@wireapp/core-crypto 1.0.0-rc.12 → 1.0.0-rc.14

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wireapp/core-crypto",
-  "version": "1.0.0-rc.12",
+  "version": "1.0.0-rc.14",
   "description": "CoreCrypto bindings for the Web",
   "type": "module",
   "module": "platforms/web/corecrypto.js",

package/platforms/web/corecrypto.d.ts

@@ -1,3 +1,63 @@
+declare class AcmeChallenge {
+	free(): void;
+	/**
+	* Contains raw JSON data of this challenge. This is parsed by the underlying Rust library hence should not be accessed
+	*/
+	readonly delegate: Uint8Array;
+	/**
+	* Non-standard, Wire specific claim. Indicates the consumer from where it should get the challenge proof.
+	* Either from wire-server "/access-token" endpoint in case of a DPoP challenge, or from an OAuth token endpoint for an OIDC challenge
+	*/
+	readonly target: string;
+	/**
+	* URL of this challenge
+	*/
+	readonly url: string;
+}
+declare class AcmeDirectory {
+	free(): void;
+	/**
+	* URL for creating a new account.
+	*/
+	readonly newAccount: string;
+	/**
+	* URL for fetching a new nonce. Use this only for creating a new account.
+	*/
+	readonly newNonce: string;
+	/**
+	* URL for creating a new order.
+	*/
+	readonly newOrder: string;
+	/**
+	* Revocation URL
+	*/
+	readonly revokeCert: string;
+}
+declare class NewAcmeAuthz {
+	free(): void;
+	/**
+	* DNS entry associated with those challenge
+	*/
+	readonly identifier: string;
+	/**
+	* Challenge for the deviceId owned by wire-server
+	*/
+	readonly wireDpopChallenge: AcmeChallenge | undefined;
+	/**
+	* Challenge for the userId and displayName owned by the identity provider
+	*/
+	readonly wireOidcChallenge: AcmeChallenge | undefined;
+}
+declare class NewAcmeOrder {
+	free(): void;
+	/**
+	*/
+	readonly authorizations: (Uint8Array)[];
+	/**
+	* Contains raw JSON data of this order. This is parsed by the underlying Rust library hence should not be accessed
+	*/
+	readonly delegate: Uint8Array;
+}
 /**
  * Error wrapper that takes care of extracting rich error details across the FFI (through JSON parsing)
  *
@@ -303,6 +363,10 @@ export interface CoreCryptoDeferredParams {
 	 * .wasm file path, this will be useful in case your bundling system likes to relocate files (i.e. what webpack does)
 	 */
 	wasmFilePath?: string;
+	/**
+	 * Number of initial KeyPackage to create when initializing the client
+	 */
+	nbKeyPackage?: number;
 }
 /**
  * Params for CoreCrypto initialization
@@ -616,7 +680,7 @@ export declare class CoreCrypto {
 	 * });
 	 * ````
 	 */
-	static init({ databaseName, key, clientId, wasmFilePath, ciphersuites, entropySeed }: CoreCryptoParams): Promise<CoreCrypto>;
+	static init({ databaseName, key, clientId, wasmFilePath, ciphersuites, entropySeed, nbKeyPackage, }: CoreCryptoParams): Promise<CoreCrypto>;
 	/**
 	 * Almost identical to {@link CoreCrypto.init} but allows a 2 phase initialization of MLS.
 	 * First, calling this will set up the keystore and will allow generating proteus prekeys.
@@ -624,14 +688,15 @@ export declare class CoreCrypto {
 	 * Use this clientId to initialize MLS with {@link CoreCrypto.mlsInit}.
 	 * @param params - {@link CoreCryptoDeferredParams}
 	 */
-	static deferredInit({ databaseName, key, ciphersuites, entropySeed, wasmFilePath }: CoreCryptoDeferredParams): Promise<CoreCrypto>;
+	static deferredInit({ databaseName, key, ciphersuites, entropySeed, wasmFilePath, nbKeyPackage, }: CoreCryptoDeferredParams): Promise<CoreCrypto>;
 	/**
 	 * Use this after {@link CoreCrypto.deferredInit} when you have a clientId. It initializes MLS.
 	 *
 	 * @param clientId - {@link CoreCryptoParams#clientId} but required
 	 * @param ciphersuites - All the ciphersuites supported by this MLS client
+	 * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client
 	 */
-	mlsInit(clientId: ClientId, ciphersuites: Ciphersuite[]): Promise<void>;
+	mlsInit(clientId: ClientId, ciphersuites: Ciphersuite[], nbKeyPackage?: number): Promise<void>;
 	/**
 	 * Generates a MLS KeyPair/CredentialBundle with a temporary, random client ID.
 	 * This method is designed to be used in conjunction with {@link CoreCrypto.mlsInitWithClientId} and represents the first step in this process
@@ -1107,7 +1172,7 @@ export declare class CoreCrypto {
 	 * Creates an enrollment instance with private key material you can use in order to fetch
 	 * a new x509 certificate from the acme server.
 	 *
-	 * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
+	 * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `t6wRpI8BRSeviBwwiFp5MQ:6add501bacd1d90e@example.com`
 	 * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
 	 * @param handle - user handle e.g. `alice.smith.qa@example.com`
 	 * @param expiryDays - generated x509 certificate expiry
@@ -1119,7 +1184,7 @@ export declare class CoreCrypto {
 	 * Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI.
 	 * Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
 	 *
-	 * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
+	 * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `t6wRpI8BRSeviBwwiFp5MQ:6add501bacd1d90e@example.com`
 	 * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
 	 * @param handle - user handle e.g. `alice.smith.qa@example.com`
 	 * @param expiryDays - generated x509 certificate expiry
@@ -1133,7 +1198,7 @@ export declare class CoreCrypto {
 	 * has been revoked. It lets you change the DisplayName or the handle
 	 * if you need to. Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
 	 *
-	 * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
+	 * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `t6wRpI8BRSeviBwwiFp5MQ:6add501bacd1d90e@example.com`
 	 * @param expiryDays - generated x509 certificate expiry
 	 * @param ciphersuite - for generating signing key material
 	 * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
@@ -1147,9 +1212,10 @@ export declare class CoreCrypto {
 	 *
 	 * @param enrollment - the enrollment instance used to fetch the certificates
 	 * @param certificateChain - the raw response from ACME server
+	 * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client
 	 * @returns a MlsClient initialized with only a x509 credential
 	 */
-	e2eiMlsInitOnly(enrollment: E2eiEnrollment, certificateChain: string): Promise<void>;
+	e2eiMlsInitOnly(enrollment: E2eiEnrollment, certificateChain: string, nbKeyPackage?: number): Promise<void>;
 	/**
 	 * Creates a commit in all local conversations for changing the credential. Requires first
 	 * having enrolled a new X509 certificate with either {@link CoreCrypto.e2eiNewActivationEnrollment}
@@ -1344,103 +1410,6 @@ export declare class E2eiEnrollment {
 	 */
 	certificateRequest(previousNonce: string): JsonRawData;
 }
-/**
- * Holds URLs of all the standard ACME endpoint supported on an ACME server.
- * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.1.1
- */
-export interface AcmeDirectory {
-	/**
-	 * URL for fetching a new nonce. Use this only for creating a new account.
-	 *
-	 * @readonly
-	 */
-	newNonce: string;
-	/**
-	 * URL for creating a new account.
-	 *
-	 * @readonly
-	 */
-	newAccount: string;
-	/**
-	 * URL for creating a new order.
-	 *
-	 * @readonly
-	 */
-	newOrder: string;
-	/**
-	 * Revocation URL
-	 *
-	 * @readonly
-	 */
-	revokeCert: string;
-}
-/**
- * Result of an order creation
- * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
- */
-export interface NewAcmeOrder {
-	/**
-	 * Contains raw JSON data of this order. This is parsed by the underlying Rust library hence should not be accessed
-	 *
-	 * @readonly
-	 */
-	delegate: Uint8Array;
-	/**
-	 * An authorization for each domain to create
-	 *
-	 * @readonly
-	 */
-	authorizations: Uint8Array[];
-}
-/**
- * Result of an authorization creation.
- * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
- */
-export interface NewAcmeAuthz {
-	/**
-	 * DNS entry associated with those challenge
-	 *
-	 * @readonly
-	 */
-	identifier: string;
-	/**
-	 * Challenge for the clientId
-	 *
-	 * @readonly
-	 */
-	wireDpopChallenge?: AcmeChallenge;
-	/**
-	 * Challenge for the userId and displayName
-	 *
-	 * @readonly
-	 */
-	wireOidcChallenge?: AcmeChallenge;
-}
-/**
- * For creating a challenge
- * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
- */
-export interface AcmeChallenge {
-	/**
-	 * Contains raw JSON data of this challenge. This is parsed by the underlying Rust library hence should not be accessed
-	 *
-	 * @readonly
-	 */
-	delegate: Uint8Array;
-	/**
-	 * URL of this challenge
-	 *
-	 * @readonly
-	 */
-	url: string;
-	/**
-	 * Non-standard, Wire specific claim. Indicates the consumer from where it should get the challenge proof.
-	 * Either from wire-server "/access-token" endpoint in case of a DPoP challenge, or from an OAuth token endpoint for an OIDC challenge
-	 *
-	 * @readonly
-	 */
-	target: string;
-}
 /**
  * Indicates the state of a Conversation regarding end-to-end identity.
  * Note: this does not check pending state (pending commit, pending proposals) so it does not

package/platforms/web/corecrypto.js

@@ -35,9 +35,23 @@ typeof SuppressedError === "function" ? SuppressedError : function (error, suppr
 };
 
 let wasm$1;
+const cachedTextDecoder = (typeof TextDecoder !== 'undefined' ? new TextDecoder('utf-8', { ignoreBOM: true, fatal: true }) : { decode: () => { throw Error('TextDecoder not available'); } });
+if (typeof TextDecoder !== 'undefined') {
+    cachedTextDecoder.decode();
+}
+let cachedUint8Memory0 = null;
+function getUint8Memory0() {
+    if (cachedUint8Memory0 === null || cachedUint8Memory0.byteLength === 0) {
+        cachedUint8Memory0 = new Uint8Array(wasm$1.memory.buffer);
+    }
+    return cachedUint8Memory0;
+}
+function getStringFromWasm0(ptr, len) {
+    ptr = ptr >>> 0;
+    return cachedTextDecoder.decode(getUint8Memory0().subarray(ptr, ptr + len));
+}
 const heap = new Array(128).fill(undefined);
 heap.push(undefined, null, true, false);
-function getObject(idx) { return heap[idx]; }
 let heap_next = heap.length;
 function addHeapObject(obj) {
     if (heap_next === heap.length)
@@ -47,6 +61,7 @@ function addHeapObject(obj) {
     heap[idx] = obj;
     return idx;
 }
+function getObject(idx) { return heap[idx]; }
 function dropObject(idx) {
     if (idx < 132)
         return;
@@ -58,21 +73,6 @@ function takeObject(idx) {
     dropObject(idx);
     return ret;
 }
-const cachedTextDecoder = (typeof TextDecoder !== 'undefined' ? new TextDecoder('utf-8', { ignoreBOM: true, fatal: true }) : { decode: () => { throw Error('TextDecoder not available'); } });
-if (typeof TextDecoder !== 'undefined') {
-    cachedTextDecoder.decode();
-}
-let cachedUint8Memory0 = null;
-function getUint8Memory0() {
-    if (cachedUint8Memory0 === null || cachedUint8Memory0.byteLength === 0) {
-        cachedUint8Memory0 = new Uint8Array(wasm$1.memory.buffer);
-    }
-    return cachedUint8Memory0;
-}
-function getStringFromWasm0(ptr, len) {
-    ptr = ptr >>> 0;
-    return cachedTextDecoder.decode(getUint8Memory0().subarray(ptr, ptr + len));
-}
 let WASM_VECTOR_LEN = 0;
 const cachedTextEncoder = (typeof TextEncoder !== 'undefined' ? new TextEncoder('utf-8') : { encode: () => { throw Error('TextEncoder not available'); } });
 const encodeString = (typeof cachedTextEncoder.encodeInto === 'function'
@@ -234,12 +234,12 @@ function makeMutClosure(arg0, arg1, dtor, f) {
     return real;
 }
 function __wbg_adapter_52(arg0, arg1, arg2) {
-    wasm$1.wasm_bindgen__convert__closures__invoke1_mut__hdb6540dbb26cf63b(arg0, arg1, addHeapObject(arg2));
+    wasm$1.wasm_bindgen__convert__closures__invoke1_mut__ha447962224b266eb(arg0, arg1, addHeapObject(arg2));
 }
 function __wbg_adapter_55(arg0, arg1, arg2) {
     try {
         const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-        wasm$1.wasm_bindgen__convert__closures__invoke1_mut__h3c15a82f614455aa(retptr, arg0, arg1, addHeapObject(arg2));
+        wasm$1.wasm_bindgen__convert__closures__invoke1_mut__h356d4ae76e3804e9(retptr, arg0, arg1, addHeapObject(arg2));
         var r0 = getInt32Memory0()[retptr / 4 + 0];
         var r1 = getInt32Memory0()[retptr / 4 + 1];
         if (r1) {
@@ -250,11 +250,9 @@ function __wbg_adapter_55(arg0, arg1, arg2) {
         wasm$1.__wbindgen_add_to_stack_pointer(16);
     }
 }
-function _assertClass(instance, klass) {
-    if (!(instance instanceof klass)) {
-        throw new Error(`expected instance of ${klass.name}`);
-    }
-    return instance.ptr;
+function getArrayU8FromWasm0(ptr, len) {
+    ptr = ptr >>> 0;
+    return getUint8Memory0().subarray(ptr / 1, ptr / 1 + len);
 }
 let cachedUint32Memory0 = null;
 function getUint32Memory0() {
@@ -263,14 +261,15 @@ function getUint32Memory0() {
     }
     return cachedUint32Memory0;
 }
-function passArrayJsValueToWasm0(array, malloc) {
-    const ptr = malloc(array.length * 4, 4) >>> 0;
+function getArrayJsValueFromWasm0(ptr, len) {
+    ptr = ptr >>> 0;
     const mem = getUint32Memory0();
-    for (let i = 0; i < array.length; i++) {
-        mem[ptr / 4 + i] = addHeapObject(array[i]);
+    const slice = mem.subarray(ptr / 4, ptr / 4 + len);
+    const result = [];
+    for (let i = 0; i < slice.length; i++) {
+        result.push(takeObject(slice[i]));
     }
-    WASM_VECTOR_LEN = array.length;
-    return ptr;
+    return result;
 }
 function passArray8ToWasm0(arg, malloc) {
     const ptr = malloc(arg.length * 1, 1) >>> 0;
@@ -278,6 +277,21 @@ function passArray8ToWasm0(arg, malloc) {
     WASM_VECTOR_LEN = arg.length;
     return ptr;
 }
+function _assertClass(instance, klass) {
+    if (!(instance instanceof klass)) {
+        throw new Error(`expected instance of ${klass.name}`);
+    }
+    return instance.ptr;
+}
+function passArrayJsValueToWasm0(array, malloc) {
+    const ptr = malloc(array.length * 4, 4) >>> 0;
+    const mem = getUint32Memory0();
+    for (let i = 0; i < array.length; i++) {
+        mem[ptr / 4 + i] = addHeapObject(array[i]);
+    }
+    WASM_VECTOR_LEN = array.length;
+    return ptr;
+}
 let cachedUint16Memory0 = null;
 function getUint16Memory0() {
     if (cachedUint16Memory0 === null || cachedUint16Memory0.byteLength === 0) {
@@ -291,20 +305,6 @@ function passArray16ToWasm0(arg, malloc) {
     WASM_VECTOR_LEN = arg.length;
     return ptr;
 }
-function getArrayJsValueFromWasm0(ptr, len) {
-    ptr = ptr >>> 0;
-    const mem = getUint32Memory0();
-    const slice = mem.subarray(ptr / 4, ptr / 4 + len);
-    const result = [];
-    for (let i = 0; i < slice.length; i++) {
-        result.push(takeObject(slice[i]));
-    }
-    return result;
-}
-function getArrayU8FromWasm0(ptr, len) {
-    ptr = ptr >>> 0;
-    return getUint8Memory0().subarray(ptr / 1, ptr / 1 + len);
-}
 function handleError(f, args) {
     try {
         return f.apply(this, args);
@@ -313,8 +313,8 @@ function handleError(f, args) {
         wasm$1.__wbindgen_exn_store(addHeapObject(e));
     }
 }
-function __wbg_adapter_312(arg0, arg1, arg2, arg3) {
-    wasm$1.wasm_bindgen__convert__closures__invoke2_mut__h5286c52f12e3fed2(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
+function __wbg_adapter_308(arg0, arg1, arg2, arg3) {
+    wasm$1.wasm_bindgen__convert__closures__invoke2_mut__h818732dcca963bda(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
 }
 /**
 * see [core_crypto::prelude::MlsWirePolicy]
@@ -379,7 +379,8 @@ const Ciphersuite$1 = Object.freeze({
     MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_Ed25519: 61489, "61489": "MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_Ed25519",
 });
 /**
-* See [core_crypto::e2e_identity::types::E2eiAcmeChallenge]
+* For creating a challenge.
+* @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
 */
 class AcmeChallenge {
     static __wrap(ptr) {
@@ -398,26 +399,25 @@ class AcmeChallenge {
         wasm$1.__wbg_acmechallenge_free(ptr);
     }
     /**
-    * @param {Uint8Array} delegate
-    * @param {string} url
-    * @param {string} target
-    */
-    constructor(delegate, url, target) {
-        const ptr0 = passStringToWasm0(url, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-        const len0 = WASM_VECTOR_LEN;
-        const ptr1 = passStringToWasm0(target, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-        const len1 = WASM_VECTOR_LEN;
-        const ret = wasm$1.acmechallenge_new(addHeapObject(delegate), ptr0, len0, ptr1, len1);
-        return AcmeChallenge.__wrap(ret);
-    }
-    /**
+    * Contains raw JSON data of this challenge. This is parsed by the underlying Rust library hence should not be accessed
     * @returns {Uint8Array}
     */
     get delegate() {
-        const ret = wasm$1.acmechallenge_delegate(this.__wbg_ptr);
-        return takeObject(ret);
+        try {
+            const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
+            wasm$1.__wbg_get_acmechallenge_delegate(retptr, this.__wbg_ptr);
+            var r0 = getInt32Memory0()[retptr / 4 + 0];
+            var r1 = getInt32Memory0()[retptr / 4 + 1];
+            var v1 = getArrayU8FromWasm0(r0, r1).slice();
+            wasm$1.__wbindgen_free(r0, r1 * 1);
+            return v1;
+        }
+        finally {
+            wasm$1.__wbindgen_add_to_stack_pointer(16);
+        }
     }
     /**
+    * URL of this challenge
     * @returns {string}
     */
     get url() {
@@ -425,7 +425,7 @@ class AcmeChallenge {
         let deferred1_1;
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmechallenge_url(retptr, this.__wbg_ptr);
+            wasm$1.__wbg_get_acmechallenge_url(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             deferred1_0 = r0;
@@ -438,6 +438,8 @@ class AcmeChallenge {
         }
     }
     /**
+    * Non-standard, Wire specific claim. Indicates the consumer from where it should get the challenge proof.
+    * Either from wire-server "/access-token" endpoint in case of a DPoP challenge, or from an OAuth token endpoint for an OIDC challenge
     * @returns {string}
     */
     get target() {
@@ -445,7 +447,7 @@ class AcmeChallenge {
         let deferred1_1;
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmechallenge_target(retptr, this.__wbg_ptr);
+            wasm$1.__wbg_get_acmechallenge_target(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             deferred1_0 = r0;
@@ -459,7 +461,8 @@ class AcmeChallenge {
     }
 }
 /**
-* See [core_crypto::e2e_identity::types::E2eiAcmeDirectory]
+* Holds URLs of all the standard ACME endpoint supported on an ACME server.
+* @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.1.1
 */
 class AcmeDirectory {
     static __wrap(ptr) {
@@ -478,24 +481,7 @@ class AcmeDirectory {
         wasm$1.__wbg_acmedirectory_free(ptr);
     }
     /**
-    * @param {string} new_nonce
-    * @param {string} new_account
-    * @param {string} new_order
-    * @param {string} revoke_cert
-    */
-    constructor(new_nonce, new_account, new_order, revoke_cert) {
-        const ptr0 = passStringToWasm0(new_nonce, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-        const len0 = WASM_VECTOR_LEN;
-        const ptr1 = passStringToWasm0(new_account, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-        const len1 = WASM_VECTOR_LEN;
-        const ptr2 = passStringToWasm0(new_order, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-        const len2 = WASM_VECTOR_LEN;
-        const ptr3 = passStringToWasm0(revoke_cert, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-        const len3 = WASM_VECTOR_LEN;
-        const ret = wasm$1.acmedirectory_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3);
-        return AcmeDirectory.__wrap(ret);
-    }
-    /**
+    * URL for fetching a new nonce. Use this only for creating a new account.
     * @returns {string}
     */
     get newNonce() {
@@ -503,7 +489,7 @@ class AcmeDirectory {
         let deferred1_1;
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmedirectory_newNonce(retptr, this.__wbg_ptr);
+            wasm$1.__wbg_get_acmedirectory_newNonce(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             deferred1_0 = r0;
@@ -516,6 +502,7 @@ class AcmeDirectory {
         }
     }
     /**
+    * URL for creating a new account.
     * @returns {string}
     */
     get newAccount() {
@@ -523,7 +510,7 @@ class AcmeDirectory {
         let deferred1_1;
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmechallenge_url(retptr, this.__wbg_ptr);
+            wasm$1.__wbg_get_acmechallenge_url(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             deferred1_0 = r0;
@@ -536,6 +523,7 @@ class AcmeDirectory {
         }
     }
     /**
+    * URL for creating a new order.
     * @returns {string}
     */
     get newOrder() {
@@ -543,7 +531,7 @@ class AcmeDirectory {
         let deferred1_1;
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmechallenge_target(retptr, this.__wbg_ptr);
+            wasm$1.__wbg_get_acmechallenge_target(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             deferred1_0 = r0;
@@ -556,6 +544,7 @@ class AcmeDirectory {
         }
     }
     /**
+    * Revocation URL
     * @returns {string}
     */
     get revokeCert() {
@@ -563,7 +552,7 @@ class AcmeDirectory {
         let deferred1_1;
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmedirectory_revokeCert(retptr, this.__wbg_ptr);
+            wasm$1.__wbg_get_acmedirectory_revokeCert(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             deferred1_0 = r0;
@@ -675,7 +664,7 @@ class CommitBundle {
     * @returns {Uint8Array}
     */
     get commit() {
-        const ret = wasm$1.acmechallenge_delegate(this.__wbg_ptr);
+        const ret = wasm$1.commitbundle_commit(this.__wbg_ptr);
         return takeObject(ret);
     }
     /**
@@ -754,7 +743,7 @@ class ConversationInitBundle {
     * @returns {Uint8Array}
     */
     get conversation_id() {
-        const ret = wasm$1.acmechallenge_delegate(this.__wbg_ptr);
+        const ret = wasm$1.commitbundle_commit(this.__wbg_ptr);
         return takeObject(ret);
     }
     /**
@@ -857,14 +846,15 @@ let CoreCrypto$1 = class CoreCrypto {
     * see [core_crypto::mls::MlsCentral::e2ei_mls_init_only]
     * @param {FfiWireE2EIdentity} enrollment
     * @param {string} certificate_chain
+    * @param {number | undefined} nb_key_package
     * @returns {Promise<any>}
     */
-    e2ei_mls_init_only(enrollment, certificate_chain) {
+    e2ei_mls_init_only(enrollment, certificate_chain, nb_key_package) {
         _assertClass(enrollment, FfiWireE2EIdentity);
         var ptr0 = enrollment.__destroy_into_raw();
         const ptr1 = passStringToWasm0(certificate_chain, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
         const len1 = WASM_VECTOR_LEN;
-        const ret = wasm$1.corecrypto_e2ei_mls_init_only(this.__wbg_ptr, ptr0, ptr1, len1);
+        const ret = wasm$1.corecrypto_e2ei_mls_init_only(this.__wbg_ptr, ptr0, ptr1, len1, !isLikeNone(nb_key_package), isLikeNone(nb_key_package) ? 0 : nb_key_package);
         return takeObject(ret);
     }
     /**
@@ -972,9 +962,10 @@ let CoreCrypto$1 = class CoreCrypto {
     * @param {Uint8Array} client_id
     * @param {Uint16Array} ciphersuites
     * @param {Uint8Array | undefined} entropy_seed
+    * @param {number | undefined} nb_key_package
     * @returns {Promise<CoreCrypto>}
     */
-    static _internal_new(path, key, client_id, ciphersuites, entropy_seed) {
+    static _internal_new(path, key, client_id, ciphersuites, entropy_seed, nb_key_package) {
         const ptr0 = passStringToWasm0(path, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
         const len0 = WASM_VECTOR_LEN;
         const ptr1 = passStringToWasm0(key, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
@@ -985,7 +976,7 @@ let CoreCrypto$1 = class CoreCrypto {
         const len3 = WASM_VECTOR_LEN;
         var ptr4 = isLikeNone(entropy_seed) ? 0 : passArray8ToWasm0(entropy_seed, wasm$1.__wbindgen_malloc);
         var len4 = WASM_VECTOR_LEN;
-        const ret = wasm$1.corecrypto__internal_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, ptr4, len4);
+        const ret = wasm$1.corecrypto__internal_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, ptr4, len4, !isLikeNone(nb_key_package), isLikeNone(nb_key_package) ? 0 : nb_key_package);
         return takeObject(ret);
     }
     /**
@@ -994,9 +985,10 @@ let CoreCrypto$1 = class CoreCrypto {
     * @param {string} key
     * @param {Uint16Array} ciphersuites
     * @param {Uint8Array | undefined} entropy_seed
+    * @param {number | undefined} nb_key_package
     * @returns {Promise<CoreCrypto>}
     */
-    static deferred_init(path, key, ciphersuites, entropy_seed) {
+    static deferred_init(path, key, ciphersuites, entropy_seed, nb_key_package) {
         const ptr0 = passStringToWasm0(path, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
         const len0 = WASM_VECTOR_LEN;
         const ptr1 = passStringToWasm0(key, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
@@ -1005,21 +997,22 @@ let CoreCrypto$1 = class CoreCrypto {
         const len2 = WASM_VECTOR_LEN;
         var ptr3 = isLikeNone(entropy_seed) ? 0 : passArray8ToWasm0(entropy_seed, wasm$1.__wbindgen_malloc);
         var len3 = WASM_VECTOR_LEN;
-        const ret = wasm$1.corecrypto_deferred_init(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3);
+        const ret = wasm$1.corecrypto_deferred_init(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, !isLikeNone(nb_key_package), isLikeNone(nb_key_package) ? 0 : nb_key_package);
         return takeObject(ret);
     }
     /**
     * see [core_crypto::mls::MlsCentral::mls_init]
     * @param {Uint8Array} client_id
     * @param {Uint16Array} ciphersuites
+    * @param {number | undefined} nb_key_package
     * @returns {Promise<any>}
     */
-    mls_init(client_id, ciphersuites) {
+    mls_init(client_id, ciphersuites, nb_key_package) {
         const ptr0 = passArray8ToWasm0(client_id, wasm$1.__wbindgen_malloc);
         const len0 = WASM_VECTOR_LEN;
         const ptr1 = passArray16ToWasm0(ciphersuites, wasm$1.__wbindgen_malloc);
         const len1 = WASM_VECTOR_LEN;
-        const ret = wasm$1.corecrypto_mls_init(this.__wbg_ptr, ptr0, len0, ptr1, len1);
+        const ret = wasm$1.corecrypto_mls_init(this.__wbg_ptr, ptr0, len0, ptr1, len1, !isLikeNone(nb_key_package), isLikeNone(nb_key_package) ? 0 : nb_key_package);
         return takeObject(ret);
     }
     /**
@@ -2387,7 +2380,7 @@ class GroupInfoBundle {
     * @returns {Uint8Array}
     */
     get payload() {
-        const ret = wasm$1.acmechallenge_delegate(this.__wbg_ptr);
+        const ret = wasm$1.commitbundle_commit(this.__wbg_ptr);
         return takeObject(ret);
     }
 }
@@ -2422,7 +2415,7 @@ class Invitee {
     * @returns {Uint8Array}
     */
     get id() {
-        const ret = wasm$1.acmechallenge_delegate(this.__wbg_ptr);
+        const ret = wasm$1.commitbundle_commit(this.__wbg_ptr);
         return takeObject(ret);
     }
     /**
@@ -2467,7 +2460,7 @@ class MemberAddedMessages {
     * @returns {Uint8Array}
     */
     get welcome() {
-        const ret = wasm$1.acmechallenge_delegate(this.__wbg_ptr);
+        const ret = wasm$1.commitbundle_commit(this.__wbg_ptr);
         return takeObject(ret);
     }
     /**
@@ -2486,7 +2479,8 @@ class MemberAddedMessages {
     }
 }
 /**
-* See [core_crypto::e2e_identity::types::E2eiNewAcmeAuthz]
+* Result of an authorization creation.
+* @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
 */
 class NewAcmeAuthz {
     static __wrap(ptr) {
@@ -2505,27 +2499,7 @@ class NewAcmeAuthz {
         wasm$1.__wbg_newacmeauthz_free(ptr);
     }
     /**
-    * @param {string} identifier
-    * @param {AcmeChallenge | undefined} wire_dpop_challenge
-    * @param {AcmeChallenge | undefined} wire_oidc_challenge
-    */
-    constructor(identifier, wire_dpop_challenge, wire_oidc_challenge) {
-        const ptr0 = passStringToWasm0(identifier, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-        const len0 = WASM_VECTOR_LEN;
-        let ptr1 = 0;
-        if (!isLikeNone(wire_dpop_challenge)) {
-            _assertClass(wire_dpop_challenge, AcmeChallenge);
-            ptr1 = wire_dpop_challenge.__destroy_into_raw();
-        }
-        let ptr2 = 0;
-        if (!isLikeNone(wire_oidc_challenge)) {
-            _assertClass(wire_oidc_challenge, AcmeChallenge);
-            ptr2 = wire_oidc_challenge.__destroy_into_raw();
-        }
-        const ret = wasm$1.newacmeauthz_new(ptr0, len0, ptr1, ptr2);
-        return NewAcmeAuthz.__wrap(ret);
-    }
-    /**
+    * DNS entry associated with those challenge
     * @returns {string}
     */
     get identifier() {
@@ -2533,7 +2507,7 @@ class NewAcmeAuthz {
         let deferred1_1;
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmedirectory_newNonce(retptr, this.__wbg_ptr);
+            wasm$1.__wbg_get_acmedirectory_newNonce(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             deferred1_0 = r0;
@@ -2546,22 +2520,25 @@ class NewAcmeAuthz {
         }
     }
     /**
+    * Challenge for the deviceId owned by wire-server
     * @returns {AcmeChallenge | undefined}
     */
     get wireDpopChallenge() {
-        const ret = wasm$1.newacmeauthz_wireDpopChallenge(this.__wbg_ptr);
+        const ret = wasm$1.__wbg_get_newacmeauthz_wireDpopChallenge(this.__wbg_ptr);
         return ret === 0 ? undefined : AcmeChallenge.__wrap(ret);
     }
     /**
+    * Challenge for the userId and displayName owned by the identity provider
     * @returns {AcmeChallenge | undefined}
     */
     get wireOidcChallenge() {
-        const ret = wasm$1.newacmeauthz_wireOidcChallenge(this.__wbg_ptr);
+        const ret = wasm$1.__wbg_get_newacmeauthz_wireOidcChallenge(this.__wbg_ptr);
         return ret === 0 ? undefined : AcmeChallenge.__wrap(ret);
     }
 }
 /**
-* See [core_crypto::e2e_identity::types::E2eiNewAcmeOrder]
+* Result of an order creation.
+* @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 */
 class NewAcmeOrder {
     static __wrap(ptr) {
@@ -2580,28 +2557,39 @@ class NewAcmeOrder {
         wasm$1.__wbg_newacmeorder_free(ptr);
     }
     /**
-    * @param {Uint8Array} delegate
-    * @param {(Uint8Array)[]} authorizations
+    * @returns {(Uint8Array)[]}
     */
-    constructor(delegate, authorizations) {
-        const ptr0 = passArrayJsValueToWasm0(authorizations, wasm$1.__wbindgen_malloc);
-        const len0 = WASM_VECTOR_LEN;
-        const ret = wasm$1.newacmeorder_new(addHeapObject(delegate), ptr0, len0);
-        return NewAcmeOrder.__wrap(ret);
+    get authorizations() {
+        try {
+            const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
+            wasm$1.newacmeorder_authorizations(retptr, this.__wbg_ptr);
+            var r0 = getInt32Memory0()[retptr / 4 + 0];
+            var r1 = getInt32Memory0()[retptr / 4 + 1];
+            var v1 = getArrayJsValueFromWasm0(r0, r1).slice();
+            wasm$1.__wbindgen_free(r0, r1 * 4);
+            return v1;
+        }
+        finally {
+            wasm$1.__wbindgen_add_to_stack_pointer(16);
+        }
     }
     /**
+    * Contains raw JSON data of this order. This is parsed by the underlying Rust library hence should not be accessed
     * @returns {Uint8Array}
     */
     get delegate() {
-        const ret = wasm$1.acmechallenge_delegate(this.__wbg_ptr);
-        return takeObject(ret);
-    }
-    /**
-    * @returns {Array<any>}
-    */
-    get authorizations() {
-        const ret = wasm$1.newacmeorder_authorizations(this.__wbg_ptr);
-        return takeObject(ret);
+        try {
+            const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
+            wasm$1.__wbg_get_acmechallenge_delegate(retptr, this.__wbg_ptr);
+            var r0 = getInt32Memory0()[retptr / 4 + 0];
+            var r1 = getInt32Memory0()[retptr / 4 + 1];
+            var v1 = getArrayU8FromWasm0(r0, r1).slice();
+            wasm$1.__wbindgen_free(r0, r1 * 1);
+            return v1;
+        }
+        finally {
+            wasm$1.__wbindgen_add_to_stack_pointer(16);
+        }
     }
 }
 /**
@@ -2657,7 +2645,7 @@ class ProposalBundle {
     * @returns {Uint8Array}
     */
     get proposal() {
-        const ret = wasm$1.acmechallenge_delegate(this.__wbg_ptr);
+        const ret = wasm$1.commitbundle_commit(this.__wbg_ptr);
         return takeObject(ret);
     }
     /**
@@ -2705,7 +2693,7 @@ class ProteusAutoPrekeyBundle {
     get pkb() {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.__wbg_get_proteusautoprekeybundle_pkb(retptr, this.__wbg_ptr);
+            wasm$1.__wbg_get_acmechallenge_delegate(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             var v1 = getArrayU8FromWasm0(r0, r1).slice();
@@ -2827,7 +2815,7 @@ class WireIdentity {
         let deferred1_1;
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmedirectory_newNonce(retptr, this.__wbg_ptr);
+            wasm$1.wireidentity_client_id(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             deferred1_0 = r0;
@@ -2847,7 +2835,7 @@ class WireIdentity {
         let deferred1_1;
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmechallenge_url(retptr, this.__wbg_ptr);
+            wasm$1.wireidentity_handle(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             deferred1_0 = r0;
@@ -2867,7 +2855,7 @@ class WireIdentity {
         let deferred1_1;
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmechallenge_target(retptr, this.__wbg_ptr);
+            wasm$1.wireidentity_display_name(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             deferred1_0 = r0;
@@ -2887,7 +2875,7 @@ class WireIdentity {
         let deferred1_1;
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmedirectory_revokeCert(retptr, this.__wbg_ptr);
+            wasm$1.wireidentity_domain(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             deferred1_0 = r0;
@@ -2951,19 +2939,42 @@ async function __wbg_load(module, imports) {
 function __wbg_get_imports() {
     const imports = {};
     imports.wbg = {};
-    imports.wbg.__wbindgen_object_clone_ref = function (arg0) {
-        const ret = getObject(arg0);
+    imports.wbg.__wbg_new_b51585de1b234aff = function () {
+        const ret = new Object();
+        return addHeapObject(ret);
+    };
+    imports.wbg.__wbg_new_56693dbed0c32988 = function () {
+        const ret = new Map();
+        return addHeapObject(ret);
+    };
+    imports.wbg.__wbindgen_string_new = function (arg0, arg1) {
+        const ret = getStringFromWasm0(arg0, arg1);
+        return addHeapObject(ret);
+    };
+    imports.wbg.__wbg_set_bedc3d02d0f05eb0 = function (arg0, arg1, arg2) {
+        const ret = getObject(arg0).set(getObject(arg1), getObject(arg2));
         return addHeapObject(ret);
     };
     imports.wbg.__wbindgen_object_drop_ref = function (arg0) {
         takeObject(arg0);
     };
+    imports.wbg.__wbindgen_is_string = function (arg0) {
+        const ret = typeof (getObject(arg0)) === 'string';
+        return ret;
+    };
+    imports.wbg.__wbg_set_bd72c078edfa51ad = function (arg0, arg1, arg2) {
+        getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
+    };
+    imports.wbg.__wbindgen_object_clone_ref = function (arg0) {
+        const ret = getObject(arg0);
+        return addHeapObject(ret);
+    };
     imports.wbg.__wbindgen_is_object = function (arg0) {
         const val = getObject(arg0);
         const ret = typeof (val) === 'object' && val !== null;
         return ret;
     };
-    imports.wbg.__wbg_getwithrefkey_5e6d9547403deab8 = function (arg0, arg1) {
+    imports.wbg.__wbg_getwithrefkey_d1f0d12f1f1b63ea = function (arg0, arg1) {
         const ret = getObject(arg0)[getObject(arg1)];
         return addHeapObject(ret);
     };
@@ -2989,10 +3000,6 @@ function __wbg_get_imports() {
         const ret = getObject(arg0).length;
         return ret;
     };
-    imports.wbg.__wbindgen_string_new = function (arg0, arg1) {
-        const ret = getStringFromWasm0(arg0, arg1);
-        return addHeapObject(ret);
-    };
     imports.wbg.__wbg_get_fc26906e5ae1ea85 = function () {
         return handleError(function (arg0, arg1) {
             const ret = getObject(arg0).get(getObject(arg1));
@@ -3015,10 +3022,6 @@ function __wbg_get_imports() {
         const ret = getObject(arg0).length;
         return ret;
     };
-    imports.wbg.__wbg_ffiwiree2eidentity_new = function (arg0) {
-        const ret = FfiWireE2EIdentity.__wrap(arg0);
-        return addHeapObject(ret);
-    };
     imports.wbg.__wbg_call_01734de55d61e11d = function () {
         return handleError(function (arg0, arg1, arg2) {
             const ret = getObject(arg0).call(getObject(arg1), getObject(arg2));
@@ -3033,8 +3036,12 @@ function __wbg_get_imports() {
         const ret = arg0;
         return addHeapObject(ret);
     };
-    imports.wbg.__wbg_proteusautoprekeybundle_new = function (arg0) {
-        const ret = ProteusAutoPrekeyBundle.__wrap(arg0);
+    imports.wbg.__wbindgen_bigint_from_u64 = function (arg0) {
+        const ret = BigInt.asUintN(64, arg0);
+        return addHeapObject(ret);
+    };
+    imports.wbg.__wbg_ffiwiree2eidentity_new = function (arg0) {
+        const ret = FfiWireE2EIdentity.__wrap(arg0);
         return addHeapObject(ret);
     };
     imports.wbg.__wbg_new_898a68150f225f2e = function () {
@@ -3045,26 +3052,11 @@ function __wbg_get_imports() {
         const ret = getObject(arg0).push(getObject(arg1));
         return ret;
     };
-    imports.wbg.__wbg_new_b51585de1b234aff = function () {
-        const ret = new Object();
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_set_841ac57cff3d672b = function (arg0, arg1, arg2) {
-        getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
-    };
-    imports.wbg.__wbg_new_56693dbed0c32988 = function () {
-        const ret = new Map();
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_set_bedc3d02d0f05eb0 = function (arg0, arg1, arg2) {
-        const ret = getObject(arg0).set(getObject(arg1), getObject(arg2));
-        return addHeapObject(ret);
-    };
     imports.wbg.__wbg_set_502d29070ea18557 = function (arg0, arg1, arg2) {
         getObject(arg0)[arg1 >>> 0] = takeObject(arg2);
     };
-    imports.wbg.__wbindgen_bigint_from_u64 = function (arg0) {
-        const ret = BigInt.asUintN(64, arg0);
+    imports.wbg.__wbg_proteusautoprekeybundle_new = function (arg0) {
+        const ret = ProteusAutoPrekeyBundle.__wrap(arg0);
         return addHeapObject(ret);
     };
     imports.wbg.__wbg_new_d258248ed531ff54 = function (arg0, arg1) {
@@ -3190,7 +3182,7 @@ function __wbg_get_imports() {
                 const a = state0.a;
                 state0.a = 0;
                 try {
-                    return __wbg_adapter_312(a, state0.b, arg0, arg1);
+                    return __wbg_adapter_308(a, state0.b, arg0, arg1);
                 }
                 finally {
                     state0.a = a;
@@ -3203,10 +3195,6 @@ function __wbg_get_imports() {
             state0.a = state0.b = 0;
         }
     };
-    imports.wbg.__wbindgen_is_string = function (arg0) {
-        const ret = typeof (getObject(arg0)) === 'string';
-        return ret;
-    };
     imports.wbg.__wbg_reject_7bd6ac9617013c02 = function (arg0) {
         const ret = Promise.reject(getObject(arg0));
         return addHeapObject(ret);
@@ -3334,6 +3322,15 @@ function __wbg_get_imports() {
             return addHeapObject(ret);
         }, arguments);
     };
+    imports.wbg.__wbg_subarray_13db269f57aa838d = function (arg0, arg1, arg2) {
+        const ret = getObject(arg0).subarray(arg1 >>> 0, arg2 >>> 0);
+        return addHeapObject(ret);
+    };
+    imports.wbg.__wbg_getRandomValues_37fa2ca9e4e07fab = function () {
+        return handleError(function (arg0, arg1) {
+            getObject(arg0).getRandomValues(getObject(arg1));
+        }, arguments);
+    };
     imports.wbg.__wbindgen_memory = function () {
         const ret = wasm$1.memory;
         return addHeapObject(ret);
@@ -3351,15 +3348,6 @@ function __wbg_get_imports() {
             getObject(arg0).randomFillSync(takeObject(arg1));
         }, arguments);
     };
-    imports.wbg.__wbg_subarray_13db269f57aa838d = function (arg0, arg1, arg2) {
-        const ret = getObject(arg0).subarray(arg1 >>> 0, arg2 >>> 0);
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_getRandomValues_37fa2ca9e4e07fab = function () {
-        return handleError(function (arg0, arg1) {
-            getObject(arg0).getRandomValues(getObject(arg1));
-        }, arguments);
-    };
     imports.wbg.__wbg_crypto_c48a774b022d20ac = function (arg0) {
         const ret = getObject(arg0).crypto;
         return addHeapObject(ret);
@@ -3586,7 +3574,7 @@ function __wbg_get_imports() {
         const ret = Object.entries(getObject(arg0));
         return addHeapObject(ret);
     };
-    imports.wbg.__wbg_String_88810dfeb4021902 = function (arg0, arg1) {
+    imports.wbg.__wbg_String_4370c5505c674d30 = function (arg0, arg1) {
         const ret = String(getObject(arg1));
         const ptr1 = passStringToWasm0(ret, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
         const len1 = WASM_VECTOR_LEN;
@@ -3643,12 +3631,12 @@ function __wbg_get_imports() {
             return addHeapObject(ret);
         }, arguments);
     };
-    imports.wbg.__wbindgen_closure_wrapper1725 = function (arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 149, __wbg_adapter_52);
+    imports.wbg.__wbindgen_closure_wrapper1743 = function (arg0, arg1, arg2) {
+        const ret = makeMutClosure(arg0, arg1, 146, __wbg_adapter_52);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper4849 = function (arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 149, __wbg_adapter_55);
+    imports.wbg.__wbindgen_closure_wrapper4858 = function (arg0, arg1, arg2) {
+        const ret = makeMutClosure(arg0, arg1, 146, __wbg_adapter_55);
         return addHeapObject(ret);
     };
     return imports;
@@ -3715,7 +3703,7 @@ var exports = /*#__PURE__*/Object.freeze({
     initSync: initSync
 });
 
-const wasm_path = "assets/core_crypto_ffi-d9ea5643.wasm";
+const wasm_path = "assets/core_crypto_ffi-105754e9.wasm";
 
             
             var wasm = async (opt = {}) => {
@@ -3964,14 +3952,14 @@ class CoreCrypto {
      * });
      * ````
      */
-    static async init({ databaseName, key, clientId, wasmFilePath, ciphersuites, entropySeed }) {
+    static async init({ databaseName, key, clientId, wasmFilePath, ciphersuites, entropySeed, nbKeyPackage, }) {
         if (!__classPrivateFieldGet(this, _a, "f", _CoreCrypto_module)) {
             const wasmImportArgs = wasmFilePath ? { importHook: () => wasmFilePath } : undefined;
             const exports = (await wasm(wasmImportArgs));
             __classPrivateFieldSet(this, _a, exports, "f", _CoreCrypto_module);
         }
         let cs = ciphersuites.map(cs => cs.valueOf());
-        const cc = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _a, "f", _CoreCrypto_module).CoreCrypto._internal_new(databaseName, key, clientId, Uint16Array.of(...cs), entropySeed));
+        const cc = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _a, "f", _CoreCrypto_module).CoreCrypto._internal_new(databaseName, key, clientId, Uint16Array.of(...cs), entropySeed, nbKeyPackage));
         return new this(cc);
     }
     /**
@@ -3981,14 +3969,14 @@ class CoreCrypto {
      * Use this clientId to initialize MLS with {@link CoreCrypto.mlsInit}.
      * @param params - {@link CoreCryptoDeferredParams}
      */
-    static async deferredInit({ databaseName, key, ciphersuites, entropySeed, wasmFilePath }) {
+    static async deferredInit({ databaseName, key, ciphersuites, entropySeed, wasmFilePath, nbKeyPackage, }) {
         if (!__classPrivateFieldGet(this, _a, "f", _CoreCrypto_module)) {
             const wasmImportArgs = wasmFilePath ? { importHook: () => wasmFilePath } : undefined;
             const exports = (await wasm(wasmImportArgs));
             __classPrivateFieldSet(this, _a, exports, "f", _CoreCrypto_module);
         }
         let cs = ciphersuites.map(cs => cs.valueOf());
-        const cc = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _a, "f", _CoreCrypto_module).CoreCrypto.deferred_init(databaseName, key, Uint16Array.of(...cs), entropySeed));
+        const cc = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _a, "f", _CoreCrypto_module).CoreCrypto.deferred_init(databaseName, key, Uint16Array.of(...cs), entropySeed, nbKeyPackage));
         return new this(cc);
     }
     /**
@@ -3996,10 +3984,11 @@ class CoreCrypto {
      *
      * @param clientId - {@link CoreCryptoParams#clientId} but required
      * @param ciphersuites - All the ciphersuites supported by this MLS client
+     * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client
      */
-    async mlsInit(clientId, ciphersuites) {
+    async mlsInit(clientId, ciphersuites, nbKeyPackage) {
         let cs = ciphersuites.map(cs => cs.valueOf());
-        return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").mls_init(clientId, Uint16Array.of(...cs)));
+        return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").mls_init(clientId, Uint16Array.of(...cs), nbKeyPackage));
     }
     /**
      * Generates a MLS KeyPair/CredentialBundle with a temporary, random client ID.
@@ -4779,7 +4768,7 @@ class CoreCrypto {
      * Creates an enrollment instance with private key material you can use in order to fetch
      * a new x509 certificate from the acme server.
      *
-     * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
+     * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `t6wRpI8BRSeviBwwiFp5MQ:6add501bacd1d90e@example.com`
      * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
      * @param handle - user handle e.g. `alice.smith.qa@example.com`
      * @param expiryDays - generated x509 certificate expiry
@@ -4794,7 +4783,7 @@ class CoreCrypto {
      * Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI.
      * Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
      *
-     * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
+     * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `t6wRpI8BRSeviBwwiFp5MQ:6add501bacd1d90e@example.com`
      * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
      * @param handle - user handle e.g. `alice.smith.qa@example.com`
      * @param expiryDays - generated x509 certificate expiry
@@ -4811,7 +4800,7 @@ class CoreCrypto {
      * has been revoked. It lets you change the DisplayName or the handle
      * if you need to. Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
      *
-     * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
+     * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `t6wRpI8BRSeviBwwiFp5MQ:6add501bacd1d90e@example.com`
      * @param expiryDays - generated x509 certificate expiry
      * @param ciphersuite - for generating signing key material
      * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
@@ -4828,10 +4817,11 @@ class CoreCrypto {
      *
      * @param enrollment - the enrollment instance used to fetch the certificates
      * @param certificateChain - the raw response from ACME server
+     * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client
      * @returns a MlsClient initialized with only a x509 credential
      */
-    async e2eiMlsInitOnly(enrollment, certificateChain) {
-        return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_mls_init_only(enrollment.inner(), certificateChain);
+    async e2eiMlsInitOnly(enrollment, certificateChain, nbKeyPackage) {
+        return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_mls_init_only(enrollment.inner(), certificateChain, nbKeyPackage);
     }
     /**
      * Creates a commit in all local conversations for changing the credential. Requires first