@twin.org/crypto 0.0.1 → 0.0.2-next.10

package/dist/cjs/index.cjs

@@ -2,21 +2,20 @@
 
 var base = require('@scure/base');
 var core = require('@twin.org/core');
-var ed25519 = require('@noble/curves/ed25519');
-var secp256k1 = require('@noble/curves/secp256k1');
-var blake2b = require('@noble/hashes/blake2b');
+var ed25519_js = require('@noble/curves/ed25519.js');
+var secp256k1_js = require('@noble/curves/secp256k1.js');
+var blake2_js = require('@noble/hashes/blake2.js');
 var bip32 = require('@scure/bip32');
 var slip10_js = require('micro-key-producer/slip10.js');
-var chacha = require('@noble/ciphers/chacha');
-var blake3 = require('@noble/hashes/blake3');
-var hmac = require('@noble/hashes/hmac');
-var sha1 = require('@noble/hashes/sha1');
-var sha256 = require('@noble/hashes/sha256');
-var sha512 = require('@noble/hashes/sha512');
-var pbkdf2 = require('@noble/hashes/pbkdf2');
-var sha3 = require('@noble/hashes/sha3');
+var chacha_js = require('@noble/ciphers/chacha.js');
+var blake3_js = require('@noble/hashes/blake3.js');
+var hmac_js = require('@noble/hashes/hmac.js');
+var legacy_js = require('@noble/hashes/legacy.js');
+var sha2_js = require('@noble/hashes/sha2.js');
+var pbkdf2_js = require('@noble/hashes/pbkdf2.js');
+var sha3_js = require('@noble/hashes/sha3.js');
 var bip39 = require('@scure/bip39');
-var english = require('@scure/bip39/wordlists/english');
+var english_js = require('@scure/bip39/wordlists/english.js');
 var otp = require('micro-key-producer/otp.js');
 
 function _interopNamespaceDefault(e) {
@@ -143,7 +142,7 @@ class Ed25519 {
                 actualSize: privateKey.length
             });
         }
-        return ed25519.ed25519.getPublicKey(privateKey);
+        return ed25519_js.ed25519.getPublicKey(privateKey);
     }
     /**
      * Sign the block with privateKey and returns a signature.
@@ -161,7 +160,7 @@ class Ed25519 {
                 actualSize: privateKey ? privateKey.length : 0
             });
         }
-        return ed25519.ed25519.sign(block, privateKey);
+        return ed25519_js.ed25519.sign(block, privateKey);
     }
     /**
      * Verify reports whether sig is a valid signature of block by publicKey.
@@ -182,7 +181,7 @@ class Ed25519 {
             });
         }
         try {
-            return ed25519.ed25519.verify(signature, block, publicKey);
+            return ed25519_js.ed25519.verify(signature, block, publicKey);
         }
         catch {
             return false;
@@ -207,7 +206,7 @@ class Ed25519 {
         // The ASN.1 sequence is 48 46 02 01 00 30 05 06 03 2b 65 70 04 20 04 20 (0x302e020100300506032b657004220420)
         const pkcs8Prefix = new Uint8Array([48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 112, 4, 34, 4, 32]);
         const fullKey = core.Uint8ArrayHelper.concat([pkcs8Prefix, privateKey]);
-        return crypto.subtle.importKey("pkcs8", fullKey, "Ed25519", true, ["sign"]);
+        return crypto.subtle.importKey("pkcs8", new Uint8Array(fullKey), "Ed25519", true, ["sign"]);
     }
     /**
      * Convert a crypto key to raw private key.
@@ -256,7 +255,7 @@ class Secp256k1 {
                 actualSize: privateKey.length
             });
         }
-        return secp256k1.secp256k1.getPublicKey(privateKey);
+        return secp256k1_js.secp256k1.getPublicKey(privateKey);
     }
     /**
      * Sign the block with privateKey and returns a signature.
@@ -271,11 +270,11 @@ class Secp256k1 {
         if (privateKey.length !== Secp256k1.PRIVATE_KEY_SIZE) {
             throw new core.GeneralError(Secp256k1._CLASS_NAME, "privateKeyLength", {
                 requiredSize: Secp256k1.PRIVATE_KEY_SIZE,
-                actualSize: privateKey ? privateKey.length : 0
+                actualSize: privateKey.length
             });
         }
-        const res = secp256k1.secp256k1.sign(block, privateKey);
-        return res.toCompactRawBytes();
+        const res = secp256k1_js.secp256k1.sign(block, privateKey, { prehash: false });
+        return res;
     }
     /**
      * Verify reports whether sig is a valid signature of block by publicKey.
@@ -296,7 +295,7 @@ class Secp256k1 {
             });
         }
         try {
-            return secp256k1.secp256k1.verify(signature, block, publicKey);
+            return secp256k1_js.secp256k1.verify(signature, block, publicKey, { prehash: false });
         }
         catch {
             return false;
@@ -339,7 +338,7 @@ class Blake2b {
      * @param key Optional key for the hash.
      */
     constructor(outputLength, key) {
-        this._instance = blake2b.blake2b.create({
+        this._instance = blake2_js.blake2b.create({
             dkLen: outputLength,
             key
         });
@@ -484,7 +483,6 @@ const KeyType = {
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
-/* eslint-disable no-bitwise */
 /**
  * Class to help with slip0010 key derivation
  * https://github.com/satoshilabs/slips/blob/master/slip-0010.md.
@@ -692,7 +690,7 @@ class ChaCha20Poly1305 {
     constructor(key, nonce, aad) {
         core.Guards.uint8Array(ChaCha20Poly1305._CLASS_NAME, "key", key);
         core.Guards.uint8Array(ChaCha20Poly1305._CLASS_NAME, "nonce", nonce);
-        this._instance = chacha.chacha20poly1305(key, nonce, aad);
+        this._instance = chacha_js.chacha20poly1305(key, nonce, aad);
     }
     /**
      * Encrypt the block.
@@ -716,9 +714,6 @@ class ChaCha20Poly1305 {
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
-/**
- * This is a TypeScript port of https://github.com/katzenpost/core/blob/master/crypto/extra25519/extra25519.go.
- */
 /**
  * Implementation of X25519.
  */
@@ -735,7 +730,7 @@ class X25519 {
      */
     static convertPrivateKeyToX25519(ed25519PrivateKey) {
         core.Guards.uint8Array(X25519._CLASS_NAME, "ed25519PrivateKey", ed25519PrivateKey);
-        return ed25519.edwardsToMontgomeryPriv(ed25519PrivateKey);
+        return ed25519_js.ed25519.utils.toMontgomerySecret(ed25519PrivateKey.slice(0, Ed25519.PRIVATE_KEY_SIZE));
     }
     /**
      * Convert Ed25519 public key to X25519 public key.
@@ -745,7 +740,7 @@ class X25519 {
      */
     static convertPublicKeyToX25519(ed25519PublicKey) {
         core.Guards.uint8Array(X25519._CLASS_NAME, "ed25519PublicKey", ed25519PublicKey);
-        return ed25519.edwardsToMontgomeryPub(ed25519PublicKey);
+        return ed25519_js.ed25519.utils.toMontgomery(ed25519PublicKey);
     }
 }
 
@@ -776,7 +771,7 @@ class Zip215 {
         if (publicKey.length !== Ed25519.PUBLIC_KEY_SIZE) {
             return false;
         }
-        return ed25519.ed25519.verify(sig, block, publicKey, { zip215: true });
+        return ed25519_js.ed25519.verify(sig, block, publicKey, { zip215: true });
     }
 }
 
@@ -811,7 +806,7 @@ class Blake3 {
      * @param key Optional key for the hash.
      */
     constructor(outputLength, key) {
-        this._instance = blake3.blake3.create({
+        this._instance = blake3_js.blake3.create({
             dkLen: outputLength,
             key
         });
@@ -877,7 +872,7 @@ class HmacSha1 {
      * @param key The key for the hmac.
      */
     constructor(key) {
-        this._instance = hmac.hmac.create(sha1.sha1, key);
+        this._instance = hmac_js.hmac.create(legacy_js.sha1, key);
     }
     /**
      * Perform Sum on the block.
@@ -943,7 +938,7 @@ class HmacSha256 {
         if (bits !== HmacSha256.SIZE_224 && bits !== HmacSha256.SIZE_256) {
             throw new core.GeneralError(HmacSha256._CLASS_NAME, "bitSize", { bitSize: bits });
         }
-        this._instance = hmac.hmac.create(bits === HmacSha256.SIZE_256 ? sha256.sha256 : sha256.sha224, key);
+        this._instance = hmac_js.hmac.create(bits === HmacSha256.SIZE_256 ? sha2_js.sha256 : sha2_js.sha224, key);
     }
     /**
      * Perform Sum 224 on the block.
@@ -1037,16 +1032,16 @@ class HmacSha512 {
             throw new core.GeneralError(HmacSha512._CLASS_NAME, "bitSize", { bitSize: bits });
         }
         if (bits === HmacSha512.SIZE_224) {
-            this._instance = hmac.hmac.create(sha512.sha512_224, key);
+            this._instance = hmac_js.hmac.create(sha2_js.sha512_224, key);
         }
         else if (bits === HmacSha512.SIZE_256) {
-            this._instance = hmac.hmac.create(sha512.sha512_256, key);
+            this._instance = hmac_js.hmac.create(sha2_js.sha512_256, key);
         }
         else if (bits === HmacSha512.SIZE_384) {
-            this._instance = hmac.hmac.create(sha512.sha384, key);
+            this._instance = hmac_js.hmac.create(sha2_js.sha384, key);
         }
         else {
-            this._instance = hmac.hmac.create(sha512.sha512, key);
+            this._instance = hmac_js.hmac.create(sha2_js.sha512, key);
         }
     }
     /**
@@ -1144,7 +1139,7 @@ class Pbkdf2 {
         core.Guards.uint8Array(Pbkdf2._CLASS_NAME, "salt", salt);
         core.Guards.number(Pbkdf2._CLASS_NAME, "iterations", iterations);
         core.Guards.number(Pbkdf2._CLASS_NAME, "keyLength", keyLength);
-        return pbkdf2.pbkdf2(sha256.sha256, password, salt, { c: iterations, dkLen: keyLength });
+        return pbkdf2_js.pbkdf2(sha2_js.sha256, password, salt, { c: iterations, dkLen: keyLength });
     }
     /**
      * Derive a key from the parameters using Sha512.
@@ -1159,7 +1154,7 @@ class Pbkdf2 {
         core.Guards.uint8Array(Pbkdf2._CLASS_NAME, "salt", salt);
         core.Guards.number(Pbkdf2._CLASS_NAME, "iterations", iterations);
         core.Guards.number(Pbkdf2._CLASS_NAME, "keyLength", keyLength);
-        return pbkdf2.pbkdf2(sha512.sha512, password, salt, { c: iterations, dkLen: keyLength });
+        return pbkdf2_js.pbkdf2(sha2_js.sha512, password, salt, { c: iterations, dkLen: keyLength });
     }
 }
 
@@ -1184,7 +1179,7 @@ class Sha1 {
      * Create a new instance of Sha1.
      */
     constructor() {
-        this._instance = sha1.sha1.create();
+        this._instance = legacy_js.sha1.create();
     }
     /**
      * Perform Sum on the block.
@@ -1247,7 +1242,7 @@ class Sha256 {
         if (bits !== Sha256.SIZE_224 && bits !== Sha256.SIZE_256) {
             throw new core.GeneralError(Sha256._CLASS_NAME, "bitSize", { bitSize: bits });
         }
-        this._instance = bits === Sha256.SIZE_256 ? sha256.sha256.create() : sha256.sha224.create();
+        this._instance = bits === Sha256.SIZE_256 ? sha2_js.sha256.create() : sha2_js.sha224.create();
     }
     /**
      * Perform Sum 256 on the block.
@@ -1335,19 +1330,19 @@ class Sha3 {
         }
         if (bits === Sha3.SIZE_224) {
             // eslint-disable-next-line camelcase
-            this._instance = sha3.sha3_224.create();
+            this._instance = sha3_js.sha3_224.create();
         }
         else if (bits === Sha3.SIZE_256) {
             // eslint-disable-next-line camelcase
-            this._instance = sha3.sha3_256.create();
+            this._instance = sha3_js.sha3_256.create();
         }
         else if (bits === Sha3.SIZE_384) {
             // eslint-disable-next-line camelcase
-            this._instance = sha3.sha3_384.create();
+            this._instance = sha3_js.sha3_384.create();
         }
         else {
             // eslint-disable-next-line camelcase
-            this._instance = sha3.sha3_512.create();
+            this._instance = sha3_js.sha3_512.create();
         }
     }
     /**
@@ -1455,16 +1450,16 @@ class Sha512 {
             throw new core.GeneralError(Sha512._CLASS_NAME, "bitSize", { bitSize: bits });
         }
         if (bits === Sha512.SIZE_224) {
-            this._instance = sha512.sha512_224.create();
+            this._instance = sha2_js.sha512_224.create();
         }
         else if (bits === Sha512.SIZE_256) {
-            this._instance = sha512.sha512_256.create();
+            this._instance = sha2_js.sha512_256.create();
         }
         else if (bits === Sha512.SIZE_384) {
-            this._instance = sha512.sha384.create();
+            this._instance = sha2_js.sha384.create();
         }
         else {
-            this._instance = sha512.sha512.create();
+            this._instance = sha2_js.sha512.create();
         }
     }
     /**
@@ -1526,6 +1521,48 @@ class Sha512 {
     }
 }
 
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+/**
+ * Helper class for working with PEM (Privacy-Enhanced Mail) formatted data.
+ */
+class PemHelper {
+    /**
+     * Runtime name for the class.
+     * @internal
+     */
+    static _CLASS_NAME = "PemHelper";
+    /**
+     * Strip the PEM content of its headers, footers, and newlines.
+     * @param pemContent The PEM content to strip.
+     * @returns The stripped PEM content in bas64 format.
+     */
+    static stripPemMarkers(pemContent) {
+        core.Guards.string(PemHelper._CLASS_NAME, "pemContent", pemContent);
+        return pemContent
+            .replace(/-----BEGIN.*-----/, "")
+            .replace(/-----END.*-----/, "")
+            .replace(/\n/g, "")
+            .trim();
+    }
+    /**
+     * Format the PEM content to have a specific line length.
+     * @param marker The marker for the PEM content, e.g. RSA PRIVATE KEY
+     * @param base64Content The base64 content to format.
+     * @param lineLength The length of each line in the PEM content, default is 64 characters.
+     * @returns The formatted PEM content.
+     */
+    static formatPem(marker, base64Content, lineLength = 64) {
+        core.Guards.stringValue(PemHelper._CLASS_NAME, "marker", marker);
+        core.Guards.stringBase64(PemHelper._CLASS_NAME, "base64Content", base64Content);
+        const lines = [];
+        for (let i = 0; i < base64Content.length; i += lineLength) {
+            lines.push(base64Content.slice(i, i + lineLength));
+        }
+        return [`-----BEGIN ${marker}-----`, ...lines, `-----END ${marker}-----`].join("\n");
+    }
+}
+
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
 /**
@@ -1544,7 +1581,7 @@ class Bip39 {
      * @returns The random mnemonic.
      * @throws Error if the length is not a multiple of 32.
      */
-    static randomMnemonic(strength = 256, words = english.wordlist) {
+    static randomMnemonic(strength = 256, words = english_js.wordlist) {
         core.Guards.number(Bip39._CLASS_NAME, "strength", strength);
         core.Guards.arrayValue(Bip39._CLASS_NAME, "words", words);
         if (strength % 32 !== 0) {
@@ -1559,7 +1596,7 @@ class Bip39 {
      * @returns The mnemonic.
      * @throws Error if the length of the entropy is not a multiple of 4, or is less than 16 or greater than 32.
      */
-    static entropyToMnemonic(entropy, words = english.wordlist) {
+    static entropyToMnemonic(entropy, words = english_js.wordlist) {
         core.Guards.uint8Array(Bip39._CLASS_NAME, "entropy", entropy);
         core.Guards.arrayValue(Bip39._CLASS_NAME, "words", words);
         if (entropy.length % 4 !== 0 || entropy.length < 16 || entropy.length > 32) {
@@ -1584,16 +1621,31 @@ class Bip39 {
      * @returns The entropy.
      * @throws Error if the number of words is not a multiple of 3.
      */
-    static mnemonicToEntropy(mnemonic, words = english.wordlist) {
+    static mnemonicToEntropy(mnemonic, words = english_js.wordlist) {
         core.Guards.stringValue(Bip39._CLASS_NAME, "mnemonic", mnemonic);
         core.Guards.arrayValue(Bip39._CLASS_NAME, "words", words);
         return bip39__namespace.mnemonicToEntropy(mnemonic, words);
     }
+    /**
+     * Validate the mnemonic.
+     * @param mnemonic The mnemonic to validate.
+     * @param wordCount The expected number of words in the mnemonic, defaults to 24.
+     * @param words The wordlist to use, defaults to the English wordlist.
+     * @returns True if the mnemonic is valid.
+     */
+    static validateMnemonic(mnemonic, wordCount = 24, words = english_js.wordlist) {
+        core.Guards.string(Bip39._CLASS_NAME, "mnemonic", mnemonic);
+        core.Guards.integer(Bip39._CLASS_NAME, "wordCount", wordCount);
+        const mnemonicSplit = mnemonic.split(/\s+/);
+        if (mnemonicSplit.length !== wordCount) {
+            return false;
+        }
+        return bip39__namespace.validateMnemonic(mnemonic, words);
+    }
 }
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
-/* eslint-disable no-bitwise */
 /**
  * Perform HOTP.
  * Implementation of https://datatracker.ietf.org/doc/html/rfc4226 .
@@ -1812,6 +1864,7 @@ exports.KeyType = KeyType;
 exports.PasswordGenerator = PasswordGenerator;
 exports.PasswordValidator = PasswordValidator;
 exports.Pbkdf2 = Pbkdf2;
+exports.PemHelper = PemHelper;
 exports.Secp256k1 = Secp256k1;
 exports.Sha1 = Sha1;
 exports.Sha256 = Sha256;

package/dist/esm/index.mjs

@@ -1,20 +1,19 @@
 import { bech32 } from '@scure/base';
 import { Guards, BaseError, GeneralError, Is, Uint8ArrayHelper, Converter, GuardError, Base32, RandomHelper, Validation } from '@twin.org/core';
-import { ed25519, edwardsToMontgomeryPriv, edwardsToMontgomeryPub } from '@noble/curves/ed25519';
-import { secp256k1 } from '@noble/curves/secp256k1';
-import { blake2b } from '@noble/hashes/blake2b';
+import { ed25519 } from '@noble/curves/ed25519.js';
+import { secp256k1 } from '@noble/curves/secp256k1.js';
+import { blake2b } from '@noble/hashes/blake2.js';
 import { HDKey as HDKey$1 } from '@scure/bip32';
 import { HDKey } from 'micro-key-producer/slip10.js';
-import { chacha20poly1305 } from '@noble/ciphers/chacha';
-import { blake3 } from '@noble/hashes/blake3';
-import { hmac } from '@noble/hashes/hmac';
-import { sha1 } from '@noble/hashes/sha1';
-import { sha256, sha224 } from '@noble/hashes/sha256';
-import { sha512_224, sha512_256, sha384, sha512 } from '@noble/hashes/sha512';
-import { pbkdf2 } from '@noble/hashes/pbkdf2';
-import { sha3_224, sha3_256, sha3_384, sha3_512 } from '@noble/hashes/sha3';
+import { chacha20poly1305 } from '@noble/ciphers/chacha.js';
+import { blake3 } from '@noble/hashes/blake3.js';
+import { hmac } from '@noble/hashes/hmac.js';
+import { sha1 } from '@noble/hashes/legacy.js';
+import { sha256, sha224, sha512_224, sha512_256, sha384, sha512 } from '@noble/hashes/sha2.js';
+import { pbkdf2 } from '@noble/hashes/pbkdf2.js';
+import { sha3_224, sha3_256, sha3_384, sha3_512 } from '@noble/hashes/sha3.js';
 import * as bip39 from '@scure/bip39';
-import { wordlist } from '@scure/bip39/wordlists/english';
+import { wordlist } from '@scure/bip39/wordlists/english.js';
 import * as otp from 'micro-key-producer/otp.js';
 
 // Copyright 2024 IOTA Stiftung.
@@ -185,7 +184,7 @@ class Ed25519 {
         // The ASN.1 sequence is 48 46 02 01 00 30 05 06 03 2b 65 70 04 20 04 20 (0x302e020100300506032b657004220420)
         const pkcs8Prefix = new Uint8Array([48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 112, 4, 34, 4, 32]);
         const fullKey = Uint8ArrayHelper.concat([pkcs8Prefix, privateKey]);
-        return crypto.subtle.importKey("pkcs8", fullKey, "Ed25519", true, ["sign"]);
+        return crypto.subtle.importKey("pkcs8", new Uint8Array(fullKey), "Ed25519", true, ["sign"]);
     }
     /**
      * Convert a crypto key to raw private key.
@@ -249,11 +248,11 @@ class Secp256k1 {
         if (privateKey.length !== Secp256k1.PRIVATE_KEY_SIZE) {
             throw new GeneralError(Secp256k1._CLASS_NAME, "privateKeyLength", {
                 requiredSize: Secp256k1.PRIVATE_KEY_SIZE,
-                actualSize: privateKey ? privateKey.length : 0
+                actualSize: privateKey.length
             });
         }
-        const res = secp256k1.sign(block, privateKey);
-        return res.toCompactRawBytes();
+        const res = secp256k1.sign(block, privateKey, { prehash: false });
+        return res;
     }
     /**
      * Verify reports whether sig is a valid signature of block by publicKey.
@@ -274,7 +273,7 @@ class Secp256k1 {
             });
         }
         try {
-            return secp256k1.verify(signature, block, publicKey);
+            return secp256k1.verify(signature, block, publicKey, { prehash: false });
         }
         catch {
             return false;
@@ -462,7 +461,6 @@ const KeyType = {
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
-/* eslint-disable no-bitwise */
 /**
  * Class to help with slip0010 key derivation
  * https://github.com/satoshilabs/slips/blob/master/slip-0010.md.
@@ -694,9 +692,6 @@ class ChaCha20Poly1305 {
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
-/**
- * This is a TypeScript port of https://github.com/katzenpost/core/blob/master/crypto/extra25519/extra25519.go.
- */
 /**
  * Implementation of X25519.
  */
@@ -713,7 +708,7 @@ class X25519 {
      */
     static convertPrivateKeyToX25519(ed25519PrivateKey) {
         Guards.uint8Array(X25519._CLASS_NAME, "ed25519PrivateKey", ed25519PrivateKey);
-        return edwardsToMontgomeryPriv(ed25519PrivateKey);
+        return ed25519.utils.toMontgomerySecret(ed25519PrivateKey.slice(0, Ed25519.PRIVATE_KEY_SIZE));
     }
     /**
      * Convert Ed25519 public key to X25519 public key.
@@ -723,7 +718,7 @@ class X25519 {
      */
     static convertPublicKeyToX25519(ed25519PublicKey) {
         Guards.uint8Array(X25519._CLASS_NAME, "ed25519PublicKey", ed25519PublicKey);
-        return edwardsToMontgomeryPub(ed25519PublicKey);
+        return ed25519.utils.toMontgomery(ed25519PublicKey);
     }
 }
 
@@ -1504,6 +1499,48 @@ class Sha512 {
     }
 }
 
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+/**
+ * Helper class for working with PEM (Privacy-Enhanced Mail) formatted data.
+ */
+class PemHelper {
+    /**
+     * Runtime name for the class.
+     * @internal
+     */
+    static _CLASS_NAME = "PemHelper";
+    /**
+     * Strip the PEM content of its headers, footers, and newlines.
+     * @param pemContent The PEM content to strip.
+     * @returns The stripped PEM content in bas64 format.
+     */
+    static stripPemMarkers(pemContent) {
+        Guards.string(PemHelper._CLASS_NAME, "pemContent", pemContent);
+        return pemContent
+            .replace(/-----BEGIN.*-----/, "")
+            .replace(/-----END.*-----/, "")
+            .replace(/\n/g, "")
+            .trim();
+    }
+    /**
+     * Format the PEM content to have a specific line length.
+     * @param marker The marker for the PEM content, e.g. RSA PRIVATE KEY
+     * @param base64Content The base64 content to format.
+     * @param lineLength The length of each line in the PEM content, default is 64 characters.
+     * @returns The formatted PEM content.
+     */
+    static formatPem(marker, base64Content, lineLength = 64) {
+        Guards.stringValue(PemHelper._CLASS_NAME, "marker", marker);
+        Guards.stringBase64(PemHelper._CLASS_NAME, "base64Content", base64Content);
+        const lines = [];
+        for (let i = 0; i < base64Content.length; i += lineLength) {
+            lines.push(base64Content.slice(i, i + lineLength));
+        }
+        return [`-----BEGIN ${marker}-----`, ...lines, `-----END ${marker}-----`].join("\n");
+    }
+}
+
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
 /**
@@ -1567,11 +1604,26 @@ class Bip39 {
         Guards.arrayValue(Bip39._CLASS_NAME, "words", words);
         return bip39.mnemonicToEntropy(mnemonic, words);
     }
+    /**
+     * Validate the mnemonic.
+     * @param mnemonic The mnemonic to validate.
+     * @param wordCount The expected number of words in the mnemonic, defaults to 24.
+     * @param words The wordlist to use, defaults to the English wordlist.
+     * @returns True if the mnemonic is valid.
+     */
+    static validateMnemonic(mnemonic, wordCount = 24, words = wordlist) {
+        Guards.string(Bip39._CLASS_NAME, "mnemonic", mnemonic);
+        Guards.integer(Bip39._CLASS_NAME, "wordCount", wordCount);
+        const mnemonicSplit = mnemonic.split(/\s+/);
+        if (mnemonicSplit.length !== wordCount) {
+            return false;
+        }
+        return bip39.validateMnemonic(mnemonic, words);
+    }
 }
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
-/* eslint-disable no-bitwise */
 /**
  * Perform HOTP.
  * Implementation of https://datatracker.ietf.org/doc/html/rfc4226 .
@@ -1774,4 +1826,4 @@ class PasswordValidator {
     }
 }
 
-export { Bech32, Bip32Path, Bip39, Bip44, Blake2b, Blake3, ChaCha20Poly1305, Ed25519, HmacSha1, HmacSha256, HmacSha512, Hotp, KeyType, PasswordGenerator, PasswordValidator, Pbkdf2, Secp256k1, Sha1, Sha256, Sha3, Sha512, Slip0010, Totp, X25519, Zip215 };
+export { Bech32, Bip32Path, Bip39, Bip44, Blake2b, Blake3, ChaCha20Poly1305, Ed25519, HmacSha1, HmacSha256, HmacSha512, Hotp, KeyType, PasswordGenerator, PasswordValidator, Pbkdf2, PemHelper, Secp256k1, Sha1, Sha256, Sha3, Sha512, Slip0010, Totp, X25519, Zip215 };

package/dist/types/helpers/pemHelper.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Helper class for working with PEM (Privacy-Enhanced Mail) formatted data.
+ */
+export declare class PemHelper {
+    /**
+     * Strip the PEM content of its headers, footers, and newlines.
+     * @param pemContent The PEM content to strip.
+     * @returns The stripped PEM content in bas64 format.
+     */
+    static stripPemMarkers(pemContent: string): string;
+    /**
+     * Format the PEM content to have a specific line length.
+     * @param marker The marker for the PEM content, e.g. RSA PRIVATE KEY
+     * @param base64Content The base64 content to format.
+     * @param lineLength The length of each line in the PEM content, default is 64 characters.
+     * @returns The formatted PEM content.
+     */
+    static formatPem(marker: string, base64Content: string, lineLength?: number): string;
+}

package/dist/types/index.d.ts

@@ -15,6 +15,7 @@ export * from "./hashes/sha1";
 export * from "./hashes/sha256";
 export * from "./hashes/sha3";
 export * from "./hashes/sha512";
+export * from "./helpers/pemHelper";
 export * from "./keys/bip32Path";
 export * from "./keys/bip39";
 export * from "./keys/slip0010";

package/dist/types/keys/bip39.d.ts

@@ -33,4 +33,12 @@ export declare class Bip39 {
      * @throws Error if the number of words is not a multiple of 3.
      */
     static mnemonicToEntropy(mnemonic: string, words?: string[]): Uint8Array;
+    /**
+     * Validate the mnemonic.
+     * @param mnemonic The mnemonic to validate.
+     * @param wordCount The expected number of words in the mnemonic, defaults to 24.
+     * @param words The wordlist to use, defaults to the English wordlist.
+     * @returns True if the mnemonic is valid.
+     */
+    static validateMnemonic(mnemonic: string, wordCount?: number, words?: string[]): boolean;
 }

package/docs/changelog.md

@@ -1,5 +1,200 @@
 # @twin.org/crypto - Changelog
 
+## [0.0.2-next.10](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.9...crypto-v0.0.2-next.10) (2025-09-11)
+
+
+### Miscellaneous Chores
+
+* **crypto:** Synchronize repo versions
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.9 to 0.0.2-next.10
+    * @twin.org/nameof bumped from 0.0.2-next.9 to 0.0.2-next.10
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.9 to 0.0.2-next.10
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.9 to 0.0.2-next.10
+
+## [0.0.2-next.9](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.8...crypto-v0.0.2-next.9) (2025-09-08)
+
+
+### Features
+
+* add mnemonic validation ([4b43491](https://github.com/twinfoundation/framework/commit/4b43491cf04bb626c27faea66e5c74b3971b111d))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.8 to 0.0.2-next.9
+    * @twin.org/nameof bumped from 0.0.2-next.8 to 0.0.2-next.9
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.8 to 0.0.2-next.9
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.8 to 0.0.2-next.9
+
+## [0.0.2-next.8](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.7...crypto-v0.0.2-next.8) (2025-09-05)
+
+
+### Miscellaneous Chores
+
+* **crypto:** Synchronize repo versions
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.7 to 0.0.2-next.8
+    * @twin.org/nameof bumped from 0.0.2-next.7 to 0.0.2-next.8
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.7 to 0.0.2-next.8
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.7 to 0.0.2-next.8
+
+## [0.0.2-next.7](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.6...crypto-v0.0.2-next.7) (2025-08-29)
+
+
+### Features
+
+* eslint migration to flat config ([74427d7](https://github.com/twinfoundation/framework/commit/74427d78d342167f7850e49ab87269326355befe))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.6 to 0.0.2-next.7
+    * @twin.org/nameof bumped from 0.0.2-next.6 to 0.0.2-next.7
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.6 to 0.0.2-next.7
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.6 to 0.0.2-next.7
+
+## [0.0.2-next.6](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.5...crypto-v0.0.2-next.6) (2025-08-27)
+
+
+### Miscellaneous Chores
+
+* **crypto:** Synchronize repo versions
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.5 to 0.0.2-next.6
+    * @twin.org/nameof bumped from 0.0.2-next.5 to 0.0.2-next.6
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.5 to 0.0.2-next.6
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.5 to 0.0.2-next.6
+
+## [0.0.2-next.5](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.4...crypto-v0.0.2-next.5) (2025-08-19)
+
+
+### Features
+
+* use cause instead of inner for errors ([1f4acc4](https://github.com/twinfoundation/framework/commit/1f4acc4d7a6b71a134d9547da9bf40de1e1e49da))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.4 to 0.0.2-next.5
+    * @twin.org/nameof bumped from 0.0.2-next.4 to 0.0.2-next.5
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.4 to 0.0.2-next.5
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.4 to 0.0.2-next.5
+
+## [0.0.2-next.4](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.3...crypto-v0.0.2-next.4) (2025-08-15)
+
+
+### Features
+
+* additional RSA methods and async ([1fceee2](https://github.com/twinfoundation/framework/commit/1fceee2d1248a24a7620846025fcf906495c07f4))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.3 to 0.0.2-next.4
+    * @twin.org/nameof bumped from 0.0.2-next.3 to 0.0.2-next.4
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.3 to 0.0.2-next.4
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.3 to 0.0.2-next.4
+
+## [0.0.2-next.3](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.2...crypto-v0.0.2-next.3) (2025-08-06)
+
+
+### Features
+
+* add guards arrayEndsWith and arrayStartsWith ([95d875e](https://github.com/twinfoundation/framework/commit/95d875ec8ccb4713c145fdde941d4cfedcec2ed3))
+* add rsa cipher support ([7af6cc6](https://github.com/twinfoundation/framework/commit/7af6cc67512d3363bd4a2f2e87bd7733c2800147))
+* add RSA support for public key components ([7126259](https://github.com/twinfoundation/framework/commit/7126259103b758c291e52a8a03818eb822d1aad1))
+* change method accessibility ([c1b77fc](https://github.com/twinfoundation/framework/commit/c1b77fcfb61c092a01c97aebb2fe2dc2bbaa221b))
+* relocate core packages from tools ([bcab8f3](https://github.com/twinfoundation/framework/commit/bcab8f3160442ea4fcaf442947462504f3d6a17d))
+* update dependencies ([f3bd015](https://github.com/twinfoundation/framework/commit/f3bd015efd169196b7e0335f5cab876ba6ca1d75))
+* use new shared store mechanism ([#131](https://github.com/twinfoundation/framework/issues/131)) ([934385b](https://github.com/twinfoundation/framework/commit/934385b2fbaf9f5c00a505ebf9d093bd5a425f55))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.2 to 0.0.2-next.3
+    * @twin.org/nameof bumped from 0.0.2-next.2 to 0.0.2-next.3
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.2 to 0.0.2-next.3
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.2 to 0.0.2-next.3
+
+## [0.0.2-next.2](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.1...crypto-v0.0.2-next.2) (2025-08-06)
+
+
+### Features
+
+* add guards arrayEndsWith and arrayStartsWith ([95d875e](https://github.com/twinfoundation/framework/commit/95d875ec8ccb4713c145fdde941d4cfedcec2ed3))
+* add rsa cipher support ([7af6cc6](https://github.com/twinfoundation/framework/commit/7af6cc67512d3363bd4a2f2e87bd7733c2800147))
+* change method accessibility ([c1b77fc](https://github.com/twinfoundation/framework/commit/c1b77fcfb61c092a01c97aebb2fe2dc2bbaa221b))
+* relocate core packages from tools ([bcab8f3](https://github.com/twinfoundation/framework/commit/bcab8f3160442ea4fcaf442947462504f3d6a17d))
+* update dependencies ([f3bd015](https://github.com/twinfoundation/framework/commit/f3bd015efd169196b7e0335f5cab876ba6ca1d75))
+* use new shared store mechanism ([#131](https://github.com/twinfoundation/framework/issues/131)) ([934385b](https://github.com/twinfoundation/framework/commit/934385b2fbaf9f5c00a505ebf9d093bd5a425f55))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.1 to 0.0.2-next.2
+    * @twin.org/nameof bumped from 0.0.2-next.1 to 0.0.2-next.2
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.1 to 0.0.2-next.2
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.1 to 0.0.2-next.2
+
+## [0.0.2-next.1](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.0...crypto-v0.0.2-next.1) (2025-08-06)
+
+
+### Features
+
+* add guards arrayEndsWith and arrayStartsWith ([95d875e](https://github.com/twinfoundation/framework/commit/95d875ec8ccb4713c145fdde941d4cfedcec2ed3))
+* add rsa cipher support ([7af6cc6](https://github.com/twinfoundation/framework/commit/7af6cc67512d3363bd4a2f2e87bd7733c2800147))
+* relocate core packages from tools ([bcab8f3](https://github.com/twinfoundation/framework/commit/bcab8f3160442ea4fcaf442947462504f3d6a17d))
+* update dependencies ([f3bd015](https://github.com/twinfoundation/framework/commit/f3bd015efd169196b7e0335f5cab876ba6ca1d75))
+* use new shared store mechanism ([#131](https://github.com/twinfoundation/framework/issues/131)) ([934385b](https://github.com/twinfoundation/framework/commit/934385b2fbaf9f5c00a505ebf9d093bd5a425f55))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.0 to 0.0.2-next.1
+    * @twin.org/nameof bumped from 0.0.2-next.0 to 0.0.2-next.1
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.0 to 0.0.2-next.1
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.0 to 0.0.2-next.1
+
 ## 0.0.1 (2025-07-03)
 
 

package/docs/reference/classes/Bip39.md

@@ -135,3 +135,37 @@ The entropy.
 #### Throws
 
 Error if the number of words is not a multiple of 3.
+
+***
+
+### validateMnemonic()
+
+> `static` **validateMnemonic**(`mnemonic`, `wordCount`, `words`): `boolean`
+
+Validate the mnemonic.
+
+#### Parameters
+
+##### mnemonic
+
+`string`
+
+The mnemonic to validate.
+
+##### wordCount
+
+`number` = `24`
+
+The expected number of words in the mnemonic, defaults to 24.
+
+##### words
+
+`string`[] = `wordlist`
+
+The wordlist to use, defaults to the English wordlist.
+
+#### Returns
+
+`boolean`
+
+True if the mnemonic is valid.

package/docs/reference/classes/PemHelper.md

@@ -0,0 +1,69 @@
+# Class: PemHelper
+
+Helper class for working with PEM (Privacy-Enhanced Mail) formatted data.
+
+## Constructors
+
+### Constructor
+
+> **new PemHelper**(): `PemHelper`
+
+#### Returns
+
+`PemHelper`
+
+## Methods
+
+### stripPemMarkers()
+
+> `static` **stripPemMarkers**(`pemContent`): `string`
+
+Strip the PEM content of its headers, footers, and newlines.
+
+#### Parameters
+
+##### pemContent
+
+`string`
+
+The PEM content to strip.
+
+#### Returns
+
+`string`
+
+The stripped PEM content in bas64 format.
+
+***
+
+### formatPem()
+
+> `static` **formatPem**(`marker`, `base64Content`, `lineLength`): `string`
+
+Format the PEM content to have a specific line length.
+
+#### Parameters
+
+##### marker
+
+`string`
+
+The marker for the PEM content, e.g. RSA PRIVATE KEY
+
+##### base64Content
+
+`string`
+
+The base64 content to format.
+
+##### lineLength
+
+`number` = `64`
+
+The length of each line in the PEM content, default is 64 characters.
+
+#### Returns
+
+`string`
+
+The formatted PEM content.

package/docs/reference/index.md

@@ -19,6 +19,7 @@
 - [Sha256](classes/Sha256.md)
 - [Sha3](classes/Sha3.md)
 - [Sha512](classes/Sha512.md)
+- [PemHelper](classes/PemHelper.md)
 - [Bip32Path](classes/Bip32Path.md)
 - [Bip39](classes/Bip39.md)
 - [Slip0010](classes/Slip0010.md)

package/docs/reference/variables/KeyType.md

@@ -4,7 +4,7 @@
 
 The names of the key types.
 
-## Type declaration
+## Type Declaration
 
 ### Ed25519
 

package/locales/en.json

@@ -63,6 +63,10 @@
 		},
 		"slip0010": {
 			"invalidSeed": "The seed is invalid \"{seed}\""
+		},
+		"rsa": {
+			"noPrivateKey": "Private key is required for this operation",
+			"invalidKeySize": "Invalid RSA key size"
 		}
 	}
 }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@twin.org/crypto",
-	"version": "0.0.1",
+	"version": "0.0.2-next.10",
 	"description": "Contains helper methods and classes which implement cryptographic functions",
 	"repository": {
 		"type": "git",
@@ -14,15 +14,16 @@
 		"node": ">=20.0.0"
 	},
 	"dependencies": {
-		"@noble/ciphers": "1.3.0",
-		"@noble/curves": "1.9.2",
-		"@noble/hashes": "1.8.0",
-		"@scure/base": "1.2.6",
-		"@scure/bip32": "1.7.0",
-		"@scure/bip39": "1.6.0",
-		"@twin.org/core": "^0.0.1",
-		"@twin.org/nameof": "^0.0.1",
-		"micro-key-producer": "0.7.6"
+		"@noble/ciphers": "2.0.0",
+		"@noble/curves": "2.0.0",
+		"@noble/hashes": "2.0.0",
+		"@scure/base": "2.0.0",
+		"@scure/bip32": "2.0.0",
+		"@scure/bip39": "2.0.0",
+		"@twin.org/core": "0.0.2-next.10",
+		"@twin.org/nameof": "0.0.2-next.10",
+		"crypto-browserify": "3.12.1",
+		"micro-key-producer": "0.8.1"
 	},
 	"main": "./dist/cjs/index.cjs",
 	"module": "./dist/esm/index.mjs",