@storacha/encrypt-upload-client 1.1.56 → 1.1.58

package/dist/crypto/symmetric/node-aes-cbc-crypto.js

@@ -1,8 +1,8 @@
-import { randomBytes, createCipheriv, createDecipheriv } from 'crypto';
-import * as Type from '../../types.js';
-const ENCRYPTION_ALGORITHM = 'aes-256-cbc';
-const KEY_LENGTH = 256; // bits
-const IV_LENGTH = 16; // bytes (128 bits, used as initialization vector)
+import { randomBytes, createCipheriv, createDecipheriv } from 'crypto'
+import * as Type from '../../types.js'
+const ENCRYPTION_ALGORITHM = 'aes-256-cbc'
+const KEY_LENGTH = 256 // bits
+const IV_LENGTH = 16 // bytes (128 bits, used as initialization vector)
 /**
  * NodeAesCbcCrypto implements AES-CBC symmetric encryption for Node.js environments.
  * It uses AES-CBC mode for encryption via the Node.js crypto module.
@@ -13,98 +13,104 @@ const IV_LENGTH = 16; // bytes (128 bits, used as initialization vector)
  * @implements {Type.SymmetricCrypto}
  */
 export class NodeAesCbcCrypto {
-    /** @param {Type.BlobLike} data  */
-    async encryptStream(data) {
-        const symmetricKey = randomBytes(KEY_LENGTH / 8); // KEY_LENGTH bits for AES
-        const initializationVector = randomBytes(IV_LENGTH); // IV_LENGTH bytes for AES
-        const cipher = createCipheriv(ENCRYPTION_ALGORITHM, symmetricKey, initializationVector);
-        const encryptStream = new TransformStream({
-            transform: async (chunk, controller) => {
-                const encryptedChunk = cipher.update(chunk);
-                if (encryptedChunk.length) {
-                    controller.enqueue(encryptedChunk);
-                }
-            },
-            flush: (controller) => {
-                const final = cipher.final();
-                if (final.length) {
-                    controller.enqueue(final);
-                }
-            },
-        });
-        return Promise.resolve({
-            key: symmetricKey,
-            iv: initializationVector,
-            encryptedStream: data.stream().pipeThrough(encryptStream),
-        });
-    }
-    /**
-     * @param {ReadableStream} encryptedData
-     * @param {Uint8Array} key
-     * @param {Uint8Array} iv
-     */
-    async decryptStream(encryptedData, key, iv) {
-        const decipher = createDecipheriv(ENCRYPTION_ALGORITHM, key, iv);
-        const decryptor = new TransformStream({
-            async transform(chunk, controller) {
-                try {
-                    const decryptedChunk = decipher.update(chunk);
-                    if (decryptedChunk.length > 0) {
-                        controller.enqueue(decryptedChunk);
-                    }
-                }
-                catch (err) {
-                    controller.error(err);
-                }
-            },
-            flush(controller) {
-                try {
-                    const finalChunk = decipher.final();
-                    if (finalChunk.length > 0) {
-                        controller.enqueue(finalChunk);
-                    }
-                    controller.terminate();
-                }
-                catch (err) {
-                    controller.error(err);
-                }
-            },
-        });
-        return Promise.resolve(encryptedData.pipeThrough(decryptor));
-    }
-    /**
-     * Combine key and IV into a single array for AES-CBC
-     *
-     * @param {Uint8Array} key - The AES key (KEY_LENGTH/8 bytes)
-     * @param {Uint8Array} iv - The AES-CBC IV (IV_LENGTH bytes)
-     * @returns {Uint8Array} Combined key and IV (KEY_LENGTH/8 + IV_LENGTH bytes)
-     */
-    combineKeyAndIV(key, iv) {
-        const keyBytes = KEY_LENGTH / 8;
-        if (key.length !== keyBytes) {
-            throw new Error(`AES-${KEY_LENGTH} key must be ${keyBytes} bytes, got ${key.length}`);
+  /** @param {Type.BlobLike} data  */
+  async encryptStream(data) {
+    const symmetricKey = randomBytes(KEY_LENGTH / 8) // KEY_LENGTH bits for AES
+    const initializationVector = randomBytes(IV_LENGTH) // IV_LENGTH bytes for AES
+    const cipher = createCipheriv(
+      ENCRYPTION_ALGORITHM,
+      symmetricKey,
+      initializationVector
+    )
+    const encryptStream = new TransformStream({
+      transform: async (chunk, controller) => {
+        const encryptedChunk = cipher.update(chunk)
+        if (encryptedChunk.length) {
+          controller.enqueue(encryptedChunk)
         }
-        if (iv.length !== IV_LENGTH) {
-            throw new Error(`AES-CBC IV must be ${IV_LENGTH} bytes, got ${iv.length}`);
+      },
+      flush: (controller) => {
+        const final = cipher.final()
+        if (final.length) {
+          controller.enqueue(final)
         }
-        return new Uint8Array([...key, ...iv]);
-    }
-    /**
-     * Split combined key and IV for AES-CBC
-     *
-     * @param {Uint8Array} combined - Combined key and IV (KEY_LENGTH/8 + IV_LENGTH bytes)
-     * @returns {{ key: Uint8Array, iv: Uint8Array }} Separated key and IV
-     */
-    splitKeyAndIV(combined) {
-        const keyBytes = KEY_LENGTH / 8;
-        const expectedLength = keyBytes + IV_LENGTH;
-        if (combined.length !== expectedLength) {
-            throw new Error(`AES-${KEY_LENGTH}-CBC combined key+IV must be ${expectedLength} bytes, got ${combined.length}`);
+      },
+    })
+    return Promise.resolve({
+      key: symmetricKey,
+      iv: initializationVector,
+      encryptedStream: data.stream().pipeThrough(encryptStream),
+    })
+  }
+  /**
+   * @param {ReadableStream} encryptedData
+   * @param {Uint8Array} key
+   * @param {Uint8Array} iv
+   */
+  async decryptStream(encryptedData, key, iv) {
+    const decipher = createDecipheriv(ENCRYPTION_ALGORITHM, key, iv)
+    const decryptor = new TransformStream({
+      async transform(chunk, controller) {
+        try {
+          const decryptedChunk = decipher.update(chunk)
+          if (decryptedChunk.length > 0) {
+            controller.enqueue(decryptedChunk)
+          }
+        } catch (err) {
+          controller.error(err)
+        }
+      },
+      flush(controller) {
+        try {
+          const finalChunk = decipher.final()
+          if (finalChunk.length > 0) {
+            controller.enqueue(finalChunk)
+          }
+          controller.terminate()
+        } catch (err) {
+          controller.error(err)
         }
-        return {
-            key: combined.subarray(0, keyBytes),
-            iv: combined.subarray(keyBytes, keyBytes + IV_LENGTH),
-        };
+      },
+    })
+    return Promise.resolve(encryptedData.pipeThrough(decryptor))
+  }
+  /**
+   * Combine key and IV into a single array for AES-CBC
+   *
+   * @param {Uint8Array} key - The AES key (KEY_LENGTH/8 bytes)
+   * @param {Uint8Array} iv - The AES-CBC IV (IV_LENGTH bytes)
+   * @returns {Uint8Array} Combined key and IV (KEY_LENGTH/8 + IV_LENGTH bytes)
+   */
+  combineKeyAndIV(key, iv) {
+    const keyBytes = KEY_LENGTH / 8
+    if (key.length !== keyBytes) {
+      throw new Error(
+        `AES-${KEY_LENGTH} key must be ${keyBytes} bytes, got ${key.length}`
+      )
+    }
+    if (iv.length !== IV_LENGTH) {
+      throw new Error(`AES-CBC IV must be ${IV_LENGTH} bytes, got ${iv.length}`)
+    }
+    return new Uint8Array([...key, ...iv])
+  }
+  /**
+   * Split combined key and IV for AES-CBC
+   *
+   * @param {Uint8Array} combined - Combined key and IV (KEY_LENGTH/8 + IV_LENGTH bytes)
+   * @returns {{ key: Uint8Array, iv: Uint8Array }} Separated key and IV
+   */
+  splitKeyAndIV(combined) {
+    const keyBytes = KEY_LENGTH / 8
+    const expectedLength = keyBytes + IV_LENGTH
+    if (combined.length !== expectedLength) {
+      throw new Error(
+        `AES-${KEY_LENGTH}-CBC combined key+IV must be ${expectedLength} bytes, got ${combined.length}`
+      )
+    }
+    return {
+      key: combined.subarray(0, keyBytes),
+      iv: combined.subarray(keyBytes, keyBytes + IV_LENGTH),
     }
+  }
 }
-//# sourceMappingURL=node-aes-cbc-crypto.js.map
+//# sourceMappingURL=node-aes-cbc-crypto.js.map

package/dist/examples/decrypt-test.d.ts

@@ -1,2 +1,2 @@
-export {};
-//# sourceMappingURL=decrypt-test.d.ts.map
+export {}
+//# sourceMappingURL=decrypt-test.d.ts.map

package/dist/examples/decrypt-test.js

@@ -1,73 +1,82 @@
-import * as fs from 'fs';
-import dotenv from 'dotenv';
-import { CID } from 'multiformats';
-import * as Client from '@storacha/client';
-import * as Signer from '@ucanto/principal/ed25519';
-import { StoreMemory } from '@storacha/client/stores/memory';
-import { create } from '../src/index.js';
-import { Wallet } from 'ethers';
-import { serviceConf, receiptsEndpoint } from '../src/config/service.js';
-import { createNodeLitAdapter } from '../src/crypto/factories.node.js';
-import { LitNodeClient } from '@lit-protocol/lit-node-client';
-import { extract } from '@ucanto/core/delegation';
-dotenv.config();
+import * as fs from 'fs'
+import dotenv from 'dotenv'
+import { CID } from 'multiformats'
+import * as Client from '@storacha/client'
+import * as Signer from '@ucanto/principal/ed25519'
+import { StoreMemory } from '@storacha/client/stores/memory'
+import { create } from '../src/index.js'
+import { Wallet } from 'ethers'
+import { serviceConf, receiptsEndpoint } from '../src/config/service.js'
+import { createNodeLitAdapter } from '../src/crypto/factories.node.js'
+import { LitNodeClient } from '@lit-protocol/lit-node-client'
+import { extract } from '@ucanto/core/delegation'
+dotenv.config()
 async function main() {
-    // set up storacha client with a new agent
-    const cid = CID.parse('bafyreifhwqmspdjsy6rgcmcizgodv7bwskgiehjhdx7wukax3z5r7tz5ji');
-    const delegationCarBuffer = fs.readFileSync('delegation.car');
-    const wallet = new Wallet(process.env.WALLET_PK || '');
-    const principal = Signer.parse(process.env.DELEGATEE_AGENT_PK || '');
-    const store = new StoreMemory();
-    const client = await Client.create({
-        principal,
-        store,
-        serviceConf,
-        receiptsEndpoint,
-    });
-    // Set up Lit client
-    const litClient = new LitNodeClient({
-        litNetwork: 'datil-dev',
-    });
-    await litClient.connect();
-    const encryptedClient = await create({
-        storachaClient: client,
-        cryptoAdapter: createNodeLitAdapter(litClient),
-    });
-    const res = await extract(delegationCarBuffer);
-    if (res.error) {
-        throw new Error(`Failed to extract delegation: ${res.error.message}`);
+  // set up storacha client with a new agent
+  const cid = CID.parse(
+    'bafyreifhwqmspdjsy6rgcmcizgodv7bwskgiehjhdx7wukax3z5r7tz5ji'
+  )
+  const delegationCarBuffer = fs.readFileSync('delegation.car')
+  const wallet = new Wallet(process.env.WALLET_PK || '')
+  const principal = Signer.parse(process.env.DELEGATEE_AGENT_PK || '')
+  const store = new StoreMemory()
+  const client = await Client.create({
+    principal,
+    store,
+    serviceConf,
+    receiptsEndpoint,
+  })
+  // Set up Lit client
+  const litClient = new LitNodeClient({
+    litNetwork: 'datil-dev',
+  })
+  await litClient.connect()
+  const encryptedClient = await create({
+    storachaClient: client,
+    cryptoAdapter: createNodeLitAdapter(litClient),
+  })
+  const res = await extract(delegationCarBuffer)
+  if (res.error) {
+    throw new Error(`Failed to extract delegation: ${res.error.message}`)
+  }
+  const decryptDelegation = res.ok
+  const decryptionCapability = decryptDelegation.capabilities.find(
+    (c) => c.can === 'space/content/decrypt'
+  )
+  if (!decryptionCapability) {
+    throw new Error('Failed to find decryption capability')
+  }
+  const spaceDID = /** @type {`did:key:${string}`} */ (
+    decryptionCapability.with
+  )
+  const decryptionConfig = {
+    wallet,
+    decryptDelegation,
+    spaceDID,
+  }
+  const decryptedContent = await encryptedClient.retrieveAndDecryptFile(
+    cid,
+    decryptionConfig
+  )
+  const reader = decryptedContent.stream.getReader()
+  const decoder = new TextDecoder()
+  let result = ''
+  let done = false
+  while (!done) {
+    const { value, done: isDone } = await reader.read()
+    done = isDone
+    if (value) {
+      result += decoder.decode(value, { stream: true })
     }
-    const decryptDelegation = res.ok;
-    const decryptionCapability = decryptDelegation.capabilities.find((c) => c.can === 'space/content/decrypt');
-    if (!decryptionCapability) {
-        throw new Error('Failed to find decryption capability');
-    }
-    const spaceDID = /** @type {`did:key:${string}`} */ (decryptionCapability.with);
-    const decryptionConfig = {
-        wallet,
-        decryptDelegation,
-        spaceDID,
-    };
-    const decryptedContent = await encryptedClient.retrieveAndDecryptFile(cid, decryptionConfig);
-    const reader = decryptedContent.stream.getReader();
-    const decoder = new TextDecoder();
-    let result = '';
-    let done = false;
-    while (!done) {
-        const { value, done: isDone } = await reader.read();
-        done = isDone;
-        if (value) {
-            result += decoder.decode(value, { stream: true });
-        }
-    }
-    console.log('================ RESULT ===================');
-    console.log(result);
-    console.log('===========================================');
+  }
+  console.log('================ RESULT ===================')
+  console.log(result)
+  console.log('===========================================')
 }
 main()
-    .then(() => process.exit(0))
-    .catch((err) => {
-    console.error(err);
-    process.exit(1);
-});
-//# sourceMappingURL=decrypt-test.js.map
+  .then(() => process.exit(0))
+  .catch((err) => {
+    console.error(err)
+    process.exit(1)
+  })
+//# sourceMappingURL=decrypt-test.js.map

package/dist/examples/encrypt-test.d.ts

@@ -1,4 +1,6 @@
 /** @param {string} data Base64 encoded CAR file */
-export function parseProof(data: string): Promise<Signer.Delegation<Signer.Signer.Capabilities>>;
-import * as Signer from '@ucanto/principal/ed25519';
-//# sourceMappingURL=encrypt-test.d.ts.map
+export function parseProof(
+  data: string
+): Promise<Signer.Delegation<Signer.Signer.Capabilities>>
+import * as Signer from '@ucanto/principal/ed25519'
+//# sourceMappingURL=encrypt-test.d.ts.map

package/dist/examples/encrypt-test.js

@@ -1,61 +1,64 @@
-import * as fs from 'fs';
-import dotenv from 'dotenv';
-import { CarReader } from '@ipld/car';
-import * as Client from '@storacha/client';
-import { importDAG } from '@ucanto/core/delegation';
-import * as Signer from '@ucanto/principal/ed25519';
-import { StoreMemory } from '@storacha/client/stores/memory';
-import * as EncryptClient from '../src/index.js';
-import { serviceConf, receiptsEndpoint } from '../src/config/service.js';
-import { createNodeLitAdapter } from '../src/crypto/factories.node.js';
-import { LitNodeClient } from '@lit-protocol/lit-node-client';
-dotenv.config();
+import * as fs from 'fs'
+import dotenv from 'dotenv'
+import { CarReader } from '@ipld/car'
+import * as Client from '@storacha/client'
+import { importDAG } from '@ucanto/core/delegation'
+import * as Signer from '@ucanto/principal/ed25519'
+import { StoreMemory } from '@storacha/client/stores/memory'
+import * as EncryptClient from '../src/index.js'
+import { serviceConf, receiptsEndpoint } from '../src/config/service.js'
+import { createNodeLitAdapter } from '../src/crypto/factories.node.js'
+import { LitNodeClient } from '@lit-protocol/lit-node-client'
+dotenv.config()
 /** @param {string} data Base64 encoded CAR file */
 export async function parseProof(data) {
-    const blocks = [];
-    const reader = await CarReader.fromBytes(Buffer.from(data, 'base64'));
-    for await (const block of reader.blocks()) {
-        blocks.push(block);
-    }
-    return importDAG(blocks);
+  const blocks = []
+  const reader = await CarReader.fromBytes(Buffer.from(data, 'base64'))
+  for await (const block of reader.blocks()) {
+    blocks.push(block)
+  }
+  return importDAG(blocks)
 }
 async function main() {
-    // set up storacha client with a new agent
-    const principal = Signer.parse(process.env.AGENT_PK || '');
-    const store = new StoreMemory();
-    const client = await Client.create({
-        principal,
-        store,
-        serviceConf,
-        receiptsEndpoint,
-    });
-    // now give Agent the delegation from the Space
-    const proof = await parseProof(process.env.PROOF || '');
-    const space = await client.addSpace(proof);
-    await client.setCurrentSpace(space.did());
-    // Set up Lit client
-    const litClient = new LitNodeClient({
-        litNetwork: 'datil-dev',
-    });
-    await litClient.connect();
-    const encryptedClient = await EncryptClient.create({
-        storachaClient: client,
-        cryptoAdapter: createNodeLitAdapter(litClient),
-    });
-    const fileContent = await fs.promises.readFile('./README.md');
-    const blob = new Blob([fileContent]);
-    // Create encryption config
-    const encryptionConfig = {
-        issuer: principal,
-        spaceDID: space.did(),
-    };
-    const link = await encryptedClient.encryptAndUploadFile(blob, encryptionConfig);
-    console.log(link);
+  // set up storacha client with a new agent
+  const principal = Signer.parse(process.env.AGENT_PK || '')
+  const store = new StoreMemory()
+  const client = await Client.create({
+    principal,
+    store,
+    serviceConf,
+    receiptsEndpoint,
+  })
+  // now give Agent the delegation from the Space
+  const proof = await parseProof(process.env.PROOF || '')
+  const space = await client.addSpace(proof)
+  await client.setCurrentSpace(space.did())
+  // Set up Lit client
+  const litClient = new LitNodeClient({
+    litNetwork: 'datil-dev',
+  })
+  await litClient.connect()
+  const encryptedClient = await EncryptClient.create({
+    storachaClient: client,
+    cryptoAdapter: createNodeLitAdapter(litClient),
+  })
+  const fileContent = await fs.promises.readFile('./README.md')
+  const blob = new Blob([fileContent])
+  // Create encryption config
+  const encryptionConfig = {
+    issuer: principal,
+    spaceDID: space.did(),
+  }
+  const link = await encryptedClient.encryptAndUploadFile(
+    blob,
+    encryptionConfig
+  )
+  console.log(link)
 }
 main()
-    .then(() => process.exit(0))
-    .catch((err) => {
-    console.error(err);
-    process.exit(1);
-});
-//# sourceMappingURL=encrypt-test.js.map
+  .then(() => process.exit(0))
+  .catch((err) => {
+    console.error(err)
+    process.exit(1)
+  })
+//# sourceMappingURL=encrypt-test.js.map

package/dist/handlers/decrypt-handler.d.ts

@@ -8,8 +8,22 @@
  * @param {AsyncIterable<Uint8Array>|Uint8Array} content - The encrypted file content
  * @returns {Promise<ReadableStream>} The decrypted file stream
  */
-export function decryptFileWithKey(cryptoAdapter: Type.CryptoAdapter, key: Uint8Array, iv: Uint8Array, content: AsyncIterable<Uint8Array> | Uint8Array): Promise<ReadableStream>;
-export function retrieveAndDecrypt(storachaClient: import("@storacha/client").Client, cryptoAdapter: Type.CryptoAdapter, gatewayURL: URL, cid: Type.AnyLink, decryptionConfig: Type.DecryptionConfig): Promise<Type.DecryptionResult>;
-export function getCarFileFromPublicGateway(gatewayURL: URL, cid: string): Promise<Uint8Array>;
-import * as Type from '../types.js';
-//# sourceMappingURL=decrypt-handler.d.ts.map
+export function decryptFileWithKey(
+  cryptoAdapter: Type.CryptoAdapter,
+  key: Uint8Array,
+  iv: Uint8Array,
+  content: AsyncIterable<Uint8Array> | Uint8Array
+): Promise<ReadableStream>
+export function retrieveAndDecrypt(
+  storachaClient: import('@storacha/client').Client,
+  cryptoAdapter: Type.CryptoAdapter,
+  gatewayURL: URL,
+  cid: Type.AnyLink,
+  decryptionConfig: Type.DecryptionConfig
+): Promise<Type.DecryptionResult>
+export function getCarFileFromPublicGateway(
+  gatewayURL: URL,
+  cid: string
+): Promise<Uint8Array>
+import * as Type from '../types.js'
+//# sourceMappingURL=decrypt-handler.d.ts.map

package/dist/handlers/encrypt-handler.d.ts

@@ -1,3 +1,9 @@
-export function encryptAndUpload(storachaClient: import("@storacha/client").Client, cryptoAdapter: Type.CryptoAdapter, file: Type.BlobLike, encryptionConfig: Type.EncryptionConfig, uploadOptions?: Type.UploadOptions): Promise<Type.AnyLink>;
-import * as Type from '../types.js';
-//# sourceMappingURL=encrypt-handler.d.ts.map
+export function encryptAndUpload(
+  storachaClient: import('@storacha/client').Client,
+  cryptoAdapter: Type.CryptoAdapter,
+  file: Type.BlobLike,
+  encryptionConfig: Type.EncryptionConfig,
+  uploadOptions?: Type.UploadOptions
+): Promise<Type.AnyLink>
+import * as Type from '../types.js'
+//# sourceMappingURL=encrypt-handler.d.ts.map