@waku/message-encryption 0.0.1

package/dist/constants.d.ts

@@ -0,0 +1,12 @@
+export declare const Symmetric: {
+    keySize: number;
+    ivSize: number;
+    tagSize: number;
+    algorithm: {
+        name: string;
+        length: number;
+    };
+};
+export declare const Asymmetric: {
+    keySize: number;
+};

package/dist/constants.js

@@ -0,0 +1,10 @@
+export const Symmetric = {
+    keySize: 32,
+    ivSize: 12,
+    tagSize: 16,
+    algorithm: { name: "AES-GCM", length: 128 },
+};
+export const Asymmetric = {
+    keySize: 32,
+};
+//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB,OAAO,EAAE,EAAE;IACX,MAAM,EAAE,EAAE;IACV,OAAO,EAAE,EAAE;IACX,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE;CAC5C,CAAC;AAEF,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,OAAO,EAAE,EAAE;CACZ,CAAC"}

package/dist/crypto.d.ts

@@ -0,0 +1,29 @@
+import * as secp from "@noble/secp256k1";
+export declare function getSubtle(): SubtleCrypto;
+export declare const randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+export declare const sha256: (...messages: Uint8Array[]) => Promise<Uint8Array>;
+/**
+ * Generate a new private key to be used for asymmetric encryption.
+ *
+ * Use {@link getPublicKey} to get the corresponding Public Key.
+ */
+export declare function generatePrivateKey(): Uint8Array;
+/**
+ * Generate a new symmetric key to be used for symmetric encryption.
+ */
+export declare function generateSymmetricKey(): Uint8Array;
+/**
+ * Return the public key for the given private key, to be used for asymmetric
+ * encryption.
+ */
+export declare const getPublicKey: typeof secp.getPublicKey;
+/**
+ * ECDSA Sign a message with the given private key.
+ *
+ *  @param message The message to sign, usually a hash.
+ *  @param privateKey The ECDSA private key to use to sign the message.
+ *
+ *  @returns The signature and the recovery id concatenated.
+ */
+export declare function sign(message: Uint8Array, privateKey: Uint8Array): Promise<Uint8Array>;
+export declare function keccak256(input: Uint8Array): Uint8Array;

package/dist/crypto.js

@@ -0,0 +1,60 @@
+import nodeCrypto from "crypto";
+import * as secp from "@noble/secp256k1";
+import { concat } from "@waku/byte-utils";
+import sha3 from "js-sha3";
+import { Asymmetric, Symmetric } from "./constants.js";
+const crypto = {
+    node: nodeCrypto,
+    web: typeof self === "object" && "crypto" in self ? self.crypto : undefined,
+};
+export function getSubtle() {
+    if (crypto.web) {
+        return crypto.web.subtle;
+    }
+    else if (crypto.node) {
+        return crypto.node.webcrypto.subtle;
+    }
+    else {
+        throw new Error("The environment doesn't have Crypto Subtle API (if in the browser, be sure to use to be in a secure context, ie, https)");
+    }
+}
+export const randomBytes = secp.utils.randomBytes;
+export const sha256 = secp.utils.sha256;
+/**
+ * Generate a new private key to be used for asymmetric encryption.
+ *
+ * Use {@link getPublicKey} to get the corresponding Public Key.
+ */
+export function generatePrivateKey() {
+    return randomBytes(Asymmetric.keySize);
+}
+/**
+ * Generate a new symmetric key to be used for symmetric encryption.
+ */
+export function generateSymmetricKey() {
+    return randomBytes(Symmetric.keySize);
+}
+/**
+ * Return the public key for the given private key, to be used for asymmetric
+ * encryption.
+ */
+export const getPublicKey = secp.getPublicKey;
+/**
+ * ECDSA Sign a message with the given private key.
+ *
+ *  @param message The message to sign, usually a hash.
+ *  @param privateKey The ECDSA private key to use to sign the message.
+ *
+ *  @returns The signature and the recovery id concatenated.
+ */
+export async function sign(message, privateKey) {
+    const [signature, recoveryId] = await secp.sign(message, privateKey, {
+        recovered: true,
+        der: false,
+    });
+    return concat([signature, new Uint8Array([recoveryId])], signature.length + 1);
+}
+export function keccak256(input) {
+    return new Uint8Array(sha3.keccak256.arrayBuffer(input));
+}
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,UAAU,MAAM,QAAQ,CAAC;AAEhC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,IAAI,MAAM,SAAS,CAAC;AAE3B,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAGvD,MAAM,MAAM,GAA8B;IACxC,IAAI,EAAE,UAAU;IAChB,GAAG,EAAE,OAAO,IAAI,KAAK,QAAQ,IAAI,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;CAC5E,CAAC;AAEF,MAAM,UAAU,SAAS;IACvB,IAAI,MAAM,CAAC,GAAG,EAAE;QACd,OAAO,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;KAC1B;SAAM,IAAI,MAAM,CAAC,IAAI,EAAE;QACtB,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;KACrC;SAAM;QACL,MAAM,IAAI,KAAK,CACb,yHAAyH,CAC1H,CAAC;KACH;AACH,CAAC;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC;AAClD,MAAM,CAAC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;AAExC;;;;GAIG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;AAE9C;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,OAAmB,EACnB,UAAsB;IAEtB,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE;QACnE,SAAS,EAAE,IAAI;QACf,GAAG,EAAE,KAAK;KACX,CAAC,CAAC;IACH,OAAO,MAAM,CACX,CAAC,SAAS,EAAE,IAAI,UAAU,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EACzC,SAAS,CAAC,MAAM,GAAG,CAAC,CACrB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAiB;IACzC,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC;AAC3D,CAAC"}

package/dist/ecies.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Encrypt message for given recipient's public key.
+ *
+ * @param  publicKeyTo Recipient's public key (65 bytes)
+ * @param  msg The message being encrypted
+ * @return A promise that resolves with the ECIES structure serialized
+ */
+export declare function encrypt(publicKeyTo: Uint8Array, msg: Uint8Array): Promise<Uint8Array>;
+/**
+ * Decrypt message using given private key.
+ *
+ * @param privateKey A 32-byte private key of recipient of the message
+ * @param encrypted ECIES serialized structure (result of ECIES encryption)
+ * @returns The clear text
+ * @throws Error If decryption fails
+ */
+export declare function decrypt(privateKey: Uint8Array, encrypted: Uint8Array): Promise<Uint8Array>;

package/dist/ecies.js

@@ -0,0 +1,126 @@
+import * as secp from "@noble/secp256k1";
+import { concat, hexToBytes } from "@waku/byte-utils";
+import { getSubtle, randomBytes, sha256 } from "./crypto.js";
+/**
+ * HKDF as implemented in go-ethereum.
+ */
+function kdf(secret, outputLength) {
+    let ctr = 1;
+    let written = 0;
+    let willBeResult = Promise.resolve(new Uint8Array());
+    while (written < outputLength) {
+        const counters = new Uint8Array([ctr >> 24, ctr >> 16, ctr >> 8, ctr]);
+        const countersSecret = concat([counters, secret], counters.length + secret.length);
+        const willBeHashResult = sha256(countersSecret);
+        willBeResult = willBeResult.then((result) => willBeHashResult.then((hashResult) => {
+            const _hashResult = new Uint8Array(hashResult);
+            return concat([result, _hashResult], result.length + _hashResult.length);
+        }));
+        written += 32;
+        ctr += 1;
+    }
+    return willBeResult;
+}
+function aesCtrEncrypt(counter, key, data) {
+    return getSubtle()
+        .importKey("raw", key, "AES-CTR", false, ["encrypt"])
+        .then((cryptoKey) => getSubtle().encrypt({ name: "AES-CTR", counter: counter, length: 128 }, cryptoKey, data))
+        .then((bytes) => new Uint8Array(bytes));
+}
+function aesCtrDecrypt(counter, key, data) {
+    return getSubtle()
+        .importKey("raw", key, "AES-CTR", false, ["decrypt"])
+        .then((cryptoKey) => getSubtle().decrypt({ name: "AES-CTR", counter: counter, length: 128 }, cryptoKey, data))
+        .then((bytes) => new Uint8Array(bytes));
+}
+function hmacSha256Sign(key, msg) {
+    const algorithm = { name: "HMAC", hash: { name: "SHA-256" } };
+    return getSubtle()
+        .importKey("raw", key, algorithm, false, ["sign"])
+        .then((cryptoKey) => getSubtle().sign(algorithm, cryptoKey, msg))
+        .then((bytes) => new Uint8Array(bytes));
+}
+function hmacSha256Verify(key, msg, sig) {
+    const algorithm = { name: "HMAC", hash: { name: "SHA-256" } };
+    const _key = getSubtle().importKey("raw", key, algorithm, false, ["verify"]);
+    return _key.then((cryptoKey) => getSubtle().verify(algorithm, cryptoKey, sig, msg));
+}
+/**
+ * Derive shared secret for given private and public keys.
+ *
+ * @param  privateKeyA Sender's private key (32 bytes)
+ * @param  publicKeyB Recipient's public key (65 bytes)
+ * @returns  A promise that resolves with the derived shared secret (Px, 32 bytes)
+ * @throws Error If arguments are invalid
+ */
+function derive(privateKeyA, publicKeyB) {
+    if (privateKeyA.length !== 32) {
+        throw new Error(`Bad private key, it should be 32 bytes but it's actually ${privateKeyA.length} bytes long`);
+    }
+    else if (publicKeyB.length !== 65) {
+        throw new Error(`Bad public key, it should be 65 bytes but it's actually ${publicKeyB.length} bytes long`);
+    }
+    else if (publicKeyB[0] !== 4) {
+        throw new Error("Bad public key, a valid public key would begin with 4");
+    }
+    else {
+        const px = secp.getSharedSecret(privateKeyA, publicKeyB, true);
+        // Remove the compression prefix
+        return new Uint8Array(hexToBytes(px).slice(1));
+    }
+}
+/**
+ * Encrypt message for given recipient's public key.
+ *
+ * @param  publicKeyTo Recipient's public key (65 bytes)
+ * @param  msg The message being encrypted
+ * @return A promise that resolves with the ECIES structure serialized
+ */
+export async function encrypt(publicKeyTo, msg) {
+    const ephemPrivateKey = randomBytes(32);
+    const sharedPx = await derive(ephemPrivateKey, publicKeyTo);
+    const hash = await kdf(sharedPx, 32);
+    const iv = randomBytes(16);
+    const encryptionKey = hash.slice(0, 16);
+    const cipherText = await aesCtrEncrypt(iv, encryptionKey, msg);
+    const ivCipherText = concat([iv, cipherText], iv.length + cipherText.length);
+    const macKey = await sha256(hash.slice(16));
+    const hmac = await hmacSha256Sign(macKey, ivCipherText);
+    const ephemPublicKey = secp.getPublicKey(ephemPrivateKey, false);
+    return concat([ephemPublicKey, ivCipherText, hmac], ephemPublicKey.length + ivCipherText.length + hmac.length);
+}
+const metaLength = 1 + 64 + 16 + 32;
+/**
+ * Decrypt message using given private key.
+ *
+ * @param privateKey A 32-byte private key of recipient of the message
+ * @param encrypted ECIES serialized structure (result of ECIES encryption)
+ * @returns The clear text
+ * @throws Error If decryption fails
+ */
+export async function decrypt(privateKey, encrypted) {
+    if (encrypted.length <= metaLength) {
+        throw new Error(`Invalid Ciphertext. Data is too small. It should ba at least ${metaLength} bytes`);
+    }
+    else if (encrypted[0] !== 4) {
+        throw new Error(`Not a valid ciphertext. It should begin with 4 but actually begin with ${encrypted[0]}`);
+    }
+    else {
+        // deserialize
+        const ephemPublicKey = encrypted.slice(0, 65);
+        const cipherTextLength = encrypted.length - metaLength;
+        const iv = encrypted.slice(65, 65 + 16);
+        const cipherAndIv = encrypted.slice(65, 65 + 16 + cipherTextLength);
+        const ciphertext = cipherAndIv.slice(16);
+        const msgMac = encrypted.slice(65 + 16 + cipherTextLength);
+        // check HMAC
+        const px = derive(privateKey, ephemPublicKey);
+        const hash = await kdf(px, 32);
+        const [encryptionKey, macKey] = await sha256(hash.slice(16)).then((macKey) => [hash.slice(0, 16), macKey]);
+        if (!(await hmacSha256Verify(macKey, cipherAndIv, msgMac))) {
+            throw new Error("Incorrect MAC");
+        }
+        return aesCtrDecrypt(iv, encryptionKey, ciphertext);
+    }
+}
+//# sourceMappingURL=ecies.js.map

package/dist/ecies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecies.js","sourceRoot":"","sources":["../src/ecies.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAEtD,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC7D;;GAEG;AACH,SAAS,GAAG,CAAC,MAAkB,EAAE,YAAoB;IACnD,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC;IACrD,OAAO,OAAO,GAAG,YAAY,EAAE;QAC7B,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,GAAG,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACvE,MAAM,cAAc,GAAG,MAAM,CAC3B,CAAC,QAAQ,EAAE,MAAM,CAAC,EAClB,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAChC,CAAC;QACF,MAAM,gBAAgB,GAAG,MAAM,CAAC,cAAc,CAAC,CAAC;QAChD,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAC1C,gBAAgB,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE;YACnC,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;YAC/C,OAAO,MAAM,CACX,CAAC,MAAM,EAAE,WAAW,CAAC,EACrB,MAAM,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CACnC,CAAC;QACJ,CAAC,CAAC,CACH,CAAC;QACF,OAAO,IAAI,EAAE,CAAC;QACd,GAAG,IAAI,CAAC,CAAC;KACV;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,aAAa,CACpB,OAAmB,EACnB,GAAoB,EACpB,IAAqB;IAErB,OAAO,SAAS,EAAE;SACf,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC;SACpD,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAClB,SAAS,EAAE,CAAC,OAAO,CACjB,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,EAClD,SAAS,EACT,IAAI,CACL,CACF;SACA,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,aAAa,CACpB,OAAmB,EACnB,GAAoB,EACpB,IAAqB;IAErB,OAAO,SAAS,EAAE;SACf,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC;SACpD,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAClB,SAAS,EAAE,CAAC,OAAO,CACjB,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,EAClD,SAAS,EACT,IAAI,CACL,CACF;SACA,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,cAAc,CACrB,GAAoB,EACpB,GAAoB;IAEpB,MAAM,SAAS,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,CAAC;IAC9D,OAAO,SAAS,EAAE;SACf,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,MAAM,CAAC,CAAC;SACjD,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;SAChE,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,gBAAgB,CACvB,GAAoB,EACpB,GAAoB,EACpB,GAAoB;IAEpB,MAAM,SAAS,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,CAAC;IAC9D,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7E,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAC7B,SAAS,EAAE,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,CAAC,CACnD,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,MAAM,CAAC,WAAuB,EAAE,UAAsB;IAC7D,IAAI,WAAW,CAAC,MAAM,KAAK,EAAE,EAAE;QAC7B,MAAM,IAAI,KAAK,CACb,4DAA4D,WAAW,CAAC,MAAM,aAAa,CAC5F,CAAC;KACH;SAAM,IAAI,UAAU,CAAC,MAAM,KAAK,EAAE,EAAE;QACnC,MAAM,IAAI,KAAK,CACb,2DAA2D,UAAU,CAAC,MAAM,aAAa,CAC1F,CAAC;KACH;SAAM,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE;QAC9B,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;KAC1E;SAAM;QACL,MAAM,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;QAC/D,gCAAgC;QAChC,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;KAChD;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,WAAuB,EACvB,GAAe;IAEf,MAAM,eAAe,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAExC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;IAE5D,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAErC,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3B,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACxC,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,EAAE,EAAE,aAAa,EAAE,GAAG,CAAC,CAAC;IAE/D,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAE7E,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IACxD,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IAEjE,OAAO,MAAM,CACX,CAAC,cAAc,EAAE,YAAY,EAAE,IAAI,CAAC,EACpC,cAAc,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAC1D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAEpC;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,UAAsB,EACtB,SAAqB;IAErB,IAAI,SAAS,CAAC,MAAM,IAAI,UAAU,EAAE;QAClC,MAAM,IAAI,KAAK,CACb,gEAAgE,UAAU,QAAQ,CACnF,CAAC;KACH;SAAM,IAAI,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE;QAC7B,MAAM,IAAI,KAAK,CACb,0EAA0E,SAAS,CAAC,CAAC,CAAC,EAAE,CACzF,CAAC;KACH;SAAM;QACL,cAAc;QACd,MAAM,cAAc,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9C,MAAM,gBAAgB,GAAG,SAAS,CAAC,MAAM,GAAG,UAAU,CAAC;QACvD,MAAM,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACxC,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,gBAAgB,CAAC,CAAC;QACpE,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,gBAAgB,CAAC,CAAC;QAE3D,aAAa;QACb,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC/B,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAC/D,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,MAAM,CAAC,CACxC,CAAC;QAEF,IAAI,CAAC,CAAC,MAAM,gBAAgB,CAAC,MAAM,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC,EAAE;YAC1D,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;SAClC;QAED,OAAO,aAAa,CAAC,EAAE,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;KACrD;AACH,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,94 @@
+import { DecoderV0, MessageV0, proto } from "@waku/core/lib/waku_message/version_0";
+import type { DecodedMessage, Decoder, Encoder, Message, ProtoMessage } from "@waku/interfaces";
+import { generatePrivateKey, generateSymmetricKey, getPublicKey } from "./crypto.js";
+export { generatePrivateKey, generateSymmetricKey, getPublicKey };
+export declare const Version = 1;
+export declare type Signature = {
+    signature: Uint8Array;
+    publicKey: Uint8Array | undefined;
+};
+export declare class MessageV1 extends MessageV0 implements DecodedMessage {
+    signature?: Uint8Array | undefined;
+    signaturePublicKey?: Uint8Array | undefined;
+    private readonly _decodedPayload;
+    constructor(proto: proto.WakuMessage, decodedPayload: Uint8Array, signature?: Uint8Array | undefined, signaturePublicKey?: Uint8Array | undefined);
+    get payload(): Uint8Array;
+}
+export declare class AsymEncoder implements Encoder {
+    contentTopic: string;
+    private publicKey;
+    private sigPrivKey?;
+    constructor(contentTopic: string, publicKey: Uint8Array, sigPrivKey?: Uint8Array | undefined);
+    toWire(message: Partial<Message>): Promise<Uint8Array | undefined>;
+    toProtoObj(message: Partial<Message>): Promise<ProtoMessage | undefined>;
+}
+export declare class SymEncoder implements Encoder {
+    contentTopic: string;
+    private symKey;
+    private sigPrivKey?;
+    constructor(contentTopic: string, symKey: Uint8Array, sigPrivKey?: Uint8Array | undefined);
+    toWire(message: Partial<Message>): Promise<Uint8Array | undefined>;
+    toProtoObj(message: Partial<Message>): Promise<ProtoMessage | undefined>;
+}
+export declare class AsymDecoder extends DecoderV0 implements Decoder<MessageV1> {
+    private privateKey;
+    constructor(contentTopic: string, privateKey: Uint8Array);
+    fromProtoObj(protoMessage: ProtoMessage): Promise<MessageV1 | undefined>;
+}
+export declare class SymDecoder extends DecoderV0 implements Decoder<MessageV1> {
+    private symKey;
+    constructor(contentTopic: string, symKey: Uint8Array);
+    fromProtoObj(protoMessage: ProtoMessage): Promise<MessageV1 | undefined>;
+}
+/**
+ * Proceed with Asymmetric encryption of the data as per [26/WAKU-PAYLOAD](https://rfc.vac.dev/spec/26/).
+ * The data MUST be flags | payload-length | payload | [signature].
+ * The returned result  can be set to `WakuMessage.payload`.
+ *
+ * @internal
+ */
+export declare function encryptAsymmetric(data: Uint8Array, publicKey: Uint8Array | string): Promise<Uint8Array>;
+/**
+ * Proceed with Asymmetric decryption of the data as per [26/WAKU-PAYLOAD](https://rfc.vac.dev/spec/26/).
+ * The returned data is expected to be `flags | payload-length | payload | [signature]`.
+ *
+ * @internal
+ */
+export declare function decryptAsymmetric(payload: Uint8Array, privKey: Uint8Array): Promise<Uint8Array>;
+/**
+ * Proceed with Symmetric encryption of the data as per [26/WAKU-PAYLOAD](https://rfc.vac.dev/spec/26/).
+ *
+ * @param data The data to encrypt, expected to be `flags | payload-length | payload | [signature]`.
+ * @param key The key to use for encryption.
+ * @returns The decrypted data, `cipherText | tag | iv` and can be set to `WakuMessage.payload`.
+ *
+ * @internal
+ */
+export declare function encryptSymmetric(data: Uint8Array, key: Uint8Array | string): Promise<Uint8Array>;
+/**
+ * Proceed with Symmetric decryption of the data as per [26/WAKU-PAYLOAD](https://rfc.vac.dev/spec/26/).
+ *
+ * @param payload The cipher data, it is expected to be `cipherText | tag | iv`.
+ * @param key The key to use for decryption.
+ * @returns The decrypted data, expected to be `flags | payload-length | payload | [signature]`.
+ *
+ * @internal
+ */
+export declare function decryptSymmetric(payload: Uint8Array, key: Uint8Array | string): Promise<Uint8Array>;
+/**
+ * Prepare the payload pre-encryption.
+ *
+ * @internal
+ * @returns The encoded payload, ready for encryption using {@link encryptAsymmetric}
+ * or {@link encryptSymmetric}.
+ */
+export declare function preCipher(messagePayload: Uint8Array, sigPrivKey?: Uint8Array): Promise<Uint8Array>;
+/**
+ * Decode a decrypted payload.
+ *
+ * @internal
+ */
+export declare function postCipher(message: Uint8Array): {
+    payload: Uint8Array;
+    sig?: Signature;
+} | undefined;