npm - @thru/crypto - Versions diffs - 0.1.38 → 0.2.1 - Mend

@thru/crypto 0.1.38 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,70 +1,5 @@
 export { getWebCrypto } from '@thru/helpers';
-interface EncryptedData {
-    ciphertext: Uint8Array;
-    salt: Uint8Array;
-    iv: Uint8Array;
-    kdfParams: {
-        N: number;
-        r: number;
-        p: number;
-    };
-}
-/**
- * Encryption service using scrypt KDF and AES-GCM
- */
-declare class EncryptionService {
-    private static readonly DEFAULT_N;
-    private static readonly DEFAULT_R;
-    private static readonly DEFAULT_P;
-    private static readonly KEY_LENGTH;
-    private static readonly SALT_LENGTH;
-    private static readonly IV_LENGTH;
-    /**
-     * Encrypt data using password-based encryption
-     * @param data - Data to encrypt
-     * @param password - User password
-     * @returns Encrypted data with parameters
-     */
-    static encrypt(data: Uint8Array, password: string): Promise<EncryptedData>;
-    /**
-     * Decrypt encrypted data using password
-     * @param encrypted - Encrypted data with parameters
-     * @param password - User password
-     * @returns Decrypted data
-     */
-    static decrypt(encrypted: EncryptedData, password: string): Promise<Uint8Array>;
-    /**
-     * Serialize encrypted data to a storable format
-     * @param encrypted - Encrypted data
-     * @returns Base64-encoded JSON string
-     */
-    static serialize(encrypted: EncryptedData): string;
-    /**
-     * Deserialize encrypted data from storage
-     * @param serialized - Serialized encrypted data
-     * @returns Encrypted data object
-     */
-    static deserialize(serialized: string): EncryptedData;
-}
-/**
- * Utility functions for secure memory management
- */
-declare class SecureMemory {
-    /**
-     * Zero out a Uint8Array to remove sensitive data from memory
-     * @param array - Array to zero out
-     */
-    static zeroize(array: Uint8Array): void;
-    /**
-     * Compare two Uint8Arrays in constant time to prevent timing attacks
-     * @param a - First array
-     * @param b - Second array
-     * @returns true if arrays are equal
-     */
-    static constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean;
-}
 /**
  * HD Wallet helpers for Thru (BIP44 coin type 9999).
  * Uses SLIP-0010 for Ed25519 key derivation via micro-key-producer.
@@ -122,4 +57,4 @@ declare class MnemonicGenerator {
     static getWordCount(phrase: string): number;
 }
-export { type EncryptedData, EncryptionService, MnemonicGenerator, SecureMemory, ThruHDWallet };
+export { MnemonicGenerator, ThruHDWallet };

package/dist/index.js CHANGED Viewed

@@ -1,158 +1,10 @@
-import { getWebCrypto, encodeAddress } from '@thru/helpers';
+import { encodeAddress } from '@thru/helpers';
 export { getWebCrypto } from '@thru/helpers';
-import scrypt from 'scrypt-js';
 import HDKey from 'micro-key-producer/slip10.js';
 import { generateMnemonic, validateMnemonic, mnemonicToSeedSync } from '@scure/bip39';
 import { wordlist } from '@scure/bip39/wordlists/english';
 // src/index.ts
-var EncryptionService = class {
-  // Recommended for AES-GCM
-  /**
-   * Encrypt data using password-based encryption
-   * @param data - Data to encrypt
-   * @param password - User password
-   * @returns Encrypted data with parameters
-   */
-  static async encrypt(data, password) {
-    const crypto = getWebCrypto();
-    const salt = crypto.getRandomValues(new Uint8Array(this.SALT_LENGTH));
-    const iv = crypto.getRandomValues(new Uint8Array(this.IV_LENGTH));
-    const passwordBytes = new TextEncoder().encode(password);
-    const derivedKey = await scrypt.scrypt(
-      passwordBytes,
-      salt,
-      this.DEFAULT_N,
-      this.DEFAULT_R,
-      this.DEFAULT_P,
-      this.KEY_LENGTH
-    );
-    const cryptoKey = await crypto.subtle.importKey(
-      "raw",
-      new Uint8Array(derivedKey),
-      { name: "AES-GCM" },
-      false,
-      ["encrypt"]
-    );
-    const ciphertext = await crypto.subtle.encrypt(
-      { name: "AES-GCM", iv },
-      cryptoKey,
-      data
-    );
-    derivedKey.fill(0);
-    passwordBytes.fill(0);
-    return {
-      ciphertext: new Uint8Array(ciphertext),
-      salt,
-      iv,
-      kdfParams: {
-        N: this.DEFAULT_N,
-        r: this.DEFAULT_R,
-        p: this.DEFAULT_P
-      }
-    };
-  }
-  /**
-   * Decrypt encrypted data using password
-   * @param encrypted - Encrypted data with parameters
-   * @param password - User password
-   * @returns Decrypted data
-   */
-  static async decrypt(encrypted, password) {
-    const passwordBytes = new TextEncoder().encode(password);
-    const derivedKey = await scrypt.scrypt(
-      passwordBytes,
-      encrypted.salt,
-      encrypted.kdfParams.N,
-      encrypted.kdfParams.r,
-      encrypted.kdfParams.p,
-      this.KEY_LENGTH
-    );
-    const crypto = getWebCrypto();
-    const cryptoKey = await crypto.subtle.importKey(
-      "raw",
-      new Uint8Array(derivedKey),
-      { name: "AES-GCM" },
-      false,
-      ["decrypt"]
-    );
-    try {
-      const decrypted = await crypto.subtle.decrypt(
-        { name: "AES-GCM", iv: encrypted.iv },
-        cryptoKey,
-        encrypted.ciphertext
-      );
-      derivedKey.fill(0);
-      passwordBytes.fill(0);
-      return new Uint8Array(decrypted);
-    } catch (error) {
-      derivedKey.fill(0);
-      passwordBytes.fill(0);
-      throw new Error("Decryption failed - incorrect password or corrupted data");
-    }
-  }
-  /**
-   * Serialize encrypted data to a storable format
-   * @param encrypted - Encrypted data
-   * @returns Base64-encoded JSON string
-   */
-  static serialize(encrypted) {
-    return JSON.stringify({
-      ciphertext: Buffer.from(encrypted.ciphertext).toString("base64"),
-      salt: Buffer.from(encrypted.salt).toString("base64"),
-      iv: Buffer.from(encrypted.iv).toString("base64"),
-      kdfParams: encrypted.kdfParams
-    });
-  }
-  /**
-   * Deserialize encrypted data from storage
-   * @param serialized - Serialized encrypted data
-   * @returns Encrypted data object
-   */
-  static deserialize(serialized) {
-    const parsed = JSON.parse(serialized);
-    return {
-      ciphertext: new Uint8Array(Buffer.from(parsed.ciphertext, "base64")),
-      salt: new Uint8Array(Buffer.from(parsed.salt, "base64")),
-      iv: new Uint8Array(Buffer.from(parsed.iv, "base64")),
-      kdfParams: parsed.kdfParams
-    };
-  }
-};
-// Default scrypt parameters (can be adjusted for performance/security trade-off)
-EncryptionService.DEFAULT_N = 8192;
-// 2^15
-EncryptionService.DEFAULT_R = 8;
-EncryptionService.DEFAULT_P = 1;
-EncryptionService.KEY_LENGTH = 32;
-// 256 bits for AES-256
-EncryptionService.SALT_LENGTH = 32;
-EncryptionService.IV_LENGTH = 12;
-var SecureMemory = class {
-  /**
-   * Zero out a Uint8Array to remove sensitive data from memory
-   * @param array - Array to zero out
-   */
-  static zeroize(array) {
-    array.fill(0);
-  }
-  /**
-   * Compare two Uint8Arrays in constant time to prevent timing attacks
-   * @param a - First array
-   * @param b - Second array
-   * @returns true if arrays are equal
-   */
-  static constantTimeEqual(a, b) {
-    if (a.length !== b.length) {
-      return false;
-    }
-    let result = 0;
-    for (let i = 0; i < a.length; i++) {
-      result |= a[i] ^ b[i];
-    }
-    return result === 0;
-  }
-};
 var _ThruHDWallet = class _ThruHDWallet {
   static ensureSeed(seed) {
     if (seed.length !== 64) {
@@ -250,6 +102,6 @@ var MnemonicGenerator = class {
   }
 };
-export { EncryptionService, MnemonicGenerator, SecureMemory, ThruHDWallet };
+export { MnemonicGenerator, ThruHDWallet };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/encryption.ts","../src/hdwallet.ts","../src/mnemonic.ts"],"names":[],"mappings":";;;;;;;;AAiBO,IAAM,oBAAN,MAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAe7B,aAAa,OAAA,CAAQ,IAAA,EAAkB,QAAA,EAA0C;AAE/E,IAAA,MAAM,SAAS,YAAA,EAAa;AAC5B,IAAA,MAAM,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,IAAA,CAAK,WAAW,CAAC,CAAA;AACpE,IAAA,MAAM,KAAK,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,IAAA,CAAK,SAAS,CAAC,CAAA;AAGhE,IAAA,MAAM,aAAA,GAAgB,IAAI,WAAA,EAAY,CAAE,OAAO,QAAQ,CAAA;AACvD,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA;AAAA,MAC9B,aAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA,CAAK,SAAA;AAAA,MACL,IAAA,CAAK,SAAA;AAAA,MACL,IAAA,CAAK,SAAA;AAAA,MACL,IAAA,CAAK;AAAA,KACP;AAGA,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACpC,KAAA;AAAA,MACA,IAAI,WAAW,UAAU,CAAA;AAAA,MACzB,EAAE,MAAM,SAAA,EAAU;AAAA,MAClB,KAAA;AAAA,MACA,CAAC,SAAS;AAAA,KACZ;AAGA,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,MACrC,EAAE,IAAA,EAAM,SAAA,EAAW,EAAA,EAAG;AAAA,MACtB,SAAA;AAAA,MACA;AAAA,KACF;AAGA,IAAA,UAAA,CAAW,KAAK,CAAC,CAAA;AACjB,IAAA,aAAA,CAAc,KAAK,CAAC,CAAA;AAEpB,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,IAAI,UAAA,CAAW,UAAU,CAAA;AAAA,MACrC,IAAA;AAAA,MACA,EAAA;AAAA,MACA,SAAA,EAAW;AAAA,QACT,GAAG,IAAA,CAAK,SAAA;AAAA,QACR,GAAG,IAAA,CAAK,SAAA;AAAA,QACR,GAAG,IAAA,CAAK;AAAA;AACV,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,aAAa,OAAA,CAAQ,SAAA,EAA0B,QAAA,EAAuC;AAEpF,IAAA,MAAM,aAAA,GAAgB,IAAI,WAAA,EAAY,CAAE,OAAO,QAAQ,CAAA;AACvD,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA;AAAA,MAC9B,aAAA;AAAA,MACA,SAAA,CAAU,IAAA;AAAA,MACV,UAAU,SAAA,CAAU,CAAA;AAAA,MACpB,UAAU,SAAA,CAAU,CAAA;AAAA,MACpB,UAAU,SAAA,CAAU,CAAA;AAAA,MACpB,IAAA,CAAK;AAAA,KACP;AAGA,IAAA,MAAM,SAAS,YAAA,EAAa;AAC5B,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACpC,KAAA;AAAA,MACA,IAAI,WAAW,UAAU,CAAA;AAAA,MACzB,EAAE,MAAM,SAAA,EAAU;AAAA,MAClB,KAAA;AAAA,MACA,CAAC,SAAS;AAAA,KACZ;AAEA,IAAA,IAAI;AAEF,MAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,QACpC,EAAE,IAAA,EAAM,SAAA,EAAW,EAAA,EAAI,UAAU,EAAA,EAA6B;AAAA,QAC9D,SAAA;AAAA,QACA,SAAA,CAAU;AAAA,OACZ;AAGA,MAAA,UAAA,CAAW,KAAK,CAAC,CAAA;AACjB,MAAA,aAAA,CAAc,KAAK,CAAC,CAAA;AAEpB,MAAA,OAAO,IAAI,WAAW,SAAS,CAAA;AAAA,IACjC,SAAS,KAAA,EAAO;AAEd,MAAA,UAAA,CAAW,KAAK,CAAC,CAAA;AACjB,MAAA,aAAA,CAAc,KAAK,CAAC,CAAA;AACpB,MAAA,MAAM,IAAI,MAAM,0DAA0D,CAAA;AAAA,IAC5E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,UAAU,SAAA,EAAkC;AACjD,IAAA,OAAO,KAAK,SAAA,CAAU;AAAA,MACpB,YAAY,MAAA,CAAO,IAAA,CAAK,UAAU,UAAU,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,MAC/D,MAAM,MAAA,CAAO,IAAA,CAAK,UAAU,IAAI,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,MACnD,IAAI,MAAA,CAAO,IAAA,CAAK,UAAU,EAAE,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,MAC/C,WAAW,SAAA,CAAU;AAAA,KACtB,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,YAAY,UAAA,EAAmC;AACpD,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,UAAU,CAAA;AACpC,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,MAAA,CAAO,UAAA,EAAY,QAAQ,CAAC,CAAA;AAAA,MACnE,IAAA,EAAM,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,MAAA,CAAO,IAAA,EAAM,QAAQ,CAAC,CAAA;AAAA,MACvD,EAAA,EAAI,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,MAAA,CAAO,EAAA,EAAI,QAAQ,CAAC,CAAA;AAAA,MACnD,WAAW,MAAA,CAAO;AAAA,KACpB;AAAA,EACF;AACF;AAAA;AA7Ia,iBAAA,CAEa,SAAA,GAAY,IAAA;AAAA;AAFzB,iBAAA,CAGa,SAAA,GAAY,CAAA;AAHzB,iBAAA,CAIa,SAAA,GAAY,CAAA;AAJzB,iBAAA,CAKa,UAAA,GAAa,EAAA;AAAA;AAL1B,iBAAA,CAMa,WAAA,GAAc,EAAA;AAN3B,iBAAA,CAOa,SAAA,GAAY,EAAA;AA2I/B,IAAM,eAAN,MAAmB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKxB,OAAO,QAAQ,KAAA,EAAyB;AACtC,IAAA,KAAA,CAAM,KAAK,CAAC,CAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,iBAAA,CAAkB,CAAA,EAAe,CAAA,EAAwB;AAC9D,IAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ;AACzB,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,MAAA,GAAS,CAAA;AACb,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,QAAQ,CAAA,EAAA,EAAK;AACjC,MAAA,MAAA,IAAU,CAAA,CAAE,CAAC,CAAA,GAAI,CAAA,CAAE,CAAC,CAAA;AAAA,IACtB;AAEA,IAAA,OAAO,MAAA,KAAW,CAAA;AAAA,EACpB;AACF;ACtLO,IAAM,aAAA,GAAN,MAAM,aAAA,CAAa;AAAA,EAIxB,OAAe,WAAW,IAAA,EAAwB;AAChD,IAAA,IAAI,IAAA,CAAK,WAAW,EAAA,EAAI;AACtB,MAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AAAA,IACzC;AAAA,EACF;AAAA,EAEA,OAAe,aAAA,CAAc,IAAA,EAAkB,IAAA,EAAc;AAC3D,IAAA,aAAA,CAAa,WAAW,IAAI,CAAA;AAC5B,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,cAAA,CAAe,IAAI,CAAA;AACvC,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,MAAA,CAAO,IAAI,CAAA;AAEjC,IAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,IAAc,CAAC,QAAQ,SAAA,EAAW;AAC7C,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAEA,IAAA,MAAM,aAAa,OAAA,CAAQ,UAAA;AAC3B,IAAA,MAAM,YAAY,OAAA,CAAQ,YAAA;AAC1B,IAAA,MAAM,YAAY,IAAI,UAAA,CAAW,UAAA,CAAW,MAAA,GAAS,UAAU,MAAM,CAAA;AACrE,IAAA,SAAA,CAAU,GAAA,CAAI,YAAY,CAAC,CAAA;AAC3B,IAAA,SAAA,CAAU,GAAA,CAAI,SAAA,EAAW,UAAA,CAAW,MAAM,CAAA;AAE1C,IAAA,OAAO;AAAA,MACL,SAAA;AAAA,MACA,UAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,aAAa,UAAA,CACX,IAAA,EACA,YAAA,GAAuB,CAAA,EACvB,SAAiB,CAAA,EAOhB;AACD,IAAA,IAAI,eAAe,CAAA,EAAG;AACpB,MAAA,MAAM,IAAI,MAAM,oCAAoC,CAAA;AAAA,IACtD;AAEA,IAAA,MAAM,OAAO,CAAA,EAAG,aAAA,CAAa,oBAAoB,CAAA,CAAA,EAAI,YAAY,KAAK,MAAM,CAAA,CAAA,CAAA;AAC5E,IAAA,MAAM,EAAE,WAAW,UAAA,EAAY,SAAA,KAAc,aAAA,CAAa,aAAA,CAAc,MAAM,IAAI,CAAA;AAElF,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,cAAc,SAAS,CAAA;AAAA,MAChC,SAAA;AAAA,MACA,UAAA;AAAA,MACA,SAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,aAAa,cAAA,CACX,IAAA,EACA,KAAA,EAME;AACF,IAAA,MAAM,WAAW,EAAC;AAClB,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,EAAO,CAAA,EAAA,EAAK;AAC9B,MAAA,MAAM,OAAA,GAAU,MAAM,aAAA,CAAa,UAAA,CAAW,MAAM,CAAC,CAAA;AACrD,MAAA,QAAA,CAAS,IAAA,CAAK;AAAA,QACZ,KAAA,EAAO,CAAA;AAAA,QACP,SAAS,OAAA,CAAQ,OAAA;AAAA,QACjB,MAAM,OAAA,CAAQ,IAAA;AAAA,QACd,WAAW,OAAA,CAAQ;AAAA,OACpB,CAAA;AAAA,IACH;AACA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA,EAEA,OAAO,YAAY,IAAA,EAAuB;AACxC,IAAA,MAAM,SAAA,GAAY,cAAA;AAClB,IAAA,OAAO,SAAA,CAAU,KAAK,IAAI,CAAA;AAAA,EAC5B;AACF,CAAA;AArFa,aAAA,CACK,cAAA,GAAiB,IAAA;AADtB,aAAA,CAEK,oBAAA,GAAuB,CAAA,MAAA,EAAS,aAAA,CAAa,cAAc,CAAA,CAAA,CAAA;AAFtE,IAAM,YAAA,GAAN;ACDA,IAAM,oBAAN,MAAwB;AAAA;AAAA;AAAA;AAAA;AAAA,EAK7B,OAAO,QAAA,GAAmB;AAExB,IAAA,OAAO,gBAAA,CAAiB,UAAU,GAAG,CAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,SAAS,MAAA,EAAyB;AACvC,IAAA,OAAO,gBAAA,CAAiB,QAAQ,QAAQ,CAAA;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,MAAA,CAAO,MAAA,EAAgB,UAAA,GAAqB,EAAA,EAAgB;AACjE,IAAA,IAAI,CAAC,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,EAAG;AAC1B,MAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,IAC3C;AAEA,IAAA,OAAO,kBAAA,CAAmB,QAAQ,UAAU,CAAA;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,aAAa,MAAA,EAAwB;AAC1C,IAAA,OAAO,MAAA,CAAO,IAAA,EAAK,CAAE,KAAA,CAAM,KAAK,CAAA,CAAE,MAAA;AAAA,EACpC;AACF","file":"index.js","sourcesContent":["import scrypt from 'scrypt-js';\nimport { getWebCrypto } from '@thru/helpers';\n\nexport interface EncryptedData {\n ciphertext: Uint8Array;\n salt: Uint8Array;\n iv: Uint8Array;\n kdfParams: {\n N: number; // CPU/memory cost parameter\n r: number; // Block size\n p: number; // Parallelization parameter\n };\n}\n\n/*\n Encryption service using scrypt KDF and AES-GCM\n /\nexport class EncryptionService {\n // Default scrypt parameters (can be adjusted for performance/security trade-off)\n private static readonly DEFAULT_N = 8192; // 2^15\n private static readonly DEFAULT_R = 8;\n private static readonly DEFAULT_P = 1;\n private static readonly KEY_LENGTH = 32; // 256 bits for AES-256\n private static readonly SALT_LENGTH = 32;\n private static readonly IV_LENGTH = 12; // Recommended for AES-GCM\n\n /\n Encrypt data using password-based encryption\n * @param data - Data to encrypt\n * @param password - User password\n * @returns Encrypted data with parameters\n /\n static async encrypt(data: Uint8Array, password: string): Promise<EncryptedData> {\n // Generate random salt and IV\n const crypto = getWebCrypto();\n const salt = crypto.getRandomValues(new Uint8Array(this.SALT_LENGTH));\n const iv = crypto.getRandomValues(new Uint8Array(this.IV_LENGTH));\n\n // Derive key from password using scrypt\n const passwordBytes = new TextEncoder().encode(password);\n const derivedKey = await scrypt.scrypt(\n passwordBytes,\n salt,\n this.DEFAULT_N,\n this.DEFAULT_R,\n this.DEFAULT_P,\n this.KEY_LENGTH\n );\n\n // Import key for WebCrypto API\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n new Uint8Array(derivedKey),\n { name: 'AES-GCM' },\n false,\n ['encrypt']\n );\n\n // Encrypt data using AES-GCM\n const ciphertext = await crypto.subtle.encrypt(\n { name: 'AES-GCM', iv },\n cryptoKey,\n data as unknown as ArrayBuffer\n );\n\n // Zero out sensitive data\n derivedKey.fill(0);\n passwordBytes.fill(0);\n\n return {\n ciphertext: new Uint8Array(ciphertext),\n salt,\n iv,\n kdfParams: {\n N: this.DEFAULT_N,\n r: this.DEFAULT_R,\n p: this.DEFAULT_P,\n },\n };\n }\n\n /\n Decrypt encrypted data using password\n * @param encrypted - Encrypted data with parameters\n * @param password - User password\n * @returns Decrypted data\n /\n static async decrypt(encrypted: EncryptedData, password: string): Promise<Uint8Array> {\n // Derive key from password using stored parameters\n const passwordBytes = new TextEncoder().encode(password);\n const derivedKey = await scrypt.scrypt(\n passwordBytes,\n encrypted.salt,\n encrypted.kdfParams.N,\n encrypted.kdfParams.r,\n encrypted.kdfParams.p,\n this.KEY_LENGTH\n );\n\n // Import key for WebCrypto API\n const crypto = getWebCrypto();\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n new Uint8Array(derivedKey),\n { name: 'AES-GCM' },\n false,\n ['decrypt']\n );\n\n try {\n // Decrypt data using AES-GCM\n const decrypted = await crypto.subtle.decrypt(\n { name: 'AES-GCM', iv: encrypted.iv as unknown as ArrayBuffer },\n cryptoKey,\n encrypted.ciphertext as unknown as ArrayBuffer\n );\n\n // Zero out sensitive data\n derivedKey.fill(0);\n passwordBytes.fill(0);\n\n return new Uint8Array(decrypted);\n } catch (error) {\n // Zero out sensitive data even on error\n derivedKey.fill(0);\n passwordBytes.fill(0);\n throw new Error('Decryption failed - incorrect password or corrupted data');\n }\n }\n\n /\n Serialize encrypted data to a storable format\n * @param encrypted - Encrypted data\n * @returns Base64-encoded JSON string\n /\n static serialize(encrypted: EncryptedData): string {\n return JSON.stringify({\n ciphertext: Buffer.from(encrypted.ciphertext).toString('base64'),\n salt: Buffer.from(encrypted.salt).toString('base64'),\n iv: Buffer.from(encrypted.iv).toString('base64'),\n kdfParams: encrypted.kdfParams,\n });\n }\n\n /\n Deserialize encrypted data from storage\n * @param serialized - Serialized encrypted data\n * @returns Encrypted data object\n /\n static deserialize(serialized: string): EncryptedData {\n const parsed = JSON.parse(serialized);\n return {\n ciphertext: new Uint8Array(Buffer.from(parsed.ciphertext, 'base64')),\n salt: new Uint8Array(Buffer.from(parsed.salt, 'base64')),\n iv: new Uint8Array(Buffer.from(parsed.iv, 'base64')),\n kdfParams: parsed.kdfParams,\n };\n }\n}\n\n/\n Utility functions for secure memory management\n /\nexport class SecureMemory {\n /\n Zero out a Uint8Array to remove sensitive data from memory\n * @param array - Array to zero out\n /\n static zeroize(array: Uint8Array): void {\n array.fill(0);\n }\n\n /\n Compare two Uint8Arrays in constant time to prevent timing attacks\n * @param a - First array\n * @param b - Second array\n * @returns true if arrays are equal\n /\n static constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) {\n return false;\n }\n\n let result = 0;\n for (let i = 0; i < a.length; i++) {\n result \|= a[i] ^ b[i];\n }\n\n return result === 0;\n }\n}\n","import HDKey from 'micro-key-producer/slip10.js';\nimport { encodeAddress } from '@thru/helpers';\n\n/\n HD Wallet helpers for Thru (BIP44 coin type 9999).\n * Uses SLIP-0010 for Ed25519 key derivation via micro-key-producer.\n * Returns raw key material along with encoded addresses.\n /\nexport class ThruHDWallet {\n static readonly THRU_COIN_TYPE = 9999;\n static readonly THRU_DERIVATION_PATH = `m/44'/${ThruHDWallet.THRU_COIN_TYPE}'`;\n\n private static ensureSeed(seed: Uint8Array): void {\n if (seed.length !== 64) {\n throw new Error('Seed must be 64 bytes');\n }\n }\n\n private static deriveKeyPair(seed: Uint8Array, path: string) {\n ThruHDWallet.ensureSeed(seed);\n const hdkey = HDKey.fromMasterSeed(seed);\n const derived = hdkey.derive(path);\n\n if (!derived.privateKey \|\| !derived.publicKey) {\n throw new Error('Failed to derive key pair');\n }\n\n const privateKey = derived.privateKey;\n const publicKey = derived.publicKeyRaw;\n const secretKey = new Uint8Array(privateKey.length + publicKey.length);\n secretKey.set(privateKey, 0);\n secretKey.set(publicKey, privateKey.length);\n\n return {\n publicKey,\n privateKey,\n secretKey,\n };\n }\n\n static async getAccount(\n seed: Uint8Array,\n accountIndex: number = 0,\n change: number = 0\n ): Promise<{\n address: string;\n publicKey: Uint8Array;\n privateKey: Uint8Array;\n secretKey: Uint8Array;\n path: string;\n }> {\n if (accountIndex < 0) {\n throw new Error('Account index must be non-negative');\n }\n\n const path = `${ThruHDWallet.THRU_DERIVATION_PATH}/${accountIndex}'/${change}'`;\n const { publicKey, privateKey, secretKey } = ThruHDWallet.deriveKeyPair(seed, path);\n\n return {\n address: encodeAddress(publicKey),\n publicKey,\n privateKey,\n secretKey,\n path,\n };\n }\n\n static async deriveAccounts(\n seed: Uint8Array,\n count: number\n ): Promise<Array<{\n index: number;\n address: string;\n path: string;\n publicKey: Uint8Array;\n }>> {\n const accounts = [];\n for (let i = 0; i < count; i++) {\n const account = await ThruHDWallet.getAccount(seed, i);\n accounts.push({\n index: i,\n address: account.address,\n path: account.path,\n publicKey: account.publicKey,\n });\n }\n return accounts;\n }\n\n static isValidPath(path: string): boolean {\n const pathRegex = /^m(\\/\\d+')+$/;\n return pathRegex.test(path);\n }\n}\n","import { generateMnemonic, validateMnemonic, mnemonicToSeedSync } from '@scure/bip39';\nimport { wordlist } from '@scure/bip39/wordlists/english';\n\n/\n Handles BIP39 mnemonic phrase generation and validation.\n * Uses @scure/bip39 for React Native compatibility (no Buffer dependency).\n /\nexport class MnemonicGenerator {\n /\n Generate a new 12-word mnemonic phrase\n * @returns 12-word mnemonic string\n /\n static generate(): string {\n // 128 bits of entropy = 12 words\n return generateMnemonic(wordlist, 128);\n }\n\n /\n Validate a mnemonic phrase\n * @param phrase - Mnemonic phrase to validate\n * @returns true if valid, false otherwise\n /\n static validate(phrase: string): boolean {\n return validateMnemonic(phrase, wordlist);\n }\n\n /\n Convert mnemonic phrase to seed bytes\n * @param phrase - Valid mnemonic phrase\n * @param passphrase - Optional passphrase for additional security\n * @returns Seed as Uint8Array (64 bytes)\n /\n static toSeed(phrase: string, passphrase: string = ''): Uint8Array {\n if (!this.validate(phrase)) {\n throw new Error('Invalid mnemonic phrase');\n }\n // @scure/bip39 returns Uint8Array directly (no Buffer)\n return mnemonicToSeedSync(phrase, passphrase);\n }\n\n /\n Get the number of words in a mnemonic\n * @param phrase - Mnemonic phrase\n * @returns Number of words\n */\n static getWordCount(phrase: string): number {\n return phrase.trim().split(/\\s+/).length;\n }\n}\n"]}
1	+ {"version":3,"sources":["../src/hdwallet.ts","../src/mnemonic.ts"],"names":[],"mappings":";;;;;;;AAQO,IAAM,aAAA,GAAN,MAAM,aAAA,CAAa;AAAA,EAIxB,OAAe,WAAW,IAAA,EAAwB;AAChD,IAAA,IAAI,IAAA,CAAK,WAAW,EAAA,EAAI;AACtB,MAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AAAA,IACzC;AAAA,EACF;AAAA,EAEA,OAAe,aAAA,CAAc,IAAA,EAAkB,IAAA,EAAc;AAC3D,IAAA,aAAA,CAAa,WAAW,IAAI,CAAA;AAC5B,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,cAAA,CAAe,IAAI,CAAA;AACvC,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,MAAA,CAAO,IAAI,CAAA;AAEjC,IAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,IAAc,CAAC,QAAQ,SAAA,EAAW;AAC7C,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAEA,IAAA,MAAM,aAAa,OAAA,CAAQ,UAAA;AAC3B,IAAA,MAAM,YAAY,OAAA,CAAQ,YAAA;AAC1B,IAAA,MAAM,YAAY,IAAI,UAAA,CAAW,UAAA,CAAW,MAAA,GAAS,UAAU,MAAM,CAAA;AACrE,IAAA,SAAA,CAAU,GAAA,CAAI,YAAY,CAAC,CAAA;AAC3B,IAAA,SAAA,CAAU,GAAA,CAAI,SAAA,EAAW,UAAA,CAAW,MAAM,CAAA;AAE1C,IAAA,OAAO;AAAA,MACL,SAAA;AAAA,MACA,UAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,aAAa,UAAA,CACX,IAAA,EACA,YAAA,GAAuB,CAAA,EACvB,SAAiB,CAAA,EAOhB;AACD,IAAA,IAAI,eAAe,CAAA,EAAG;AACpB,MAAA,MAAM,IAAI,MAAM,oCAAoC,CAAA;AAAA,IACtD;AAEA,IAAA,MAAM,OAAO,CAAA,EAAG,aAAA,CAAa,oBAAoB,CAAA,CAAA,EAAI,YAAY,KAAK,MAAM,CAAA,CAAA,CAAA;AAC5E,IAAA,MAAM,EAAE,WAAW,UAAA,EAAY,SAAA,KAAc,aAAA,CAAa,aAAA,CAAc,MAAM,IAAI,CAAA;AAElF,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,cAAc,SAAS,CAAA;AAAA,MAChC,SAAA;AAAA,MACA,UAAA;AAAA,MACA,SAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,aAAa,cAAA,CACX,IAAA,EACA,KAAA,EAME;AACF,IAAA,MAAM,WAAW,EAAC;AAClB,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,EAAO,CAAA,EAAA,EAAK;AAC9B,MAAA,MAAM,OAAA,GAAU,MAAM,aAAA,CAAa,UAAA,CAAW,MAAM,CAAC,CAAA;AACrD,MAAA,QAAA,CAAS,IAAA,CAAK;AAAA,QACZ,KAAA,EAAO,CAAA;AAAA,QACP,SAAS,OAAA,CAAQ,OAAA;AAAA,QACjB,MAAM,OAAA,CAAQ,IAAA;AAAA,QACd,WAAW,OAAA,CAAQ;AAAA,OACpB,CAAA;AAAA,IACH;AACA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA,EAEA,OAAO,YAAY,IAAA,EAAuB;AACxC,IAAA,MAAM,SAAA,GAAY,cAAA;AAClB,IAAA,OAAO,SAAA,CAAU,KAAK,IAAI,CAAA;AAAA,EAC5B;AACF,CAAA;AArFa,aAAA,CACK,cAAA,GAAiB,IAAA;AADtB,aAAA,CAEK,oBAAA,GAAuB,CAAA,MAAA,EAAS,aAAA,CAAa,cAAc,CAAA,CAAA,CAAA;AAFtE,IAAM,YAAA,GAAN;ACDA,IAAM,oBAAN,MAAwB;AAAA;AAAA;AAAA;AAAA;AAAA,EAK7B,OAAO,QAAA,GAAmB;AAExB,IAAA,OAAO,gBAAA,CAAiB,UAAU,GAAG,CAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,SAAS,MAAA,EAAyB;AACvC,IAAA,OAAO,gBAAA,CAAiB,QAAQ,QAAQ,CAAA;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,MAAA,CAAO,MAAA,EAAgB,UAAA,GAAqB,EAAA,EAAgB;AACjE,IAAA,IAAI,CAAC,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,EAAG;AAC1B,MAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,IAC3C;AAEA,IAAA,OAAO,kBAAA,CAAmB,QAAQ,UAAU,CAAA;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,aAAa,MAAA,EAAwB;AAC1C,IAAA,OAAO,MAAA,CAAO,IAAA,EAAK,CAAE,KAAA,CAAM,KAAK,CAAA,CAAE,MAAA;AAAA,EACpC;AACF","file":"index.js","sourcesContent":["import HDKey from 'micro-key-producer/slip10.js';\nimport { encodeAddress } from '@thru/helpers';\n\n/*\n HD Wallet helpers for Thru (BIP44 coin type 9999).\n * Uses SLIP-0010 for Ed25519 key derivation via micro-key-producer.\n * Returns raw key material along with encoded addresses.\n /\nexport class ThruHDWallet {\n static readonly THRU_COIN_TYPE = 9999;\n static readonly THRU_DERIVATION_PATH = `m/44'/${ThruHDWallet.THRU_COIN_TYPE}'`;\n\n private static ensureSeed(seed: Uint8Array): void {\n if (seed.length !== 64) {\n throw new Error('Seed must be 64 bytes');\n }\n }\n\n private static deriveKeyPair(seed: Uint8Array, path: string) {\n ThruHDWallet.ensureSeed(seed);\n const hdkey = HDKey.fromMasterSeed(seed);\n const derived = hdkey.derive(path);\n\n if (!derived.privateKey \|\| !derived.publicKey) {\n throw new Error('Failed to derive key pair');\n }\n\n const privateKey = derived.privateKey;\n const publicKey = derived.publicKeyRaw;\n const secretKey = new Uint8Array(privateKey.length + publicKey.length);\n secretKey.set(privateKey, 0);\n secretKey.set(publicKey, privateKey.length);\n\n return {\n publicKey,\n privateKey,\n secretKey,\n };\n }\n\n static async getAccount(\n seed: Uint8Array,\n accountIndex: number = 0,\n change: number = 0\n ): Promise<{\n address: string;\n publicKey: Uint8Array;\n privateKey: Uint8Array;\n secretKey: Uint8Array;\n path: string;\n }> {\n if (accountIndex < 0) {\n throw new Error('Account index must be non-negative');\n }\n\n const path = `${ThruHDWallet.THRU_DERIVATION_PATH}/${accountIndex}'/${change}'`;\n const { publicKey, privateKey, secretKey } = ThruHDWallet.deriveKeyPair(seed, path);\n\n return {\n address: encodeAddress(publicKey),\n publicKey,\n privateKey,\n secretKey,\n path,\n };\n }\n\n static async deriveAccounts(\n seed: Uint8Array,\n count: number\n ): Promise<Array<{\n index: number;\n address: string;\n path: string;\n publicKey: Uint8Array;\n }>> {\n const accounts = [];\n for (let i = 0; i < count; i++) {\n const account = await ThruHDWallet.getAccount(seed, i);\n accounts.push({\n index: i,\n address: account.address,\n path: account.path,\n publicKey: account.publicKey,\n });\n }\n return accounts;\n }\n\n static isValidPath(path: string): boolean {\n const pathRegex = /^m(\\/\\d+')+$/;\n return pathRegex.test(path);\n }\n}\n","import { generateMnemonic, validateMnemonic, mnemonicToSeedSync } from '@scure/bip39';\nimport { wordlist } from '@scure/bip39/wordlists/english';\n\n/\n Handles BIP39 mnemonic phrase generation and validation.\n * Uses @scure/bip39 for React Native compatibility (no Buffer dependency).\n /\nexport class MnemonicGenerator {\n /\n Generate a new 12-word mnemonic phrase\n * @returns 12-word mnemonic string\n /\n static generate(): string {\n // 128 bits of entropy = 12 words\n return generateMnemonic(wordlist, 128);\n }\n\n /\n Validate a mnemonic phrase\n * @param phrase - Mnemonic phrase to validate\n * @returns true if valid, false otherwise\n /\n static validate(phrase: string): boolean {\n return validateMnemonic(phrase, wordlist);\n }\n\n /\n Convert mnemonic phrase to seed bytes\n * @param phrase - Valid mnemonic phrase\n * @param passphrase - Optional passphrase for additional security\n * @returns Seed as Uint8Array (64 bytes)\n /\n static toSeed(phrase: string, passphrase: string = ''): Uint8Array {\n if (!this.validate(phrase)) {\n throw new Error('Invalid mnemonic phrase');\n }\n // @scure/bip39 returns Uint8Array directly (no Buffer)\n return mnemonicToSeedSync(phrase, passphrase);\n }\n\n /\n Get the number of words in a mnemonic\n * @param phrase - Mnemonic phrase\n * @returns Number of words\n */\n static getWordCount(phrase: string): number {\n return phrase.trim().split(/\\s+/).length;\n }\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@thru/crypto",
-  "version": "0.1.38",
+  "version": "0.2.1",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -13,8 +13,7 @@
   "dependencies": {
     "@scure/bip39": "^1.4.0",
     "micro-key-producer": "^0.8.2",
-    "scrypt-js": "^3.0.1",
-    "@thru/helpers": "0.1.38"
+    "@thru/helpers": "0.2.1"
   },
   "devDependencies": {
     "@types/node": "^24.10.1",

package/src/index.ts CHANGED Viewed

@@ -1,4 +1,3 @@
 export { getWebCrypto } from '@thru/helpers';
-export { EncryptionService, SecureMemory, type EncryptedData } from './encryption';
 export { ThruHDWallet } from './hdwallet';
 export { MnemonicGenerator } from './mnemonic';

package/src/encryption.ts DELETED Viewed

@@ -1,191 +0,0 @@
-import scrypt from 'scrypt-js';
-import { getWebCrypto } from '@thru/helpers';
-export interface EncryptedData {
-  ciphertext: Uint8Array;
-  salt: Uint8Array;
-  iv: Uint8Array;
-  kdfParams: {
-    N: number; // CPU/memory cost parameter
-    r: number; // Block size
-    p: number; // Parallelization parameter
-  };
-}
-/**
- * Encryption service using scrypt KDF and AES-GCM
- */
-export class EncryptionService {
-  // Default scrypt parameters (can be adjusted for performance/security trade-off)
-  private static readonly DEFAULT_N = 8192; // 2^15
-  private static readonly DEFAULT_R = 8;
-  private static readonly DEFAULT_P = 1;
-  private static readonly KEY_LENGTH = 32; // 256 bits for AES-256
-  private static readonly SALT_LENGTH = 32;
-  private static readonly IV_LENGTH = 12; // Recommended for AES-GCM
-  /**
-   * Encrypt data using password-based encryption
-   * @param data - Data to encrypt
-   * @param password - User password
-   * @returns Encrypted data with parameters
-   */
-  static async encrypt(data: Uint8Array, password: string): Promise<EncryptedData> {
-    // Generate random salt and IV
-    const crypto = getWebCrypto();
-    const salt = crypto.getRandomValues(new Uint8Array(this.SALT_LENGTH));
-    const iv = crypto.getRandomValues(new Uint8Array(this.IV_LENGTH));
-    // Derive key from password using scrypt
-    const passwordBytes = new TextEncoder().encode(password);
-    const derivedKey = await scrypt.scrypt(
-      passwordBytes,
-      salt,
-      this.DEFAULT_N,
-      this.DEFAULT_R,
-      this.DEFAULT_P,
-      this.KEY_LENGTH
-    );
-    // Import key for WebCrypto API
-    const cryptoKey = await crypto.subtle.importKey(
-      'raw',
-      new Uint8Array(derivedKey),
-      { name: 'AES-GCM' },
-      false,
-      ['encrypt']
-    );
-    // Encrypt data using AES-GCM
-    const ciphertext = await crypto.subtle.encrypt(
-      { name: 'AES-GCM', iv },
-      cryptoKey,
-      data as unknown as ArrayBuffer
-    );
-    // Zero out sensitive data
-    derivedKey.fill(0);
-    passwordBytes.fill(0);
-    return {
-      ciphertext: new Uint8Array(ciphertext),
-      salt,
-      iv,
-      kdfParams: {
-        N: this.DEFAULT_N,
-        r: this.DEFAULT_R,
-        p: this.DEFAULT_P,
-      },
-    };
-  }
-  /**
-   * Decrypt encrypted data using password
-   * @param encrypted - Encrypted data with parameters
-   * @param password - User password
-   * @returns Decrypted data
-   */
-  static async decrypt(encrypted: EncryptedData, password: string): Promise<Uint8Array> {
-    // Derive key from password using stored parameters
-    const passwordBytes = new TextEncoder().encode(password);
-    const derivedKey = await scrypt.scrypt(
-      passwordBytes,
-      encrypted.salt,
-      encrypted.kdfParams.N,
-      encrypted.kdfParams.r,
-      encrypted.kdfParams.p,
-      this.KEY_LENGTH
-    );
-    // Import key for WebCrypto API
-    const crypto = getWebCrypto();
-    const cryptoKey = await crypto.subtle.importKey(
-      'raw',
-      new Uint8Array(derivedKey),
-      { name: 'AES-GCM' },
-      false,
-      ['decrypt']
-    );
-    try {
-      // Decrypt data using AES-GCM
-      const decrypted = await crypto.subtle.decrypt(
-        { name: 'AES-GCM', iv: encrypted.iv as unknown as ArrayBuffer },
-        cryptoKey,
-        encrypted.ciphertext as unknown as ArrayBuffer
-      );
-      // Zero out sensitive data
-      derivedKey.fill(0);
-      passwordBytes.fill(0);
-      return new Uint8Array(decrypted);
-    } catch (error) {
-      // Zero out sensitive data even on error
-      derivedKey.fill(0);
-      passwordBytes.fill(0);
-      throw new Error('Decryption failed - incorrect password or corrupted data');
-    }
-  }
-  /**
-   * Serialize encrypted data to a storable format
-   * @param encrypted - Encrypted data
-   * @returns Base64-encoded JSON string
-   */
-  static serialize(encrypted: EncryptedData): string {
-    return JSON.stringify({
-      ciphertext: Buffer.from(encrypted.ciphertext).toString('base64'),
-      salt: Buffer.from(encrypted.salt).toString('base64'),
-      iv: Buffer.from(encrypted.iv).toString('base64'),
-      kdfParams: encrypted.kdfParams,
-    });
-  }
-  /**
-   * Deserialize encrypted data from storage
-   * @param serialized - Serialized encrypted data
-   * @returns Encrypted data object
-   */
-  static deserialize(serialized: string): EncryptedData {
-    const parsed = JSON.parse(serialized);
-    return {
-      ciphertext: new Uint8Array(Buffer.from(parsed.ciphertext, 'base64')),
-      salt: new Uint8Array(Buffer.from(parsed.salt, 'base64')),
-      iv: new Uint8Array(Buffer.from(parsed.iv, 'base64')),
-      kdfParams: parsed.kdfParams,
-    };
-  }
-}
-/**
- * Utility functions for secure memory management
- */
-export class SecureMemory {
-  /**
-   * Zero out a Uint8Array to remove sensitive data from memory
-   * @param array - Array to zero out
-   */
-  static zeroize(array: Uint8Array): void {
-    array.fill(0);
-  }
-  /**
-   * Compare two Uint8Arrays in constant time to prevent timing attacks
-   * @param a - First array
-   * @param b - Second array
-   * @returns true if arrays are equal
-   */
-  static constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {
-    if (a.length !== b.length) {
-      return false;
-    }
-    let result = 0;
-    for (let i = 0; i < a.length; i++) {
-      result |= a[i] ^ b[i];
-    }
-    return result === 0;
-  }
-}