bsv-bap 0.3.2 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/touchid.d.ts +2 -1
- package/package.json +4 -3
- package/src/cli.ts +1 -1
- package/src/touchid.ts +37 -15
package/dist/touchid.d.ts
CHANGED
|
@@ -9,7 +9,8 @@
|
|
|
9
9
|
* - Config stores sentinel "se:bap-master" in rootPkEncrypted
|
|
10
10
|
* - Plaintext WIF never touches disk when Touch ID is active
|
|
11
11
|
*
|
|
12
|
-
* Powered by @1sat/vault (
|
|
12
|
+
* Powered by the provider-based @1sat/vault (>=0.0.6): the platform-agnostic
|
|
13
|
+
* vault interface plus the macOS SecureEnclaveProvider from @1sat/wallet-mac.
|
|
13
14
|
*/
|
|
14
15
|
/**
|
|
15
16
|
* Encrypt a WIF private key with the Secure Enclave.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "bsv-bap",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.3",
|
|
4
4
|
"description": "BAP npm module",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -50,7 +50,8 @@
|
|
|
50
50
|
"typescript": "^5.9.3"
|
|
51
51
|
},
|
|
52
52
|
"dependencies": {
|
|
53
|
-
"@1sat/vault": "0.0.
|
|
53
|
+
"@1sat/vault": "^0.0.8",
|
|
54
|
+
"@1sat/wallet-mac": "^0.0.5",
|
|
54
55
|
"commander": "^14.0.3",
|
|
55
56
|
"schema-dts": "^1.1.5"
|
|
56
57
|
},
|
|
@@ -58,6 +59,6 @@
|
|
|
58
59
|
"@bsv/sdk": "^2.0.1"
|
|
59
60
|
},
|
|
60
61
|
"trustedDependencies": [
|
|
61
|
-
"@1sat/
|
|
62
|
+
"@1sat/wallet-mac"
|
|
62
63
|
]
|
|
63
64
|
}
|
package/src/cli.ts
CHANGED
package/src/touchid.ts
CHANGED
|
@@ -9,19 +9,40 @@
|
|
|
9
9
|
* - Config stores sentinel "se:bap-master" in rootPkEncrypted
|
|
10
10
|
* - Plaintext WIF never touches disk when Touch ID is active
|
|
11
11
|
*
|
|
12
|
-
* Powered by @1sat/vault (
|
|
12
|
+
* Powered by the provider-based @1sat/vault (>=0.0.6): the platform-agnostic
|
|
13
|
+
* vault interface plus the macOS SecureEnclaveProvider from @1sat/wallet-mac.
|
|
13
14
|
*/
|
|
14
15
|
|
|
15
|
-
import {
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
removeSecret,
|
|
20
|
-
unlockSecret,
|
|
21
|
-
} from "@1sat/vault";
|
|
16
|
+
import { homedir } from "node:os";
|
|
17
|
+
import { resolve } from "node:path";
|
|
18
|
+
import { createVault, FileVaultStorage, type Vault } from "@1sat/vault";
|
|
19
|
+
import { SecureEnclaveProvider } from "@1sat/wallet-mac";
|
|
22
20
|
|
|
23
21
|
const LABEL = "bap-master";
|
|
24
22
|
|
|
23
|
+
/** Directory where the Secure Enclave ciphertext entries are stored. */
|
|
24
|
+
const VAULT_DIR = resolve(homedir(), ".secure-enclave-vault");
|
|
25
|
+
|
|
26
|
+
let providerInstance: SecureEnclaveProvider | undefined;
|
|
27
|
+
|
|
28
|
+
/** The macOS Secure Enclave provider (Touch ID prompt branded as "bap"). */
|
|
29
|
+
function getProvider(): SecureEnclaveProvider {
|
|
30
|
+
if (!providerInstance) {
|
|
31
|
+
providerInstance = new SecureEnclaveProvider({ name: "bap" });
|
|
32
|
+
}
|
|
33
|
+
return providerInstance;
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
let vaultInstance: Vault | undefined;
|
|
37
|
+
|
|
38
|
+
/** Build the Secure Enclave vault from the provider and on-disk storage. */
|
|
39
|
+
function getVault(): Vault {
|
|
40
|
+
if (!vaultInstance) {
|
|
41
|
+
vaultInstance = createVault(getProvider(), new FileVaultStorage(VAULT_DIR));
|
|
42
|
+
}
|
|
43
|
+
return vaultInstance;
|
|
44
|
+
}
|
|
45
|
+
|
|
25
46
|
/**
|
|
26
47
|
* Encrypt a WIF private key with the Secure Enclave.
|
|
27
48
|
*
|
|
@@ -29,7 +50,7 @@ const LABEL = "bap-master";
|
|
|
29
50
|
* Returns the sentinel string "se:bap-master" to store in config.
|
|
30
51
|
*/
|
|
31
52
|
export async function protectRootKey(wif: string): Promise<string> {
|
|
32
|
-
await protectSecret(LABEL, wif, { type: "bap-root" });
|
|
53
|
+
await getVault().protectSecret(LABEL, wif, { type: "bap-root" });
|
|
33
54
|
return `se:${LABEL}`;
|
|
34
55
|
}
|
|
35
56
|
|
|
@@ -47,7 +68,7 @@ export async function unlockRootKey(sentinel: string): Promise<string> {
|
|
|
47
68
|
);
|
|
48
69
|
}
|
|
49
70
|
const label = sentinel.slice(3);
|
|
50
|
-
const { plaintext } = await unlockSecret(label);
|
|
71
|
+
const { plaintext } = await getVault().unlockSecret(label);
|
|
51
72
|
return plaintext;
|
|
52
73
|
}
|
|
53
74
|
|
|
@@ -57,7 +78,7 @@ export async function unlockRootKey(sentinel: string): Promise<string> {
|
|
|
57
78
|
* The caller must replace rootPkEncrypted with rootPk before calling this.
|
|
58
79
|
*/
|
|
59
80
|
export async function removeProtection(): Promise<void> {
|
|
60
|
-
await removeSecret(LABEL);
|
|
81
|
+
await getVault().removeSecret(LABEL);
|
|
61
82
|
}
|
|
62
83
|
|
|
63
84
|
/**
|
|
@@ -68,12 +89,13 @@ export async function getTouchIDStatus(hasEncryptedKey: boolean): Promise<{
|
|
|
68
89
|
biometryType: string;
|
|
69
90
|
protected: boolean;
|
|
70
91
|
}> {
|
|
71
|
-
|
|
92
|
+
const provider = getProvider();
|
|
93
|
+
if (!provider.isSupported()) {
|
|
72
94
|
return { available: false, biometryType: "None", protected: false };
|
|
73
95
|
}
|
|
74
|
-
const status = await checkAvailability();
|
|
96
|
+
const status = await provider.checkAvailability();
|
|
75
97
|
return {
|
|
76
|
-
available: status.
|
|
98
|
+
available: status.supported && status.biometryAvailable,
|
|
77
99
|
biometryType: status.biometryType,
|
|
78
100
|
protected: hasEncryptedKey,
|
|
79
101
|
};
|
|
@@ -83,5 +105,5 @@ export async function getTouchIDStatus(hasEncryptedKey: boolean): Promise<{
|
|
|
83
105
|
* Synchronous check for Secure Enclave support (macOS arm64).
|
|
84
106
|
*/
|
|
85
107
|
export function isTouchIDSupported(): boolean {
|
|
86
|
-
return isSupported();
|
|
108
|
+
return getProvider().isSupported();
|
|
87
109
|
}
|