@storacha/encrypt-upload-client 0.0.39 → 1.0.0

package/dist/crypto/adapters/lit-crypto-adapter.d.ts

@@ -0,0 +1,96 @@
+/**
+ * LitCryptoAdapter implements the complete CryptoAdapter interface using Lit Protocol.
+ * It uses composition with a SymmetricCrypto implementation for file encryption/decryption
+ * and Lit Protocol for key management operations.
+ *
+ * @class
+ * @implements {Type.CryptoAdapter}
+ */
+export class LitCryptoAdapter implements Type.CryptoAdapter {
+    /**
+     * Create a new Lit crypto adapter
+     *
+     * @param {Type.SymmetricCrypto} symmetricCrypto - The symmetric crypto implementation (browser or node)
+     * @param {import('@lit-protocol/lit-node-client').LitNodeClient} litClient - The Lit client instance
+     */
+    constructor(symmetricCrypto: Type.SymmetricCrypto, litClient: import("@lit-protocol/lit-node-client").LitNodeClient);
+    symmetricCrypto: Type.SymmetricCrypto;
+    litClient: import("@lit-protocol/lit-node-client").LitNodeClient;
+    /**
+     * Encrypt a stream of data using the symmetric crypto implementation
+     *
+     * @param {Type.BlobLike} data - The data to encrypt
+     * @returns {Promise<Type.EncryptOutput>} - The encrypted data
+     */
+    encryptStream(data: Type.BlobLike): Promise<Type.EncryptOutput>;
+    /**
+     * Decrypt a stream of data using the symmetric crypto implementation
+     *
+     * @param {ReadableStream} encryptedData - The encrypted data to decrypt
+     * @param {Uint8Array} key - The key to use for decryption
+     * @param {Uint8Array} iv - The initialization vector to use for decryption
+     * @returns {Promise<ReadableStream>} - The decrypted data
+     */
+    decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): Promise<ReadableStream>;
+    /**
+     * Encrypt a symmetric key using the Lit crypto adapter
+     *
+     * @param {Uint8Array} key - The symmetric key to encrypt
+     * @param {Uint8Array} iv - The initialization vector to encrypt
+     * @param {Type.EncryptionConfig} encryptionConfig - The encryption configuration
+     * @returns {Promise<Type.EncryptedKeyResult>} - The encrypted key result
+     */
+    encryptSymmetricKey(key: Uint8Array, iv: Uint8Array, encryptionConfig: Type.EncryptionConfig): Promise<Type.EncryptedKeyResult>;
+    /**
+     * Decrypt a symmetric key using the Lit crypto adapter
+     *
+     * @param {string} encryptedKey - The encrypted key to decrypt
+     * @param {object} configs - The decryption configuration
+     * @param {Type.DecryptionOptions} configs.decryptionOptions - The decryption options
+     * @param {Type.ExtractedMetadata} configs.metadata - The extracted metadata
+     * @param {Uint8Array} configs.delegationCAR - The delegation CAR
+     * @param {Type.AnyLink} configs.resourceCID - The resource CID
+     * @param {import('@storacha/client/types').Signer<import('@storacha/client/types').DID, import('@storacha/client/types').SigAlg>} configs.issuer - The issuer
+     * @param {import('@storacha/client/types').DID} configs.audience - The audience
+     * @returns {Promise<{ key: Uint8Array, iv: Uint8Array }>} - The decrypted key and IV
+     */
+    decryptSymmetricKey(encryptedKey: string, configs: {
+        decryptionOptions: Type.DecryptionOptions;
+        metadata: Type.ExtractedMetadata;
+        delegationCAR: Uint8Array;
+        resourceCID: Type.AnyLink;
+        issuer: import("@storacha/client/types").Signer<import("@storacha/client/types").DID, import("@storacha/client/types").SigAlg>;
+        audience: import("@storacha/client/types").DID;
+    }): Promise<{
+        key: Uint8Array;
+        iv: Uint8Array;
+    }>;
+    /**
+     * Extract encrypted metadata from a CAR file
+     *
+     * @param {Uint8Array} car - The CAR file to extract metadata from
+     * @returns {Type.ExtractedMetadata} - The extracted metadata
+     */
+    extractEncryptedMetadata(car: Uint8Array): Type.ExtractedMetadata;
+    /**
+     * Get the encrypted key from the metadata
+     *
+     * @param {Type.ExtractedMetadata} metadata - The metadata to get the encrypted key from
+     * @returns {string} - The encrypted key
+     */
+    getEncryptedKey(metadata: Type.ExtractedMetadata): string;
+    /**
+     * Encode metadata for upload
+     *
+     * @param {string} encryptedDataCID - The CID of the encrypted data
+     * @param {string} encryptedKey - The encrypted key
+     * @param {Type.LitKeyMetadata} metadata - The metadata to encode
+     * @returns {Promise<{ cid: import('@storacha/upload-client/types').AnyLink, bytes: Uint8Array }>} - The encoded metadata
+     */
+    encodeMetadata(encryptedDataCID: string, encryptedKey: string, metadata: Type.LitKeyMetadata): Promise<{
+        cid: import("@storacha/upload-client/types").AnyLink;
+        bytes: Uint8Array;
+    }>;
+}
+import * as Type from '../../types.js';
+//# sourceMappingURL=lit-crypto-adapter.d.ts.map

package/dist/crypto/adapters/lit-crypto-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lit-crypto-adapter.d.ts","sourceRoot":"","sources":["../../../src/crypto/adapters/lit-crypto-adapter.js"],"names":[],"mappings":"AAMA;;;;;;;GAOG;AACH,yCAFgB,IAAI,CAAC,aAAa;IAGhC;;;;;OAKG;IACH,6BAHW,IAAI,CAAC,eAAe,aACpB,OAAO,+BAA+B,EAAE,aAAa,EAK/D;IAFC,sCAAsC;IACtC,iEAA0B;IAG5B;;;;;OAKG;IACH,oBAHW,IAAI,CAAC,QAAQ,GACX,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAIvC;IAED;;;;;;;OAOG;IACH,6BALW,cAAc,OACd,UAAU,MACV,UAAU,GACR,OAAO,CAAC,cAAc,CAAC,CAInC;IAED;;;;;;;OAOG;IACH,yBALW,UAAU,MACV,UAAU,oBACV,IAAI,CAAC,gBAAgB,GACnB,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAgC5C;IAED;;;;;;;;;;;;OAYG;IACH,kCAVW,MAAM,WAEd;QAAwC,iBAAiB,EAAjD,IAAI,CAAC,iBAAiB;QACU,QAAQ,EAAxC,IAAI,CAAC,iBAAiB;QACF,aAAa,EAAjC,UAAU;QACY,WAAW,EAAjC,IAAI,CAAC,OAAO;QACoH,MAAM,EAAtI,OAAO,wBAAwB,EAAE,MAAM,CAAC,OAAO,wBAAwB,EAAE,GAAG,EAAE,OAAO,wBAAwB,EAAE,MAAM,CAAC;QACxE,QAAQ,EAAtD,OAAO,wBAAwB,EAAE,GAAG;KAC5C,GAAU,OAAO,CAAC;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,EAAE,EAAE,UAAU,CAAA;KAAE,CAAC,CAsFxD;IAED;;;;;OAKG;IACH,8BAHW,UAAU,GACR,IAAI,CAAC,iBAAiB,CA4BlC;IAED;;;;;OAKG;IACH,0BAHW,IAAI,CAAC,iBAAiB,GACpB,MAAM,CAOlB;IAED;;;;;;;OAOG;IACH,iCALW,MAAM,gBACN,MAAM,YACN,IAAI,CAAC,cAAc,GACjB,OAAO,CAAC;QAAE,GAAG,EAAE,OAAO,+BAA+B,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,UAAU,CAAA;KAAE,CAAC,CAehG;CACF;sBA5PqB,gBAAgB"}

package/dist/crypto/adapters/lit-crypto-adapter.js

@@ -0,0 +1,210 @@
+import { base64 } from 'multiformats/bases/base64';
+import * as Lit from '../../protocols/lit.js';
+import * as EncryptedMetadata from '../../core/metadata/encrypted-metadata.js';
+import { createDecryptWrappedInvocation } from '../../utils.js';
+import * as Type from '../../types.js';
+/**
+ * LitCryptoAdapter implements the complete CryptoAdapter interface using Lit Protocol.
+ * It uses composition with a SymmetricCrypto implementation for file encryption/decryption
+ * and Lit Protocol for key management operations.
+ *
+ * @class
+ * @implements {Type.CryptoAdapter}
+ */
+export class LitCryptoAdapter {
+    /**
+     * Create a new Lit crypto adapter
+     *
+     * @param {Type.SymmetricCrypto} symmetricCrypto - The symmetric crypto implementation (browser or node)
+     * @param {import('@lit-protocol/lit-node-client').LitNodeClient} litClient - The Lit client instance
+     */
+    constructor(symmetricCrypto, litClient) {
+        this.symmetricCrypto = symmetricCrypto;
+        this.litClient = litClient;
+    }
+    /**
+     * Encrypt a stream of data using the symmetric crypto implementation
+     *
+     * @param {Type.BlobLike} data - The data to encrypt
+     * @returns {Promise<Type.EncryptOutput>} - The encrypted data
+     */
+    async encryptStream(data) {
+        return this.symmetricCrypto.encryptStream(data);
+    }
+    /**
+     * Decrypt a stream of data using the symmetric crypto implementation
+     *
+     * @param {ReadableStream} encryptedData - The encrypted data to decrypt
+     * @param {Uint8Array} key - The key to use for decryption
+     * @param {Uint8Array} iv - The initialization vector to use for decryption
+     * @returns {Promise<ReadableStream>} - The decrypted data
+     */
+    async decryptStream(encryptedData, key, iv) {
+        return this.symmetricCrypto.decryptStream(encryptedData, key, iv);
+    }
+    /**
+     * Encrypt a symmetric key using the Lit crypto adapter
+     *
+     * @param {Uint8Array} key - The symmetric key to encrypt
+     * @param {Uint8Array} iv - The initialization vector to encrypt
+     * @param {Type.EncryptionConfig} encryptionConfig - The encryption configuration
+     * @returns {Promise<Type.EncryptedKeyResult>} - The encrypted key result
+     */
+    async encryptSymmetricKey(key, iv, encryptionConfig) {
+        // Step 1. Combine key and IV to encrypt a single string
+        const combinedKeyAndIV = this.symmetricCrypto.combineKeyAndIV(key, iv);
+        // Step 2. Create access control conditions and encrypt with Lit
+        const { spaceDID } = encryptionConfig;
+        const accessControlConditions = Lit.getAccessControlConditions(spaceDID);
+        // Step 3. Encrypt the base64 encoded combined key and IV with Lit
+        const dataToEncrypt = base64.encode(combinedKeyAndIV);
+        const { ciphertext, dataToEncryptHash } = await Lit.encryptString({
+            dataToEncrypt,
+            accessControlConditions,
+        }, this.litClient);
+        // Step 4. Return the encrypted key and metadata
+        return {
+            strategy: /** @type {'lit'} */ ('lit'),
+            encryptedKey: ciphertext,
+            metadata: {
+                plaintextKeyHash: dataToEncryptHash,
+                accessControlConditions: 
+                /** @type {import('@lit-protocol/types').AccessControlConditions} */ (accessControlConditions),
+            },
+        };
+    }
+    /**
+     * Decrypt a symmetric key using the Lit crypto adapter
+     *
+     * @param {string} encryptedKey - The encrypted key to decrypt
+     * @param {object} configs - The decryption configuration
+     * @param {Type.DecryptionOptions} configs.decryptionOptions - The decryption options
+     * @param {Type.ExtractedMetadata} configs.metadata - The extracted metadata
+     * @param {Uint8Array} configs.delegationCAR - The delegation CAR
+     * @param {Type.AnyLink} configs.resourceCID - The resource CID
+     * @param {import('@storacha/client/types').Signer<import('@storacha/client/types').DID, import('@storacha/client/types').SigAlg>} configs.issuer - The issuer
+     * @param {import('@storacha/client/types').DID} configs.audience - The audience
+     * @returns {Promise<{ key: Uint8Array, iv: Uint8Array }>} - The decrypted key and IV
+     */
+    async decryptSymmetricKey(encryptedKey, configs) {
+        const { decryptionOptions, metadata, delegationCAR, resourceCID, issuer, audience, } = configs;
+        // Validate Lit metadata
+        if (metadata.strategy !== 'lit') {
+            throw new Error('LitCryptoAdapter can only handle Lit metadata');
+        }
+        const { plaintextKeyHash, accessControlConditions } = metadata;
+        // Step 1. Extract spaceDID from access control conditions
+        const spaceDID = /** @type {Type.SpaceDID} */ (accessControlConditions[0].parameters[1]);
+        // Step 2. Create session signatures if not provided
+        let sessionSigs = decryptionOptions.sessionSigs;
+        if (!sessionSigs) {
+            const acc = 
+            /** @type import('@lit-protocol/types').AccessControlConditions */ (
+            /** @type {unknown} */ (accessControlConditions));
+            const expiration = new Date(Date.now() + 1000 * 60 * 5).toISOString(); // 5 min
+            // Step 2.1. Create session signatures for the wallet if provided
+            if (decryptionOptions.wallet) {
+                sessionSigs = await Lit.getSessionSigs(this.litClient, {
+                    wallet: decryptionOptions.wallet,
+                    dataToEncryptHash: plaintextKeyHash,
+                    expiration,
+                    accessControlConditions: acc,
+                });
+            }
+            // Step 2.2. Otherwise, create session signatures for the PKP if provided
+            else if (decryptionOptions.pkpPublicKey && decryptionOptions.authMethod) {
+                sessionSigs = await Lit.getPkpSessionSigs(this.litClient, {
+                    pkpPublicKey: decryptionOptions.pkpPublicKey,
+                    authMethod: decryptionOptions.authMethod,
+                    dataToEncryptHash: plaintextKeyHash,
+                    expiration,
+                    accessControlConditions: acc,
+                });
+            }
+            else {
+                throw new Error('Session signatures or signer (wallet/PKP) required for Lit decryption');
+            }
+        }
+        // Step 3. Create wrapped UCAN invocation
+        const wrappedInvocationJSON = await createDecryptWrappedInvocation({
+            delegationCAR,
+            spaceDID,
+            resourceCID,
+            issuer,
+            audience,
+            expiration: new Date(Date.now() + 1000 * 60 * 10).getTime(), // 10 min
+        });
+        // Step 4. Execute the Lit Action with all the prepared context to decrypt the symmetric key
+        const decryptedString = await Lit.executeUcanValidationAction(this.litClient, {
+            sessionSigs,
+            spaceDID,
+            identityBoundCiphertext: encryptedKey,
+            plaintextKeyHash,
+            accessControlConditions,
+            wrappedInvocationJSON,
+        });
+        // Step 5. Lit Action returns a base64-encoded string, so decode it to Uint8Array
+        const combinedKeyAndIV = base64.decode(decryptedString);
+        // Step 6. Use symmetric crypto to split the combined key and IV
+        return this.symmetricCrypto.splitKeyAndIV(combinedKeyAndIV);
+    }
+    /**
+     * Extract encrypted metadata from a CAR file
+     *
+     * @param {Uint8Array} car - The CAR file to extract metadata from
+     * @returns {Type.ExtractedMetadata} - The extracted metadata
+     */
+    extractEncryptedMetadata(car) {
+        const encryptedContentResult = EncryptedMetadata.extract(car);
+        if (encryptedContentResult.error) {
+            throw encryptedContentResult.error;
+        }
+        const encryptedContent = encryptedContentResult.ok.toJSON();
+        // Validate it's Lit format
+        if (!encryptedContent.identityBoundCiphertext ||
+            !encryptedContent.accessControlConditions) {
+            throw new Error('Invalid Lit Protocol metadata format - missing identityBoundCiphertext or accessControlConditions');
+        }
+        // Return with strategy identifier
+        return {
+            strategy: /** @type {'lit'} */ ('lit'),
+            encryptedDataCID: encryptedContent.encryptedDataCID,
+            identityBoundCiphertext: encryptedContent.identityBoundCiphertext,
+            plaintextKeyHash: encryptedContent.plaintextKeyHash,
+            accessControlConditions: encryptedContent.accessControlConditions,
+        };
+    }
+    /**
+     * Get the encrypted key from the metadata
+     *
+     * @param {Type.ExtractedMetadata} metadata - The metadata to get the encrypted key from
+     * @returns {string} - The encrypted key
+     */
+    getEncryptedKey(metadata) {
+        if (metadata.strategy !== 'lit') {
+            throw new Error('LitCryptoAdapter can only handle Lit metadata');
+        }
+        return metadata.identityBoundCiphertext;
+    }
+    /**
+     * Encode metadata for upload
+     *
+     * @param {string} encryptedDataCID - The CID of the encrypted data
+     * @param {string} encryptedKey - The encrypted key
+     * @param {Type.LitKeyMetadata} metadata - The metadata to encode
+     * @returns {Promise<{ cid: import('@storacha/upload-client/types').AnyLink, bytes: Uint8Array }>} - The encoded metadata
+     */
+    async encodeMetadata(encryptedDataCID, encryptedKey, metadata) {
+        const litMetadata = /** @type {Type.LitKeyMetadata} */ (metadata);
+        /** @type {Type.LitMetadataInput} */
+        const uploadData = {
+            encryptedDataCID,
+            identityBoundCiphertext: encryptedKey,
+            plaintextKeyHash: litMetadata.plaintextKeyHash,
+            accessControlConditions: litMetadata.accessControlConditions,
+        };
+        const encryptedMetadata = EncryptedMetadata.create('lit', uploadData);
+        return await encryptedMetadata.archiveBlock();
+    }
+}
+//# sourceMappingURL=lit-crypto-adapter.js.map

package/dist/crypto/factories.browser.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Create a KMS crypto adapter for browser environments
+ * Uses the generic AES-CTR streaming crypto implementation
+ * Works in browser and Node.js environments
+ *
+ * @param {URL|string} keyManagerServiceURL
+ * @param {string} keyManagerServiceDID
+ */
+export function createGenericKMSAdapter(keyManagerServiceURL: URL | string, keyManagerServiceDID: string): KMSCryptoAdapter;
+import { KMSCryptoAdapter } from './adapters/kms-crypto-adapter.js';
+//# sourceMappingURL=factories.browser.d.ts.map

package/dist/crypto/factories.browser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"factories.browser.d.ts","sourceRoot":"","sources":["../../src/crypto/factories.browser.js"],"names":[],"mappings":"AAGA;;;;;;;GAOG;AACH,8DAHW,GAAG,GAAC,MAAM,wBACV,MAAM,oBAYhB;iCApBgC,kCAAkC"}

package/dist/crypto/factories.browser.js

@@ -0,0 +1,16 @@
+import { GenericAesCtrStreamingCrypto } from './symmetric/generic-aes-ctr-streaming-crypto.js';
+import { KMSCryptoAdapter } from './adapters/kms-crypto-adapter.js';
+/**
+ * Create a KMS crypto adapter for browser environments
+ * Uses the generic AES-CTR streaming crypto implementation
+ * Works in browser and Node.js environments
+ *
+ * @param {URL|string} keyManagerServiceURL
+ * @param {string} keyManagerServiceDID
+ */
+export function createGenericKMSAdapter(keyManagerServiceURL, keyManagerServiceDID) {
+    const symmetricCrypto = new GenericAesCtrStreamingCrypto();
+    return new KMSCryptoAdapter(symmetricCrypto, keyManagerServiceURL, 
+    /** @type {`did:${string}:${string}`} */ (keyManagerServiceDID));
+}
+//# sourceMappingURL=factories.browser.js.map

package/dist/crypto/factories.node.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Create a KMS crypto adapter for Node.js using the generic AES-CTR streaming crypto.
+ * Works in Node.js & browser environments.
+ *
+ * @param {URL|string} keyManagerServiceURL
+ * @param {string} keyManagerServiceDID
+ */
+export function createGenericKMSAdapter(keyManagerServiceURL: URL | string, keyManagerServiceDID: string): KMSCryptoAdapter;
+/**
+ * Create a Lit crypto adapter for Node.js using AES-CBC (legacy).
+ * Compatible with previous versions of the library.
+ *
+ * @deprecated Use createGenericLitAdapter instead for new uploads.
+ * @param {import('@lit-protocol/lit-node-client').LitNodeClient} litClient
+ */
+export function createNodeLitAdapter(litClient: import("@lit-protocol/lit-node-client").LitNodeClient): LitCryptoAdapter;
+/**
+ * Create a Lit crypto adapter for Node.js using the generic AES-CTR streaming crypto.
+ * Works in Node.js & browser environments.
+ *
+ * @param {import('@lit-protocol/lit-node-client').LitNodeClient} litClient
+ */
+export function createGenericLitAdapter(litClient: import("@lit-protocol/lit-node-client").LitNodeClient): LitCryptoAdapter;
+import { KMSCryptoAdapter } from './adapters/kms-crypto-adapter.js';
+import { LitCryptoAdapter } from './adapters/lit-crypto-adapter.js';
+//# sourceMappingURL=factories.node.d.ts.map

package/dist/crypto/factories.node.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"factories.node.d.ts","sourceRoot":"","sources":["../../src/crypto/factories.node.js"],"names":[],"mappings":"AAKA;;;;;;GAMG;AACH,8DAHW,GAAG,GAAC,MAAM,wBACV,MAAM,oBAYhB;AAED;;;;;;GAMG;AACH,gDAFW,OAAO,+BAA+B,EAAE,aAAa,oBAK/D;AAED;;;;;GAKG;AACH,mDAFW,OAAO,+BAA+B,EAAE,aAAa,oBAK/D;iCA1CgC,kCAAkC;iCADlC,kCAAkC"}

package/dist/crypto/factories.node.js

@@ -0,0 +1,38 @@
+import { GenericAesCtrStreamingCrypto } from './symmetric/generic-aes-ctr-streaming-crypto.js';
+import { NodeAesCbcCrypto } from './symmetric/node-aes-cbc-crypto.js';
+import { LitCryptoAdapter } from './adapters/lit-crypto-adapter.js';
+import { KMSCryptoAdapter } from './adapters/kms-crypto-adapter.js';
+/**
+ * Create a KMS crypto adapter for Node.js using the generic AES-CTR streaming crypto.
+ * Works in Node.js & browser environments.
+ *
+ * @param {URL|string} keyManagerServiceURL
+ * @param {string} keyManagerServiceDID
+ */
+export function createGenericKMSAdapter(keyManagerServiceURL, keyManagerServiceDID) {
+    const symmetricCrypto = new GenericAesCtrStreamingCrypto();
+    return new KMSCryptoAdapter(symmetricCrypto, keyManagerServiceURL, 
+    /** @type {`did:${string}:${string}`} */ (keyManagerServiceDID));
+}
+/**
+ * Create a Lit crypto adapter for Node.js using AES-CBC (legacy).
+ * Compatible with previous versions of the library.
+ *
+ * @deprecated Use createGenericLitAdapter instead for new uploads.
+ * @param {import('@lit-protocol/lit-node-client').LitNodeClient} litClient
+ */
+export function createNodeLitAdapter(litClient) {
+    const symmetricCrypto = new NodeAesCbcCrypto();
+    return new LitCryptoAdapter(symmetricCrypto, litClient);
+}
+/**
+ * Create a Lit crypto adapter for Node.js using the generic AES-CTR streaming crypto.
+ * Works in Node.js & browser environments.
+ *
+ * @param {import('@lit-protocol/lit-node-client').LitNodeClient} litClient
+ */
+export function createGenericLitAdapter(litClient) {
+    const symmetricCrypto = new GenericAesCtrStreamingCrypto();
+    return new LitCryptoAdapter(symmetricCrypto, litClient);
+}
+//# sourceMappingURL=factories.node.js.map

package/dist/crypto/index.d.ts

@@ -0,0 +1,5 @@
+export { GenericAesCtrStreamingCrypto } from "./symmetric/generic-aes-ctr-streaming-crypto.js";
+export { NodeAesCbcCrypto } from "./symmetric/node-aes-cbc-crypto.js";
+export { LitCryptoAdapter } from "./adapters/lit-crypto-adapter.js";
+export { KMSCryptoAdapter } from "./adapters/kms-crypto-adapter.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/crypto/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.js"],"names":[],"mappings":""}

package/dist/crypto/index.js

@@ -0,0 +1,7 @@
+// Symmetric crypto implementations (algorithm-specific)
+export { GenericAesCtrStreamingCrypto } from './symmetric/generic-aes-ctr-streaming-crypto.js';
+export { NodeAesCbcCrypto } from './symmetric/node-aes-cbc-crypto.js';
+// Strategy adapters (composition-based)
+export { LitCryptoAdapter } from './adapters/lit-crypto-adapter.js';
+export { KMSCryptoAdapter } from './adapters/kms-crypto-adapter.js';
+//# sourceMappingURL=index.js.map

package/dist/crypto/symmetric/generic-aes-ctr-streaming-crypto.d.ts

@@ -0,0 +1,76 @@
+/**
+ * GenericAesCtrStreamingCrypto implements TRUE streaming AES-CTR encryption for any JavaScript environment.
+ *
+ * This implementation:
+ * - Uses Web Crypto API (available in both Node.js 16+ and modern browsers)
+ * - Emits encrypted chunks immediately without buffering
+ * - Supports files of any size with bounded memory usage
+ * - Uses TransformStream for clean, standardized streaming
+ * - Provides identical results across Node.js and browser environments
+ *
+ * Key features:
+ * - Memory usage: O(1) - constant memory regardless of file size
+ * - Supports unlimited file sizes (1TB+)
+ * - Cross-platform compatibility (Node.js 16+ and modern browsers)
+ * - Clean streaming implementation with automatic resource management
+ * - Built-in error handling via TransformStream
+ *
+ * @class
+ * @implements {Type.SymmetricCrypto}
+ */
+export class GenericAesCtrStreamingCrypto implements Type.SymmetricCrypto {
+    /**
+     * Generate a random AES key
+     *
+     * @returns {Promise<Uint8Array>} A random AES key
+     */
+    generateKey(): Promise<Uint8Array>;
+    /**
+     * Properly increment AES-CTR counter with 128-bit arithmetic
+     *
+     * @param {Uint8Array} counter - The base counter (16 bytes)
+     * @param {number} increment - The value to add
+     * @returns {Uint8Array} - New counter with proper carry propagation
+     */
+    incrementCounter(counter: Uint8Array, increment: number): Uint8Array;
+    /**
+     * Encrypt a stream of data using AES-CTR with TRUE streaming (no buffering).
+     *
+     * @param {Blob} data The data to encrypt.
+     * @returns {Promise<{ key: Uint8Array, iv: Uint8Array, encryptedStream: ReadableStream }>}
+     */
+    encryptStream(data: Blob): Promise<{
+        key: Uint8Array;
+        iv: Uint8Array;
+        encryptedStream: ReadableStream;
+    }>;
+    /**
+     * Decrypt a stream of data using AES-CTR with TRUE streaming (no buffering).
+     *
+     * @param {ReadableStream} encryptedData The encrypted data stream.
+     * @param {Uint8Array} key The encryption key.
+     * @param {Uint8Array} iv The initialization vector (counter).
+     * @returns {Promise<ReadableStream>} A stream of decrypted data.
+     */
+    decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): Promise<ReadableStream>;
+    /**
+     * Combine key and IV into a single array for AES-CTR
+     *
+     * @param {Uint8Array} key - The AES key (KEY_LENGTH/8 bytes)
+     * @param {Uint8Array} iv - The AES-CTR IV (IV_LENGTH bytes)
+     * @returns {Uint8Array} Combined key and IV (KEY_LENGTH/8 + IV_LENGTH bytes)
+     */
+    combineKeyAndIV(key: Uint8Array, iv: Uint8Array): Uint8Array;
+    /**
+     * Split combined key and IV for AES-CTR
+     *
+     * @param {Uint8Array} combined - Combined key and IV (KEY_LENGTH/8 + IV_LENGTH bytes)
+     * @returns {{ key: Uint8Array, iv: Uint8Array }} Separated key and IV
+     */
+    splitKeyAndIV(combined: Uint8Array): {
+        key: Uint8Array;
+        iv: Uint8Array;
+    };
+}
+import * as Type from '../../types.js';
+//# sourceMappingURL=generic-aes-ctr-streaming-crypto.d.ts.map

package/dist/crypto/symmetric/generic-aes-ctr-streaming-crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generic-aes-ctr-streaming-crypto.d.ts","sourceRoot":"","sources":["../../../src/crypto/symmetric/generic-aes-ctr-streaming-crypto.js"],"names":[],"mappings":"AAOA;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qDAFgB,IAAI,CAAC,eAAe;IASlC;;;;OAIG;IACH,eAFa,OAAO,CAAC,UAAU,CAAC,CAI/B;IAED;;;;;;OAMG;IACH,0BAJW,UAAU,aACV,MAAM,GACJ,UAAU,CAsBtB;IAED;;;;;OAKG;IACH,oBAHW,IAAI,GACF,OAAO,CAAC;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,EAAE,EAAE,UAAU,CAAC;QAAC,eAAe,EAAE,cAAc,CAAA;KAAE,CAAC,CAsDzF;IAED;;;;;;;OAOG;IACH,6BALW,cAAc,OACd,UAAU,MACV,UAAU,GACR,OAAO,CAAC,cAAc,CAAC,CAiDnC;IAED;;;;;;OAMG;IACH,qBAJW,UAAU,MACV,UAAU,GACR,UAAU,CAatB;IAED;;;;;OAKG;IACH,wBAHW,UAAU,GACR;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,EAAE,EAAE,UAAU,CAAA;KAAE,CAc/C;CACF;sBApOqB,gBAAgB"}