@taquito/signer 23.0.2 → 23.1.0

package/dist/lib/derivation-tools/ecdsa.js

@@ -2,8 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PrivateKey = void 0;
 /* eslint-disable @typescript-eslint/no-this-alias */
-const elliptic_1 = require("elliptic");
-const index_1 = require("./index");
+const secp256k1_1 = require("@noble/curves/secp256k1");
+const nist_1 = require("@noble/curves/nist");
+const types_1 = require("./types");
 const hmac_1 = require("@stablelib/hmac");
 const sha512_1 = require("@stablelib/sha512");
 const bn_js_1 = require("bn.js");
@@ -21,12 +22,22 @@ const maxSeedSize = 64;
 class PrivateKey {
     /**
      *
-     * @param priv key pair priv (BN) pub (curve.base.BasePint) if applicable
+     * @param priv { secretKey: BN, curve: 'p256' | 'secp256k1' }
      * @param chainCode slice 32->n HMAC hash key and seedkey (first instance curve default seedKey. after hmac value slice 32->n)
      */
     constructor(priv, chainCode) {
+        this.priv = priv;
         this.chainCode = chainCode;
-        this.keyPair = priv;
+        const privateKeyBytes = priv.secretKey.toArray('be', 32);
+        const privateKeyUint8 = new Uint8Array(privateKeyBytes);
+        const publicKey = priv.curve === 'secp256k1'
+            ? secp256k1_1.secp256k1.getPublicKey(privateKeyUint8, true) // compressed public key
+            : nist_1.p256.getPublicKey(privateKeyUint8, true); // compressed public key
+        this.keyPair = {
+            curve: priv.curve,
+            secretKey: priv.secretKey,
+            publicKey: publicKey,
+        };
     }
     /**
      * @param seedSrc result of Bip39.mnemonicToSeed
@@ -35,7 +46,6 @@ class PrivateKey {
      * @throws {@link InvalidBitSize} | {@link InvalidCurveError} | {@link InvalidSeedLengthError}
      */
     static fromSeed(seedSrc, curve) {
-        var _a, _b;
         let seed = typeof seedSrc === 'string' ? (0, utils_1.parseHex)(seedSrc) : seedSrc;
         if (seed.length < minSeedSize || seed.length > maxSeedSize) {
             throw new errors_1.InvalidSeedLengthError(seed.length);
@@ -43,9 +53,16 @@ class PrivateKey {
         if (!Object.prototype.hasOwnProperty.call(seedKey, curve)) {
             throw new errors_1.InvalidCurveError(`Unsupported curve "${curve}" expecting either "p256" or "secp256k1"`);
         }
-        const c = new elliptic_1.ec(curve);
-        if (((_a = c.n) === null || _a === void 0 ? void 0 : _a.bitLength()) !== 256) {
-            throw new errors_1.InvalidBitSize(`Invalid curve "${curve}" with bit size "${(_b = c.n) === null || _b === void 0 ? void 0 : _b.bitLength()}" expecting bit size "256"`);
+        // Get curve order for validation
+        let curveOrder;
+        if (curve === 'secp256k1') {
+            curveOrder = new bn_js_1.default(secp256k1_1.secp256k1.Point.CURVE().n.toString());
+        }
+        else {
+            curveOrder = new bn_js_1.default(nist_1.p256.Point.CURVE().n.toString());
+        }
+        if (curveOrder.bitLength() !== 256) {
+            throw new errors_1.InvalidBitSize(`Invalid curve "${curve}" with bit size "${curveOrder.bitLength()}" expecting bit size "256"`);
         }
         const key = new TextEncoder().encode(seedKey[curve]);
         let d = null;
@@ -55,16 +72,14 @@ class PrivateKey {
             const sum = new hmac_1.HMAC(sha512_1.SHA512, key).update(seed).digest();
             d = new bn_js_1.default(sum.subarray(0, 32));
             chain = sum.subarray(32);
-            if (d.isZero() || d.cmp(c.n) >= 0) {
+            if (d.isZero() || d.cmp(curveOrder) >= 0) {
                 seed = sum;
             }
             else {
                 i++;
             }
         }
-        const keyPair = c.keyPair({});
-        keyPair.priv = d;
-        return new PrivateKey(keyPair, chain);
+        return new PrivateKey({ curve, secretKey: d }, chain);
     }
     /**
      *
@@ -73,12 +88,12 @@ class PrivateKey {
      */
     derive(index) {
         const data = new Uint8Array(37);
-        if ((index & index_1.Hard) !== 0) {
+        if ((index & types_1.Hard) !== 0) {
             // hardened derivation
-            data.set(this.keyPair.getPrivate().toArray(), 1);
+            data.set(this.keyPair.secretKey.toArray(), 1);
         }
         else {
-            data.set(this.keyPair.getPublic().encodeCompressed(), 0);
+            data.set(this.keyPair.publicKey, 0);
         }
         new DataView(data.buffer).setUint32(33, index);
         let d = new bn_js_1.default(0);
@@ -88,8 +103,16 @@ class PrivateKey {
             const sum = new hmac_1.HMAC(sha512_1.SHA512, this.chainCode).update(data).digest();
             d = new bn_js_1.default(sum.subarray(0, 32));
             chain = sum.subarray(32);
-            if (this.keyPair.ec.n && d.cmp(this.keyPair.ec.n) < 0) {
-                d = d.add(this.keyPair.getPrivate()).mod(this.keyPair.ec.n);
+            // Get curve order for comparison
+            let curveOrder;
+            if (this.keyPair.curve === 'secp256k1') {
+                curveOrder = new bn_js_1.default(secp256k1_1.secp256k1.Point.CURVE().n.toString());
+            }
+            else {
+                curveOrder = new bn_js_1.default(nist_1.p256.Point.CURVE().n.toString());
+            }
+            if (d.cmp(curveOrder) < 0) {
+                d = d.add(this.keyPair.secretKey).mod(curveOrder);
                 if (!d.isZero()) {
                     i++;
                 }
@@ -97,9 +120,7 @@ class PrivateKey {
             data.set(chain, 1);
             data[0] = 1;
         }
-        const keyPair = this.keyPair.ec.keyPair({});
-        keyPair.priv = d;
-        return new PrivateKey(keyPair, chain);
+        return new PrivateKey({ curve: this.keyPair.curve, secretKey: d }, chain);
     }
     /**
      *
@@ -119,11 +140,11 @@ class PrivateKey {
      * @throws {@link InvalidKeyError}
      */
     bytes() {
-        if (!this.keyPair.priv) {
+        if (!this.keyPair.secretKey) {
             throw new core_1.InvalidKeyError('missing private key');
         }
         // pad to 32 bytes as toArray() length argument seems to be ignored (BN bug)
-        const src = this.keyPair.priv.toArray();
+        const src = this.keyPair.secretKey.toArray();
         const out = new Uint8Array(32);
         out.set(src, out.length - src.length);
         return out;

package/dist/lib/derivation-tools/ed25519.js

@@ -5,7 +5,7 @@ exports.PrivateKey = void 0;
 const hmac_1 = require("@stablelib/hmac");
 const sha512_1 = require("@stablelib/sha512");
 const ed25519_1 = require("@stablelib/ed25519");
-const index_1 = require("./index");
+const types_1 = require("./types");
 const utils_1 = require("./utils");
 const errors_1 = require("../errors");
 const core_1 = require("@taquito/core");
@@ -51,7 +51,7 @@ class PrivateKey {
      * @returns derivation path child of original private key pair
      */
     derive(index) {
-        if ((index & index_1.Hard) === 0) {
+        if ((index & types_1.Hard) === 0) {
             throw new core_1.InvalidDerivationPathError(index.toString(), ': Non-hardened derivation path.');
         }
         const data = new Uint8Array(37);

package/dist/lib/derivation-tools/index.js

@@ -1,10 +1,25 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Path = exports.Hard = exports.Ed25519 = exports.ECDSA = void 0;
+exports.Path = exports.Ed25519 = exports.ECDSA = void 0;
 const core_1 = require("@taquito/core");
+const types_1 = require("./types");
 exports.ECDSA = require("./ecdsa");
 exports.Ed25519 = require("./ed25519");
-exports.Hard = 0x80000000;
+__exportStar(require("./types"), exports);
 class Path extends Array {
     static from(iterable) {
         return super.from(iterable).map((x) => x >>> 0);
@@ -30,7 +45,7 @@ class Path extends Array {
             let h = 0;
             const last = p[p.length - 1];
             if (last === "'" || last === 'h' || last === 'H') {
-                h = exports.Hard;
+                h = types_1.Hard;
                 p = p.slice(0, p.length - 1);
             }
             const index = (parseInt(p, 10) | h) >>> 0;

package/dist/lib/derivation-tools/types.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Hard = void 0;
+exports.Hard = 0x80000000;

package/dist/lib/ec-key.js

@@ -1,10 +1,22 @@
 "use strict";
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _ECKey_keyPair, _ECPublicKey_key;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ECPublicKey = exports.ECKey = void 0;
 const blake2b_1 = require("@stablelib/blake2b");
 const utils_1 = require("@taquito/utils");
-const elliptic_1 = require("elliptic");
-const key_1 = require("elliptic/lib/elliptic/ec/key");
+const secp256k1_1 = require("@noble/curves/secp256k1");
+const nist_js_1 = require("@noble/curves/nist.js");
 const errors_1 = require("./errors");
 const pref = {
     p256: {
@@ -22,27 +34,10 @@ const pref = {
         tag: 1,
     },
 };
-class ECKeyBase {
-    constructor(keyPair) {
-        this.keyPair = keyPair;
-    }
-    curve() {
-        switch (this.keyPair.ec.curve) {
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            case elliptic_1.default.curves.secp256k1.curve:
-                return 'secp256k1';
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            case elliptic_1.default.curves.p256.curve:
-                return 'p256';
-            default:
-                throw new errors_1.InvalidCurveError('unknown curve');
-        }
-    }
-}
 /**
  * @description Provide signing logic for elliptic curve based key (tz2, tz3)
  */
-class ECKey extends ECKeyBase {
+class ECKey {
     /**
      *
      * @param key Encoded private key
@@ -50,6 +45,7 @@ class ECKey extends ECKeyBase {
      * @throws {@link InvalidKeyError}
      */
     constructor(key, decrypt) {
+        _ECKey_keyPair.set(this, void 0);
         const [keyData, prefix] = (0, utils_1.b58DecodeAndCheckPrefix)(key, [
             utils_1.PrefixV2.Secp256k1EncryptedSecretKey,
             utils_1.PrefixV2.P256EncryptedSecretKey,
@@ -75,7 +71,13 @@ class ECKey extends ECKeyBase {
                     return [keyData, 'p256'];
             }
         })();
-        super(new elliptic_1.default.ec(curve).keyFromPrivate(decKey));
+        __classPrivateFieldSet(this, _ECKey_keyPair, {
+            curve,
+            secretKey: decKey,
+            publicKey: curve === 'secp256k1'
+                ? secp256k1_1.secp256k1.getPublicKey(decKey, true)
+                : nist_js_1.p256.getPublicKey(decKey, true),
+        }, "f");
     }
     /**
      *
@@ -84,69 +86,72 @@ class ECKey extends ECKeyBase {
      */
     sign(bytes) {
         const hash = (0, blake2b_1.hash)(bytes, 32);
-        const sig = this.keyPair.sign(hash, { canonical: true });
-        const signature = new Uint8Array(64);
-        const r = sig.r.toArray();
-        const s = sig.s.toArray();
-        signature.set(r, 32 - r.length);
-        signature.set(s, 64 - s.length);
+        let signature;
+        if (__classPrivateFieldGet(this, _ECKey_keyPair, "f").curve === 'secp256k1') {
+            signature = secp256k1_1.secp256k1
+                .sign(hash, __classPrivateFieldGet(this, _ECKey_keyPair, "f").secretKey, {
+                lowS: true, // Use canonical signatures (prevents malleability)
+            })
+                .toBytes('compact');
+        }
+        else {
+            signature = nist_js_1.p256
+                .sign(hash, __classPrivateFieldGet(this, _ECKey_keyPair, "f").secretKey, {
+                lowS: true, // Use canonical signatures (prevents malleability)
+            })
+                .toBytes('compact');
+        }
         return {
             rawSignature: signature,
             sig: (0, utils_1.b58Encode)(signature, utils_1.PrefixV2.GenericSignature),
-            prefixSig: (0, utils_1.b58Encode)(signature, pref[this.curve()].sig),
+            prefixSig: (0, utils_1.b58Encode)(signature, pref[__classPrivateFieldGet(this, _ECKey_keyPair, "f").curve].sig),
         };
     }
     /**
      * @returns Encoded public key
      */
     publicKey() {
-        return new ECPublicKey(this.keyPair.ec.keyFromPublic(this.keyPair));
+        return new ECPublicKey(__classPrivateFieldGet(this, _ECKey_keyPair, "f").publicKey, __classPrivateFieldGet(this, _ECKey_keyPair, "f").curve);
     }
     /**
      * @returns Encoded private key
      */
     secretKey() {
-        return (0, utils_1.b58Encode)(new Uint8Array(this.keyPair.getPrivate().toArray()), pref[this.curve()].sk);
+        return (0, utils_1.b58Encode)(__classPrivateFieldGet(this, _ECKey_keyPair, "f").secretKey, pref[__classPrivateFieldGet(this, _ECKey_keyPair, "f").curve].sk);
     }
 }
 exports.ECKey = ECKey;
-function isKeyPair(src) {
-    return src instanceof key_1.default;
-}
-class ECPublicKey extends ECKeyBase {
+_ECKey_keyPair = new WeakMap();
+class ECPublicKey {
     constructor(src, curve) {
-        const key = (() => {
-            if (isKeyPair(src)) {
-                return src;
+        _ECPublicKey_key.set(this, void 0);
+        const [key, crv] = (() => {
+            if (typeof src === 'string') {
+                const [key, pre] = (0, utils_1.b58DecodeAndCheckPrefix)(src, [
+                    utils_1.PrefixV2.Secp256k1PublicKey,
+                    utils_1.PrefixV2.P256PublicKey,
+                ]);
+                return [key, pre === utils_1.PrefixV2.Secp256k1PublicKey ? 'secp256k1' : 'p256'];
+            }
+            else if (curve !== undefined) {
+                return [src, curve];
             }
             else {
-                const [key, crv] = (() => {
-                    if (typeof src === 'string') {
-                        const [key, pre] = (0, utils_1.b58DecodeAndCheckPrefix)(src, [
-                            utils_1.PrefixV2.Secp256k1PublicKey,
-                            utils_1.PrefixV2.P256PublicKey,
-                        ]);
-                        return [key, pre === utils_1.PrefixV2.Secp256k1PublicKey ? 'secp256k1' : 'p256'];
-                    }
-                    else if (curve !== undefined) {
-                        return [src, curve];
-                    }
-                    else {
-                        throw new errors_1.InvalidCurveError('missing curve type');
-                    }
-                })();
-                return new elliptic_1.default.ec(crv).keyFromPublic(key);
+                throw new errors_1.InvalidCurveError('missing curve type');
             }
         })();
-        super(key);
+        // For ECPublicKey, we don't need the private key, so we pass an empty array
+        // The public key is stored separately
+        __classPrivateFieldSet(this, _ECPublicKey_key, key, "f");
+        this.curve = crv;
     }
     compare(other) {
         if (other instanceof ECPublicKey) {
-            if (this.curve() === other.curve()) {
-                const compress = this.curve() === 'secp256k1';
+            if (this.curve === other.curve) {
+                const compress = this.curve === 'secp256k1';
                 return (0, utils_1.compareArrays)(this.bytes(compress), other.bytes(compress));
             }
-            else if (this.curve() === 'secp256k1') {
+            else if (this.curve === 'secp256k1') {
                 return -1;
             }
             else {
@@ -159,21 +164,33 @@ class ECPublicKey extends ECKeyBase {
     }
     hash() {
         const key = this.bytes();
-        return (0, utils_1.b58Encode)((0, blake2b_1.hash)(key, 20), pref[this.curve()].pkh);
+        return (0, utils_1.b58Encode)((0, blake2b_1.hash)(key, 20), pref[this.curve].pkh);
     }
     bytes(compress = true) {
-        return new Uint8Array(this.keyPair.getPublic(compress, 'array'));
+        // @noble/curves supports both compressed and uncompressed formats
+        // We need to convert the stored public key to the requested format
+        if (this.curve === 'secp256k1') {
+            // For secp256k1, we need to get the public key from the stored bytes and convert format
+            const point = secp256k1_1.secp256k1.Point.fromHex(__classPrivateFieldGet(this, _ECPublicKey_key, "f"));
+            return point.toBytes(compress);
+        }
+        else {
+            // For p256, we need to get the public key from the stored bytes and convert format
+            const point = nist_js_1.p256.Point.fromHex(__classPrivateFieldGet(this, _ECPublicKey_key, "f"));
+            return point.toBytes(compress);
+        }
     }
     toProtocol() {
         const key = this.bytes();
         const res = new Uint8Array(key.length + 1);
-        res[0] = pref[this.curve()].tag;
+        res[0] = pref[this.curve].tag;
         res.set(key, 1);
         return res;
     }
     toString() {
         const key = this.bytes();
-        return (0, utils_1.b58Encode)(key, pref[this.curve()].pk);
+        return (0, utils_1.b58Encode)(key, pref[this.curve].pk);
     }
 }
 exports.ECPublicKey = ECPublicKey;
+_ECPublicKey_key = new WeakMap();

package/dist/lib/helpers.js

@@ -29,7 +29,7 @@ const generateSecretKey = (seed, derivationPath, curve) => {
             const prefixType = curve === 'secp256k1' ? utils_1.PrefixV2.Secp256k1SecretKey : utils_1.PrefixV2.P256SecretKey;
             let privKey = ecdsa_1.PrivateKey.fromSeed(seed, curve);
             privKey = privKey.derivePath(path);
-            const uint8arr = new Uint8Array(privKey.keyPair.getPrivate().toArray());
+            const uint8arr = new Uint8Array(privKey.keyPair.secretKey.toArray());
             const sk = (0, utils_1.b58Encode)(uint8arr, prefixType);
             return sk;
         }

package/dist/lib/in-memory-signer.js

@@ -0,0 +1,216 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _InMemorySigner_key;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemorySigner = void 0;
+exports.publicKeyFromString = publicKeyFromString;
+const nacl_1 = require("@stablelib/nacl");
+const utils_1 = require("@taquito/utils");
+const typedarray_to_buffer_1 = require("typedarray-to-buffer");
+const ed_key_1 = require("./ed-key");
+const ec_key_1 = require("./ec-key");
+const pbkdf2_1 = require("pbkdf2");
+const Bip39 = require("bip39");
+const helpers_1 = require("./helpers");
+const errors_1 = require("./errors");
+const core_1 = require("@taquito/core");
+const key_interface_1 = require("./key-interface");
+const bls_key_1 = require("./bls-key");
+/**
+ * @description A local implementation of the signer. Will represent a Tezos account and be able to produce signature in its behalf
+ *
+ * @warn If running in production and dealing with tokens that have real value, it is strongly recommended to use a HSM backed signer so that private key material is not stored in memory or on disk
+ * @throws {@link InvalidMnemonicError}
+ */
+class InMemorySigner {
+    static fromFundraiser(email, password, mnemonic) {
+        if (!Bip39.validateMnemonic(mnemonic)) {
+            throw new errors_1.InvalidMnemonicError(mnemonic);
+        }
+        const seed = Bip39.mnemonicToSeedSync(mnemonic, `${email}${password}`);
+        const key = (0, utils_1.b58Encode)(seed.subarray(0, 32), utils_1.PrefixV2.Ed25519Seed);
+        return new InMemorySigner(key);
+    }
+    static fromSecretKey(key, passphrase) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return new InMemorySigner(key, passphrase);
+        });
+    }
+    /**
+     *
+     * @description Instantiation of an InMemorySigner instance from a mnemonic
+     * @param mnemonic 12-24 word mnemonic
+     * @param password password used to encrypt the mnemonic to seed value
+     * @param derivationPath default 44'/1729'/0'/0' (44'/1729' mandatory)
+     * @param curve currently only supported for tz1, tz2, tz3 addresses. soon bip25519
+     * @returns InMemorySigner
+     * @throws {@link InvalidMnemonicError}
+     */
+    static fromMnemonic({ mnemonic, password = '', derivationPath = "44'/1729'/0'/0'", curve = 'ed25519', }) {
+        // check if curve is defined if not default tz1
+        if (!Bip39.validateMnemonic(mnemonic)) {
+            // avoiding exposing mnemonic again in case of mistake making invalid
+            throw new errors_1.InvalidMnemonicError(mnemonic);
+        }
+        const seed = Bip39.mnemonicToSeedSync(mnemonic, password);
+        const sk = (0, helpers_1.generateSecretKey)(seed, derivationPath, curve);
+        return new InMemorySigner(sk);
+    }
+    /**
+     *
+     * @param key Encoded private key
+     * @param passphrase Passphrase to decrypt the private key if it is encrypted
+     * @throws {@link InvalidKeyError}
+     *
+     */
+    constructor(key, passphrase) {
+        _InMemorySigner_key.set(this, void 0);
+        const keyPrefixes = [
+            utils_1.PrefixV2.Ed25519EncryptedSeed,
+            utils_1.PrefixV2.Ed25519Seed,
+            utils_1.PrefixV2.Ed25519SecretKey,
+            utils_1.PrefixV2.Secp256k1EncryptedSecretKey,
+            utils_1.PrefixV2.Secp256k1SecretKey,
+            utils_1.PrefixV2.P256EncryptedSecretKey,
+            utils_1.PrefixV2.P256SecretKey,
+            utils_1.PrefixV2.BLS12_381EncryptedSecretKey,
+            utils_1.PrefixV2.BLS12_381SecretKey,
+        ];
+        const pre = (() => {
+            try {
+                const [, pre] = (0, utils_1.b58DecodeAndCheckPrefix)(key, keyPrefixes);
+                return pre;
+            }
+            catch (_a) {
+                throw new core_1.InvalidKeyError(`Invalid private key, expecting one of the following prefixes '${keyPrefixes}'.`);
+            }
+        })();
+        const encrypted = pre === utils_1.PrefixV2.Ed25519EncryptedSeed ||
+            pre === utils_1.PrefixV2.Secp256k1EncryptedSecretKey ||
+            pre === utils_1.PrefixV2.P256EncryptedSecretKey ||
+            pre === utils_1.PrefixV2.BLS12_381EncryptedSecretKey;
+        let decrypt;
+        if (encrypted) {
+            if (!passphrase) {
+                throw new errors_1.InvalidPassphraseError('No passphrase provided to decrypt encrypted key');
+            }
+            decrypt = (data) => {
+                const salt = (0, typedarray_to_buffer_1.default)(data.slice(0, 8));
+                const encryptedSk = data.slice(8);
+                const encryptionKey = pbkdf2_1.default.pbkdf2Sync(passphrase, salt, 32768, 32, 'sha512');
+                const res = (0, nacl_1.openSecretBox)(new Uint8Array(encryptionKey), new Uint8Array(24), new Uint8Array(encryptedSk));
+                if (!res) {
+                    throw new Error("can't decrypt secret key");
+                }
+                return res;
+            };
+        }
+        switch (pre) {
+            case utils_1.PrefixV2.Ed25519EncryptedSeed:
+            case utils_1.PrefixV2.Ed25519Seed:
+            case utils_1.PrefixV2.Ed25519SecretKey:
+                __classPrivateFieldSet(this, _InMemorySigner_key, new ed_key_1.EdKey(key, decrypt), "f");
+                break;
+            case utils_1.PrefixV2.Secp256k1EncryptedSecretKey:
+            case utils_1.PrefixV2.Secp256k1SecretKey:
+            case utils_1.PrefixV2.P256EncryptedSecretKey:
+            case utils_1.PrefixV2.P256SecretKey:
+                __classPrivateFieldSet(this, _InMemorySigner_key, new ec_key_1.ECKey(key, decrypt), "f");
+                break;
+            case utils_1.PrefixV2.BLS12_381EncryptedSecretKey:
+            case utils_1.PrefixV2.BLS12_381SecretKey:
+                __classPrivateFieldSet(this, _InMemorySigner_key, new bls_key_1.BLSKey(key, decrypt), "f");
+                break;
+        }
+    }
+    /**
+     *
+     * @param bytes Bytes to sign
+     * @param watermark Watermark to append to the bytes
+     */
+    sign(message, watermark) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const msg = typeof message == 'string' ? (0, utils_1.hex2buf)(message) : message;
+            const watermarkMsg = watermark !== undefined ? (0, utils_1.mergebuf)(watermark, msg) : msg;
+            const { rawSignature, sig: signature, prefixSig: prefixedSignature, } = yield __classPrivateFieldGet(this, _InMemorySigner_key, "f").sign(watermarkMsg);
+            return {
+                bytes: (0, utils_1.buf2hex)(msg),
+                sig: signature,
+                prefixSig: prefixedSignature,
+                sbytes: (0, utils_1.buf2hex)((0, utils_1.mergebuf)(msg, 
+                // bls only Signature_prefix ff03 ref:https://octez.tezos.com/docs/shell/p2p_api.html#signature-prefix-tag-255 & https://octez.tezos.com/docs/shell/p2p_api.html#bls-prefix-tag-3
+                (0, key_interface_1.isPOP)(__classPrivateFieldGet(this, _InMemorySigner_key, "f")) ? (0, utils_1.mergebuf)(new Uint8Array([255, 3]), rawSignature) : rawSignature)),
+            };
+        });
+    }
+    provePossession() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if ((0, key_interface_1.isPOP)(__classPrivateFieldGet(this, _InMemorySigner_key, "f"))) {
+                return __classPrivateFieldGet(this, _InMemorySigner_key, "f").provePossession();
+            }
+            else {
+                throw new core_1.ProhibitedActionError('Only BLS keys can prove possession');
+            }
+        });
+    }
+    get canProvePossession() {
+        return (0, key_interface_1.isPOP)(__classPrivateFieldGet(this, _InMemorySigner_key, "f"));
+    }
+    /**
+     * @returns Encoded public key
+     */
+    publicKey() {
+        return Promise.resolve(String(__classPrivateFieldGet(this, _InMemorySigner_key, "f").publicKey()));
+    }
+    /**
+     * @returns Encoded public key hash
+     */
+    publicKeyHash() {
+        return Promise.resolve(__classPrivateFieldGet(this, _InMemorySigner_key, "f").publicKey().hash());
+    }
+    /**
+     * @returns Encoded private key
+     */
+    secretKey() {
+        return Promise.resolve(__classPrivateFieldGet(this, _InMemorySigner_key, "f").secretKey());
+    }
+}
+exports.InMemorySigner = InMemorySigner;
+_InMemorySigner_key = new WeakMap();
+function publicKeyFromString(src) {
+    const [keyData, pre] = (0, utils_1.b58DecodeAndCheckPrefix)(src, [
+        utils_1.PrefixV2.Ed25519PublicKey,
+        utils_1.PrefixV2.Secp256k1PublicKey,
+        utils_1.PrefixV2.P256PublicKey,
+        utils_1.PrefixV2.BLS12_381PublicKey,
+    ]);
+    switch (pre) {
+        case utils_1.PrefixV2.Ed25519PublicKey:
+            return new ed_key_1.EdPublicKey(keyData);
+        case utils_1.PrefixV2.Secp256k1PublicKey:
+            return new ec_key_1.ECPublicKey(keyData, 'secp256k1');
+        case utils_1.PrefixV2.P256PublicKey:
+            return new ec_key_1.ECPublicKey(keyData, 'p256');
+        case utils_1.PrefixV2.BLS12_381PublicKey:
+            return new bls_key_1.BLSPublicKey(keyData);
+    }
+}