@twin.org/crypto 0.0.1 → 0.0.2-next.4

package/dist/cjs/index.cjs

@@ -8,6 +8,7 @@ var blake2b = require('@noble/hashes/blake2b');
 var bip32 = require('@scure/bip32');
 var slip10_js = require('micro-key-producer/slip10.js');
 var chacha = require('@noble/ciphers/chacha');
+var node_crypto = require('node:crypto');
 var blake3 = require('@noble/hashes/blake3');
 var hmac = require('@noble/hashes/hmac');
 var sha1 = require('@noble/hashes/sha1');
@@ -717,8 +718,292 @@ class ChaCha20Poly1305 {
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
 /**
- * This is a TypeScript port of https://github.com/katzenpost/core/blob/master/crypto/extra25519/extra25519.go.
+ * Implementation of the RSA cipher.
  */
+class RSA {
+    /**
+     * Runtime name for the class.
+     * @internal
+     */
+    static _CLASS_NAME = "RSA";
+    /**
+     * The public key for encryption.
+     * @internal
+     */
+    _publicKeyBytes;
+    /**
+     * The private key for decryption.
+     * @internal
+     */
+    _privateKeyBytes;
+    /**
+     * The public key for encryption.
+     * @internal
+     */
+    _publicKey;
+    /**
+     * The private key for decryption.
+     * @internal
+     */
+    _privateKey;
+    /**
+     * The block size for encryption.
+     * @internal
+     */
+    _blockSize;
+    /**
+     * The key size for decryption.
+     * @internal
+     */
+    _keySize;
+    /**
+     * Create a new instance of RSA.
+     * @param publicKey The public key for encryption (DER format as Uint8Array).
+     * @param privateKey The private key for decryption (DER format as Uint8Array).
+     */
+    constructor(publicKey, privateKey) {
+        core.Guards.uint8Array(RSA._CLASS_NAME, "publicKey", publicKey);
+        this._publicKeyBytes = publicKey;
+        this._privateKeyBytes = privateKey;
+    }
+    /**
+     * Generate a new RSA key pair in PKCS8 format.
+     * @param modulusLength The key size in bits (default: 2048).
+     * @returns The public and private keys as Uint8Array.
+     */
+    static async generateKeyPair(modulusLength = 2048) {
+        const { publicKey, privateKey } = node_crypto.generateKeyPairSync("rsa", {
+            modulusLength,
+            publicKeyEncoding: {
+                type: "spki",
+                format: "der"
+            },
+            privateKeyEncoding: {
+                type: "pkcs8",
+                format: "der"
+            }
+        });
+        return {
+            publicKey: new Uint8Array(publicKey),
+            privateKey: new Uint8Array(privateKey)
+        };
+    }
+    /**
+     * Convert a PKCS1 key to a PKCS8 key.
+     * @param pkcs1Key The PKCS1 key as Uint8Array.
+     * @returns The PKCS8 key as Uint8Array.
+     */
+    static async convertPkcs1ToPkcs8(pkcs1Key) {
+        core.Guards.uint8Array(RSA._CLASS_NAME, "pkcs1Key", pkcs1Key);
+        const privateKey = node_crypto.createPrivateKey({
+            key: Buffer.from(pkcs1Key),
+            format: "der",
+            type: "pkcs1"
+        });
+        return new Uint8Array(privateKey.export({
+            format: "der",
+            type: "pkcs8"
+        }));
+    }
+    /**
+     * Break the private key down in to its components.
+     * @param pkcs8Key The PKCS8 key as Uint8Array.
+     * @returns The key components.
+     */
+    static async getPrivateKeyComponents(pkcs8Key) {
+        core.Guards.uint8Array(RSA._CLASS_NAME, "pkcs8Key", pkcs8Key);
+        const privateKey = node_crypto.createPrivateKey({
+            key: Buffer.from(pkcs8Key),
+            format: "der",
+            type: "pkcs8"
+        });
+        const jwk = privateKey.export({ format: "jwk" });
+        return {
+            n: this.base64UrlToBigInt(jwk.n),
+            e: this.base64UrlToBigInt(jwk.e),
+            d: this.base64UrlToBigInt(jwk.d),
+            p: this.base64UrlToBigInt(jwk.p),
+            q: this.base64UrlToBigInt(jwk.q),
+            dp: this.base64UrlToBigInt(jwk.dp),
+            dq: this.base64UrlToBigInt(jwk.dq),
+            qi: this.base64UrlToBigInt(jwk.qi)
+        };
+    }
+    /**
+     * Break the public key down in to its components.
+     * @param spkiKey The SPKI key as Uint8Array.
+     * @returns The key components.
+     */
+    static async getPublicKeyComponents(spkiKey) {
+        core.Guards.uint8Array(RSA._CLASS_NAME, "spkiKey", spkiKey);
+        const publicKey = node_crypto.createPublicKey({
+            key: Buffer.from(spkiKey),
+            format: "der",
+            type: "spki"
+        });
+        const jwk = publicKey.export({ format: "jwk" });
+        return {
+            n: this.base64UrlToBigInt(jwk.n),
+            e: this.base64UrlToBigInt(jwk.e)
+        };
+    }
+    /**
+     * Convert base64 encoded data to a big int.
+     * @param bytes The bytes to convert.
+     * @returns The bigint representation of the bytes.
+     * @internal
+     */
+    static base64UrlToBigInt(base64Url) {
+        if (core.Is.empty(base64Url)) {
+            return BigInt(0);
+        }
+        const bytes = core.Converter.base64UrlToBytes(base64Url);
+        const hexString = Array.from(bytes)
+            .map(byte => byte.toString(16).padStart(2, "0"))
+            .join("");
+        return BigInt(`0x${hexString}`);
+    }
+    /**
+     * Encrypt the data using the public key.
+     * @param data The data to encrypt.
+     * @returns The data encrypted.
+     */
+    async publicEncrypt(data) {
+        core.Guards.uint8Array(RSA._CLASS_NAME, "data", data);
+        if (data.length === 0) {
+            return new Uint8Array(0);
+        }
+        const keyDetails = await this.calculateKeyDetails();
+        const blocks = [];
+        // Split data into blocks of block size
+        for (let i = 0; i < data.length; i += keyDetails.blockSize) {
+            const block = data.slice(i, i + keyDetails.blockSize);
+            const encryptedBlock = node_crypto.publicEncrypt({
+                key: keyDetails.publicKey,
+                padding: node_crypto.constants.RSA_PKCS1_OAEP_PADDING
+            }, block);
+            blocks.push(encryptedBlock);
+        }
+        return core.Uint8ArrayHelper.concat(blocks);
+    }
+    /**
+     * Encrypt the data using the private key.
+     * @param data The data to encrypt.
+     * @returns The data encrypted.
+     */
+    async privateEncrypt(data) {
+        core.Guards.uint8Array(RSA._CLASS_NAME, "data", data);
+        const keyDetails = await this.calculateKeyDetails();
+        if (core.Is.empty(keyDetails.privateKey)) {
+            throw new core.GeneralError(RSA._CLASS_NAME, "noPrivateKey");
+        }
+        if (data.length === 0) {
+            return new Uint8Array(0);
+        }
+        const blocks = [];
+        // Split data into blocks of block size
+        for (let i = 0; i < data.length; i += keyDetails.blockSize) {
+            const block = data.slice(i, i + keyDetails.blockSize);
+            const encryptedBlock = node_crypto.privateEncrypt({
+                key: keyDetails.privateKey,
+                padding: node_crypto.constants.RSA_PKCS1_PADDING
+            }, block);
+            blocks.push(encryptedBlock);
+        }
+        return core.Uint8ArrayHelper.concat(blocks);
+    }
+    /**
+     * Decrypt the data using the private key.
+     * @param data The data to decrypt.
+     * @returns The data decrypted.
+     * @throws GeneralError If no private key is provided.
+     */
+    async privateDecrypt(data) {
+        core.Guards.uint8Array(RSA._CLASS_NAME, "data", data);
+        const keyDetails = await this.calculateKeyDetails();
+        if (core.Is.empty(keyDetails.privateKey)) {
+            throw new core.GeneralError(RSA._CLASS_NAME, "noPrivateKey");
+        }
+        if (data.length === 0) {
+            return new Uint8Array(0);
+        }
+        const blocks = [];
+        // Split encrypted data into blocks of key size
+        for (let i = 0; i < data.length; i += keyDetails.keySize) {
+            const block = data.slice(i, i + keyDetails.keySize);
+            const decryptedBlock = node_crypto.privateDecrypt({
+                key: keyDetails.privateKey,
+                padding: node_crypto.constants.RSA_PKCS1_OAEP_PADDING
+            }, block);
+            blocks.push(decryptedBlock);
+        }
+        return core.Uint8ArrayHelper.concat(blocks);
+    }
+    /**
+     * Decrypt the data using the public key.
+     * @param data The data to decrypt.
+     * @returns The data decrypted.
+     */
+    async publicDecrypt(data) {
+        core.Guards.uint8Array(RSA._CLASS_NAME, "data", data);
+        const keyDetails = await this.calculateKeyDetails();
+        if (data.length === 0) {
+            return new Uint8Array(0);
+        }
+        const blocks = [];
+        // Split encrypted data into blocks of key size
+        for (let i = 0; i < data.length; i += keyDetails.keySize) {
+            const block = data.slice(i, i + keyDetails.keySize);
+            const decryptedBlock = node_crypto.publicDecrypt({
+                key: keyDetails.publicKey,
+                padding: node_crypto.constants.RSA_PKCS1_PADDING
+            }, block);
+            blocks.push(decryptedBlock);
+        }
+        return core.Uint8ArrayHelper.concat(blocks);
+    }
+    /**
+     * Calculate key details.
+     * @internal
+     */
+    async calculateKeyDetails() {
+        if (core.Is.empty(this._publicKey) || core.Is.empty(this._keySize) || core.Is.empty(this._blockSize)) {
+            this._publicKey = node_crypto.createPublicKey({
+                key: Buffer.from(this._publicKeyBytes),
+                format: "der",
+                type: "spki"
+            });
+            if (!core.Is.empty(this._privateKeyBytes)) {
+                this._privateKey = node_crypto.createPrivateKey({
+                    key: Buffer.from(this._privateKeyBytes),
+                    format: "der",
+                    type: "pkcs8"
+                });
+            }
+            // Get modulus length in bits from key details
+            const modulusLengthBits = this._publicKey.asymmetricKeyDetails?.modulusLength;
+            if (core.Is.empty(modulusLengthBits)) {
+                throw new core.GeneralError(RSA._CLASS_NAME, "invalidKeySize");
+            }
+            // Convert bits to bytes
+            this._keySize = Math.ceil(modulusLengthBits / 8);
+            // Calculate block size for OAEP with SHA-256
+            // Formula: keySize - 2 * hashLength - 2
+            const hashLength = 32; // SHA-256 = 32 bytes
+            // eslint-disable-next-line no-mixed-operators
+            this._blockSize = this._keySize - 2 * hashLength - 2;
+        }
+        return {
+            publicKey: this._publicKey,
+            privateKey: this._privateKey,
+            keySize: this._keySize,
+            blockSize: this._blockSize
+        };
+    }
+}
+
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
 /**
  * Implementation of X25519.
  */
@@ -1526,6 +1811,48 @@ class Sha512 {
     }
 }
 
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+/**
+ * Helper class for working with PEM (Privacy-Enhanced Mail) formatted data.
+ */
+class PemHelper {
+    /**
+     * Runtime name for the class.
+     * @internal
+     */
+    static _CLASS_NAME = "PemHelper";
+    /**
+     * Strip the PEM content of its headers, footers, and newlines.
+     * @param pemContent The PEM content to strip.
+     * @returns The stripped PEM content in bas64 format.
+     */
+    static stripPemMarkers(pemContent) {
+        core.Guards.string(PemHelper._CLASS_NAME, "pemContent", pemContent);
+        return pemContent
+            .replace(/-----BEGIN.*-----/, "")
+            .replace(/-----END.*-----/, "")
+            .replace(/\n/g, "")
+            .trim();
+    }
+    /**
+     * Format the PEM content to have a specific line length.
+     * @param marker The marker for the PEM content, e.g. RSA PRIVATE KEY
+     * @param base64Content The base64 content to format.
+     * @param lineLength The length of each line in the PEM content, default is 64 characters.
+     * @returns The formatted PEM content.
+     */
+    static formatPem(marker, base64Content, lineLength = 64) {
+        core.Guards.stringValue(PemHelper._CLASS_NAME, "marker", marker);
+        core.Guards.stringBase64(PemHelper._CLASS_NAME, "base64Content", base64Content);
+        const lines = [];
+        for (let i = 0; i < base64Content.length; i += lineLength) {
+            lines.push(base64Content.slice(i, i + lineLength));
+        }
+        return [`-----BEGIN ${marker}-----`, ...lines, `-----END ${marker}-----`].join("\n");
+    }
+}
+
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
 /**
@@ -1812,6 +2139,8 @@ exports.KeyType = KeyType;
 exports.PasswordGenerator = PasswordGenerator;
 exports.PasswordValidator = PasswordValidator;
 exports.Pbkdf2 = Pbkdf2;
+exports.PemHelper = PemHelper;
+exports.RSA = RSA;
 exports.Secp256k1 = Secp256k1;
 exports.Sha1 = Sha1;
 exports.Sha256 = Sha256;

package/dist/esm/index.mjs

@@ -6,6 +6,7 @@ import { blake2b } from '@noble/hashes/blake2b';
 import { HDKey as HDKey$1 } from '@scure/bip32';
 import { HDKey } from 'micro-key-producer/slip10.js';
 import { chacha20poly1305 } from '@noble/ciphers/chacha';
+import { generateKeyPairSync, createPrivateKey, createPublicKey, publicEncrypt, constants, privateEncrypt, privateDecrypt, publicDecrypt } from 'node:crypto';
 import { blake3 } from '@noble/hashes/blake3';
 import { hmac } from '@noble/hashes/hmac';
 import { sha1 } from '@noble/hashes/sha1';
@@ -695,8 +696,292 @@ class ChaCha20Poly1305 {
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
 /**
- * This is a TypeScript port of https://github.com/katzenpost/core/blob/master/crypto/extra25519/extra25519.go.
+ * Implementation of the RSA cipher.
  */
+class RSA {
+    /**
+     * Runtime name for the class.
+     * @internal
+     */
+    static _CLASS_NAME = "RSA";
+    /**
+     * The public key for encryption.
+     * @internal
+     */
+    _publicKeyBytes;
+    /**
+     * The private key for decryption.
+     * @internal
+     */
+    _privateKeyBytes;
+    /**
+     * The public key for encryption.
+     * @internal
+     */
+    _publicKey;
+    /**
+     * The private key for decryption.
+     * @internal
+     */
+    _privateKey;
+    /**
+     * The block size for encryption.
+     * @internal
+     */
+    _blockSize;
+    /**
+     * The key size for decryption.
+     * @internal
+     */
+    _keySize;
+    /**
+     * Create a new instance of RSA.
+     * @param publicKey The public key for encryption (DER format as Uint8Array).
+     * @param privateKey The private key for decryption (DER format as Uint8Array).
+     */
+    constructor(publicKey, privateKey) {
+        Guards.uint8Array(RSA._CLASS_NAME, "publicKey", publicKey);
+        this._publicKeyBytes = publicKey;
+        this._privateKeyBytes = privateKey;
+    }
+    /**
+     * Generate a new RSA key pair in PKCS8 format.
+     * @param modulusLength The key size in bits (default: 2048).
+     * @returns The public and private keys as Uint8Array.
+     */
+    static async generateKeyPair(modulusLength = 2048) {
+        const { publicKey, privateKey } = generateKeyPairSync("rsa", {
+            modulusLength,
+            publicKeyEncoding: {
+                type: "spki",
+                format: "der"
+            },
+            privateKeyEncoding: {
+                type: "pkcs8",
+                format: "der"
+            }
+        });
+        return {
+            publicKey: new Uint8Array(publicKey),
+            privateKey: new Uint8Array(privateKey)
+        };
+    }
+    /**
+     * Convert a PKCS1 key to a PKCS8 key.
+     * @param pkcs1Key The PKCS1 key as Uint8Array.
+     * @returns The PKCS8 key as Uint8Array.
+     */
+    static async convertPkcs1ToPkcs8(pkcs1Key) {
+        Guards.uint8Array(RSA._CLASS_NAME, "pkcs1Key", pkcs1Key);
+        const privateKey = createPrivateKey({
+            key: Buffer.from(pkcs1Key),
+            format: "der",
+            type: "pkcs1"
+        });
+        return new Uint8Array(privateKey.export({
+            format: "der",
+            type: "pkcs8"
+        }));
+    }
+    /**
+     * Break the private key down in to its components.
+     * @param pkcs8Key The PKCS8 key as Uint8Array.
+     * @returns The key components.
+     */
+    static async getPrivateKeyComponents(pkcs8Key) {
+        Guards.uint8Array(RSA._CLASS_NAME, "pkcs8Key", pkcs8Key);
+        const privateKey = createPrivateKey({
+            key: Buffer.from(pkcs8Key),
+            format: "der",
+            type: "pkcs8"
+        });
+        const jwk = privateKey.export({ format: "jwk" });
+        return {
+            n: this.base64UrlToBigInt(jwk.n),
+            e: this.base64UrlToBigInt(jwk.e),
+            d: this.base64UrlToBigInt(jwk.d),
+            p: this.base64UrlToBigInt(jwk.p),
+            q: this.base64UrlToBigInt(jwk.q),
+            dp: this.base64UrlToBigInt(jwk.dp),
+            dq: this.base64UrlToBigInt(jwk.dq),
+            qi: this.base64UrlToBigInt(jwk.qi)
+        };
+    }
+    /**
+     * Break the public key down in to its components.
+     * @param spkiKey The SPKI key as Uint8Array.
+     * @returns The key components.
+     */
+    static async getPublicKeyComponents(spkiKey) {
+        Guards.uint8Array(RSA._CLASS_NAME, "spkiKey", spkiKey);
+        const publicKey = createPublicKey({
+            key: Buffer.from(spkiKey),
+            format: "der",
+            type: "spki"
+        });
+        const jwk = publicKey.export({ format: "jwk" });
+        return {
+            n: this.base64UrlToBigInt(jwk.n),
+            e: this.base64UrlToBigInt(jwk.e)
+        };
+    }
+    /**
+     * Convert base64 encoded data to a big int.
+     * @param bytes The bytes to convert.
+     * @returns The bigint representation of the bytes.
+     * @internal
+     */
+    static base64UrlToBigInt(base64Url) {
+        if (Is.empty(base64Url)) {
+            return BigInt(0);
+        }
+        const bytes = Converter.base64UrlToBytes(base64Url);
+        const hexString = Array.from(bytes)
+            .map(byte => byte.toString(16).padStart(2, "0"))
+            .join("");
+        return BigInt(`0x${hexString}`);
+    }
+    /**
+     * Encrypt the data using the public key.
+     * @param data The data to encrypt.
+     * @returns The data encrypted.
+     */
+    async publicEncrypt(data) {
+        Guards.uint8Array(RSA._CLASS_NAME, "data", data);
+        if (data.length === 0) {
+            return new Uint8Array(0);
+        }
+        const keyDetails = await this.calculateKeyDetails();
+        const blocks = [];
+        // Split data into blocks of block size
+        for (let i = 0; i < data.length; i += keyDetails.blockSize) {
+            const block = data.slice(i, i + keyDetails.blockSize);
+            const encryptedBlock = publicEncrypt({
+                key: keyDetails.publicKey,
+                padding: constants.RSA_PKCS1_OAEP_PADDING
+            }, block);
+            blocks.push(encryptedBlock);
+        }
+        return Uint8ArrayHelper.concat(blocks);
+    }
+    /**
+     * Encrypt the data using the private key.
+     * @param data The data to encrypt.
+     * @returns The data encrypted.
+     */
+    async privateEncrypt(data) {
+        Guards.uint8Array(RSA._CLASS_NAME, "data", data);
+        const keyDetails = await this.calculateKeyDetails();
+        if (Is.empty(keyDetails.privateKey)) {
+            throw new GeneralError(RSA._CLASS_NAME, "noPrivateKey");
+        }
+        if (data.length === 0) {
+            return new Uint8Array(0);
+        }
+        const blocks = [];
+        // Split data into blocks of block size
+        for (let i = 0; i < data.length; i += keyDetails.blockSize) {
+            const block = data.slice(i, i + keyDetails.blockSize);
+            const encryptedBlock = privateEncrypt({
+                key: keyDetails.privateKey,
+                padding: constants.RSA_PKCS1_PADDING
+            }, block);
+            blocks.push(encryptedBlock);
+        }
+        return Uint8ArrayHelper.concat(blocks);
+    }
+    /**
+     * Decrypt the data using the private key.
+     * @param data The data to decrypt.
+     * @returns The data decrypted.
+     * @throws GeneralError If no private key is provided.
+     */
+    async privateDecrypt(data) {
+        Guards.uint8Array(RSA._CLASS_NAME, "data", data);
+        const keyDetails = await this.calculateKeyDetails();
+        if (Is.empty(keyDetails.privateKey)) {
+            throw new GeneralError(RSA._CLASS_NAME, "noPrivateKey");
+        }
+        if (data.length === 0) {
+            return new Uint8Array(0);
+        }
+        const blocks = [];
+        // Split encrypted data into blocks of key size
+        for (let i = 0; i < data.length; i += keyDetails.keySize) {
+            const block = data.slice(i, i + keyDetails.keySize);
+            const decryptedBlock = privateDecrypt({
+                key: keyDetails.privateKey,
+                padding: constants.RSA_PKCS1_OAEP_PADDING
+            }, block);
+            blocks.push(decryptedBlock);
+        }
+        return Uint8ArrayHelper.concat(blocks);
+    }
+    /**
+     * Decrypt the data using the public key.
+     * @param data The data to decrypt.
+     * @returns The data decrypted.
+     */
+    async publicDecrypt(data) {
+        Guards.uint8Array(RSA._CLASS_NAME, "data", data);
+        const keyDetails = await this.calculateKeyDetails();
+        if (data.length === 0) {
+            return new Uint8Array(0);
+        }
+        const blocks = [];
+        // Split encrypted data into blocks of key size
+        for (let i = 0; i < data.length; i += keyDetails.keySize) {
+            const block = data.slice(i, i + keyDetails.keySize);
+            const decryptedBlock = publicDecrypt({
+                key: keyDetails.publicKey,
+                padding: constants.RSA_PKCS1_PADDING
+            }, block);
+            blocks.push(decryptedBlock);
+        }
+        return Uint8ArrayHelper.concat(blocks);
+    }
+    /**
+     * Calculate key details.
+     * @internal
+     */
+    async calculateKeyDetails() {
+        if (Is.empty(this._publicKey) || Is.empty(this._keySize) || Is.empty(this._blockSize)) {
+            this._publicKey = createPublicKey({
+                key: Buffer.from(this._publicKeyBytes),
+                format: "der",
+                type: "spki"
+            });
+            if (!Is.empty(this._privateKeyBytes)) {
+                this._privateKey = createPrivateKey({
+                    key: Buffer.from(this._privateKeyBytes),
+                    format: "der",
+                    type: "pkcs8"
+                });
+            }
+            // Get modulus length in bits from key details
+            const modulusLengthBits = this._publicKey.asymmetricKeyDetails?.modulusLength;
+            if (Is.empty(modulusLengthBits)) {
+                throw new GeneralError(RSA._CLASS_NAME, "invalidKeySize");
+            }
+            // Convert bits to bytes
+            this._keySize = Math.ceil(modulusLengthBits / 8);
+            // Calculate block size for OAEP with SHA-256
+            // Formula: keySize - 2 * hashLength - 2
+            const hashLength = 32; // SHA-256 = 32 bytes
+            // eslint-disable-next-line no-mixed-operators
+            this._blockSize = this._keySize - 2 * hashLength - 2;
+        }
+        return {
+            publicKey: this._publicKey,
+            privateKey: this._privateKey,
+            keySize: this._keySize,
+            blockSize: this._blockSize
+        };
+    }
+}
+
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
 /**
  * Implementation of X25519.
  */
@@ -1504,6 +1789,48 @@ class Sha512 {
     }
 }
 
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+/**
+ * Helper class for working with PEM (Privacy-Enhanced Mail) formatted data.
+ */
+class PemHelper {
+    /**
+     * Runtime name for the class.
+     * @internal
+     */
+    static _CLASS_NAME = "PemHelper";
+    /**
+     * Strip the PEM content of its headers, footers, and newlines.
+     * @param pemContent The PEM content to strip.
+     * @returns The stripped PEM content in bas64 format.
+     */
+    static stripPemMarkers(pemContent) {
+        Guards.string(PemHelper._CLASS_NAME, "pemContent", pemContent);
+        return pemContent
+            .replace(/-----BEGIN.*-----/, "")
+            .replace(/-----END.*-----/, "")
+            .replace(/\n/g, "")
+            .trim();
+    }
+    /**
+     * Format the PEM content to have a specific line length.
+     * @param marker The marker for the PEM content, e.g. RSA PRIVATE KEY
+     * @param base64Content The base64 content to format.
+     * @param lineLength The length of each line in the PEM content, default is 64 characters.
+     * @returns The formatted PEM content.
+     */
+    static formatPem(marker, base64Content, lineLength = 64) {
+        Guards.stringValue(PemHelper._CLASS_NAME, "marker", marker);
+        Guards.stringBase64(PemHelper._CLASS_NAME, "base64Content", base64Content);
+        const lines = [];
+        for (let i = 0; i < base64Content.length; i += lineLength) {
+            lines.push(base64Content.slice(i, i + lineLength));
+        }
+        return [`-----BEGIN ${marker}-----`, ...lines, `-----END ${marker}-----`].join("\n");
+    }
+}
+
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
 /**
@@ -1774,4 +2101,4 @@ class PasswordValidator {
     }
 }
 
-export { Bech32, Bip32Path, Bip39, Bip44, Blake2b, Blake3, ChaCha20Poly1305, Ed25519, HmacSha1, HmacSha256, HmacSha512, Hotp, KeyType, PasswordGenerator, PasswordValidator, Pbkdf2, Secp256k1, Sha1, Sha256, Sha3, Sha512, Slip0010, Totp, X25519, Zip215 };
+export { Bech32, Bip32Path, Bip39, Bip44, Blake2b, Blake3, ChaCha20Poly1305, Ed25519, HmacSha1, HmacSha256, HmacSha512, Hotp, KeyType, PasswordGenerator, PasswordValidator, Pbkdf2, PemHelper, RSA, Secp256k1, Sha1, Sha256, Sha3, Sha512, Slip0010, Totp, X25519, Zip215 };

package/dist/types/ciphers/rsa.d.ts

@@ -0,0 +1,75 @@
+/**
+ * Implementation of the RSA cipher.
+ */
+export declare class RSA {
+    /**
+     * Create a new instance of RSA.
+     * @param publicKey The public key for encryption (DER format as Uint8Array).
+     * @param privateKey The private key for decryption (DER format as Uint8Array).
+     */
+    constructor(publicKey: Uint8Array, privateKey?: Uint8Array);
+    /**
+     * Generate a new RSA key pair in PKCS8 format.
+     * @param modulusLength The key size in bits (default: 2048).
+     * @returns The public and private keys as Uint8Array.
+     */
+    static generateKeyPair(modulusLength?: number): Promise<{
+        publicKey: Uint8Array;
+        privateKey: Uint8Array;
+    }>;
+    /**
+     * Convert a PKCS1 key to a PKCS8 key.
+     * @param pkcs1Key The PKCS1 key as Uint8Array.
+     * @returns The PKCS8 key as Uint8Array.
+     */
+    static convertPkcs1ToPkcs8(pkcs1Key: Uint8Array): Promise<Uint8Array>;
+    /**
+     * Break the private key down in to its components.
+     * @param pkcs8Key The PKCS8 key as Uint8Array.
+     * @returns The key components.
+     */
+    static getPrivateKeyComponents(pkcs8Key: Uint8Array): Promise<{
+        n: bigint;
+        e: bigint;
+        d: bigint;
+        p: bigint;
+        q: bigint;
+        dp: bigint;
+        dq: bigint;
+        qi: bigint;
+    }>;
+    /**
+     * Break the public key down in to its components.
+     * @param spkiKey The SPKI key as Uint8Array.
+     * @returns The key components.
+     */
+    static getPublicKeyComponents(spkiKey: Uint8Array): Promise<{
+        n: bigint;
+        e: bigint;
+    }>;
+    /**
+     * Encrypt the data using the public key.
+     * @param data The data to encrypt.
+     * @returns The data encrypted.
+     */
+    publicEncrypt(data: Uint8Array): Promise<Uint8Array>;
+    /**
+     * Encrypt the data using the private key.
+     * @param data The data to encrypt.
+     * @returns The data encrypted.
+     */
+    privateEncrypt(data: Uint8Array): Promise<Uint8Array>;
+    /**
+     * Decrypt the data using the private key.
+     * @param data The data to decrypt.
+     * @returns The data decrypted.
+     * @throws GeneralError If no private key is provided.
+     */
+    privateDecrypt(data: Uint8Array): Promise<Uint8Array>;
+    /**
+     * Decrypt the data using the public key.
+     * @param data The data to decrypt.
+     * @returns The data decrypted.
+     */
+    publicDecrypt(data: Uint8Array): Promise<Uint8Array>;
+}

package/dist/types/helpers/pemHelper.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Helper class for working with PEM (Privacy-Enhanced Mail) formatted data.
+ */
+export declare class PemHelper {
+    /**
+     * Strip the PEM content of its headers, footers, and newlines.
+     * @param pemContent The PEM content to strip.
+     * @returns The stripped PEM content in bas64 format.
+     */
+    static stripPemMarkers(pemContent: string): string;
+    /**
+     * Format the PEM content to have a specific line length.
+     * @param marker The marker for the PEM content, e.g. RSA PRIVATE KEY
+     * @param base64Content The base64 content to format.
+     * @param lineLength The length of each line in the PEM content, default is 64 characters.
+     * @returns The formatted PEM content.
+     */
+    static formatPem(marker: string, base64Content: string, lineLength?: number): string;
+}

package/dist/types/index.d.ts

@@ -1,6 +1,7 @@
 export * from "./address/bech32";
 export * from "./address/bip44";
 export * from "./ciphers/chaCha20Poly1305";
+export * from "./ciphers/rsa";
 export * from "./curves/ed25519";
 export * from "./curves/secp256k1";
 export * from "./curves/x25519";
@@ -15,6 +16,7 @@ export * from "./hashes/sha1";
 export * from "./hashes/sha256";
 export * from "./hashes/sha3";
 export * from "./hashes/sha512";
+export * from "./helpers/pemHelper";
 export * from "./keys/bip32Path";
 export * from "./keys/bip39";
 export * from "./keys/slip0010";

package/docs/changelog.md

@@ -1,5 +1,92 @@
 # @twin.org/crypto - Changelog
 
+## [0.0.2-next.4](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.3...crypto-v0.0.2-next.4) (2025-08-15)
+
+
+### Features
+
+* additional RSA methods and async ([1fceee2](https://github.com/twinfoundation/framework/commit/1fceee2d1248a24a7620846025fcf906495c07f4))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.3 to 0.0.2-next.4
+    * @twin.org/nameof bumped from 0.0.2-next.3 to 0.0.2-next.4
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.3 to 0.0.2-next.4
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.3 to 0.0.2-next.4
+
+## [0.0.2-next.3](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.2...crypto-v0.0.2-next.3) (2025-08-06)
+
+
+### Features
+
+* add guards arrayEndsWith and arrayStartsWith ([95d875e](https://github.com/twinfoundation/framework/commit/95d875ec8ccb4713c145fdde941d4cfedcec2ed3))
+* add rsa cipher support ([7af6cc6](https://github.com/twinfoundation/framework/commit/7af6cc67512d3363bd4a2f2e87bd7733c2800147))
+* add RSA support for public key components ([7126259](https://github.com/twinfoundation/framework/commit/7126259103b758c291e52a8a03818eb822d1aad1))
+* change method accessibility ([c1b77fc](https://github.com/twinfoundation/framework/commit/c1b77fcfb61c092a01c97aebb2fe2dc2bbaa221b))
+* relocate core packages from tools ([bcab8f3](https://github.com/twinfoundation/framework/commit/bcab8f3160442ea4fcaf442947462504f3d6a17d))
+* update dependencies ([f3bd015](https://github.com/twinfoundation/framework/commit/f3bd015efd169196b7e0335f5cab876ba6ca1d75))
+* use new shared store mechanism ([#131](https://github.com/twinfoundation/framework/issues/131)) ([934385b](https://github.com/twinfoundation/framework/commit/934385b2fbaf9f5c00a505ebf9d093bd5a425f55))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.2 to 0.0.2-next.3
+    * @twin.org/nameof bumped from 0.0.2-next.2 to 0.0.2-next.3
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.2 to 0.0.2-next.3
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.2 to 0.0.2-next.3
+
+## [0.0.2-next.2](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.1...crypto-v0.0.2-next.2) (2025-08-06)
+
+
+### Features
+
+* add guards arrayEndsWith and arrayStartsWith ([95d875e](https://github.com/twinfoundation/framework/commit/95d875ec8ccb4713c145fdde941d4cfedcec2ed3))
+* add rsa cipher support ([7af6cc6](https://github.com/twinfoundation/framework/commit/7af6cc67512d3363bd4a2f2e87bd7733c2800147))
+* change method accessibility ([c1b77fc](https://github.com/twinfoundation/framework/commit/c1b77fcfb61c092a01c97aebb2fe2dc2bbaa221b))
+* relocate core packages from tools ([bcab8f3](https://github.com/twinfoundation/framework/commit/bcab8f3160442ea4fcaf442947462504f3d6a17d))
+* update dependencies ([f3bd015](https://github.com/twinfoundation/framework/commit/f3bd015efd169196b7e0335f5cab876ba6ca1d75))
+* use new shared store mechanism ([#131](https://github.com/twinfoundation/framework/issues/131)) ([934385b](https://github.com/twinfoundation/framework/commit/934385b2fbaf9f5c00a505ebf9d093bd5a425f55))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.1 to 0.0.2-next.2
+    * @twin.org/nameof bumped from 0.0.2-next.1 to 0.0.2-next.2
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.1 to 0.0.2-next.2
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.1 to 0.0.2-next.2
+
+## [0.0.2-next.1](https://github.com/twinfoundation/framework/compare/crypto-v0.0.2-next.0...crypto-v0.0.2-next.1) (2025-08-06)
+
+
+### Features
+
+* add guards arrayEndsWith and arrayStartsWith ([95d875e](https://github.com/twinfoundation/framework/commit/95d875ec8ccb4713c145fdde941d4cfedcec2ed3))
+* add rsa cipher support ([7af6cc6](https://github.com/twinfoundation/framework/commit/7af6cc67512d3363bd4a2f2e87bd7733c2800147))
+* relocate core packages from tools ([bcab8f3](https://github.com/twinfoundation/framework/commit/bcab8f3160442ea4fcaf442947462504f3d6a17d))
+* update dependencies ([f3bd015](https://github.com/twinfoundation/framework/commit/f3bd015efd169196b7e0335f5cab876ba6ca1d75))
+* use new shared store mechanism ([#131](https://github.com/twinfoundation/framework/issues/131)) ([934385b](https://github.com/twinfoundation/framework/commit/934385b2fbaf9f5c00a505ebf9d093bd5a425f55))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/core bumped from 0.0.2-next.0 to 0.0.2-next.1
+    * @twin.org/nameof bumped from 0.0.2-next.0 to 0.0.2-next.1
+  * devDependencies
+    * @twin.org/nameof-transformer bumped from 0.0.2-next.0 to 0.0.2-next.1
+    * @twin.org/nameof-vitest-plugin bumped from 0.0.2-next.0 to 0.0.2-next.1
+
 ## 0.0.1 (2025-07-03)
 
 

package/docs/reference/classes/PemHelper.md

@@ -0,0 +1,69 @@
+# Class: PemHelper
+
+Helper class for working with PEM (Privacy-Enhanced Mail) formatted data.
+
+## Constructors
+
+### Constructor
+
+> **new PemHelper**(): `PemHelper`
+
+#### Returns
+
+`PemHelper`
+
+## Methods
+
+### stripPemMarkers()
+
+> `static` **stripPemMarkers**(`pemContent`): `string`
+
+Strip the PEM content of its headers, footers, and newlines.
+
+#### Parameters
+
+##### pemContent
+
+`string`
+
+The PEM content to strip.
+
+#### Returns
+
+`string`
+
+The stripped PEM content in bas64 format.
+
+***
+
+### formatPem()
+
+> `static` **formatPem**(`marker`, `base64Content`, `lineLength`): `string`
+
+Format the PEM content to have a specific line length.
+
+#### Parameters
+
+##### marker
+
+`string`
+
+The marker for the PEM content, e.g. RSA PRIVATE KEY
+
+##### base64Content
+
+`string`
+
+The base64 content to format.
+
+##### lineLength
+
+`number` = `64`
+
+The length of each line in the PEM content, default is 64 characters.
+
+#### Returns
+
+`string`
+
+The formatted PEM content.

package/docs/reference/classes/RSA.md

@@ -0,0 +1,209 @@
+# Class: RSA
+
+Implementation of the RSA cipher.
+
+## Constructors
+
+### Constructor
+
+> **new RSA**(`publicKey`, `privateKey?`): `RSA`
+
+Create a new instance of RSA.
+
+#### Parameters
+
+##### publicKey
+
+`Uint8Array`
+
+The public key for encryption (DER format as Uint8Array).
+
+##### privateKey?
+
+`Uint8Array`\<`ArrayBufferLike`\>
+
+The private key for decryption (DER format as Uint8Array).
+
+#### Returns
+
+`RSA`
+
+## Methods
+
+### generateKeyPair()
+
+> `static` **generateKeyPair**(`modulusLength`): `Promise`\<\{ `publicKey`: `Uint8Array`; `privateKey`: `Uint8Array`; \}\>
+
+Generate a new RSA key pair in PKCS8 format.
+
+#### Parameters
+
+##### modulusLength
+
+`number` = `2048`
+
+The key size in bits (default: 2048).
+
+#### Returns
+
+`Promise`\<\{ `publicKey`: `Uint8Array`; `privateKey`: `Uint8Array`; \}\>
+
+The public and private keys as Uint8Array.
+
+***
+
+### convertPkcs1ToPkcs8()
+
+> `static` **convertPkcs1ToPkcs8**(`pkcs1Key`): `Promise`\<`Uint8Array`\<`ArrayBufferLike`\>\>
+
+Convert a PKCS1 key to a PKCS8 key.
+
+#### Parameters
+
+##### pkcs1Key
+
+`Uint8Array`
+
+The PKCS1 key as Uint8Array.
+
+#### Returns
+
+`Promise`\<`Uint8Array`\<`ArrayBufferLike`\>\>
+
+The PKCS8 key as Uint8Array.
+
+***
+
+### getPrivateKeyComponents()
+
+> `static` **getPrivateKeyComponents**(`pkcs8Key`): `Promise`\<\{ `n`: `bigint`; `e`: `bigint`; `d`: `bigint`; `p`: `bigint`; `q`: `bigint`; `dp`: `bigint`; `dq`: `bigint`; `qi`: `bigint`; \}\>
+
+Break the private key down in to its components.
+
+#### Parameters
+
+##### pkcs8Key
+
+`Uint8Array`
+
+The PKCS8 key as Uint8Array.
+
+#### Returns
+
+`Promise`\<\{ `n`: `bigint`; `e`: `bigint`; `d`: `bigint`; `p`: `bigint`; `q`: `bigint`; `dp`: `bigint`; `dq`: `bigint`; `qi`: `bigint`; \}\>
+
+The key components.
+
+***
+
+### getPublicKeyComponents()
+
+> `static` **getPublicKeyComponents**(`spkiKey`): `Promise`\<\{ `n`: `bigint`; `e`: `bigint`; \}\>
+
+Break the public key down in to its components.
+
+#### Parameters
+
+##### spkiKey
+
+`Uint8Array`
+
+The SPKI key as Uint8Array.
+
+#### Returns
+
+`Promise`\<\{ `n`: `bigint`; `e`: `bigint`; \}\>
+
+The key components.
+
+***
+
+### publicEncrypt()
+
+> **publicEncrypt**(`data`): `Promise`\<`Uint8Array`\<`ArrayBufferLike`\>\>
+
+Encrypt the data using the public key.
+
+#### Parameters
+
+##### data
+
+`Uint8Array`
+
+The data to encrypt.
+
+#### Returns
+
+`Promise`\<`Uint8Array`\<`ArrayBufferLike`\>\>
+
+The data encrypted.
+
+***
+
+### privateEncrypt()
+
+> **privateEncrypt**(`data`): `Promise`\<`Uint8Array`\<`ArrayBufferLike`\>\>
+
+Encrypt the data using the private key.
+
+#### Parameters
+
+##### data
+
+`Uint8Array`
+
+The data to encrypt.
+
+#### Returns
+
+`Promise`\<`Uint8Array`\<`ArrayBufferLike`\>\>
+
+The data encrypted.
+
+***
+
+### privateDecrypt()
+
+> **privateDecrypt**(`data`): `Promise`\<`Uint8Array`\<`ArrayBufferLike`\>\>
+
+Decrypt the data using the private key.
+
+#### Parameters
+
+##### data
+
+`Uint8Array`
+
+The data to decrypt.
+
+#### Returns
+
+`Promise`\<`Uint8Array`\<`ArrayBufferLike`\>\>
+
+The data decrypted.
+
+#### Throws
+
+GeneralError If no private key is provided.
+
+***
+
+### publicDecrypt()
+
+> **publicDecrypt**(`data`): `Promise`\<`Uint8Array`\<`ArrayBufferLike`\>\>
+
+Decrypt the data using the public key.
+
+#### Parameters
+
+##### data
+
+`Uint8Array`
+
+The data to decrypt.
+
+#### Returns
+
+`Promise`\<`Uint8Array`\<`ArrayBufferLike`\>\>
+
+The data decrypted.

package/docs/reference/index.md

@@ -5,6 +5,7 @@
 - [Bech32](classes/Bech32.md)
 - [Bip44](classes/Bip44.md)
 - [ChaCha20Poly1305](classes/ChaCha20Poly1305.md)
+- [RSA](classes/RSA.md)
 - [Ed25519](classes/Ed25519.md)
 - [Secp256k1](classes/Secp256k1.md)
 - [X25519](classes/X25519.md)
@@ -19,6 +20,7 @@
 - [Sha256](classes/Sha256.md)
 - [Sha3](classes/Sha3.md)
 - [Sha512](classes/Sha512.md)
+- [PemHelper](classes/PemHelper.md)
 - [Bip32Path](classes/Bip32Path.md)
 - [Bip39](classes/Bip39.md)
 - [Slip0010](classes/Slip0010.md)

package/locales/en.json

@@ -63,6 +63,10 @@
 		},
 		"slip0010": {
 			"invalidSeed": "The seed is invalid \"{seed}\""
+		},
+		"rsa": {
+			"noPrivateKey": "Private key is required for this operation",
+			"invalidKeySize": "Invalid RSA key size"
 		}
 	}
 }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@twin.org/crypto",
-	"version": "0.0.1",
+	"version": "0.0.2-next.4",
 	"description": "Contains helper methods and classes which implement cryptographic functions",
 	"repository": {
 		"type": "git",
@@ -20,8 +20,9 @@
 		"@scure/base": "1.2.6",
 		"@scure/bip32": "1.7.0",
 		"@scure/bip39": "1.6.0",
-		"@twin.org/core": "^0.0.1",
-		"@twin.org/nameof": "^0.0.1",
+		"@twin.org/core": "0.0.2-next.4",
+		"@twin.org/nameof": "0.0.2-next.4",
+		"crypto-browserify": "3.12.1",
 		"micro-key-producer": "0.7.6"
 	},
 	"main": "./dist/cjs/index.cjs",