@storacha/encrypt-upload-client 1.1.76-rc.0 → 1.1.76-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/crypto/adapters/kms-crypto-adapter.d.ts +143 -172
  2. package/dist/crypto/adapters/kms-crypto-adapter.d.ts.map +1 -1
  3. package/dist/crypto/adapters/kms-crypto-adapter.js +12 -2
  4. package/package.json +3 -3
package/dist/crypto/adapters/kms-crypto-adapter.d.ts CHANGED
@@ -7,176 +7,147 @@
7
7
  * @implements {Type.CryptoAdapter}
8
8
  */
9
9
  export class KMSCryptoAdapter implements Type.CryptoAdapter {
10
- /**
11
- * Create a new KMS crypto adapter
12
- *
13
- * @param {Type.SymmetricCrypto} symmetricCrypto - The symmetric crypto implementation (browser or node)
14
- * @param {URL|string} keyManagerServiceURL - The key manager service URL
15
- * @param {`did:${string}:${string}`} keyManagerServiceDID - The key manager service DID
16
- * @param {object} [options] - Optional configuration
17
- * @param {boolean} [options.allowInsecureHttp] - Allow HTTP for testing (NOT for production)
18
- */
19
- constructor(
20
- symmetricCrypto: Type.SymmetricCrypto,
21
- keyManagerServiceURL: URL | string,
22
- keyManagerServiceDID: `did:${string}:${string}`,
23
- options?: {
24
- allowInsecureHttp?: boolean | undefined
25
- }
26
- )
27
- symmetricCrypto: Type.SymmetricCrypto
28
- keyManagerServiceURL: URL
29
- keyManagerServiceDID: import('@ucanto/client').PrincipalView<`did:${string}:${string}`>
30
- /**
31
- * Encrypt a stream of data using the symmetric crypto
32
- *
33
- * @param {Type.BlobLike} data
34
- */
35
- encryptStream(data: Type.BlobLike): Promise<Type.EncryptOutput>
36
- /**
37
- * Decrypt a stream of data using the symmetric crypto
38
- *
39
- * @param {ReadableStream} encryptedData
40
- * @param {Uint8Array} key
41
- * @param {Uint8Array} iv
42
- */
43
- decryptStream(
44
- encryptedData: ReadableStream,
45
- key: Uint8Array,
46
- iv: Uint8Array
47
- ): Promise<ReadableStream<any>>
48
- /**
49
- * Encrypt a symmetric key using the KMS
50
- *
51
- * @param {Uint8Array} key
52
- * @param {Uint8Array} iv
53
- * @param {Type.EncryptionConfig} encryptionConfig
54
- * @returns {Promise<Type.EncryptedKeyResult>}
55
- */
56
- encryptSymmetricKey(
57
- key: Uint8Array,
58
- iv: Uint8Array,
59
- encryptionConfig: Type.EncryptionConfig
60
- ): Promise<Type.EncryptedKeyResult>
61
- /**
62
- * @param {string} encryptedKey
63
- * @param {object} configs
64
- * @param {Type.DecryptionConfig} configs.decryptionConfig
65
- * @param {Type.ExtractedMetadata} configs.metadata
66
- * @param {Type.AnyLink} configs.resourceCID
67
- * @param {import('@storacha/client/types').Signer<import('@storacha/client/types').DID, import('@storacha/client/types').SigAlg>} configs.issuer
68
- * @param {import('@storacha/client/types').DID} configs.audience
69
- */
70
- decryptSymmetricKey(
71
- encryptedKey: string,
72
- configs: {
73
- decryptionConfig: Type.DecryptionConfig
74
- metadata: Type.ExtractedMetadata
75
- resourceCID: Type.AnyLink
76
- issuer: import('@storacha/client/types').Signer<
77
- import('@storacha/client/types').DID,
78
- import('@storacha/client/types').SigAlg
79
- >
80
- audience: import('@storacha/client/types').DID
81
- }
82
- ): Promise<{
83
- key: Uint8Array
84
- iv: Uint8Array
85
- }>
86
- /**
87
- * Get decrypted symmetric key in base64 string from KMS via private gateway
88
- *
89
- * @param {string} encryptedSymmetricKey - The encrypted symmetric key (base64-encoded)
90
- * @param {Type.SpaceDID} spaceDID - The space DID
91
- * @param {import('@ucanto/interface').Proof} decryptionProof - The decryption delegation proof
92
- * @param {import('@ucanto/interface').Proof[]} proofs - The proofs to access the space
93
- * @param {import('@storacha/client/types').Signer<import('@storacha/client/types').DID, import('@storacha/client/types').SigAlg>} issuer - The issuer
94
- * @returns {Promise<{decryptedSymmetricKey: string}>} - The decrypted symmetric key (base64-encoded)
95
- */
96
- getDecryptedSymmetricKey(
97
- encryptedSymmetricKey: string,
98
- spaceDID: Type.SpaceDID,
99
- decryptionProof: import('@ucanto/interface').Proof,
100
- proofs: import('@ucanto/interface').Proof[],
101
- issuer: import('@storacha/client/types').Signer<
102
- import('@storacha/client/types').DID,
103
- import('@storacha/client/types').SigAlg
104
- >
105
- ): Promise<{
106
- decryptedSymmetricKey: string
107
- }>
108
- /**
109
- * Extract the encrypted metadata from the CAR file
110
- * KMS adapter only handles KMS format (encrypted-metadata@0.2)
111
- *
112
- * @param {Uint8Array} car
113
- * @returns {Type.ExtractedMetadata}
114
- */
115
- extractEncryptedMetadata(car: Uint8Array): Type.ExtractedMetadata
116
- /**
117
- * @param {Type.ExtractedMetadata} metadata
118
- * @returns {string}
119
- */
120
- getEncryptedKey(metadata: Type.ExtractedMetadata): string
121
- /**
122
- * Encode metadata for upload
123
- *
124
- * @param {string} encryptedDataCID - The CID of the encrypted data
125
- * @param {string} encryptedKey - The encrypted key
126
- * @param {Type.KMSKeyMetadata} metadata - The metadata to encode
127
- * @returns {Promise<{ cid: import('@storacha/upload-client/types').AnyLink, bytes: Uint8Array }>} - The encoded metadata
128
- */
129
- encodeMetadata(
130
- encryptedDataCID: string,
131
- encryptedKey: string,
132
- metadata: Type.KMSKeyMetadata
133
- ): Promise<{
134
- cid: import('@storacha/upload-client/types').AnyLink
135
- bytes: Uint8Array
136
- }>
137
- /**
138
- * Get the RSA public key from the space/encryption/setup
139
- *
140
- * @param {Type.EncryptionConfig} encryptionConfig
141
- * @returns {Promise<{ publicKey: string, provider: string, algorithm: string }>}
142
- */
143
- getSpacePublicKey(encryptionConfig: Type.EncryptionConfig): Promise<{
144
- publicKey: string
145
- provider: string
146
- algorithm: string
147
- }>
148
- /**
149
- * Get the Web Crypto API SubtleCrypto interface (universal compatibility)
150
- *
151
- * @returns {SubtleCrypto} - The SubtleCrypto interface
152
- */
153
- getSubtleCrypto(): SubtleCrypto
154
- /**
155
- * Encrypt data with RSA-OAEP using the public key
156
- *
157
- * @param {Uint8Array} dataToEncrypt
158
- * @param {string} publicKeyPem
159
- * @returns {Promise<Uint8Array>}
160
- */
161
- encryptWithRSA(
162
- dataToEncrypt: Uint8Array,
163
- publicKeyPem: string
164
- ): Promise<Uint8Array>
165
- /**
166
- * Convert PEM-encoded public key to ArrayBuffer for Web Crypto API
167
- *
168
- * @param {string} pem - PEM-encoded public key string
169
- * @returns {ArrayBuffer} - DER-encoded key data for crypto.subtle.importKey()
170
- */
171
- pemToArrayBuffer(pem: string): ArrayBuffer
172
- newKeyManagerServiceConnection(): import('@ucanto/interface').ConnectionView<any>
173
- /**
174
- * Sanitize the space DID for the KMS key ID
175
- *
176
- * @param {Type.SpaceDID} spaceDID
177
- * @returns {string}
178
- */
179
- sanitizeSpaceDIDForKMSKeyId(spaceDID: Type.SpaceDID): string
10
+ /**
11
+ * Create a new KMS crypto adapter
12
+ *
13
+ * @param {Type.SymmetricCrypto} symmetricCrypto - The symmetric crypto implementation (browser or node)
14
+ * @param {URL|string} keyManagerServiceURL - The key manager service URL
15
+ * @param {`did:${string}:${string}`} keyManagerServiceDID - The key manager service DID
16
+ * @param {object} [options] - Optional configuration
17
+ * @param {boolean} [options.allowInsecureHttp] - Allow HTTP for testing (NOT for production)
18
+ */
19
+ constructor(symmetricCrypto: Type.SymmetricCrypto, keyManagerServiceURL: URL | string, keyManagerServiceDID: `did:${string}:${string}`, options?: {
20
+ allowInsecureHttp?: boolean | undefined;
21
+ });
22
+ /** @type {Map<Type.SpaceDID, { publicKey: string, provider: string, algorithm: string }>} */
23
+ _cachedPublicKeys: Map<Type.SpaceDID, {
24
+ publicKey: string;
25
+ provider: string;
26
+ algorithm: string;
27
+ }>;
28
+ symmetricCrypto: Type.SymmetricCrypto;
29
+ keyManagerServiceURL: URL;
30
+ keyManagerServiceDID: import("@ucanto/client").PrincipalView<`did:${string}:${string}`>;
31
+ /**
32
+ * Encrypt a stream of data using the symmetric crypto
33
+ *
34
+ * @param {Type.BlobLike} data
35
+ */
36
+ encryptStream(data: Type.BlobLike): Promise<Type.EncryptOutput>;
37
+ /**
38
+ * Decrypt a stream of data using the symmetric crypto
39
+ *
40
+ * @param {ReadableStream} encryptedData
41
+ * @param {Uint8Array} key
42
+ * @param {Uint8Array} iv
43
+ */
44
+ decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): Promise<ReadableStream<any>>;
45
+ /**
46
+ * Encrypt a symmetric key using the KMS
47
+ *
48
+ * @param {Uint8Array} key
49
+ * @param {Uint8Array} iv
50
+ * @param {Type.EncryptionConfig} encryptionConfig
51
+ * @returns {Promise<Type.EncryptedKeyResult>}
52
+ */
53
+ encryptSymmetricKey(key: Uint8Array, iv: Uint8Array, encryptionConfig: Type.EncryptionConfig): Promise<Type.EncryptedKeyResult>;
54
+ /**
55
+ * @param {string} encryptedKey
56
+ * @param {object} configs
57
+ * @param {Type.DecryptionConfig} configs.decryptionConfig
58
+ * @param {Type.ExtractedMetadata} configs.metadata
59
+ * @param {Type.AnyLink} configs.resourceCID
60
+ * @param {import('@storacha/client/types').Signer<import('@storacha/client/types').DID, import('@storacha/client/types').SigAlg>} configs.issuer
61
+ * @param {import('@storacha/client/types').DID} configs.audience
62
+ */
63
+ decryptSymmetricKey(encryptedKey: string, configs: {
64
+ decryptionConfig: Type.DecryptionConfig;
65
+ metadata: Type.ExtractedMetadata;
66
+ resourceCID: Type.AnyLink;
67
+ issuer: import("@storacha/client/types").Signer<import("@storacha/client/types").DID, import("@storacha/client/types").SigAlg>;
68
+ audience: import("@storacha/client/types").DID;
69
+ }): Promise<{
70
+ key: Uint8Array;
71
+ iv: Uint8Array;
72
+ }>;
73
+ /**
74
+ * Get decrypted symmetric key in base64 string from KMS via private gateway
75
+ *
76
+ * @param {string} encryptedSymmetricKey - The encrypted symmetric key (base64-encoded)
77
+ * @param {Type.SpaceDID} spaceDID - The space DID
78
+ * @param {import('@ucanto/interface').Proof} decryptionProof - The decryption delegation proof
79
+ * @param {import('@ucanto/interface').Proof[]} proofs - The proofs to access the space
80
+ * @param {import('@storacha/client/types').Signer<import('@storacha/client/types').DID, import('@storacha/client/types').SigAlg>} issuer - The issuer
81
+ * @returns {Promise<{decryptedSymmetricKey: string}>} - The decrypted symmetric key (base64-encoded)
82
+ */
83
+ getDecryptedSymmetricKey(encryptedSymmetricKey: string, spaceDID: Type.SpaceDID, decryptionProof: import("@ucanto/interface").Proof, proofs: import("@ucanto/interface").Proof[], issuer: import("@storacha/client/types").Signer<import("@storacha/client/types").DID, import("@storacha/client/types").SigAlg>): Promise<{
84
+ decryptedSymmetricKey: string;
85
+ }>;
86
+ /**
87
+ * Extract the encrypted metadata from the CAR file
88
+ * KMS adapter only handles KMS format (encrypted-metadata@0.2)
89
+ *
90
+ * @param {Uint8Array} car
91
+ * @returns {Type.ExtractedMetadata}
92
+ */
93
+ extractEncryptedMetadata(car: Uint8Array): Type.ExtractedMetadata;
94
+ /**
95
+ * @param {Type.ExtractedMetadata} metadata
96
+ * @returns {string}
97
+ */
98
+ getEncryptedKey(metadata: Type.ExtractedMetadata): string;
99
+ /**
100
+ * Encode metadata for upload
101
+ *
102
+ * @param {string} encryptedDataCID - The CID of the encrypted data
103
+ * @param {string} encryptedKey - The encrypted key
104
+ * @param {Type.KMSKeyMetadata} metadata - The metadata to encode
105
+ * @returns {Promise<{ cid: import('@storacha/upload-client/types').AnyLink, bytes: Uint8Array }>} - The encoded metadata
106
+ */
107
+ encodeMetadata(encryptedDataCID: string, encryptedKey: string, metadata: Type.KMSKeyMetadata): Promise<{
108
+ cid: import("@storacha/upload-client/types").AnyLink;
109
+ bytes: Uint8Array;
110
+ }>;
111
+ /**
112
+ * Get the RSA public key from the space/encryption/setup
113
+ *
114
+ * @param {Type.EncryptionConfig} encryptionConfig
115
+ * @returns {Promise<{ publicKey: string, provider: string, algorithm: string }>}
116
+ */
117
+ getSpacePublicKey(encryptionConfig: Type.EncryptionConfig): Promise<{
118
+ publicKey: string;
119
+ provider: string;
120
+ algorithm: string;
121
+ }>;
122
+ /**
123
+ * Get the Web Crypto API SubtleCrypto interface (universal compatibility)
124
+ *
125
+ * @returns {SubtleCrypto} - The SubtleCrypto interface
126
+ */
127
+ getSubtleCrypto(): SubtleCrypto;
128
+ /**
129
+ * Encrypt data with RSA-OAEP using the public key
130
+ *
131
+ * @param {Uint8Array} dataToEncrypt
132
+ * @param {string} publicKeyPem
133
+ * @returns {Promise<Uint8Array>}
134
+ */
135
+ encryptWithRSA(dataToEncrypt: Uint8Array, publicKeyPem: string): Promise<Uint8Array>;
136
+ /**
137
+ * Convert PEM-encoded public key to ArrayBuffer for Web Crypto API
138
+ *
139
+ * @param {string} pem - PEM-encoded public key string
140
+ * @returns {ArrayBuffer} - DER-encoded key data for crypto.subtle.importKey()
141
+ */
142
+ pemToArrayBuffer(pem: string): ArrayBuffer;
143
+ newKeyManagerServiceConnection(): import("@ucanto/interface").ConnectionView<any>;
144
+ /**
145
+ * Sanitize the space DID for the KMS key ID
146
+ *
147
+ * @param {Type.SpaceDID} spaceDID
148
+ * @returns {string}
149
+ */
150
+ sanitizeSpaceDIDForKMSKeyId(spaceDID: Type.SpaceDID): string;
180
151
  }
181
- import * as Type from '../../types.js'
182
- //# sourceMappingURL=kms-crypto-adapter.d.ts.map
152
+ import * as Type from '../../types.js';
153
+ //# sourceMappingURL=kms-crypto-adapter.d.ts.map
package/dist/crypto/adapters/kms-crypto-adapter.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"kms-crypto-adapter.d.ts","sourceRoot":"","sources":["../../../src/crypto/adapters/kms-crypto-adapter.js"],"names":[],"mappings":"AAWA;;;;;;;GAOG;AACH,yCAFgB,IAAI,CAAC,aAAa;IAGhC;;;;;;;;OAQG;IACH,6BANW,IAAI,CAAC,eAAe,wBACpB,GAAG,GAAC,MAAM,wBACV,OAAO,MAAM,IAAI,MAAM,EAAE,YAEjC;QAA0B,iBAAiB;KAC7C,EA0BA;IAnBC,sCAAsC;IAiBtC,0BAA+B;IAC/B,wFAA2D;IAG7D;;;;OAIG;IACH,oBAFW,IAAI,CAAC,QAAQ,+BAIvB;IAED;;;;;;OAMG;IACH,6BAJW,cAAc,OACd,UAAU,MACV,UAAU,gCAIpB;IAED;;;;;;;OAOG;IACH,yBALW,UAAU,MACV,UAAU,oBACV,IAAI,CAAC,gBAAgB,GACnB,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CA4B5C;IAED;;;;;;;;OAQG;IACH,kCARW,MAAM,WAEd;QAAuC,gBAAgB,EAA/C,IAAI,CAAC,gBAAgB;QACW,QAAQ,EAAxC,IAAI,CAAC,iBAAiB;QACA,WAAW,EAAjC,IAAI,CAAC,OAAO;QACoH,MAAM,EAAtI,OAAO,wBAAwB,EAAE,MAAM,CAAC,OAAO,wBAAwB,EAAE,GAAG,EAAE,OAAO,wBAAwB,EAAE,MAAM,CAAC;QACxE,QAAQ,EAAtD,OAAO,wBAAwB,EAAE,GAAG;KAC9C;;;OA6BA;IAED;;;;;;;;;OASG;IACH,gDAPW,MAAM,YACN,IAAI,CAAC,QAAQ,mBACb,OAAO,mBAAmB,EAAE,KAAK,UACjC,OAAO,mBAAmB,EAAE,KAAK,EAAE,UACnC,OAAO,wBAAwB,EAAE,MAAM,CAAC,OAAO,wBAAwB,EAAE,GAAG,EAAE,OAAO,wBAAwB,EAAE,MAAM,CAAC,GACpH,OAAO,CAAC;QAAC,qBAAqB,EAAE,MAAM,CAAA;KAAC,CAAC,CAgCpD;IAED;;;;;;OAMG;IACH,8BAHW,UAAU,GACR,IAAI,CAAC,iBAAiB,CAiClC;IAED;;;OAGG;IACH,0BAHW,IAAI,CAAC,iBAAiB,GACpB,MAAM,CASlB;IAED;;;;;;;OAOG;IACH,iCALW,MAAM,gBACN,MAAM,YACN,IAAI,CAAC,cAAc,GACjB,OAAO,CAAC;QAAE,GAAG,EAAE,OAAO,+BAA+B,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,UAAU,CAAA;KAAE,CAAC,CAoBhG;IAED;;;;;OAKG;IACH,oCAHW,IAAI,CAAC,gBAAgB,GACnB,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CA6B/E;IAED;;;;OAIG;IACH,mBAFa,YAAY,CAWxB;IAED;;;;;;OAMG;IACH,8BAJW,UAAU,gBACV,MAAM,GACJ,OAAO,CAAC,UAAU,CAAC,CAyB/B;IAED;;;;;OAKG;IACH,sBAHW,MAAM,GACJ,WAAW,CA6BvB;IAED,kFASC;IAED;;;;;OAKG;IACH,sCAHW,IAAI,CAAC,QAAQ,GACX,MAAM,CAIlB;CACF;sBAzZqB,gBAAgB"}
1
+ {"version":3,"file":"kms-crypto-adapter.d.ts","sourceRoot":"","sources":["../../../src/crypto/adapters/kms-crypto-adapter.js"],"names":[],"mappings":"AAWA;;;;;;;GAOG;AACH,yCAFgB,IAAI,CAAC,aAAa;IAMhC;;;;;;;;OAQG;IACH,6BANW,IAAI,CAAC,eAAe,wBACpB,GAAG,GAAC,MAAM,wBACV,OAAO,MAAM,IAAI,MAAM,EAAE,YAEjC;QAA0B,iBAAiB;KAC7C,EA0BA;IArCD,6FAA6F;IAC7F,mBADW,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAC5D;IAiB3B,sCAAsC;IAiBtC,0BAA+B;IAC/B,wFAA2D;IAG7D;;;;OAIG;IACH,oBAFW,IAAI,CAAC,QAAQ,+BAIvB;IAED;;;;;;OAMG;IACH,6BAJW,cAAc,OACd,UAAU,MACV,UAAU,gCAIpB;IAED;;;;;;;OAOG;IACH,yBALW,UAAU,MACV,UAAU,oBACV,IAAI,CAAC,gBAAgB,GACnB,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CA4B5C;IAED;;;;;;;;OAQG;IACH,kCARW,MAAM,WAEd;QAAuC,gBAAgB,EAA/C,IAAI,CAAC,gBAAgB;QACW,QAAQ,EAAxC,IAAI,CAAC,iBAAiB;QACA,WAAW,EAAjC,IAAI,CAAC,OAAO;QACoH,MAAM,EAAtI,OAAO,wBAAwB,EAAE,MAAM,CAAC,OAAO,wBAAwB,EAAE,GAAG,EAAE,OAAO,wBAAwB,EAAE,MAAM,CAAC;QACxE,QAAQ,EAAtD,OAAO,wBAAwB,EAAE,GAAG;KAC9C;;;OA6BA;IAED;;;;;;;;;OASG;IACH,gDAPW,MAAM,YACN,IAAI,CAAC,QAAQ,mBACb,OAAO,mBAAmB,EAAE,KAAK,UACjC,OAAO,mBAAmB,EAAE,KAAK,EAAE,UACnC,OAAO,wBAAwB,EAAE,MAAM,CAAC,OAAO,wBAAwB,EAAE,GAAG,EAAE,OAAO,wBAAwB,EAAE,MAAM,CAAC,GACpH,OAAO,CAAC;QAAC,qBAAqB,EAAE,MAAM,CAAA;KAAC,CAAC,CAgCpD;IAED;;;;;;OAMG;IACH,8BAHW,UAAU,GACR,IAAI,CAAC,iBAAiB,CAiClC;IAED;;;OAGG;IACH,0BAHW,IAAI,CAAC,iBAAiB,GACpB,MAAM,CASlB;IAED;;;;;;;OAOG;IACH,iCALW,MAAM,gBACN,MAAM,YACN,IAAI,CAAC,cAAc,GACjB,OAAO,CAAC;QAAE,GAAG,EAAE,OAAO,+BAA+B,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,UAAU,CAAA;KAAE,CAAC,CAoBhG;IAED;;;;;OAKG;IACH,oCAHW,IAAI,CAAC,gBAAgB,GACnB,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAsC/E;IAED;;;;OAIG;IACH,mBAFa,YAAY,CAWxB;IAED;;;;;;OAMG;IACH,8BAJW,UAAU,gBACV,MAAM,GACJ,OAAO,CAAC,UAAU,CAAC,CAyB/B;IAED;;;;;OAKG;IACH,sBAHW,MAAM,GACJ,WAAW,CA6BvB;IAED,kFASC;IAED;;;;;OAKG;IACH,sCAHW,IAAI,CAAC,QAAQ,GACX,MAAM,CAIlB;CACF;sBAraqB,gBAAgB"}
package/dist/crypto/adapters/kms-crypto-adapter.js CHANGED
@@ -14,6 +14,8 @@ import * as DID from '@ipld/dag-ucan/did';
14
14
  * @implements {Type.CryptoAdapter}
15
15
  */
16
16
  export class KMSCryptoAdapter {
17
+ /** @type {Map<Type.SpaceDID, { publicKey: string, provider: string, algorithm: string }>} */
18
+ _cachedPublicKeys = new Map();
17
19
  /**
18
20
  * Create a new KMS crypto adapter
19
21
  *
@@ -221,6 +223,10 @@ export class KMSCryptoAdapter {
221
223
  * @returns {Promise<{ publicKey: string, provider: string, algorithm: string }>}
222
224
  */
223
225
  async getSpacePublicKey(encryptionConfig) {
226
+ const cached = this._cachedPublicKeys.get(encryptionConfig.spaceDID);
227
+ if (cached) {
228
+ return cached;
229
+ }
224
230
  // Step 1: Invoke the EncryptionSetup capability
225
231
  const setupResult = await EncryptionSetup.invoke({
226
232
  issuer: encryptionConfig.issuer,
@@ -240,8 +246,12 @@ export class KMSCryptoAdapter {
240
246
  'Encryption setup failed';
241
247
  throw new Error(errorMessage);
242
248
  }
243
- // Step 3: Return the public key and key reference
244
- return /** @type {{ publicKey: string, provider: string, algorithm: string }} */ (setupResult.out.ok);
249
+ // Step 3: Cache the public key and key reference
250
+ const publicKeyData =
251
+ /** @type {{ publicKey: string, provider: string, algorithm: string }} */ (setupResult.out.ok);
252
+ this._cachedPublicKeys.set(encryptionConfig.spaceDID, publicKeyData);
253
+ // Step 4: Return the public key and key reference
254
+ return publicKeyData;
245
255
  }
246
256
  /**
247
257
  * Get the Web Crypto API SubtleCrypto interface (universal compatibility)
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@storacha/encrypt-upload-client",
3
3
  "type": "module",
4
- "version": "1.1.76-rc.0",
4
+ "version": "1.1.76-rc.1",
5
5
  "license": "Apache-2.0 OR MIT",
6
6
  "description": "Client for upload and download encrypted files",
7
7
  "author": "Storacha",
@@ -87,8 +87,8 @@
87
87
  "p-retry": "^5.1.2",
88
88
  "viem": "^2.39.0",
89
89
  "@storacha/capabilities": "^2.2.0",
90
- "@storacha/client": "^2.0.4",
91
- "@storacha/upload-client": "^1.3.9"
90
+ "@storacha/upload-client": "^1.3.9",
91
+ "@storacha/client": "^2.0.4"
92
92
  },
93
93
  "devDependencies": {
94
94
  "@lit-protocol/schemas": "^8.0.2",