@storacha/encrypt-upload-client 0.0.39 → 1.0.0

package/dist/crypto/symmetric/generic-aes-ctr-streaming-crypto.js

@@ -0,0 +1,177 @@
+import * as Type from '../../types.js';
+const ENCRYPTION_ALGORITHM = 'AES-CTR';
+const KEY_LENGTH = 256; // bits
+const IV_LENGTH = 16; // bytes (128 bits, used as counter)
+const COUNTER_LENGTH = 64; // bits (Web Crypto API default for AES-CTR)
+/**
+ * GenericAesCtrStreamingCrypto implements TRUE streaming AES-CTR encryption for any JavaScript environment.
+ *
+ * This implementation:
+ * - Uses Web Crypto API (available in both Node.js 16+ and modern browsers)
+ * - Emits encrypted chunks immediately without buffering
+ * - Supports files of any size with bounded memory usage
+ * - Uses TransformStream for clean, standardized streaming
+ * - Provides identical results across Node.js and browser environments
+ *
+ * Key features:
+ * - Memory usage: O(1) - constant memory regardless of file size
+ * - Supports unlimited file sizes (1TB+)
+ * - Cross-platform compatibility (Node.js 16+ and modern browsers)
+ * - Clean streaming implementation with automatic resource management
+ * - Built-in error handling via TransformStream
+ *
+ * @class
+ * @implements {Type.SymmetricCrypto}
+ */
+export class GenericAesCtrStreamingCrypto {
+    constructor() {
+        if (typeof globalThis.crypto === 'undefined') {
+            throw new Error('Web Crypto API is not available.');
+        }
+    }
+    /**
+     * Generate a random AES key
+     *
+     * @returns {Promise<Uint8Array>} A random AES key
+     */
+    async generateKey() {
+        return globalThis.crypto.getRandomValues(new Uint8Array(KEY_LENGTH / 8));
+    }
+    /**
+     * Properly increment AES-CTR counter with 128-bit arithmetic
+     *
+     * @param {Uint8Array} counter - The base counter (16 bytes)
+     * @param {number} increment - The value to add
+     * @returns {Uint8Array} - New counter with proper carry propagation
+     */
+    incrementCounter(counter, increment) {
+        const result = new Uint8Array(counter);
+        let carry = increment;
+        // Implement proper 128-bit arithmetic with carry propagation
+        // Start from the least significant byte (rightmost) and propagate carry
+        for (let i = result.length - 1; i >= 0 && carry > 0; i--) {
+            const sum = result[i] + carry;
+            result[i] = sum & 0xff; // Keep only the low 8 bits
+            carry = sum >> 8; // Carry the high bits to next position
+        }
+        // Check for counter overflow (extremely unlikely with 128-bit counter)
+        if (carry > 0) {
+            throw new Error('Counter overflow: exceeded 128-bit limit. This should never happen in practice.');
+        }
+        return result;
+    }
+    /**
+     * Encrypt a stream of data using AES-CTR with TRUE streaming (no buffering).
+     *
+     * @param {Blob} data The data to encrypt.
+     * @returns {Promise<{ key: Uint8Array, iv: Uint8Array, encryptedStream: ReadableStream }>}
+     */
+    async encryptStream(data) {
+        const key = await this.generateKey();
+        const iv = globalThis.crypto.getRandomValues(new Uint8Array(IV_LENGTH));
+        // Pre-import the crypto key for reuse across chunks
+        const cryptoKey = await globalThis.crypto.subtle.importKey('raw', key, { name: ENCRYPTION_ALGORITHM }, false, ['encrypt', 'decrypt']);
+        // State for AES-CTR counter management
+        let counter = new Uint8Array(iv); // Copy the IV for counter
+        let totalBlocks = 0; // Track total blocks processed
+        // Create TransformStream (inspired by Node.js approach)
+        const encryptTransform = new TransformStream({
+            transform: async (chunk, controller) => {
+                try {
+                    // SECURITY: Calculate counter based on total blocks, not chunks
+                    const chunkCounter = this.incrementCounter(counter, totalBlocks);
+                    // SECURITY: Increment by blocks in this chunk (16 bytes per block)
+                    const blocksInChunk = Math.ceil(chunk.length / 16);
+                    totalBlocks += blocksInChunk;
+                    // Encrypt chunk using Web Crypto API
+                    const encrypted = new Uint8Array(await globalThis.crypto.subtle.encrypt({
+                        name: ENCRYPTION_ALGORITHM,
+                        counter: chunkCounter,
+                        length: COUNTER_LENGTH,
+                    }, cryptoKey, chunk));
+                    controller.enqueue(encrypted);
+                }
+                catch (error) {
+                    controller.error(error);
+                }
+            },
+            // Note: No flush needed for AES-CTR (unlike CBC which needs final padding)
+        });
+        const encryptedStream = data.stream().pipeThrough(encryptTransform);
+        return { key, iv, encryptedStream };
+    }
+    /**
+     * Decrypt a stream of data using AES-CTR with TRUE streaming (no buffering).
+     *
+     * @param {ReadableStream} encryptedData The encrypted data stream.
+     * @param {Uint8Array} key The encryption key.
+     * @param {Uint8Array} iv The initialization vector (counter).
+     * @returns {Promise<ReadableStream>} A stream of decrypted data.
+     */
+    async decryptStream(encryptedData, key, iv) {
+        // Pre-import the crypto key for reuse across chunks
+        const cryptoKey = await globalThis.crypto.subtle.importKey('raw', key, { name: ENCRYPTION_ALGORITHM }, false, ['encrypt', 'decrypt']);
+        // State for AES-CTR counter management
+        let counter = new Uint8Array(iv);
+        let totalBlocks = 0; // Track total blocks processed (CRITICAL for security)
+        // Create TransformStream (inspired by Node.js approach)
+        const decryptTransform = new TransformStream({
+            transform: async (chunk, controller) => {
+                try {
+                    // SECURITY: Calculate counter based on total blocks, not chunks
+                    const chunkCounter = this.incrementCounter(counter, totalBlocks);
+                    // SECURITY: Increment by blocks in this chunk (16 bytes per block)
+                    const blocksInChunk = Math.ceil(chunk.length / 16);
+                    totalBlocks += blocksInChunk;
+                    // Decrypt chunk using Web Crypto API
+                    const decrypted = new Uint8Array(await globalThis.crypto.subtle.decrypt({
+                        name: ENCRYPTION_ALGORITHM,
+                        counter: chunkCounter,
+                        length: COUNTER_LENGTH,
+                    }, cryptoKey, chunk));
+                    controller.enqueue(decrypted);
+                }
+                catch (error) {
+                    controller.error(error);
+                }
+            },
+            // Note: No flush needed for AES-CTR (unlike CBC which needs final padding)
+        });
+        return encryptedData.pipeThrough(decryptTransform);
+    }
+    /**
+     * Combine key and IV into a single array for AES-CTR
+     *
+     * @param {Uint8Array} key - The AES key (KEY_LENGTH/8 bytes)
+     * @param {Uint8Array} iv - The AES-CTR IV (IV_LENGTH bytes)
+     * @returns {Uint8Array} Combined key and IV (KEY_LENGTH/8 + IV_LENGTH bytes)
+     */
+    combineKeyAndIV(key, iv) {
+        const keyBytes = KEY_LENGTH / 8;
+        if (key.length !== keyBytes) {
+            throw new Error(`AES-${KEY_LENGTH} key must be ${keyBytes} bytes, got ${key.length}`);
+        }
+        if (iv.length !== IV_LENGTH) {
+            throw new Error(`AES-CTR IV must be ${IV_LENGTH} bytes, got ${iv.length}`);
+        }
+        return new Uint8Array([...key, ...iv]);
+    }
+    /**
+     * Split combined key and IV for AES-CTR
+     *
+     * @param {Uint8Array} combined - Combined key and IV (KEY_LENGTH/8 + IV_LENGTH bytes)
+     * @returns {{ key: Uint8Array, iv: Uint8Array }} Separated key and IV
+     */
+    splitKeyAndIV(combined) {
+        const keyBytes = KEY_LENGTH / 8;
+        const expectedLength = keyBytes + IV_LENGTH;
+        if (combined.length !== expectedLength) {
+            throw new Error(`AES-${KEY_LENGTH}-CTR combined key+IV must be ${expectedLength} bytes, got ${combined.length}`);
+        }
+        return {
+            key: combined.subarray(0, keyBytes),
+            iv: combined.subarray(keyBytes, keyBytes + IV_LENGTH),
+        };
+    }
+}
+//# sourceMappingURL=generic-aes-ctr-streaming-crypto.js.map

package/dist/crypto/symmetric/node-aes-cbc-crypto.d.ts

@@ -0,0 +1,43 @@
+/**
+ * NodeAesCbcCrypto implements AES-CBC symmetric encryption for Node.js environments.
+ * It uses AES-CBC mode for encryption via the Node.js crypto module.
+ * If you already encrypted a file with this class, you still need to use this class to decrypt it.
+ *
+ * @deprecated Use GenericAesCtrStreamingCrypto instead for new uploads
+ * @class
+ * @implements {Type.SymmetricCrypto}
+ */
+export class NodeAesCbcCrypto implements Type.SymmetricCrypto {
+    /** @param {Type.BlobLike} data  */
+    encryptStream(data: Type.BlobLike): Promise<{
+        key: Buffer<ArrayBufferLike>;
+        iv: Buffer<ArrayBufferLike>;
+        encryptedStream: ReadableStream<any>;
+    }>;
+    /**
+     * @param {ReadableStream} encryptedData
+     * @param {Uint8Array} key
+     * @param {Uint8Array} iv
+     */
+    decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): Promise<ReadableStream<any>>;
+    /**
+     * Combine key and IV into a single array for AES-CBC
+     *
+     * @param {Uint8Array} key - The AES key (KEY_LENGTH/8 bytes)
+     * @param {Uint8Array} iv - The AES-CBC IV (IV_LENGTH bytes)
+     * @returns {Uint8Array} Combined key and IV (KEY_LENGTH/8 + IV_LENGTH bytes)
+     */
+    combineKeyAndIV(key: Uint8Array, iv: Uint8Array): Uint8Array;
+    /**
+     * Split combined key and IV for AES-CBC
+     *
+     * @param {Uint8Array} combined - Combined key and IV (KEY_LENGTH/8 + IV_LENGTH bytes)
+     * @returns {{ key: Uint8Array, iv: Uint8Array }} Separated key and IV
+     */
+    splitKeyAndIV(combined: Uint8Array): {
+        key: Uint8Array;
+        iv: Uint8Array;
+    };
+}
+import * as Type from '../../types.js';
+//# sourceMappingURL=node-aes-cbc-crypto.d.ts.map

package/dist/crypto/symmetric/node-aes-cbc-crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"node-aes-cbc-crypto.d.ts","sourceRoot":"","sources":["../../../src/crypto/symmetric/node-aes-cbc-crypto.js"],"names":[],"mappings":"AAOA;;;;;;;;GAQG;AACH,yCAFgB,IAAI,CAAC,eAAe;IAGlC,mCAAmC;IACnC,oBADY,IAAI,CAAC,QAAQ;;;;OA+BxB;IAED;;;;OAIG;IACH,6BAJW,cAAc,OACd,UAAU,MACV,UAAU,gCA8BpB;IAED;;;;;;OAMG;IACH,qBAJW,UAAU,MACV,UAAU,GACR,UAAU,CAatB;IAED;;;;;OAKG;IACH,wBAHW,UAAU,GACR;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,EAAE,EAAE,UAAU,CAAA;KAAE,CAc/C;CACF;sBA3HqB,gBAAgB"}

package/dist/crypto/symmetric/node-aes-cbc-crypto.js

@@ -0,0 +1,110 @@
+import { randomBytes, createCipheriv, createDecipheriv } from 'crypto';
+import * as Type from '../../types.js';
+const ENCRYPTION_ALGORITHM = 'aes-256-cbc';
+const KEY_LENGTH = 256; // bits
+const IV_LENGTH = 16; // bytes (128 bits, used as initialization vector)
+/**
+ * NodeAesCbcCrypto implements AES-CBC symmetric encryption for Node.js environments.
+ * It uses AES-CBC mode for encryption via the Node.js crypto module.
+ * If you already encrypted a file with this class, you still need to use this class to decrypt it.
+ *
+ * @deprecated Use GenericAesCtrStreamingCrypto instead for new uploads
+ * @class
+ * @implements {Type.SymmetricCrypto}
+ */
+export class NodeAesCbcCrypto {
+    /** @param {Type.BlobLike} data  */
+    async encryptStream(data) {
+        const symmetricKey = randomBytes(KEY_LENGTH / 8); // KEY_LENGTH bits for AES
+        const initializationVector = randomBytes(IV_LENGTH); // IV_LENGTH bytes for AES
+        const cipher = createCipheriv(ENCRYPTION_ALGORITHM, symmetricKey, initializationVector);
+        const encryptStream = new TransformStream({
+            transform: async (chunk, controller) => {
+                const encryptedChunk = cipher.update(chunk);
+                if (encryptedChunk.length) {
+                    controller.enqueue(encryptedChunk);
+                }
+            },
+            flush: (controller) => {
+                const final = cipher.final();
+                if (final.length) {
+                    controller.enqueue(final);
+                }
+            },
+        });
+        return Promise.resolve({
+            key: symmetricKey,
+            iv: initializationVector,
+            encryptedStream: data.stream().pipeThrough(encryptStream),
+        });
+    }
+    /**
+     * @param {ReadableStream} encryptedData
+     * @param {Uint8Array} key
+     * @param {Uint8Array} iv
+     */
+    async decryptStream(encryptedData, key, iv) {
+        const decipher = createDecipheriv(ENCRYPTION_ALGORITHM, key, iv);
+        const decryptor = new TransformStream({
+            async transform(chunk, controller) {
+                try {
+                    const decryptedChunk = decipher.update(chunk);
+                    if (decryptedChunk.length > 0) {
+                        controller.enqueue(decryptedChunk);
+                    }
+                }
+                catch (err) {
+                    controller.error(err);
+                }
+            },
+            flush(controller) {
+                try {
+                    const finalChunk = decipher.final();
+                    if (finalChunk.length > 0) {
+                        controller.enqueue(finalChunk);
+                    }
+                    controller.terminate();
+                }
+                catch (err) {
+                    controller.error(err);
+                }
+            },
+        });
+        return Promise.resolve(encryptedData.pipeThrough(decryptor));
+    }
+    /**
+     * Combine key and IV into a single array for AES-CBC
+     *
+     * @param {Uint8Array} key - The AES key (KEY_LENGTH/8 bytes)
+     * @param {Uint8Array} iv - The AES-CBC IV (IV_LENGTH bytes)
+     * @returns {Uint8Array} Combined key and IV (KEY_LENGTH/8 + IV_LENGTH bytes)
+     */
+    combineKeyAndIV(key, iv) {
+        const keyBytes = KEY_LENGTH / 8;
+        if (key.length !== keyBytes) {
+            throw new Error(`AES-${KEY_LENGTH} key must be ${keyBytes} bytes, got ${key.length}`);
+        }
+        if (iv.length !== IV_LENGTH) {
+            throw new Error(`AES-CBC IV must be ${IV_LENGTH} bytes, got ${iv.length}`);
+        }
+        return new Uint8Array([...key, ...iv]);
+    }
+    /**
+     * Split combined key and IV for AES-CBC
+     *
+     * @param {Uint8Array} combined - Combined key and IV (KEY_LENGTH/8 + IV_LENGTH bytes)
+     * @returns {{ key: Uint8Array, iv: Uint8Array }} Separated key and IV
+     */
+    splitKeyAndIV(combined) {
+        const keyBytes = KEY_LENGTH / 8;
+        const expectedLength = keyBytes + IV_LENGTH;
+        if (combined.length !== expectedLength) {
+            throw new Error(`AES-${KEY_LENGTH}-CBC combined key+IV must be ${expectedLength} bytes, got ${combined.length}`);
+        }
+        return {
+            key: combined.subarray(0, keyBytes),
+            iv: combined.subarray(keyBytes, keyBytes + IV_LENGTH),
+        };
+    }
+}
+//# sourceMappingURL=node-aes-cbc-crypto.js.map

package/dist/handlers/decrypt-handler.d.ts

@@ -1,10 +1,15 @@
 /**
+ * Decrypt file content using the decrypted symmetric key and IV.
+ *
  * @param {Type.CryptoAdapter} cryptoAdapter - The crypto adapter responsible for performing
  * encryption and decryption operations.
- * @param {string} combinedKey
- * @param {Uint8Array} content
+ * @param {Uint8Array} key - The symmetric key
+ * @param {Uint8Array} iv - The initialization vector
+ * @param {Uint8Array} content - The encrypted file content
+ * @returns {Promise<ReadableStream>} The decrypted file stream
  */
-export function decryptFileWithKey(cryptoAdapter: Type.CryptoAdapter, combinedKey: string, content: Uint8Array): Promise<ReadableStream<any>>;
-export function retrieveAndDecrypt(storachaClient: import("@storacha/client").Client, litClient: import("@lit-protocol/lit-node-client").LitNodeClient, cryptoAdapter: Type.CryptoAdapter, gatewayURL: URL, signer: Type.LitWalletSigner | Type.LitPkpSigner, cid: Type.AnyLink, delegationCAR: Uint8Array): Promise<ReadableStream<any>>;
+export function decryptFileWithKey(cryptoAdapter: Type.CryptoAdapter, key: Uint8Array, iv: Uint8Array, content: Uint8Array): Promise<ReadableStream>;
+export function retrieveAndDecrypt(storachaClient: import("@storacha/client").Client, cryptoAdapter: Type.CryptoAdapter, gatewayURL: URL, cid: Type.AnyLink, delegationCAR: Uint8Array, decryptionOptions: Type.DecryptionOptions): Promise<ReadableStream>;
+export function getCarFileFromPublicGateway(gatewayURL: URL, cid: string): Promise<Uint8Array>;
 import * as Type from '../types.js';
 //# sourceMappingURL=decrypt-handler.d.ts.map

package/dist/handlers/decrypt-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"decrypt-handler.d.ts","sourceRoot":"","sources":["../../src/handlers/decrypt-handler.js"],"names":[],"mappings":"AAuGA;;;;;GAKG;AACH,kDALW,IAAI,CAAC,aAAa,eAElB,MAAM,WACN,UAAU,gCAuBpB;AA3GM,mDATI,OAAO,kBAAkB,EAAE,MAAM,aACjC,OAAO,+BAA+B,EAAE,aAAa,iBACrD,IAAI,CAAC,aAAa,cAElB,GAAG,UACH,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,YAAY,OACxC,IAAI,CAAC,OAAO,iBACZ,UAAU,gCAgFpB;sBA9FqB,aAAa"}
+{"version":3,"file":"decrypt-handler.d.ts","sourceRoot":"","sources":["../../src/handlers/decrypt-handler.js"],"names":[],"mappings":"AA4DA;;;;;;;;;GASG;AACH,kDAPW,IAAI,CAAC,aAAa,OAElB,UAAU,MACV,UAAU,WACV,UAAU,GACR,OAAO,CAAC,cAAc,CAAC,CAanC;AA9DM,mDATI,OAAO,kBAAkB,EAAE,MAAM,iBACjC,IAAI,CAAC,aAAa,cAElB,GAAG,OACH,IAAI,CAAC,OAAO,iBACZ,UAAU,qBACV,IAAI,CAAC,iBAAiB,GACpB,OAAO,CAAC,cAAc,CAAC,CAyCnC;AAoCM,wDAJI,GAAG,OACH,MAAM,GACJ,OAAO,CAAC,UAAU,CAAC,CA+B/B;sBAtHqB,aAAa"}

package/dist/handlers/decrypt-handler.js

@@ -1,144 +1,113 @@
 import { CID } from 'multiformats';
-import { CarIndexer } from '@ipld/car';
+import { CarIndexer, CarReader } from '@ipld/car';
 import { exporter } from 'ipfs-unixfs-exporter';
 import { MemoryBlockstore } from 'blockstore-core';
-import { base64 } from 'multiformats/bases/base64';
-import * as Lit from '../protocols/lit.js';
 import * as Type from '../types.js';
-import * as EncryptedMetadata from '../core/encrypted-metadata.js';
-import { createDecryptWrappedInvocation } from '../utils.js';
 /**
- * Retrieve and decrypt a file from the IPFS gateway.
+ * Retrieve and decrypt a file from the IPFS gateway using any supported encryption strategy.
  *
  * @param {import('@storacha/client').Client} storachaClient - The Storacha client
- * @param {import('@lit-protocol/lit-node-client').LitNodeClient} litClient - The Lit client
  * @param {Type.CryptoAdapter} cryptoAdapter - The crypto adapter responsible for performing
  * encryption and decryption operations.
  * @param {URL} gatewayURL - The IPFS gateway URL
- * @param {Type.LitWalletSigner | Type.LitPkpSigner} signer - The wallet or PKP key signer to decrypt the file
  * @param {Type.AnyLink} cid - The link to the file to retrieve
- * @param {Uint8Array} delegationCAR - The delegation that gives permission to decrypt the file
+ * @param {Uint8Array} delegationCAR - The delegation that gives permission to decrypt (required for both strategies)
+ * @param {Type.DecryptionOptions} decryptionOptions - User-provided decryption options
+ * @returns {Promise<ReadableStream>} The decrypted file stream
  */
-export const retrieveAndDecrypt = async (storachaClient, litClient, cryptoAdapter, gatewayURL, signer, cid, delegationCAR) => {
-    const encryptedMetadataCar = await getCarFileFromGateway(gatewayURL, cid.toString());
-    const { encryptedDataCID, identityBoundCiphertext, plaintextKeyHash, accessControlConditions, } = extractEncryptedMetadata(encryptedMetadataCar);
-    const spaceDID = /** @type {`did:key:${string}`} */ (accessControlConditions[0].parameters[1]);
-    const encryptedData = await getEncryptedDataFromCar(encryptedMetadataCar, encryptedDataCID);
-    if (!signer) {
-        throw new Error('Signer is required');
-    }
-    /**
-     * TODO: check if the wallet has capacity credits, if not get it
-     */
-    const acc = 
-    /** @type import('@lit-protocol/types').AccessControlConditions */ (
-    /** @type {unknown} */ (accessControlConditions));
-    const expiration = new Date(Date.now() + 1000 * 60 * 5).toISOString(); // 5 min
-    // TODO: store the session signature (https://developer.litprotocol.com/intro/first-request/generating-session-sigs#nodejs)
-    let sessionSigs;
-    if ('wallet' in signer) {
-        sessionSigs = await Lit.getSessionSigs(litClient, {
-            wallet: signer.wallet,
-            dataToEncryptHash: plaintextKeyHash,
-            expiration,
-            accessControlConditions: acc,
-        });
-    }
-    else {
-        sessionSigs = await Lit.getPkpSessionSigs(litClient, {
-            pkpPublicKey: signer.pkpPublicKey,
-            authMethod: signer.authMethod,
-            dataToEncryptHash: plaintextKeyHash,
-            expiration,
-            accessControlConditions: acc,
-        });
-    }
-    const wrappedInvocationJSON = await createDecryptWrappedInvocation({
+export const retrieveAndDecrypt = async (storachaClient, cryptoAdapter, gatewayURL, cid, delegationCAR, decryptionOptions) => {
+    // Step 1: Get the encrypted metadata from the public gateway
+    const encryptedMetadataCar = await getCarFileFromPublicGateway(gatewayURL, cid.toString());
+    // Step 2: Extract encrypted metadata from the CAR file
+    const metadata = cryptoAdapter.extractEncryptedMetadata(encryptedMetadataCar);
+    // Step 3: Get the encrypted data from the CAR file
+    const encryptedData = await getEncryptedDataFromCar(encryptedMetadataCar, metadata.encryptedDataCID);
+    // Step 4: Decrypt the encrypted symmetric key
+    const encryptedSymmetricKey = cryptoAdapter.getEncryptedKey(metadata);
+    const { key, iv } = await cryptoAdapter.decryptSymmetricKey(encryptedSymmetricKey, {
+        decryptionOptions,
+        metadata,
         delegationCAR,
-        spaceDID,
         resourceCID: cid,
         issuer: storachaClient.agent.issuer,
         audience: storachaClient.defaultProvider(),
-        expiration: new Date(Date.now() + 1000 * 60 * 10).getTime(), // 10 min
     });
-    const decryptKey = await Lit.executeUcanValidationAction(litClient, {
-        sessionSigs,
-        spaceDID,
-        identityBoundCiphertext,
-        plaintextKeyHash,
-        accessControlConditions,
-        wrappedInvocationJSON,
-    });
-    return decryptFileWithKey(cryptoAdapter, decryptKey, encryptedData);
+    // Step 5: Decrypt the encrypted file content using the decrypted symmetric key and IV
+    return decryptFileWithKey(cryptoAdapter, key, iv, encryptedData);
 };
 /**
+ * Decrypt file content using the decrypted symmetric key and IV.
+ *
  * @param {Type.CryptoAdapter} cryptoAdapter - The crypto adapter responsible for performing
  * encryption and decryption operations.
- * @param {string} combinedKey
- * @param {Uint8Array} content
+ * @param {Uint8Array} key - The symmetric key
+ * @param {Uint8Array} iv - The initialization vector
+ * @param {Uint8Array} content - The encrypted file content
+ * @returns {Promise<ReadableStream>} The decrypted file stream
  */
-export function decryptFileWithKey(cryptoAdapter, combinedKey, content) {
-    // Split the decrypted data back into key and initializationVector
-    const decryptedKeyData = base64.decode(combinedKey);
-    const symmetricKey = decryptedKeyData.subarray(0, 32);
-    const initializationVector = decryptedKeyData.subarray(32);
-    // Create a ReadableStream from the Uint8Array
+export function decryptFileWithKey(cryptoAdapter, key, iv, content) {
     const contentStream = new ReadableStream({
         start(controller) {
             controller.enqueue(content);
             controller.close();
         },
     });
-    const decryptedStream = cryptoAdapter.decryptStream(contentStream, symmetricKey, initializationVector);
+    const decryptedStream = cryptoAdapter.decryptStream(contentStream, key, iv);
     return decryptedStream;
 }
 /**
+ * Fetch a CAR file from the public IPFS gateway with root CID verification.
  *
- * @param {URL} gatewayURL
- * @param {string} cid
+ * SECURITY: This function provides metadata integrity protection (P0.2).
+ * Verifies the returned CAR matches the requested CID to prevent metadata tampering.
+ * Content integrity (P2.2) is handled by existing IPFS tools in getEncryptedDataFromCar.
+ *
+ * @param {URL} gatewayURL - The IPFS gateway URL
+ * @param {string} cid - The CID to fetch
+ * @returns {Promise<Uint8Array>} The verified CAR file bytes
  */
-const getCarFileFromGateway = async (gatewayURL, cid) => {
+export const getCarFileFromPublicGateway = async (gatewayURL, cid) => {
     const url = new URL(`/ipfs/${cid}?format=car`, gatewayURL);
     const response = await fetch(url);
     if (!response.ok) {
         throw new Error(`Failed to fetch: ${response.status} ${response.statusText}`);
     }
     const car = new Uint8Array(await response.arrayBuffer());
-    return car;
-};
-/**
- *
- * @param {Uint8Array} car
- */
-const extractEncryptedMetadata = (car) => {
-    const encryptedContentResult = EncryptedMetadata.extract(car);
-    if (encryptedContentResult.error) {
-        throw encryptedContentResult.error;
+    // SECURITY: Verify the CAR's root CID matches what we requested
+    const reader = await CarReader.fromBytes(car);
+    const roots = await reader.getRoots();
+    const expectedCID = CID.parse(cid);
+    if (roots.length !== 1) {
+        throw new Error(`CAR file must have exactly one root CID, found ${roots.length}`);
+    }
+    if (!roots[0].equals(expectedCID)) {
+        throw new Error(`CID verification failed: expected ${expectedCID} but CAR contains ${roots[0]}`);
     }
-    let encryptedContent = encryptedContentResult.ok.toJSON();
-    return encryptedContent;
+    return car;
 };
 /**
+ * Extract encrypted data from a CAR file.
  *
- * @param {Uint8Array} car
- * @param {string} encryptedDataCID
+ * @param {Uint8Array} car - The CAR file bytes
+ * @param {string} encryptedDataCID - The CID of the encrypted data
+ * @returns {Promise<Uint8Array>} The encrypted data bytes
  */
 const getEncryptedDataFromCar = async (car, encryptedDataCID) => {
-    // NOTE: convert CAR to a block store
+    // Step 1: Index the CAR file for efficient block lookup
     const iterable = await CarIndexer.fromBytes(car);
-    const blockstore = new MemoryBlockstore();
+    const blockIndex = new Map();
     for await (const { cid, blockLength, blockOffset } of iterable) {
-        const blockBytes = car.slice(blockOffset, blockOffset + blockLength);
-        await blockstore.put(cid, blockBytes);
+        blockIndex.set(cid.toString(), { blockOffset, blockLength });
     }
-    // NOTE: get the encrypted Data from the CAR file
+    // Step 2: Use the index to extract the encrypted data block bytes as needed
+    const { blockOffset, blockLength } = blockIndex.get(encryptedDataCID);
+    const blockBytes = car.subarray(blockOffset, blockOffset + blockLength);
+    // Step 3: Put the block in a blockstore for exporter compatibility
+    const blockstore = new MemoryBlockstore();
+    await blockstore.put(CID.parse(encryptedDataCID), blockBytes);
+    // Step 4: Get the encrypted data from the CAR file
     const encryptedDataEntry = await exporter(CID.parse(encryptedDataCID), blockstore);
-    const encryptedDataBytes = new Uint8Array(Number(encryptedDataEntry.size));
-    let offset = 0;
-    for await (const chunk of encryptedDataEntry.content()) {
-        encryptedDataBytes.set(chunk, offset);
-        offset += chunk.length;
-    }
-    return encryptedDataBytes;
+    // Step 5: Return the async iterable (stream of chunks)
+    return encryptedDataEntry.content(); // async iterable of Uint8Array
 };
 //# sourceMappingURL=decrypt-handler.js.map

package/dist/handlers/encrypt-handler.d.ts

@@ -1,3 +1,3 @@
-export function encryptAndUpload(storachaClient: import("@storacha/client").Client, litClient: import("@lit-protocol/lit-node-client").LitNodeClient, cryptoAdapter: Type.CryptoAdapter, file: Type.BlobLike): Promise<Type.AnyLink>;
+export function encryptAndUpload(storachaClient: import("@storacha/client").Client, cryptoAdapter: Type.CryptoAdapter, file: Type.BlobLike, encryptionConfig: Type.EncryptionConfig, uploadOptions?: Type.UploadOptions): Promise<Type.AnyLink>;
 import * as Type from '../types.js';
 //# sourceMappingURL=encrypt-handler.d.ts.map

package/dist/handlers/encrypt-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"encrypt-handler.d.ts","sourceRoot":"","sources":["../../src/handlers/encrypt-handler.js"],"names":[],"mappings":"AAkBO,iDAPI,OAAO,kBAAkB,EAAE,MAAM,aACjC,OAAO,+BAA+B,EAAE,aAAa,iBACrD,IAAI,CAAC,aAAa,QAElB,IAAI,CAAC,QAAQ,GACX,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CA4BjC;sBAxCqB,aAAa"}
+{"version":3,"file":"encrypt-handler.d.ts","sourceRoot":"","sources":["../../src/handlers/encrypt-handler.js"],"names":[],"mappings":"AAgBO,iDARI,OAAO,kBAAkB,EAAE,MAAM,iBACjC,IAAI,CAAC,aAAa,QAElB,IAAI,CAAC,QAAQ,oBACb,IAAI,CAAC,gBAAgB,kBACrB,IAAI,CAAC,aAAa,GAChB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CA6BjC;sBAxCqB,aAAa"}