@time-file/browser-file-crypto 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 TimeFile
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.ko.md

@@ -0,0 +1,287 @@
+# @time-file/browser-file-crypto
+
+<p align="center">
+  <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/og-image.png" alt="browser-file-crypto" width="100%" />
+</p>
+<p align="center">
+  <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/hero.ko.png" alt="Hero" width="100%" />
+</p>
+
+<p align="center">
+  Web Crypto API 기반의 브라우저 파일 암호화 라이브러리입니다.
+</p>
+
+<p align="center">
+  <a href="https://www.npmjs.com/package/@time-file/browser-file-crypto"><img src="https://img.shields.io/npm/v/@time-file/browser-file-crypto.svg" alt="npm version" /></a>
+  <a href="https://bundlephobia.com/package/@time-file/browser-file-crypto"><img src="https://img.shields.io/bundlephobia/minzip/@time-file/browser-file-crypto" alt="bundle size" /></a>
+  <a href="https://github.com/time-file/browser-file-crypto/stargazers"><img src="https://img.shields.io/github/stars/time-file/browser-file-crypto?style=flat" alt="stars" /></a>
+  <a href="./LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT" /></a>
+</p>
+
+<p align="center">
+  <a href="./README.md">English</a> | <strong>한국어</strong>
+</p>
+
+## 특징
+
+<p align="center">
+  <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/features-grid.ko.png" alt="Features" width="100%" />
+</p>
+
+- **Zero-Knowledge** - 클라이언트 측 암호화로 서버는 평문을 볼 수 없습니다.
+- **Zero-Dependency** - 네이티브 Web Crypto API만 사용합니다.
+- **AES-256-GCM** - 업계 표준 인증 암호화 방식입니다.
+- **비밀번호 & 키파일** - 용도에 따라 두 가지 모드를 지원합니다.
+- **진행률 콜백** - 암호화/복호화 진행 상황을 추적할 수 있습니다.
+- **TypeScript** - 완전한 타입 정의가 포함되어 있습니다.
+- **초경량** - gzip 압축 시 4KB 미만의 용량을 자랑합니다.
+
+## 왜 사용해야 하나요?
+
+Web Crypto API는 강력하지만 사용이 복잡합니다. 파일 하나를 암호화하는 데만 약 100줄의 보일러플레이트 코드가 필요하며, 치명적인 실수를 저지르기 쉽습니다.
+
+- ❌ IV 재사용 (보안에 치명적)
+- ❌ 낮은 PBKDF2 반복 횟수 (브루트포스 공격에 취약)
+- ❌ salt/IV를 출력에 포함하지 않음 (복호화 불가)
+- ❌ ArrayBuffer 슬라이싱 오류 (데이터 손상)
+
+> 이 라이브러리가 모든 것을 처리합니다.
+
+```typescript
+// ❌ Before - Raw Web Crypto API
+const encoder = new TextEncoder();
+const salt = crypto.getRandomValues(new Uint8Array(16));
+const iv = crypto.getRandomValues(new Uint8Array(12));
+const keyMaterial = await crypto.subtle.importKey(
+  'raw', encoder.encode(password), 'PBKDF2', false, ['deriveKey']
+);
+const key = await crypto.subtle.deriveKey(
+  { name: 'PBKDF2', salt, iterations: 100000, hash: 'SHA-256' },
+  keyMaterial,
+  { name: 'AES-GCM', length: 256 },
+  false,
+  ['encrypt']
+);
+const arrayBuffer = await file.arrayBuffer();
+const ciphertext = await crypto.subtle.encrypt(
+  { name: 'AES-GCM', iv },
+  key,
+  arrayBuffer
+);
+const result = new Uint8Array(1 + salt.length + iv.length + ciphertext.byteLength);
+result.set([0x01], 0);
+result.set(salt, 1);
+result.set(iv, 17);
+result.set(new Uint8Array(ciphertext), 29);
+// ... 복호화도 30줄 이상 필요합니다
+```
+
+```typescript
+// ✅ After - With this library
+const encrypted = await encryptFile(file, { password: 'secret' });
+const decrypted = await decryptFile(encrypted, { password: 'secret' });
+```
+
+**끝입니다.**
+
+## 비교
+
+| 기능 | crypto-js | @aws-crypto | Web Crypto (직접) | **browser-file-crypto** |
+|------|-----------|-------------|-------------------|------------------------|
+| 유지보수 | ❌ 중단됨 | ✅ | - | ✅ |
+| 번들 크기 | ~50KB | ~200KB+ | 0 | **< 4KB** |
+| 의존성 | 많음 | 많음 | 없음 | **없음** |
+| 파일 특화 API | ❌ | ⚠️ | ❌ | **✅** |
+| 진행률 콜백 | ❌ | ❌ | ❌ | **✅** |
+| 키파일 모드 | ❌ | ❌ | ❌ | **✅** |
+| 타입 감지 | ❌ | ❌ | ❌ | **✅** |
+| TypeScript | ❌ | ✅ | - | **✅** |
+
+## 설치
+
+```bash
+# npm
+npm install @time-file/browser-file-crypto
+
+# pnpm
+pnpm add @time-file/browser-file-crypto
+
+# yarn
+yarn add @time-file/browser-file-crypto
+```
+
+## 빠른 시작
+
+```typescript
+import { encryptFile, decryptFile } from '@time-file/browser-file-crypto';
+
+// 암호화
+const file = document.querySelector('input[type="file"]').files[0];
+const encrypted = await encryptFile(file, {
+  password: 'my-secret-password',
+  onProgress: ({ phase, progress }) => console.log(`${phase}: ${progress}%`)
+});
+
+// 복호화
+const decrypted = await decryptFile(encrypted, {
+  password: 'my-secret-password'
+});
+```
+
+## API
+
+### `encryptFile(file, options)`
+
+```typescript
+const encrypted = await encryptFile(file, {
+  password: 'secret',        // 또는
+  keyData: keyFile.key,      // 키파일 사용
+  onProgress: (p) => {}      // 선택 사항
+});
+```
+
+### `decryptFile(encrypted, options)`
+
+```typescript
+const decrypted = await decryptFile(encrypted, {
+  password: 'secret',        // 또는
+  keyData: keyFile.key,
+  onProgress: (p) => {}
+});
+```
+
+### 키파일 모드
+
+비밀번호를 기억할 필요가 없습니다:
+
+```typescript
+import { generateKeyFile, downloadKeyFile, parseKeyFile } from '@time-file/browser-file-crypto';
+
+const keyFile = generateKeyFile();
+downloadKeyFile(keyFile.key, 'my-secret-key');           // .key 파일로 저장 (기본값)
+
+// 커스텀 확장자
+downloadKeyFile(keyFile.key, 'my-secret-key', 'tfkey');  // .tfkey 파일로 저장
+
+const encrypted = await encryptFile(file, { keyData: keyFile.key });
+
+// 나중에 불러와서 사용
+const content = await uploadedFile.text();
+const loaded = parseKeyFile(content);
+if (loaded) {
+  const decrypted = await decryptFile(encrypted, { keyData: loaded.key });
+}
+```
+
+### 유틸리티
+
+```typescript
+import { getEncryptionType, isEncryptedFile, generateRandomPassword } from '@time-file/browser-file-crypto';
+
+await getEncryptionType(blob);  // 'password' | 'keyfile' | 'unknown'
+await isEncryptedFile(blob);    // true | false
+generateRandomPassword(24);     // 'Kx9#mP2$vL5@nQ8!...'
+```
+
+### 다운로드 & 복호화
+
+```typescript
+import { downloadAndDecrypt } from '@time-file/browser-file-crypto';
+
+await downloadAndDecrypt('https://example.com/secret.enc', {
+  password: 'secret',
+  fileName: 'document.pdf',
+  onProgress: ({ phase, progress }) => console.log(`${phase}: ${progress}%`)
+});
+```
+
+### 에러 처리
+
+```typescript
+import { isCryptoError } from '@time-file/browser-file-crypto';
+
+try {
+  await decryptFile(encrypted, { password: 'wrong' });
+} catch (error) {
+  if (isCryptoError(error)) {
+    // error.code: 'INVALID_PASSWORD' | 'INVALID_KEYFILE' | 'INVALID_ENCRYPTED_DATA'
+  }
+}
+```
+
+## 보안
+
+### 스펙
+
+| 구성 요소 | 값 |
+|-----------|------|
+| 알고리즘 | AES-256-GCM |
+| 키 유도 | PBKDF2 (SHA-256, 100,000회 반복) |
+| Salt | 16바이트 (암호화마다 랜덤 생성) |
+| IV | 12바이트 (암호화마다 랜덤 생성) |
+| Auth Tag | 16바이트 |
+
+### 파일 포맷
+
+<p align="center">
+  <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/file-format.ko.png" alt="File Format" width="100%" />
+</p>
+
+```
+비밀번호 암호화:
+=> [0x01] + [salt:16] + [iv:12] + [ciphertext + auth_tag:16]
+
+키파일 암호화:
+=> [0x02] + [iv:12] + [ciphertext + auth_tag:16]
+```
+
+### 참고 사항
+
+- 키는 추출이 불가능합니다 (`extractable: false`)
+- 매번 랜덤 IV/salt를 사용하므로 동일한 암호문이 생성되지 않습니다
+- AES-GCM은 인증 암호화 방식입니다 (변조 감지 가능)
+- 100,000회 PBKDF2 반복으로 브루트포스 공격에 강합니다
+
+## 브라우저 지원
+
+| 브라우저 | 버전 |
+|---------|------|
+| Chrome | 80+ |
+| Firefox | 74+ |
+| Safari | 14+ |
+| Edge | 80+ |
+
+Node.js 18+, Deno, Cloudflare Workers에서도 동작합니다.
+
+## TypeScript
+
+```typescript
+import type {
+  EncryptOptions,
+  DecryptOptions,
+  Progress,
+  KeyFile,
+  EncryptionType,
+  CryptoErrorCode
+} from '@time-file/browser-file-crypto';
+```
+
+## 링크
+
+- [변경 이력](./CHANGELOG.md)
+- [라이선스](./LICENSE)
+- [npm](https://www.npmjs.com/package/@time-file/browser-file-crypto)
+- [GitHub](https://github.com/time-file/browser-file-crypto)
+
+## 라이선스
+
+[MIT](./LICENSE)
+
+---
+
+<p align="center">
+  <a href="https://timefile.co/ko">
+    <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/timefile-footer.ko.png#gh-light-mode-only" alt="Made by timefile.co" />
+    <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/timefile-footer-dark.ko.png#gh-dark-mode-only" alt="Made by timefile.co" />
+  </a>
+</p>

package/README.md

@@ -0,0 +1,292 @@
+# @time-file/browser-file-crypto
+
+<p align="center">
+  <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/og-image.png#gh-light-mode-only" alt="browser-file-crypto" width="100%" />
+  <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/og-image-dark.png#gh-dark-mode-only" alt="browser-file-crypto" width="100%" />
+</p>
+<p align="center">
+  <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/encryption-structure.png#gh-light-mode-only" alt="Encryption Flow" width="100%" />
+  <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/encryption-structure-dark.png#gh-dark-mode-only" alt="Encryption Flow" width="100%" />
+</p>
+
+<p align="center">
+  Zero-dependency file encryption for browsers using Web Crypto API.
+</p>
+
+<p align="center">
+  <a href="https://www.npmjs.com/package/@time-file/browser-file-crypto"><img src="https://img.shields.io/npm/v/@time-file/browser-file-crypto.svg" alt="npm version" /></a>
+  <a href="https://bundlephobia.com/package/@time-file/browser-file-crypto"><img src="https://img.shields.io/bundlephobia/minzip/@time-file/browser-file-crypto" alt="bundle size" /></a>
+  <a href="https://github.com/time-file/browser-file-crypto/stargazers"><img src="https://img.shields.io/github/stars/time-file/browser-file-crypto?style=flat" alt="stars" /></a>
+  <a href="./LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT" /></a>
+</p>
+
+<p align="center">
+  <strong>English</strong> | <a href="./README.ko.md">한국어</a>
+</p>
+
+## Features
+
+<p align="center">
+  <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/features-grid.png#gh-light-mode-only" alt="Features" width="100%" />
+  <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/features-grid-dark.png#gh-dark-mode-only" alt="Features" width="100%" />
+</p>
+
+- **Zero-Knowledge** - Client-side encryption, server never sees plaintext
+- **Zero-Dependency** - Native Web Crypto API only
+- **AES-256-GCM** - Industry-standard authenticated encryption
+- **Password & Keyfile** - Two modes for different use cases
+- **Progress Callbacks** - Track encryption/decryption progress
+- **TypeScript** - Full type definitions
+- **Tiny** - < 4KB gzipped
+
+## Why?
+
+Web Crypto API is powerful but verbose. You need ~100 lines of boilerplate just to encrypt a file, and it's easy to make critical mistakes.
+
+- ❌ Reusing IV (catastrophic for security)
+- ❌ Low PBKDF2 iterations (brute-forceable)
+- ❌ Missing salt/IV in output (can't decrypt later)
+- ❌ Wrong ArrayBuffer slicing (corrupted data)
+
+
+> This library handles it all.
+
+```typescript
+// ❌ Before - Raw Web Crypto API
+const encoder = new TextEncoder();
+const salt = crypto.getRandomValues(new Uint8Array(16));
+const iv = crypto.getRandomValues(new Uint8Array(12));
+const keyMaterial = await crypto.subtle.importKey(
+  'raw', encoder.encode(password), 'PBKDF2', false, ['deriveKey']
+);
+const key = await crypto.subtle.deriveKey(
+  { name: 'PBKDF2', salt, iterations: 100000, hash: 'SHA-256' },
+  keyMaterial,
+  { name: 'AES-GCM', length: 256 },
+  false,
+  ['encrypt']
+);
+const arrayBuffer = await file.arrayBuffer();
+const ciphertext = await crypto.subtle.encrypt(
+  { name: 'AES-GCM', iv },
+  key,
+  arrayBuffer
+);
+const result = new Uint8Array(1 + salt.length + iv.length + ciphertext.byteLength);
+result.set([0x01], 0);
+result.set(salt, 1);
+result.set(iv, 17);
+result.set(new Uint8Array(ciphertext), 29);
+// ... and decryption is another 30 lines
+```
+
+```typescript
+// ✅ After - With this library
+const encrypted = await encryptFile(file, { password: 'secret' });
+const decrypted = await decryptFile(encrypted, { password: 'secret' });
+```
+
+**Done.**
+
+## Comparison
+
+| Feature | crypto-js | @aws-crypto | Web Crypto (direct) | **browser-file-crypto** |
+|---------|-----------|-------------|---------------------|------------------------|
+| Maintained | ❌ Deprecated | ✅ | - | ✅ |
+| Bundle size | ~50KB | ~200KB+ | 0 | **< 4KB** |
+| Dependencies | Many | Many | None | **None** |
+| File-focused API | ❌ | ⚠️ | ❌ | **✅** |
+| Progress callbacks | ❌ | ❌ | ❌ | **✅** |
+| Keyfile mode | ❌ | ❌ | ❌ | **✅** |
+| Type detection | ❌ | ❌ | ❌ | **✅** |
+| TypeScript | ❌ | ✅ | - | **✅** |
+
+## Install
+
+```bash
+# npm
+npm install @time-file/browser-file-crypto
+
+# pnpm
+pnpm add @time-file/browser-file-crypto
+
+# yarn
+yarn add @time-file/browser-file-crypto
+```
+
+## Quick Start
+
+```typescript
+import { encryptFile, decryptFile } from '@time-file/browser-file-crypto';
+
+// Encrypt
+const file = document.querySelector('input[type="file"]').files[0];
+const encrypted = await encryptFile(file, {
+  password: 'my-secret-password',
+  onProgress: ({ phase, progress }) => console.log(`${phase}: ${progress}%`)
+});
+
+// Decrypt
+const decrypted = await decryptFile(encrypted, {
+  password: 'my-secret-password'
+});
+```
+
+## API
+
+### `encryptFile(file, options)`
+
+```typescript
+const encrypted = await encryptFile(file, {
+  password: 'secret',        // OR
+  keyData: keyFile.key,      // use keyfile
+  onProgress: (p) => {}      // optional
+});
+```
+
+### `decryptFile(encrypted, options)`
+
+```typescript
+const decrypted = await decryptFile(encrypted, {
+  password: 'secret',        // OR
+  keyData: keyFile.key,
+  onProgress: (p) => {}
+});
+```
+
+### Keyfile Mode
+
+No password to remember:
+
+```typescript
+import { generateKeyFile, downloadKeyFile, parseKeyFile } from '@time-file/browser-file-crypto';
+
+const keyFile = generateKeyFile();
+downloadKeyFile(keyFile.key, 'my-secret-key');           // saves .key file (default)
+
+// custom extension
+downloadKeyFile(keyFile.key, 'my-secret-key', 'tfkey');  // saves .tfkey file
+
+const encrypted = await encryptFile(file, { keyData: keyFile.key });
+
+// Later, load and use
+const content = await uploadedFile.text();
+const loaded = parseKeyFile(content);
+if (loaded) {
+  const decrypted = await decryptFile(encrypted, { keyData: loaded.key });
+}
+```
+
+### Utilities
+
+```typescript
+import { getEncryptionType, isEncryptedFile, generateRandomPassword } from '@time-file/browser-file-crypto';
+
+await getEncryptionType(blob);  // 'password' | 'keyfile' | 'unknown'
+await isEncryptedFile(blob);    // true | false
+generateRandomPassword(24);     // 'Kx9#mP2$vL5@nQ8!...'
+```
+
+### Download & Decrypt
+
+```typescript
+import { downloadAndDecrypt } from '@time-file/browser-file-crypto';
+
+await downloadAndDecrypt('https://example.com/secret.enc', {
+  password: 'secret',
+  fileName: 'document.pdf',
+  onProgress: ({ phase, progress }) => console.log(`${phase}: ${progress}%`)
+});
+```
+
+### Error Handling
+
+```typescript
+import { isCryptoError } from '@time-file/browser-file-crypto';
+
+try {
+  await decryptFile(encrypted, { password: 'wrong' });
+} catch (error) {
+  if (isCryptoError(error)) {
+    // error.code: 'INVALID_PASSWORD' | 'INVALID_KEYFILE' | 'INVALID_ENCRYPTED_DATA'
+  }
+}
+```
+
+## Security
+
+### Spec
+
+| Component | Value |
+|-----------|-------|
+| Algorithm | AES-256-GCM |
+| Key Derivation | PBKDF2 (SHA-256, 100k iterations) |
+| Salt | 16 bytes (random per encryption) |
+| IV | 12 bytes (random per encryption) |
+| Auth Tag | 16 bytes |
+
+### File Format
+
+<p align="center">
+  <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/file-format.png#gh-light-mode-only" alt="File Format" width="100%" />
+  <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/file-format-dark.png#gh-dark-mode-only" alt="File Format" width="100%" />
+</p>
+
+```
+Password-encrypted
+=> [0x01] + [salt:16] + [iv:12] + [ciphertext + auth_tag:16]
+
+Keyfile-encrypted
+=> [0x02] + [iv:12] + [ciphertext + auth_tag:16]
+```
+
+### Notes
+
+- Keys are non-extractable (`extractable: false`)
+- Random IV/salt per encryption = no identical ciphertexts
+- AES-GCM = authenticated encryption (tamper detection)
+- 100k PBKDF2 iterations = brute-force resistant
+
+## Browser Support
+
+| Browser | Version |
+|---------|---------|
+| Chrome | 80+ |
+| Firefox | 74+ |
+| Safari | 14+ |
+| Edge | 80+ |
+
+Also works in Node.js 18+, Deno, Cloudflare Workers.
+
+## TypeScript
+
+```typescript
+import type {
+  EncryptOptions,
+  DecryptOptions,
+  Progress,
+  KeyFile,
+  EncryptionType,
+  CryptoErrorCode
+} from '@time-file/browser-file-crypto';
+```
+
+## Links
+
+- [Changelog](./CHANGELOG.md)
+- [License](./LICENSE)
+- [npm](https://www.npmjs.com/package/@time-file/browser-file-crypto)
+- [GitHub](https://github.com/time-file/browser-file-crypto)
+
+## License
+
+[MIT](./LICENSE)
+
+---
+
+<p align="center">
+  <a href="https://timefile.co/en">
+    <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/timefile-footer.png#gh-light-mode-only" alt="Made by timefile.co" />
+    <img src="https://raw.githubusercontent.com/Time-File/browser-file-crypto/refs/heads/main/public/timefile-footer-dark.png#gh-dark-mode-only" alt="Made by timefile.co" />
+  </a>
+</p>

package/dist/index.cjs

@@ -0,0 +1,2 @@
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const l=16,p=12,_=256,N=1e5,m=32,d=1,h=2,D=16,R=1+l+p+D,L=1+p+D,f="AES-GCM",S="SHA-256",U={INVALID_INPUT:"Input must be a File, Blob, or ArrayBuffer.",PASSWORD_REQUIRED:"Password or keyfile is required for encryption.",KEYFILE_REQUIRED:"Keyfile is required to decrypt this file.",INVALID_PASSWORD:"Decryption failed: incorrect password.",INVALID_KEYFILE:"Decryption failed: incorrect keyfile.",INVALID_ENCRYPTED_DATA:"Invalid encrypted data: file may be corrupted.",ENCRYPTION_FAILED:"Encryption failed.",DECRYPTION_FAILED:"Decryption failed.",DOWNLOAD_FAILED:"File download failed.",UNSUPPORTED_FORMAT:"Unsupported encryption format."};class y extends Error{constructor(a,t){super(t??U[a]),this.name="CryptoError",this.code=a,Error.captureStackTrace&&Error.captureStackTrace(this,y)}}function C(n){return n instanceof y}async function w(n){if(n instanceof ArrayBuffer)return n;if(n instanceof Blob)return n.arrayBuffer();throw new y("INVALID_INPUT")}function E(n){return n.buffer.slice(n.byteOffset,n.byteOffset+n.byteLength)}function Y(n){const a=new Uint8Array(n);let t="";for(let e=0;e<a.byteLength;e++)t+=String.fromCharCode(a[e]);return btoa(t)}function b(n){const a=atob(n),t=new Uint8Array(a.length);for(let e=0;e<a.length;e++)t[e]=a.charCodeAt(e);return t.buffer}async function O(n,a){const t=new TextEncoder,e=await crypto.subtle.importKey("raw",t.encode(n),"PBKDF2",!1,["deriveKey"]);return crypto.subtle.deriveKey({name:"PBKDF2",salt:E(a),iterations:N,hash:S},e,{name:f,length:_},!1,["encrypt","decrypt"])}async function F(n){try{const a=b(n);return await crypto.subtle.importKey("raw",a,{name:f,length:_},!1,["encrypt","decrypt"])}catch{throw new y("INVALID_KEYFILE")}}function A(n){return crypto.getRandomValues(new Uint8Array(n))}function v(){return A(l)}function k(){return A(p)}const T="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*",H=16;function M(n=H){const a=Math.max(8,Math.min(128,n)),t=A(a);let e="";for(let i=0;i<a;i++){const c=t[i]%T.length;e+=T[c]}return e}async function B(n,a){const{password:t,keyData:e,onProgress:i}=a;if(!t&&!e)throw new y("PASSWORD_REQUIRED");try{i==null||i({phase:"deriving_key",progress:0});const c=await w(n);return i==null||i({phase:"deriving_key",progress:10}),e?await W(c,e,i):await G(c,t,i)}catch(c){throw c instanceof y?c:new y("ENCRYPTION_FAILED")}}async function G(n,a,t){const e=v(),i=k();t==null||t({phase:"deriving_key",progress:20});const c=await O(a,e);t==null||t({phase:"encrypting",progress:30});const r=await crypto.subtle.encrypt({name:f,iv:E(i)},c,n);t==null||t({phase:"encrypting",progress:90});const o=new Uint8Array(1+l+p+r.byteLength);return o[0]=d,o.set(e,1),o.set(i,1+l),o.set(new Uint8Array(r),1+l+p),t==null||t({phase:"complete",progress:100}),new Blob([o],{type:"application/octet-stream"})}async function W(n,a,t){const e=k();t==null||t({phase:"deriving_key",progress:20});const i=await F(a);t==null||t({phase:"encrypting",progress:30});const c=await crypto.subtle.encrypt({name:f,iv:E(e)},i,n);t==null||t({phase:"encrypting",progress:90});const r=new Uint8Array(1+p+c.byteLength);return r[0]=h,r.set(e,1),r.set(new Uint8Array(c),1+p),t==null||t({phase:"complete",progress:100}),new Blob([r],{type:"application/octet-stream"})}async function K(n,a){const{password:t,keyData:e,onProgress:i}=a;try{i==null||i({phase:"decrypting",progress:0});const c=new Uint8Array(await w(n));if(i==null||i({phase:"decrypting",progress:5}),c.length<1)throw new y("INVALID_ENCRYPTED_DATA");const r=c[0];if(r===d){if(!t)throw new y("PASSWORD_REQUIRED");return await V(c,t,i)}else if(r===h){if(!e)throw new y("KEYFILE_REQUIRED");return await x(c,e,i)}else throw new y("UNSUPPORTED_FORMAT")}catch(c){throw c instanceof y?c:new y("DECRYPTION_FAILED")}}async function V(n,a,t){if(n.length<R)throw new y("INVALID_ENCRYPTED_DATA");t==null||t({phase:"deriving_key",progress:10});const e=n.slice(1,1+l),i=n.slice(1+l,1+l+p),c=n.slice(1+l+p),r=await O(a,e);t==null||t({phase:"decrypting",progress:30});try{const o=await crypto.subtle.decrypt({name:f,iv:E(i)},r,c);return t==null||t({phase:"complete",progress:100}),new Blob([o])}catch{throw new y("INVALID_PASSWORD")}}async function x(n,a,t){if(n.length<L)throw new y("INVALID_ENCRYPTED_DATA");t==null||t({phase:"decrypting",progress:10});const e=n.slice(1,1+p),i=n.slice(1+p),c=await F(a);t==null||t({phase:"decrypting",progress:30});try{const r=await crypto.subtle.decrypt({name:f,iv:E(e)},c,i);return t==null||t({phase:"complete",progress:100}),new Blob([r])}catch{throw new y("INVALID_KEYFILE")}}async function g(n){const a=await w(n),t=new Uint8Array(a);if(t.length<1)return"unknown";const e=t[0];return e===d?"password":e===h?"keyfile":"unknown"}async function j(n){const a=await w(n),t=new Uint8Array(a);if(t.length<1)return!1;const e=t[0];return e===d&&t.length>=R||e===h&&t.length>=L}function Q(){const n=A(m);return{version:1,algorithm:"AES-256-GCM",key:Y(n.buffer),createdAt:new Date().toISOString()}}function Z(n){try{const a=JSON.parse(n);return $(a)?a:null}catch{return null}}function $(n){if(typeof n!="object"||n===null)return!1;const a=n;return a.version===1&&a.algorithm==="AES-256-GCM"&&typeof a.key=="string"&&a.key.length>0&&typeof a.createdAt=="string"}function q(n,a,t="key"){const e={version:1,algorithm:"AES-256-GCM",key:n,createdAt:new Date().toISOString()},i=JSON.stringify(e,null,2),c=new Blob([i],{type:"application/json"}),r=URL.createObjectURL(c),o=document.createElement("a");o.href=r,o.download=`${a}.${t}`,o.style.display="none",document.body.appendChild(o),o.click(),document.body.removeChild(o),URL.revokeObjectURL(r)}async function J(n){const a=b(n),t=await crypto.subtle.digest("SHA-256",a),e=new Uint8Array(t);return Array.from(e).map(i=>i.toString(16).padStart(2,"0")).join("")}async function z(n,a){const{fileName:t,onProgress:e,...i}=a;try{e==null||e({phase:"downloading",progress:0});const c=await fetch(n);if(!c.ok)throw new y("DOWNLOAD_FAILED",`Download failed: ${c.status} ${c.statusText}`);const r=c.headers.get("content-length");let o;r&&c.body?o=await X(c.body,parseInt(r,10),s=>{e==null||e({phase:"downloading",progress:Math.round(s*50)})}):(e==null||e({phase:"downloading",progress:25}),o=await c.arrayBuffer()),e==null||e({phase:"downloading",progress:50});const u=await K(o,{...i,onProgress:s=>{const I=50+Math.round(s.progress*.45);e==null||e({phase:s.phase==="complete"?"complete":s.phase,progress:s.phase==="complete"?100:I})}});P(u,t),e==null||e({phase:"complete",progress:100})}catch(c){throw c instanceof y?c:new y("DOWNLOAD_FAILED")}}async function X(n,a,t){const e=n.getReader(),i=[];let c=0;for(;;){const{done:u,value:s}=await e.read();if(u)break;i.push(s),c+=s.length;const I=c/a;t(Math.min(I,1))}const r=new Uint8Array(c);let o=0;for(const u of i)r.set(u,o),o+=u.length;return r.buffer}function P(n,a){const t=URL.createObjectURL(n),e=document.createElement("a");e.href=t,e.download=a,e.style.display="none",document.body.appendChild(e),e.click(),document.body.removeChild(e),URL.revokeObjectURL(t)}exports.ALGORITHM=f;exports.AUTH_TAG_LENGTH=D;exports.CryptoError=y;exports.ENCRYPTION_MARKER_KEYFILE=h;exports.ENCRYPTION_MARKER_PASSWORD=d;exports.HASH_ALGORITHM=S;exports.IV_LENGTH=p;exports.KEYFILE_KEY_LENGTH=m;exports.KEY_LENGTH=_;exports.MIN_ENCRYPTED_SIZE_KEYFILE=L;exports.MIN_ENCRYPTED_SIZE_PASSWORD=R;exports.PBKDF2_ITERATIONS=N;exports.SALT_LENGTH=l;exports.computeKeyFileHash=J;exports.decryptFile=K;exports.downloadAndDecrypt=z;exports.downloadKeyFile=q;exports.encryptFile=B;exports.generateKeyFile=Q;exports.generateRandomPassword=M;exports.getEncryptionType=g;exports.isCryptoError=C;exports.isEncryptedFile=j;exports.parseKeyFile=Z;
+//# sourceMappingURL=index.cjs.map