IAC7B,KAAK,EAAE,QAAQ,CAAA;IACf,GAAG,EAAE;QACH,QAAQ,EAAE,MAAM,CAAA;QAChB,KAAK,EAAE,MAAM,CAAA;QACb,SAAS,EAAE,MAAM,CAAA;KAClB,CAAA;CACF;AAED,MAAM,WAAW,gBAAgB;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,qBAAqB,EAAE,MAAM,CAAA;IAC7B,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE;QACH,QAAQ,EAAE,MAAM,CAAA;QAChB,KAAK,EAAE,MAAM,CAAA;QACb,SAAS,EAAE,MAAM,CAAA;KAClB,CAAA;CACF;AAED,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,+BAA+B;IAC/B,YAAY,IAAI,OAAO,CAAC,KAAK,CAAC,CAAA;IAC9B,MAAM,IAAI,gBAAgB,CAAA;CAC3B;AAED,MAAM,WAAW,aAAc,SAAQ,OAAO;IAC5C,IAAI,EAAE,eAAe,CAAA;CACtB;AAED,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,CAAA;IACd,uBAAuB,EAAE,uBAAuB,CAAA;IAChD,iBAAiB,EAAE,MAAM,CAAA;IACzB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,kBAAkB,CAAC,EAAE,OAAO,EAAE,CAAA;CAC/B;AAED,MAAM,WAAW,0BAA0B;IACzC,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,UAAU,CAAA;IACtB,uBAAuB,EAAE,uBAAuB,CAAA;IAChD,iBAAiB,EAAE,MAAM,CAAA;IACzB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,kBAAkB,CAAC,EAAE,OAAO,EAAE,CAAA;CAC/B;AAED,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,UAAU,CAAA;CACvB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAA;CACf;AAED,MAAM,WAAW,qCAAqC;IACpD,aAAa,EAAE,UAAU,CAAA;IACzB,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;IAC3B,QAAQ,EAAE,OAAO,MAAM,IAAI,MAAM,EAAE,CAAA;IACnC,QAAQ,EAAE,WAAW,MAAM,EAAE,CAAA;IAC7B,WAAW,EAAE,OAAO,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,cAAc,CAAA;IAC3B,QAAQ,EAAE,WAAW,MAAM,EAAE,CAAA;IAC7B,uBAAuB,EAAE,MAAM,CAAA;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,uBAAuB,CAAA;IAChD,qBAAqB,EAAE,MAAM,CAAA;CAC9B;AAGD,MAAM,MAAM,iBAAiB,GAAG,oBAAoB,GAAG,oBAAoB,CAAA;AAE3E,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,KAAK,CAAA;IACf,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,MAAM,CAAA;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,uBAAuB,CAAA;CACjD;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,KAAK,CAAA;IACf,gBAAgB,EAAE,MAAM,CAAA;IACxB,qBAAqB,EAAE,MAAM,CAAA;IAC7B,KAAK,EAAE,QAAQ,CAAA;IACf,GAAG,EAAE;QACH,QAAQ,EAAE,MAAM,CAAA;QAChB,KAAK,EAAE,MAAM,CAAA;QACb,SAAS,EAAE,MAAM,CAAA;KAClB,CAAA;CACF"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@storacha/encrypt-upload-client",
   "type": "module",
-  "version": "0.0.39",
+  "version": "1.0.0-0",
   "license": "Apache-2.0 OR MIT",
   "description": "Client for upload and download encrypted files",
   "author": "Storacha",
@@ -37,21 +37,21 @@
       "import": "./dist/index.js",
       "require": "./dist/index.js"
     },
-    "./node": {
-      "import": "./dist/crypto-adapters/node-crypto-adapter.js",
-      "require": "./dist/crypto-adapters/node-crypto-adapter.js"
+    "./factories.node": {
+      "import": "./dist/crypto/factories.node.js",
+      "require": "./dist/crypto/factories.node.js"
     },
-    "./browser": {
-      "import": "./dist/crypto-adapters/browser-crypto-adapter.js",
-      "require": "./dist/crypto-adapters/browser-crypto-adapter.js"
+    "./factories.browser": {
+      "import": "./dist/crypto/factories.browser.js",
+      "require": "./dist/crypto/factories.browser.js"
     },
-    "./crypto-adapters/browser-crypto-adapter": {
-      "import": "./dist/crypto-adapters/browser-crypto-adapter.js",
-      "types": "./dist/crypto-adapters/browser-crypto-adapter.d.ts"
+    "./node": {
+      "import": "./dist/crypto/symmetric/node-aes-cbc-crypto.js",
+      "require": "./dist/crypto/symmetric/node-aes-cbc-crypto.js"
     },
-    "./crypto-adapters/node-crypto-adapter": {
-      "import": "./dist/crypto-adapters/node-crypto-adapter.js",
-      "types": "./dist/crypto-adapters/node-crypto-adapter.d.ts"
+    "./browser": {
+      "import": "./dist/crypto/symmetric/generic-aes-ctr-streaming-crypto.js",
+      "require": "./dist/crypto/symmetric/generic-aes-ctr-streaming-crypto.js"
     },
     "./types": "./dist/types.js"
   },
@@ -80,13 +80,15 @@
     "ethers": "5.7.1",
     "ipfs-unixfs-exporter": "^10.0.0",
     "multiformats": "^13.3.3",
-    "@storacha/capabilities": "^1.7.0",
-    "@storacha/upload-client": "^1.2.4",
-    "@storacha/client": "^1.4.2"
+    "@storacha/capabilities": "^1.8.0",
+    "@storacha/client": "^1.5.0",
+    "@storacha/upload-client": "^1.2.5"
   },
   "devDependencies": {
     "@lit-protocol/types": "^7.0.8",
+    "@playwright/test": "^1.29.2",
     "esbuild": "^0.25.1",
+    "mkcert": "^3.2.0",
     "typescript": "^5.8.3",
     "@storacha/eslint-config": "^0.0.0"
   },
@@ -110,7 +112,11 @@
       "coverage",
       "lit-actions",
       "src/types.js",
-      "*.min.js"
+      "*.min.js",
+      "**/*.playwright.spec.js",
+      "test/mocks/playwright/**",
+      "playwright.config.js",
+      "playwright-report/**/*"
     ]
   },
   "depcheck": {
@@ -135,7 +141,10 @@
     "lint:fix": "tsc --build && eslint '**/*.{js,ts}' --fix && prettier --write '**/*.{js,ts,yml,json}' --ignore-path ../../.gitignore",
     "build-actions": "node lit-actions/esbuild.js",
     "attw": "attw --pack .",
+    "prepare-environment": "playwright install",
     "rc": "npm version prerelease --preid rc",
-    "test": "node --test test/*.spec.js"
+    "test": "node --test $(find test -name '*.spec.js' ! -name '*.playwright.spec.js')",
+    "test:setup-certs": "mkdir -p test/mocks/playwright && cd test/mocks/playwright && (test -f cert.key || (npx mkcert create-ca && npx mkcert create-cert --domains localhost 127.0.0.1 ::1))",
+    "test:browser": "npm run test:setup-certs && npx playwright test"
   }
 }

package/dist/core/encrypted-metadata.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"encrypted-metadata.d.ts","sourceRoot":"","sources":["../../src/core/encrypted-metadata.js"],"names":[],"mappings":"AAUA,sBAAuB,wBAAwB,CAAA;AAE/C;;;;;;;YAUE;AAEF;;;;;YAQE;AA8EK,+CAHI,KAAK,CAAC,iBAAiB,GAAC,KAAK,CAAC,sBAAsB,GAClD,KAAK,CAAC,qBAAqB,CAGO;AAMxC,0CAHI,KAAK,CAAC,qBAAqB,GACzB,KAAK,CAAC,sBAAsB,CASvC;AAMK,8CAHI,KAAK,CAAC,sBAAsB,GAC1B,KAAK,CAAC,iBAAiB,CASlC;AAMK,qDAHI,KAAK,CAAC,iBAAiB,GACrB,OAAO,CAAC,OAAO,mBAAmB,EAAE,KAAK,CAAC,CAOtD;AAMM,gDAHI,KAAK,CAAC,iBAAiB,GACrB,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAK7C;AAMM,iCAHI,UAAU,GACR,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,aAAa,CAAC,CAiB1E;AAOM,+BAHJ;IAAgC,IAAI,EAA5B,KAAK,CAAC,SAAS;CACvB,GAAU,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,aAAa,CAAC,CAe1E;sBApMqB,mBAAmB;uBAEF,cAAc;uBAE9B,aAAa"}

package/dist/crypto-adapters/browser-crypto-adapter.d.ts

@@ -1,42 +0,0 @@
-/**
- * BrowserCryptoAdapter implements the CryptoAdapter interface for browser environments.
- * It uses AES-CTR mode for encryption via the Web Crypto API.
- *
- * Why AES-CTR?
- * - We use AES-CTR with pseudo-streaming (buffering chunks before emitting) for simplicity and streaming support.
- * - AES-CTR allows chunked processing without padding, making it suitable for large files and browser environments.
- * - The Web Crypto API supports AES-CTR natively in all modern browsers and in Node.js 19+ as globalThis.crypto.
- * - For Node.js <19, you must polyfill globalThis.crypto (e.g., with `node --experimental-global-webcrypto` or a package like @peculiar/webcrypto).
- * - This allows for processing large files in chunks with no padding issues found in other libraries such as node-forge.
- *
- * Note: This implementation is currently pseudo-streaming: it buffers all encrypted/decrypted chunks before emitting them as a stream.
- * For true streaming (lower memory usage), we need to refactor it to emit each chunk as soon as it is processed.
- *
- * @class
- * @implements {Type.CryptoAdapter}
- */
-export class BrowserCryptoAdapter implements Type.CryptoAdapter {
-    generateKey(): Promise<Uint8Array<ArrayBuffer>>;
-    /**
-     * Encrypt a stream of data using AES-CTR (chunked, Web Crypto API).
-     *
-     * @param {Blob} data The data to encrypt.
-     * @returns {Promise<{ key: Uint8Array, iv: Uint8Array, encryptedStream: ReadableStream }>}
-     */
-    encryptStream(data: Blob): Promise<{
-        key: Uint8Array;
-        iv: Uint8Array;
-        encryptedStream: ReadableStream;
-    }>;
-    /**
-     * Decrypt a stream of data using AES-CTR (chunked, Web Crypto API).
-     *
-     * @param {ReadableStream} encryptedData The encrypted data stream.
-     * @param {Uint8Array} key The encryption key.
-     * @param {Uint8Array} iv The initialization vector (counter).
-     * @returns {Promise<ReadableStream>} A stream of decrypted data.
-     */
-    decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): Promise<ReadableStream>;
-}
-import * as Type from '../types.js';
-//# sourceMappingURL=browser-crypto-adapter.d.ts.map

package/dist/crypto-adapters/browser-crypto-adapter.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"browser-crypto-adapter.d.ts","sourceRoot":"","sources":["../../src/crypto-adapters/browser-crypto-adapter.js"],"names":[],"mappings":"AAOA;;;;;;;;;;;;;;;;GAgBG;AACH,6CAFgB,IAAI,CAAC,aAAa;IAGhC,gDAEC;IAED;;;;;OAKG;IACH,oBAHW,IAAI,GACF,OAAO,CAAC;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,EAAE,EAAE,UAAU,CAAC;QAAC,eAAe,EAAE,cAAc,CAAA;KAAE,CAAC,CAoDzF;IAED;;;;;;;OAOG;IACH,6BALW,cAAc,OACd,UAAU,MACV,UAAU,GACR,OAAO,CAAC,cAAc,CAAC,CA8CnC;CACF;sBA5IqB,aAAa"}

package/dist/crypto-adapters/browser-crypto-adapter.js

@@ -1,109 +0,0 @@
-import * as Type from '../types.js';
-const ENCRYPTION_ALGORITHM = 'AES-CTR';
-const KEY_LENGTH = 256; // bits
-const IV_LENGTH = 16; // bytes (128 bits, used as counter)
-const COUNTER_LENGTH = 64; // bits (Web Crypto API default for AES-CTR)
-/**
- * BrowserCryptoAdapter implements the CryptoAdapter interface for browser environments.
- * It uses AES-CTR mode for encryption via the Web Crypto API.
- *
- * Why AES-CTR?
- * - We use AES-CTR with pseudo-streaming (buffering chunks before emitting) for simplicity and streaming support.
- * - AES-CTR allows chunked processing without padding, making it suitable for large files and browser environments.
- * - The Web Crypto API supports AES-CTR natively in all modern browsers and in Node.js 19+ as globalThis.crypto.
- * - For Node.js <19, you must polyfill globalThis.crypto (e.g., with `node --experimental-global-webcrypto` or a package like @peculiar/webcrypto).
- * - This allows for processing large files in chunks with no padding issues found in other libraries such as node-forge.
- *
- * Note: This implementation is currently pseudo-streaming: it buffers all encrypted/decrypted chunks before emitting them as a stream.
- * For true streaming (lower memory usage), we need to refactor it to emit each chunk as soon as it is processed.
- *
- * @class
- * @implements {Type.CryptoAdapter}
- */
-export class BrowserCryptoAdapter {
-    async generateKey() {
-        return globalThis.crypto.getRandomValues(new Uint8Array(KEY_LENGTH / 8));
-    }
-    /**
-     * Encrypt a stream of data using AES-CTR (chunked, Web Crypto API).
-     *
-     * @param {Blob} data The data to encrypt.
-     * @returns {Promise<{ key: Uint8Array, iv: Uint8Array, encryptedStream: ReadableStream }>}
-     */
-    async encryptStream(data) {
-        const key = await this.generateKey();
-        const iv = globalThis.crypto.getRandomValues(new Uint8Array(IV_LENGTH));
-        const cryptoKey = await globalThis.crypto.subtle.importKey('raw', key, { name: ENCRYPTION_ALGORITHM }, false, ['encrypt', 'decrypt']);
-        const reader = data.stream().getReader();
-        let counter = new Uint8Array(iv); // Copy the IV for counter
-        let chunkIndex = 0;
-        /** @type {Uint8Array[]} */
-        const encryptedChunks = [];
-        // eslint-disable-next-line no-constant-condition
-        while (true) {
-            const { done, value } = await reader.read();
-            if (done)
-                break;
-            // Increment counter for each chunk
-            const chunkCounter = new Uint8Array(counter);
-            // For each chunk, increment the last byte of the counter
-            chunkCounter[chunkCounter.length - 1] += chunkIndex;
-            chunkIndex++;
-            const encrypted = new Uint8Array(await globalThis.crypto.subtle.encrypt({
-                name: ENCRYPTION_ALGORITHM,
-                counter: chunkCounter,
-                length: COUNTER_LENGTH,
-            }, cryptoKey, value));
-            encryptedChunks.push(encrypted);
-        }
-        const encryptedStream = new ReadableStream({
-            start(controller) {
-                for (const chunk of encryptedChunks) {
-                    controller.enqueue(chunk);
-                }
-                controller.close();
-            },
-        });
-        return { key, iv, encryptedStream };
-    }
-    /**
-     * Decrypt a stream of data using AES-CTR (chunked, Web Crypto API).
-     *
-     * @param {ReadableStream} encryptedData The encrypted data stream.
-     * @param {Uint8Array} key The encryption key.
-     * @param {Uint8Array} iv The initialization vector (counter).
-     * @returns {Promise<ReadableStream>} A stream of decrypted data.
-     */
-    async decryptStream(encryptedData, key, iv) {
-        const cryptoKey = await globalThis.crypto.subtle.importKey('raw', key, { name: ENCRYPTION_ALGORITHM }, false, ['encrypt', 'decrypt']);
-        const reader = encryptedData.getReader();
-        let counter = new Uint8Array(iv);
-        let chunkIndex = 0;
-        /** @type {Uint8Array[]} */
-        const decryptedChunks = [];
-        // eslint-disable-next-line no-constant-condition
-        while (true) {
-            const { done, value } = await reader.read();
-            if (done)
-                break;
-            const chunkCounter = new Uint8Array(counter);
-            chunkCounter[chunkCounter.length - 1] += chunkIndex;
-            chunkIndex++;
-            const decrypted = new Uint8Array(await globalThis.crypto.subtle.decrypt({
-                name: ENCRYPTION_ALGORITHM,
-                counter: chunkCounter,
-                length: COUNTER_LENGTH,
-            }, cryptoKey, value));
-            decryptedChunks.push(decrypted);
-        }
-        return new ReadableStream({
-            start(controller) {
-                for (const chunk of decryptedChunks) {
-                    controller.enqueue(chunk);
-                }
-                controller.close();
-            },
-        });
-    }
-}
-//# sourceMappingURL=browser-crypto-adapter.js.map

package/dist/crypto-adapters/node-crypto-adapter.d.ts

@@ -1,17 +0,0 @@
-/** @implements {Type.CryptoAdapter} */
-export class NodeCryptoAdapter implements Type.CryptoAdapter {
-    /** @param {Type.BlobLike} data  */
-    encryptStream(data: Type.BlobLike): Promise<{
-        key: Buffer<ArrayBufferLike>;
-        iv: Buffer<ArrayBufferLike>;
-        encryptedStream: ReadableStream<any>;
-    }>;
-    /**
-     * @param {ReadableStream} encryptedData
-     * @param {Uint8Array} key
-     * @param {Uint8Array} iv
-     */
-    decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): Promise<ReadableStream<any>>;
-}
-import * as Type from '../types.js';
-//# sourceMappingURL=node-crypto-adapter.d.ts.map

package/dist/crypto-adapters/node-crypto-adapter.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"node-crypto-adapter.d.ts","sourceRoot":"","sources":["../../src/crypto-adapters/node-crypto-adapter.js"],"names":[],"mappings":"AAMA,uCAAuC;AACvC,0CADiB,IAAI,CAAC,aAAa;IAEjC,mCAAmC;IACnC,oBADY,IAAI,CAAC,QAAQ;;;;OA+BxB;IAED;;;;OAIG;IACH,6BAJW,cAAc,OACd,UAAU,MACV,UAAU,gCA8BpB;CACF;sBAzEqB,aAAa"}

package/dist/crypto-adapters/node-crypto-adapter.js

@@ -1,66 +0,0 @@
-import { randomBytes, createCipheriv, createDecipheriv } from 'crypto';
-import * as Type from '../types.js';
-const ENCRYPTION_ALGORITHM = 'aes-256-cbc';
-/** @implements {Type.CryptoAdapter} */
-export class NodeCryptoAdapter {
-    /** @param {Type.BlobLike} data  */
-    async encryptStream(data) {
-        const symmetricKey = randomBytes(32); // 256 bits for AES-256
-        const initializationVector = randomBytes(16); // 16 bytes for AES
-        const cipher = createCipheriv(ENCRYPTION_ALGORITHM, symmetricKey, initializationVector);
-        const encryptStream = new TransformStream({
-            transform: async (chunk, controller) => {
-                const encryptedChunk = cipher.update(chunk);
-                if (encryptedChunk.length) {
-                    controller.enqueue(encryptedChunk);
-                }
-            },
-            flush: (controller) => {
-                const final = cipher.final();
-                if (final.length) {
-                    controller.enqueue(final);
-                }
-            },
-        });
-        return Promise.resolve({
-            key: symmetricKey,
-            iv: initializationVector,
-            encryptedStream: data.stream().pipeThrough(encryptStream),
-        });
-    }
-    /**
-     * @param {ReadableStream} encryptedData
-     * @param {Uint8Array} key
-     * @param {Uint8Array} iv
-     */
-    async decryptStream(encryptedData, key, iv) {
-        const decipher = createDecipheriv(ENCRYPTION_ALGORITHM, key, iv);
-        const decryptor = new TransformStream({
-            async transform(chunk, controller) {
-                try {
-                    const decryptedChunk = decipher.update(chunk);
-                    if (decryptedChunk.length > 0) {
-                        controller.enqueue(decryptedChunk);
-                    }
-                }
-                catch (err) {
-                    controller.error(err);
-                }
-            },
-            flush(controller) {
-                try {
-                    const finalChunk = decipher.final();
-                    if (finalChunk.length > 0) {
-                        controller.enqueue(finalChunk);
-                    }
-                    controller.terminate();
-                }
-                catch (err) {
-                    controller.error(err);
-                }
-            },
-        });
-        return Promise.resolve(encryptedData.pipeThrough(decryptor));
-    }
-}
-//# sourceMappingURL=node-crypto-adapter.js.map