@ubay182/sveltekit-hpke-wrapper 1.0.1

package/README.md

@@ -0,0 +1,279 @@
+# @hpke/sveltekit-wrapper
+
+HPKE (Hybrid Public Key Encryption) wrapper for SvelteKit applications with end-to-end encryption support.
+
+## 🚀 Features
+
+- ✅ **Complete HPKE Implementation** - RFC 9180 compliant
+- ✅ **End-to-End Encryption** - Client ↔ Server encryption
+- ✅ **SvelteKit Integration** - Ready-to-use API endpoint creators
+- ✅ **TypeScript Support** - Full type definitions
+- ✅ **X25519 Key Exchange** - Elliptic curve Diffie-Hellman
+- ✅ **AES-128-GCM & ChaCha20** - Authenticated encryption
+
+## 📦 Installation
+
+```bash
+npm install @hpke/sveltekit-wrapper
+# or
+pnpm add @hpke/sveltekit-wrapper
+# or
+yarn add @hpke/sveltekit-wrapper
+```
+
+## 🎯 Quick Start
+
+### 1. Basic Usage (Client-Side)
+
+```typescript
+import { 
+  generateKeyPair, 
+  hpkeEncrypt, 
+  hpkeDecrypt,
+  exportKeyToBase64,
+  importKeyFromBase64 
+} from '@hpke/sveltekit-wrapper';
+
+// Generate key pair
+const { publicKey, privateKey, publicKeyRaw } = await generateKeyPair();
+
+// Export public key for transmission
+const publicKeyBase64 = exportKeyToBase64(publicKey);
+
+// Import server's public key
+const serverPublicKey = await importKeyFromBase64(serverPublicKeyBase64);
+
+// Encrypt message
+const { ciphertext, enc } = await hpkeEncrypt('Secret message', serverPublicKey);
+
+// Decrypt message
+const decrypted = await hpkeDecrypt(ciphertext, enc, privateKey);
+```
+
+### 2. Server-Side with SvelteKit
+
+```typescript
+// src/routes/api/hpke/+server.ts
+import { createHpkeEndpoint } from '@hpke/sveltekit-wrapper';
+
+const { GET, POST } = createHpkeEndpoint({
+  onRequest: async (decryptedData, request) => {
+    // Process the decrypted request
+    const response = await fetch('https://api.example.com/data', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(decryptedData)
+    });
+    
+    return await response.json();
+  }
+});
+
+export { GET, POST };
+```
+
+### 3. Manual Server Setup
+
+```typescript
+import { createHpkeServer } from '@hpke/sveltekit-wrapper';
+
+const server = createHpkeServer();
+
+// Get server public key
+const publicKey = server.getPublicKeyBase64();
+
+// Decrypt client message
+const decrypted = await server.decrypt(ciphertext, enc, clientPublicKey);
+
+// Encrypt response
+const encrypted = await server.encrypt(responseData, clientPublicKey);
+```
+
+## 📚 API Reference
+
+### Core Functions
+
+#### `generateKeyPair()`
+Generate a new HPKE key pair.
+
+```typescript
+async function generateKeyPair(): Promise<{
+  publicKey: any;           // XCryptoKey for HPKE operations
+  privateKey: any;          // XCryptoKey for HPKE operations
+  publicKeyRaw: Uint8Array; // Raw bytes for transmission
+}>
+```
+
+#### `hpkeEncrypt(message, recipientPublicKey)`
+Encrypt a message.
+
+```typescript
+async function hpkeEncrypt(
+  message: string,
+  recipientPublicKey: any
+): Promise<{
+  ciphertext: ArrayBuffer;
+  enc: ArrayBuffer;
+}>
+```
+
+#### `hpkeDecrypt(ciphertext, enc, recipientPrivateKey)`
+Decrypt a message.
+
+```typescript
+async function hpkeDecrypt(
+  ciphertext: ArrayBuffer,
+  enc: Uint8Array | ArrayBuffer,
+  recipientPrivateKey: any
+): Promise<string>
+```
+
+#### `exportKeyToBase64(publicKey)`
+Export public key to base64.
+
+```typescript
+function exportKeyToBase64(publicKey: any): string
+```
+
+#### `importKeyFromBase64(base64)`
+Import public key from base64.
+
+```typescript
+async function importKeyFromBase64(base64: string): Promise<any>
+```
+
+### Server Functions
+
+#### `createHpkeServer(config?)`
+Create HPKE server instance.
+
+```typescript
+interface HpkeServerConfig {
+  autoGenerateKeys?: boolean; // Default: true
+}
+
+interface HpkeServerInstance {
+  getPublicKeyBase64(): string;
+  decrypt(ciphertext: string, enc: string, clientPublicKey: string): Promise<string>;
+  encrypt(message: string, clientPublicKey: string): Promise<{
+    ciphertext: string;
+    enc: string;
+  }>;
+}
+```
+
+### SvelteKit Integration
+
+#### `createHpkeEndpoint(config?)`
+Create complete API endpoints.
+
+```typescript
+interface HpkeEndpointConfig {
+  autoGenerateKeys?: boolean;
+  onRequest?: (decrypted: any, request: Request) => Promise<any>;
+  onError?: (error: Error, request: Request) => Promise<Response>;
+}
+```
+
+## 🔧 Advanced Usage
+
+### Custom Algorithm (ChaCha20-Poly1305)
+
+```typescript
+import { createHpkeSuiteChaCha20 } from '@hpke/sveltekit-wrapper';
+
+const suite = createHpkeSuiteChaCha20();
+// Use suite for encryption/decryption
+```
+
+### Manual Key Management
+
+```typescript
+import { createHpkeServer } from '@hpke/sveltekit-wrapper';
+
+// Disable auto-generation
+const server = createHpkeServer({ autoGenerateKeys: false });
+
+// Set keys manually later
+// (You'll need to extend the server instance with a setKeys method)
+```
+
+### Error Handling
+
+```typescript
+const { GET, POST } = createHpkeEndpoint({
+  onError: async (error, request) => {
+    console.error('HPKE Error:', error);
+    
+    return new Response(
+      JSON.stringify({
+        error: 'Encryption failed',
+        code: 'HPKE_ERROR'
+      }),
+      { status: 500 }
+    );
+  }
+});
+```
+
+## 🔐 Security Notes
+
+⚠️ **Important**: This is a wrapper library for convenience. For production:
+
+1. **Key Storage**: Use HSM, AWS KMS, or Azure Key Vault
+2. **HTTPS**: Always use HTTPS in production
+3. **Authentication**: Implement proper auth mechanisms
+4. **Rate Limiting**: Add rate limiting to prevent abuse
+5. **Key Rotation**: Implement regular key rotation
+6. **Audit**: Have security audits performed
+
+## 📖 How It Works
+
+```
+Client                          Server
+  │                               │
+  ├─── GET /api/hpke ───────────>│
+  │                               │
+  │<──── Public Key (base64) ────│
+  │                               │
+  ├─── Encrypt with Public Key ──│
+  │                               │
+  ├─── POST Encrypted Data ─────>│
+  │                               │
+  │                               ├─── Decrypt ──┐
+  │                               │               │
+  │                               │<── Process ───┘
+  │                               │
+  │                               ├─── Encrypt ──┐
+  │                               │               │
+  │<──── Encrypted Response ─────│<──────────────┘
+  │                               │
+  └─── Decrypt Response ─────────┘
+```
+
+## 🧪 Testing
+
+```bash
+# Build the package
+npm run build
+
+# Type check
+npm run lint
+
+# Watch mode for development
+npm run dev
+```
+
+## 📄 License
+
+MIT
+
+## 🤝 Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.
+
+## 📚 Resources
+
+- [RFC 9180 - HPKE Specification](https://www.rfc-editor.org/rfc/rfc9180.html)
+- [hpke-js Library](https://github.com/dajiaji/hpke-js)
+- [SvelteKit Documentation](https://kit.svelte.dev/docs)

package/dist/hpke.d.ts

@@ -0,0 +1,140 @@
+import { CipherSuite } from '@hpke/core';
+/**
+ * HPKE Key Pair type (using HPKE library's XCryptoKey)
+ */
+export interface HpkeKeyPair {
+    publicKey: any;
+    privateKey: any;
+    publicKeyRaw: Uint8Array;
+}
+/**
+ * Encrypted message structure
+ */
+export interface HpkeEncryptedMessage {
+    ciphertext: ArrayBuffer;
+    enc: ArrayBuffer;
+}
+/**
+ * HPKE Suite configuration
+ */
+export interface HpkeSuiteConfig {
+    kem?: 'X25519';
+    kdf?: 'HKDF-SHA256';
+    aead?: 'AES-128-GCM' | 'ChaCha20-Poly1305';
+}
+/**
+ * Create HPKE Suite with AES-128-GCM
+ *
+ * @returns Configured CipherSuite instance
+ *
+ * @example
+ * ```typescript
+ * const suite = createHpkeSuite();
+ * const keyPair = await suite.kem.generateKeyPair();
+ * ```
+ */
+export declare function createHpkeSuite(): CipherSuite;
+/**
+ * Create HPKE Suite with ChaCha20-Poly1305
+ *
+ * @returns Configured CipherSuite instance
+ *
+ * @example
+ * ```typescript
+ * const suite = createHpkeSuiteChaCha20();
+ * ```
+ */
+export declare function createHpkeSuiteChaCha20(): CipherSuite;
+/**
+ * Generate a new HPKE key pair
+ *
+ * @returns Key pair with XCryptoKey objects and raw public key bytes
+ *
+ * @example
+ * ```typescript
+ * const { publicKey, privateKey, publicKeyRaw } = await generateKeyPair();
+ * ```
+ */
+export declare function generateKeyPair(): Promise<HpkeKeyPair>;
+/**
+ * Export HPKE public key to base64 string
+ *
+ * @param publicKey - HPKE public key (XCryptoKey)
+ * @returns Base64 encoded public key
+ *
+ * @example
+ * ```typescript
+ * const base64 = exportKeyToBase64(publicKey);
+ * ```
+ */
+export declare function exportKeyToBase64(publicKey: any): string;
+/**
+ * Import HPKE public key from base64 string
+ *
+ * @param base64 - Base64 encoded public key
+ * @returns HPKE public key (XCryptoKey)
+ *
+ * @example
+ * ```typescript
+ * const publicKey = await importKeyFromBase64(base64String);
+ * ```
+ */
+export declare function importKeyFromBase64(base64: string): Promise<any>;
+/**
+ * Encrypt a message using HPKE
+ *
+ * @param message - Plaintext message to encrypt
+ * @param recipientPublicKey - Recipient's public key (XCryptoKey)
+ * @returns Encrypted message with ciphertext and encapsulated key
+ *
+ * @example
+ * ```typescript
+ * const { ciphertext, enc } = await hpkeEncrypt('Secret message', publicKey);
+ * ```
+ */
+export declare function hpkeEncrypt(message: string, recipientPublicKey: any): Promise<HpkeEncryptedMessage>;
+/**
+ * Decrypt a message using HPKE
+ *
+ * @param ciphertext - Encrypted ciphertext (ArrayBuffer)
+ * @param enc - Encapsulated key (Uint8Array or ArrayBuffer)
+ * @param recipientPrivateKey - Recipient's private key (XCryptoKey)
+ * @returns Decrypted plaintext message
+ *
+ * @example
+ * ```typescript
+ * const decrypted = await hpkeDecrypt(ciphertext, enc, privateKey);
+ * ```
+ */
+export declare function hpkeDecrypt(ciphertext: ArrayBuffer, enc: Uint8Array | ArrayBuffer, recipientPrivateKey: any): Promise<string>;
+/**
+ * Complete encryption/decryption demo
+ *
+ * @returns Demo result with original and decrypted messages
+ *
+ * @example
+ * ```typescript
+ * const result = await hpkeDemo();
+ * console.log(result.match); // true
+ * ```
+ */
+export declare function hpkeDemo(): Promise<{
+    original: string;
+    decrypted: string;
+    match: boolean;
+}>;
+/**
+ * Convert Uint8Array to base64 string
+ *
+ * @param data - Uint8Array to convert
+ * @returns Base64 encoded string
+ */
+export declare function uint8ArrayToBase64(data: Uint8Array): string;
+/**
+ * Convert base64 string to Uint8Array
+ *
+ * @param base64 - Base64 encoded string
+ * @returns Uint8Array
+ */
+export declare function base64ToUint8Array(base64: string): Uint8Array;
+//# sourceMappingURL=hpke.d.ts.map

package/dist/hpke.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hpke.d.ts","sourceRoot":"","sources":["../src/hpke.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAKzC;;GAEG;AACH,MAAM,WAAW,WAAW;IAC3B,SAAS,EAAE,GAAG,CAAC;IACf,UAAU,EAAE,GAAG,CAAC;IAChB,YAAY,EAAE,UAAU,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC,UAAU,EAAE,WAAW,CAAC;IACxB,GAAG,EAAE,WAAW,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC/B,GAAG,CAAC,EAAE,QAAQ,CAAC;IACf,GAAG,CAAC,EAAE,aAAa,CAAC;IACpB,IAAI,CAAC,EAAE,aAAa,GAAG,mBAAmB,CAAC;CAC3C;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,gBAM9B;AAED;;;;;;;;;GASG;AACH,wBAAgB,uBAAuB,gBAMtC;AAED;;;;;;;;;GASG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,WAAW,CAAC,CAY5D;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,GAAG,GAAG,MAAM,CAGxD;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAItE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,WAAW,CAChC,OAAO,EAAE,MAAM,EACf,kBAAkB,EAAE,GAAG,GACrB,OAAO,CAAC,oBAAoB,CAAC,CAc/B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,WAAW,CAChC,UAAU,EAAE,WAAW,EACvB,GAAG,EAAE,UAAU,GAAG,WAAW,EAC7B,mBAAmB,EAAE,GAAG,GACtB,OAAO,CAAC,MAAM,CAAC,CAcjB;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,QAAQ;;;;GAY7B;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,CAM3D;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAO7D"}

package/dist/hpke.js

@@ -0,0 +1,190 @@
+import { CipherSuite } from '@hpke/core';
+import { DhkemX25519HkdfSha256 } from '@hpke/dhkem-x25519';
+import { HkdfSha256, Aes128Gcm } from '@hpke/core';
+import { Chacha20Poly1305 } from '@hpke/chacha20poly1305';
+/**
+ * Create HPKE Suite with AES-128-GCM
+ *
+ * @returns Configured CipherSuite instance
+ *
+ * @example
+ * ```typescript
+ * const suite = createHpkeSuite();
+ * const keyPair = await suite.kem.generateKeyPair();
+ * ```
+ */
+export function createHpkeSuite() {
+    return new CipherSuite({
+        kem: new DhkemX25519HkdfSha256(),
+        kdf: new HkdfSha256(),
+        aead: new Aes128Gcm(),
+    });
+}
+/**
+ * Create HPKE Suite with ChaCha20-Poly1305
+ *
+ * @returns Configured CipherSuite instance
+ *
+ * @example
+ * ```typescript
+ * const suite = createHpkeSuiteChaCha20();
+ * ```
+ */
+export function createHpkeSuiteChaCha20() {
+    return new CipherSuite({
+        kem: new DhkemX25519HkdfSha256(),
+        kdf: new HkdfSha256(),
+        aead: new Chacha20Poly1305(),
+    });
+}
+/**
+ * Generate a new HPKE key pair
+ *
+ * @returns Key pair with XCryptoKey objects and raw public key bytes
+ *
+ * @example
+ * ```typescript
+ * const { publicKey, privateKey, publicKeyRaw } = await generateKeyPair();
+ * ```
+ */
+export async function generateKeyPair() {
+    const suite = createHpkeSuite();
+    const keyPair = await suite.kem.generateKeyPair();
+    // Export public key as raw bytes for transmission
+    const publicKeyRaw = new Uint8Array(Object.values(keyPair.publicKey.key));
+    return {
+        publicKey: keyPair.publicKey,
+        privateKey: keyPair.privateKey,
+        publicKeyRaw,
+    };
+}
+/**
+ * Export HPKE public key to base64 string
+ *
+ * @param publicKey - HPKE public key (XCryptoKey)
+ * @returns Base64 encoded public key
+ *
+ * @example
+ * ```typescript
+ * const base64 = exportKeyToBase64(publicKey);
+ * ```
+ */
+export function exportKeyToBase64(publicKey) {
+    const publicKeyRaw = new Uint8Array(Object.values(publicKey.key));
+    return uint8ArrayToBase64(publicKeyRaw);
+}
+/**
+ * Import HPKE public key from base64 string
+ *
+ * @param base64 - Base64 encoded public key
+ * @returns HPKE public key (XCryptoKey)
+ *
+ * @example
+ * ```typescript
+ * const publicKey = await importKeyFromBase64(base64String);
+ * ```
+ */
+export async function importKeyFromBase64(base64) {
+    const keyBytes = base64ToUint8Array(base64);
+    const suite = createHpkeSuite();
+    return await suite.kem.importKey('raw', keyBytes.buffer, true);
+}
+/**
+ * Encrypt a message using HPKE
+ *
+ * @param message - Plaintext message to encrypt
+ * @param recipientPublicKey - Recipient's public key (XCryptoKey)
+ * @returns Encrypted message with ciphertext and encapsulated key
+ *
+ * @example
+ * ```typescript
+ * const { ciphertext, enc } = await hpkeEncrypt('Secret message', publicKey);
+ * ```
+ */
+export async function hpkeEncrypt(message, recipientPublicKey) {
+    const suite = createHpkeSuite();
+    const sender = await suite.createSenderContext({
+        recipientPublicKey,
+    });
+    const encoded = new TextEncoder().encode(message);
+    const ciphertext = await sender.seal(encoded);
+    return {
+        ciphertext,
+        enc: sender.enc,
+    };
+}
+/**
+ * Decrypt a message using HPKE
+ *
+ * @param ciphertext - Encrypted ciphertext (ArrayBuffer)
+ * @param enc - Encapsulated key (Uint8Array or ArrayBuffer)
+ * @param recipientPrivateKey - Recipient's private key (XCryptoKey)
+ * @returns Decrypted plaintext message
+ *
+ * @example
+ * ```typescript
+ * const decrypted = await hpkeDecrypt(ciphertext, enc, privateKey);
+ * ```
+ */
+export async function hpkeDecrypt(ciphertext, enc, recipientPrivateKey) {
+    const suite = createHpkeSuite();
+    // Convert enc to Uint8Array if it's ArrayBuffer
+    const encBytes = enc instanceof Uint8Array ? enc : new Uint8Array(enc);
+    const ciphertextBytes = new Uint8Array(ciphertext);
+    const recipient = await suite.createRecipientContext({
+        recipientKey: recipientPrivateKey,
+        enc: encBytes,
+    });
+    const plaintext = await recipient.open(ciphertextBytes.buffer);
+    return new TextDecoder().decode(plaintext);
+}
+/**
+ * Complete encryption/decryption demo
+ *
+ * @returns Demo result with original and decrypted messages
+ *
+ * @example
+ * ```typescript
+ * const result = await hpkeDemo();
+ * console.log(result.match); // true
+ * ```
+ */
+export async function hpkeDemo() {
+    const { publicKey, privateKey } = await generateKeyPair();
+    const message = 'Hello HPKE!';
+    const { ciphertext, enc } = await hpkeEncrypt(message, publicKey);
+    const decrypted = await hpkeDecrypt(ciphertext, enc, privateKey);
+    return {
+        original: message,
+        decrypted,
+        match: message === decrypted,
+    };
+}
+/**
+ * Convert Uint8Array to base64 string
+ *
+ * @param data - Uint8Array to convert
+ * @returns Base64 encoded string
+ */
+export function uint8ArrayToBase64(data) {
+    let binary = '';
+    data.forEach((byte) => {
+        binary += String.fromCharCode(byte);
+    });
+    return btoa(binary);
+}
+/**
+ * Convert base64 string to Uint8Array
+ *
+ * @param base64 - Base64 encoded string
+ * @returns Uint8Array
+ */
+export function base64ToUint8Array(base64) {
+    const binary = atob(base64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+//# sourceMappingURL=hpke.js.map

package/dist/hpke.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hpke.js","sourceRoot":"","sources":["../src/hpke.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AA4B1D;;;;;;;;;;GAUG;AACH,MAAM,UAAU,eAAe;IAC9B,OAAO,IAAI,WAAW,CAAC;QACtB,GAAG,EAAE,IAAI,qBAAqB,EAAE;QAChC,GAAG,EAAE,IAAI,UAAU,EAAE;QACrB,IAAI,EAAE,IAAI,SAAS,EAAE;KACrB,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,uBAAuB;IACtC,OAAO,IAAI,WAAW,CAAC;QACtB,GAAG,EAAE,IAAI,qBAAqB,EAAE;QAChC,GAAG,EAAE,IAAI,UAAU,EAAE;QACrB,IAAI,EAAE,IAAI,gBAAgB,EAAE;KAC5B,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACpC,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAChC,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,eAAe,EAAyC,CAAC;IAEzF,kDAAkD;IAClD,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IAE1E,OAAO;QACN,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,YAAY;KACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAAc;IAC/C,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IAClE,OAAO,kBAAkB,CAAC,YAAY,CAAC,CAAC;AACzC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,MAAc;IACvD,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAChC,OAAO,MAAM,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAqB,EAAE,IAAI,CAAC,CAAC;AAC/E,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAChC,OAAe,EACf,kBAAuB;IAEvB,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAEhC,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC;QAC9C,kBAAkB;KAClB,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAE9C,OAAO;QACN,UAAU;QACV,GAAG,EAAE,MAAM,CAAC,GAAG;KACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAChC,UAAuB,EACvB,GAA6B,EAC7B,mBAAwB;IAExB,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAEhC,gDAAgD;IAChD,MAAM,QAAQ,GAAG,GAAG,YAAY,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IACvE,MAAM,eAAe,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;IAEnD,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,sBAAsB,CAAC;QACpD,YAAY,EAAE,mBAAmB;QACjC,GAAG,EAAE,QAAQ;KACb,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IAC/D,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AAC5C,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ;IAC7B,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,eAAe,EAAE,CAAC;IAE1D,MAAM,OAAO,GAAG,aAAa,CAAC;IAC9B,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAClE,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,UAAU,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;IAEjE,OAAO;QACN,QAAQ,EAAE,OAAO;QACjB,SAAS;QACT,KAAK,EAAE,OAAO,KAAK,SAAS;KAC5B,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAgB;IAClD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;QACrB,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IACH,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;AACrB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAc;IAChD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * HPKE (Hybrid Public Key Encryption) Wrapper
+ *
+ * A complete HPKE implementation wrapper for SvelteKit applications
+ * providing end-to-end encryption between client and server.
+ *
+ * @packageDocumentation
+ */
+export { createHpkeSuite, createHpkeSuiteChaCha20, generateKeyPair, exportKeyToBase64, importKeyFromBase64, hpkeEncrypt, hpkeDecrypt, hpkeDemo, uint8ArrayToBase64, base64ToUint8Array, type HpkeKeyPair, type HpkeEncryptedMessage, type HpkeSuiteConfig, } from './hpke.js';
+export { createHpkeServer, type HpkeServerInstance, type HpkeServerConfig, type HpkeRequestContext, type HpkeResponseContext, } from './server.js';
+export { createHpkeEndpoint, type HpkeEndpointHandlers, type HpkeEndpointConfig, } from './sveltekit.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAEN,eAAe,EACf,uBAAuB,EAGvB,eAAe,EACf,iBAAiB,EACjB,mBAAmB,EAGnB,WAAW,EACX,WAAW,EACX,QAAQ,EAGR,kBAAkB,EAClB,kBAAkB,EAGlB,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,eAAe,GACpB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACN,gBAAgB,EAChB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,GACxB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACN,kBAAkB,EAClB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,GACvB,MAAM,gBAAgB,CAAC"}

package/dist/index.js

@@ -0,0 +1,23 @@
+/**
+ * HPKE (Hybrid Public Key Encryption) Wrapper
+ *
+ * A complete HPKE implementation wrapper for SvelteKit applications
+ * providing end-to-end encryption between client and server.
+ *
+ * @packageDocumentation
+ */
+// Core HPKE functionality
+export { 
+// HPKE Suite
+createHpkeSuite, createHpkeSuiteChaCha20, 
+// Key Management
+generateKeyPair, exportKeyToBase64, importKeyFromBase64, 
+// Encryption/Decryption
+hpkeEncrypt, hpkeDecrypt, hpkeDemo, 
+// Utilities
+uint8ArrayToBase64, base64ToUint8Array, } from './hpke.js';
+// Server utilities
+export { createHpkeServer, } from './server.js';
+// SvelteKit helpers
+export { createHpkeEndpoint, } from './sveltekit.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,0BAA0B;AAC1B,OAAO;AACN,aAAa;AACb,eAAe,EACf,uBAAuB;AAEvB,iBAAiB;AACjB,eAAe,EACf,iBAAiB,EACjB,mBAAmB;AAEnB,wBAAwB;AACxB,WAAW,EACX,WAAW,EACX,QAAQ;AAER,YAAY;AACZ,kBAAkB,EAClB,kBAAkB,GAMlB,MAAM,WAAW,CAAC;AAEnB,mBAAmB;AACnB,OAAO,EACN,gBAAgB,GAKhB,MAAM,aAAa,CAAC;AAErB,oBAAoB;AACpB,OAAO,EACN,kBAAkB,GAGlB,MAAM,gBAAgB,CAAC"}

package/dist/server.d.ts

@@ -0,0 +1,63 @@
+/**
+ * HPKE Server instance with key management
+ */
+export interface HpkeServerInstance {
+    /** Initialize server keys (call this first) */
+    init: () => Promise<string>;
+    /** Get server public key as base64 */
+    getPublicKeyBase64: () => string;
+    /** Decrypt message from client */
+    decrypt: (ciphertext: string, enc: string, clientPublicKey: string) => Promise<string>;
+    /** Encrypt message to client */
+    encrypt: (message: string, clientPublicKey: string) => Promise<{
+        ciphertext: string;
+        enc: string;
+    }>;
+}
+/**
+ * Server configuration options
+ */
+export interface HpkeServerConfig {
+    /** Auto-generate keys on initialization (default: true) */
+    autoGenerateKeys?: boolean;
+}
+/**
+ * Request context for server-side processing
+ */
+export interface HpkeRequestContext {
+    /** Encrypted ciphertext from client */
+    ciphertext: string;
+    /** Encapsulated key */
+    enc: string;
+    /** Client's public key */
+    clientPublicKey: string;
+}
+/**
+ * Response context for server-side encryption
+ */
+export interface HpkeResponseContext {
+    /** Encrypted ciphertext */
+    ciphertext: string;
+    /** Encapsulated key */
+    enc: string;
+}
+/**
+ * Create HPKE server instance with key management
+ *
+ * @param config - Server configuration options
+ * @returns HpkeServerInstance with encryption/decryption methods
+ *
+ * @example
+ * ```typescript
+ * const server = createHpkeServer();
+ *
+ * // Initialize keys (async)
+ * const publicKey = await server.init();
+ *
+ * // In your API endpoint:
+ * const decrypted = await server.decrypt(ciphertext, enc, clientPublicKey);
+ * const response = await server.encrypt(responseData, clientPublicKey);
+ * ```
+ */
+export declare function createHpkeServer(config?: HpkeServerConfig): HpkeServerInstance;
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,+CAA+C;IAC/C,IAAI,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAC5B,sCAAsC;IACtC,kBAAkB,EAAE,MAAM,MAAM,CAAC;IACjC,kCAAkC;IAClC,OAAO,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACvF,gCAAgC;IAChC,OAAO,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACpG;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAChC,2DAA2D;IAC3D,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,uCAAuC;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,uBAAuB;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,0BAA0B;IAC1B,eAAe,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IACnC,2BAA2B;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,uBAAuB;IACvB,GAAG,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,GAAE,gBAAqB,GAAG,kBAAkB,CA6GlF"}

package/dist/server.js

@@ -0,0 +1,107 @@
+import { CipherSuite } from '@hpke/core';
+import { DhkemX25519HkdfSha256 } from '@hpke/dhkem-x25519';
+import { HkdfSha256, Aes128Gcm } from '@hpke/core';
+import { generateKeyPair, base64ToUint8Array, uint8ArrayToBase64 } from './hpke.js';
+/**
+ * Create HPKE server instance with key management
+ *
+ * @param config - Server configuration options
+ * @returns HpkeServerInstance with encryption/decryption methods
+ *
+ * @example
+ * ```typescript
+ * const server = createHpkeServer();
+ *
+ * // Initialize keys (async)
+ * const publicKey = await server.init();
+ *
+ * // In your API endpoint:
+ * const decrypted = await server.decrypt(ciphertext, enc, clientPublicKey);
+ * const response = await server.encrypt(responseData, clientPublicKey);
+ * ```
+ */
+export function createHpkeServer(config = {}) {
+    const { autoGenerateKeys = true } = config;
+    let serverKeyPair = null;
+    const instance = {
+        /**
+         * Initialize server keys
+         */
+        async init() {
+            const keys = await generateKeyPair();
+            serverKeyPair = {
+                publicKey: keys.publicKey,
+                privateKey: keys.privateKey,
+            };
+            return instance.getPublicKeyBase64();
+        },
+        /**
+         * Get server public key as base64 string
+         */
+        getPublicKeyBase64() {
+            if (!serverKeyPair) {
+                throw new Error('Server keys not initialized. Call init() first.');
+            }
+            const publicKeyRaw = new Uint8Array(Object.values(serverKeyPair.publicKey.key));
+            return uint8ArrayToBase64(publicKeyRaw);
+        },
+        /**
+         * Decrypt message from client
+         *
+         * @param ciphertext - Base64 encoded ciphertext
+         * @param enc - Base64 encoded encapsulated key
+         * @param clientPublicKey - Base64 encoded client public key
+         * @returns Decrypted plaintext message
+         */
+        async decrypt(ciphertext, enc, _clientPublicKey) {
+            if (!serverKeyPair) {
+                throw new Error('Server keys not initialized. Call init() first.');
+            }
+            const suite = new CipherSuite({
+                kem: new DhkemX25519HkdfSha256(),
+                kdf: new HkdfSha256(),
+                aead: new Aes128Gcm(),
+            });
+            const ciphertextBytes = base64ToUint8Array(ciphertext);
+            const encBytes = base64ToUint8Array(enc);
+            const recipient = await suite.createRecipientContext({
+                recipientKey: serverKeyPair.privateKey,
+                enc: encBytes,
+            });
+            const plaintext = await recipient.open(ciphertextBytes.buffer);
+            return new TextDecoder().decode(plaintext);
+        },
+        /**
+         * Encrypt message to client
+         *
+         * @param message - Plaintext message to encrypt
+         * @param clientPublicKeyBase64 - Base64 encoded client public key
+         * @returns Encrypted message with base64 encoded ciphertext and enc
+         */
+        async encrypt(message, clientPublicKeyBase64) {
+            const suite = new CipherSuite({
+                kem: new DhkemX25519HkdfSha256(),
+                kdf: new HkdfSha256(),
+                aead: new Aes128Gcm(),
+            });
+            const clientKeyBytes = base64ToUint8Array(clientPublicKeyBase64);
+            const clientPublicKey = await suite.kem.importKey('raw', clientKeyBytes.buffer, true);
+            const sender = await suite.createSenderContext({
+                recipientPublicKey: clientPublicKey,
+            });
+            const encrypted = await sender.seal(new TextEncoder().encode(message));
+            return {
+                ciphertext: uint8ArrayToBase64(new Uint8Array(encrypted)),
+                enc: uint8ArrayToBase64(new Uint8Array(sender.enc)),
+            };
+        },
+    };
+    // Auto-generate keys if enabled
+    if (autoGenerateKeys) {
+        instance.init().catch(err => {
+            console.error('Failed to auto-initialize server keys:', err);
+        });
+    }
+    return instance;
+}
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AA8CpF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAA2B,EAAE;IAC7D,MAAM,EAAE,gBAAgB,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC;IAE3C,IAAI,aAAa,GAA+C,IAAI,CAAC;IAErE,MAAM,QAAQ,GAAuB;QACpC;;WAEG;QACH,KAAK,CAAC,IAAI;YACT,MAAM,IAAI,GAAG,MAAM,eAAe,EAAE,CAAC;YACrC,aAAa,GAAG;gBACf,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,UAAU,EAAE,IAAI,CAAC,UAAU;aAC3B,CAAC;YACF,OAAO,QAAQ,CAAC,kBAAkB,EAAE,CAAC;QACtC,CAAC;QAED;;WAEG;QACH,kBAAkB;YACjB,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACpE,CAAC;YACD,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YAChF,OAAO,kBAAkB,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC;QAED;;;;;;;WAOG;QACH,KAAK,CAAC,OAAO,CACZ,UAAkB,EAClB,GAAW,EACX,gBAAwB;YAExB,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACpE,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC;gBAC7B,GAAG,EAAE,IAAI,qBAAqB,EAAE;gBAChC,GAAG,EAAE,IAAI,UAAU,EAAE;gBACrB,IAAI,EAAE,IAAI,SAAS,EAAE;aACrB,CAAC,CAAC;YAEH,MAAM,eAAe,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACvD,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;YAEzC,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,sBAAsB,CAAC;gBACpD,YAAY,EAAE,aAAa,CAAC,UAAU;gBACtC,GAAG,EAAE,QAAQ;aACb,CAAC,CAAC;YAEH,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YAC/D,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5C,CAAC;QAED;;;;;;WAMG;QACH,KAAK,CAAC,OAAO,CACZ,OAAe,EACf,qBAA6B;YAE7B,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC;gBAC7B,GAAG,EAAE,IAAI,qBAAqB,EAAE;gBAChC,GAAG,EAAE,IAAI,UAAU,EAAE;gBACrB,IAAI,EAAE,IAAI,SAAS,EAAE;aACrB,CAAC,CAAC;YAEH,MAAM,cAAc,GAAG,kBAAkB,CAAC,qBAAqB,CAAC,CAAC;YACjE,MAAM,eAAe,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,SAAS,CAChD,KAAK,EACL,cAAc,CAAC,MAAqB,EACpC,IAAI,CACJ,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC;gBAC9C,kBAAkB,EAAE,eAAe;aACnC,CAAC,CAAC;YAEH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;YAEvE,OAAO;gBACN,UAAU,EAAE,kBAAkB,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;gBACzD,GAAG,EAAE,kBAAkB,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;aACnD,CAAC;QACH,CAAC;KACD,CAAC;IAEF,gCAAgC;IAChC,IAAI,gBAAgB,EAAE,CAAC;QACtB,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YAC3B,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,GAAG,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;IACJ,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC"}

package/dist/sveltekit.d.ts

@@ -0,0 +1,49 @@
+import type { RequestHandler } from '@sveltejs/kit';
+import { type HpkeServerConfig } from './server.js';
+/**
+ * HPKE Endpoint handlers
+ */
+export interface HpkeEndpointHandlers {
+    /** GET handler - Returns server public key */
+    GET?: RequestHandler;
+    /** POST handler - Process encrypted requests */
+    POST?: RequestHandler;
+}
+/**
+ * HPKE Endpoint configuration
+ */
+export interface HpkeEndpointConfig extends HpkeServerConfig {
+    /** Custom handler for decrypted requests */
+    onRequest?: (decrypted: any, request: Request) => Promise<any>;
+    /** Custom error handler */
+    onError?: (error: Error, request: Request) => Promise<Response>;
+}
+/**
+ * Create SvelteKit API endpoints for HPKE
+ *
+ * Generates both GET and POST handlers for a complete HPKE API.
+ *
+ * @param config - Endpoint configuration
+ * @returns Object with GET and POST request handlers
+ *
+ * @example
+ * ```typescript
+ * // src/routes/api/hpke/+server.ts
+ * import { createHpkeEndpoint } from '@hpke/sveltekit-wrapper';
+ *
+ * const { GET, POST } = createHpkeEndpoint({
+ *   onRequest: async (decrypted) => {
+ *     // Process decrypted request
+ *     const response = await fetch('https://api.example.com/data', {
+ *       method: 'POST',
+ *       body: JSON.stringify(decrypted)
+ *     });
+ *     return await response.json();
+ *   }
+ * });
+ *
+ * export { GET, POST };
+ * ```
+ */
+export declare function createHpkeEndpoint(config?: HpkeEndpointConfig): HpkeEndpointHandlers;
+//# sourceMappingURL=sveltekit.d.ts.map

package/dist/sveltekit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sveltekit.d.ts","sourceRoot":"","sources":["../src/sveltekit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAoB,KAAK,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEtE;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC,8CAA8C;IAC9C,GAAG,CAAC,EAAE,cAAc,CAAC;IACrB,gDAAgD;IAChD,IAAI,CAAC,EAAE,cAAc,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,gBAAgB;IAC3D,4CAA4C;IAC5C,SAAS,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;IAC/D,2BAA2B;IAC3B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;CAChE;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,GAAE,kBAAuB,GAAG,oBAAoB,CAuGxF"}

package/dist/sveltekit.js

@@ -0,0 +1,108 @@
+import { createHpkeServer } from './server.js';
+/**
+ * Create SvelteKit API endpoints for HPKE
+ *
+ * Generates both GET and POST handlers for a complete HPKE API.
+ *
+ * @param config - Endpoint configuration
+ * @returns Object with GET and POST request handlers
+ *
+ * @example
+ * ```typescript
+ * // src/routes/api/hpke/+server.ts
+ * import { createHpkeEndpoint } from '@hpke/sveltekit-wrapper';
+ *
+ * const { GET, POST } = createHpkeEndpoint({
+ *   onRequest: async (decrypted) => {
+ *     // Process decrypted request
+ *     const response = await fetch('https://api.example.com/data', {
+ *       method: 'POST',
+ *       body: JSON.stringify(decrypted)
+ *     });
+ *     return await response.json();
+ *   }
+ * });
+ *
+ * export { GET, POST };
+ * ```
+ */
+export function createHpkeEndpoint(config = {}) {
+    const server = createHpkeServer(config);
+    const GET = async () => {
+        try {
+            const publicKey = server.getPublicKeyBase64();
+            return new Response(JSON.stringify({
+                publicKey,
+                algorithm: 'X25519-HKDF-SHA256',
+                aead: 'AES-128-GCM',
+            }), {
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+            });
+        }
+        catch (error) {
+            return new Response(JSON.stringify({
+                error: 'Failed to generate keys',
+                details: error instanceof Error ? error.message : String(error),
+            }), {
+                status: 500,
+                headers: { 'Content-Type': 'application/json' },
+            });
+        }
+    };
+    const POST = async ({ request }) => {
+        try {
+            const body = await request.json();
+            const { ciphertext, enc, clientPublicKey } = body;
+            if (!ciphertext || !enc || !clientPublicKey) {
+                return new Response(JSON.stringify({ error: 'Missing required fields' }), {
+                    status: 400,
+                    headers: { 'Content-Type': 'application/json' },
+                });
+            }
+            // Decrypt client message
+            const decryptedMessage = await server.decrypt(ciphertext, enc, clientPublicKey);
+            // Parse decrypted message
+            let decryptedData;
+            try {
+                decryptedData = JSON.parse(decryptedMessage);
+            }
+            catch {
+                decryptedData = { message: decryptedMessage };
+            }
+            // Process with custom handler or return decrypted data
+            let responseData;
+            if (config.onRequest) {
+                responseData = await config.onRequest(decryptedData, request);
+            }
+            else {
+                responseData = {
+                    success: true,
+                    data: decryptedData,
+                    message: 'Request processed successfully',
+                };
+            }
+            // Encrypt response
+            const encrypted = await server.encrypt(JSON.stringify(responseData), clientPublicKey);
+            return new Response(JSON.stringify(encrypted), {
+                headers: { 'Content-Type': 'application/json' },
+            });
+        }
+        catch (error) {
+            // Custom error handler or default
+            if (config.onError) {
+                return config.onError(error, request);
+            }
+            return new Response(JSON.stringify({
+                error: 'Failed to process request',
+                details: error instanceof Error ? error.message : String(error),
+            }), {
+                status: 500,
+                headers: { 'Content-Type': 'application/json' },
+            });
+        }
+    };
+    return { GET, POST };
+}
+//# sourceMappingURL=sveltekit.js.map

package/dist/sveltekit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sveltekit.js","sourceRoot":"","sources":["../src/sveltekit.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAyB,MAAM,aAAa,CAAC;AAsBtE;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,UAAU,kBAAkB,CAAC,SAA6B,EAAE;IACjE,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAExC,MAAM,GAAG,GAAmB,KAAK,IAAI,EAAE;QACtC,IAAI,CAAC;YACJ,MAAM,SAAS,GAAG,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAE9C,OAAO,IAAI,QAAQ,CAClB,IAAI,CAAC,SAAS,CAAC;gBACd,SAAS;gBACT,SAAS,EAAE,oBAAoB;gBAC/B,IAAI,EAAE,aAAa;aACnB,CAAC,EACF;gBACC,OAAO,EAAE;oBACR,cAAc,EAAE,kBAAkB;iBAClC;aACD,CACD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,QAAQ,CAClB,IAAI,CAAC,SAAS,CAAC;gBACd,KAAK,EAAE,yBAAyB;gBAChC,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC/D,CAAC,EACF;gBACC,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAC/C,CACD,CAAC;QACH,CAAC;IACF,CAAC,CAAC;IAEF,MAAM,IAAI,GAAmB,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;QAClD,IAAI,CAAC;YACJ,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,eAAe,EAAE,GAAG,IAAI,CAAC;YAElD,IAAI,CAAC,UAAU,IAAI,CAAC,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC7C,OAAO,IAAI,QAAQ,CAClB,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,EACpD;oBACC,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAC/C,CACD,CAAC;YACH,CAAC;YAED,yBAAyB;YACzB,MAAM,gBAAgB,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;YAEhF,0BAA0B;YAC1B,IAAI,aAAkB,CAAC;YACvB,IAAI,CAAC;gBACJ,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAC9C,CAAC;YAAC,MAAM,CAAC;gBACR,aAAa,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC;YAC/C,CAAC;YAED,uDAAuD;YACvD,IAAI,YAAiB,CAAC;YACtB,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACtB,YAAY,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YAC/D,CAAC;iBAAM,CAAC;gBACP,YAAY,GAAG;oBACd,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE,aAAa;oBACnB,OAAO,EAAE,gCAAgC;iBACzC,CAAC;YACH,CAAC;YAED,mBAAmB;YACnB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,OAAO,CACrC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAC5B,eAAe,CACf,CAAC;YAEF,OAAO,IAAI,QAAQ,CAClB,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EACzB;gBACC,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAC/C,CACD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,kCAAkC;YAClC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO,MAAM,CAAC,OAAO,CAAC,KAAc,EAAE,OAAO,CAAC,CAAC;YAChD,CAAC;YAED,OAAO,IAAI,QAAQ,CAClB,IAAI,CAAC,SAAS,CAAC;gBACd,KAAK,EAAE,2BAA2B;gBAClC,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC/D,CAAC,EACF;gBACC,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAC/C,CACD,CAAC;QACH,CAAC;IACF,CAAC,CAAC;IAEF,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC"}

package/package.json

@@ -0,0 +1,54 @@
+{
+	"name": "@ubay182/sveltekit-hpke-wrapper",
+	"version": "1.0.1",
+	"description": "HPKE (Hybrid Public Key Encryption) wrapper for SvelteKit applications with end-to-end encryption support",
+	"type": "module",
+	"main": "./dist/index.js",
+	"module": "./dist/index.js",
+	"types": "./dist/index.d.ts",
+	"exports": {
+		".": {
+			"types": "./dist/index.d.ts",
+			"import": "./dist/index.js"
+		}
+	},
+	"files": [
+		"dist"
+	],
+	"scripts": {
+		"build": "tsc",
+		"dev": "tsc --watch",
+		"lint": "tsc --noEmit",
+		"prepublishOnly": "npm run build"
+	},
+	"keywords": [
+		"hpke",
+		"encryption",
+		"sveltekit",
+		"x25519",
+		"aes-gcm",
+		"end-to-end",
+		"cryptography"
+	],
+	"author": "",
+	"license": "MIT",
+	"repository": {
+		"type": "git",
+		"url": "https://github.com/ubay1/sveltekit-hpke-wrapper"
+	},
+	"dependencies": {
+		"@hpke/chacha20poly1305": "^1.8.0",
+		"@hpke/core": "^1.9.0",
+		"@hpke/dhkem-x25519": "^1.8.0"
+	},
+	"devDependencies": {
+		"tsx": "^4.21.0",
+		"typescript": "^5.9.3"
+	},
+	"peerDependencies": {
+		"svelte": "^4.0.0 || ^5.0.0"
+	},
+	"engines": {
+		"node": ">=16.0.0"
+	}
+}