cipher-kit 2.0.0-beta.2 → 2.0.0-beta.4

package/dist/{chunk-WIZT7AYM.cjs → chunk-XIWV7XVI.cjs}

@@ -1,10 +1,10 @@
 'use strict';
 
-var chunkRXXVBCWL_cjs = require('./chunk-RXXVBCWL.cjs');
+var chunkUIV6DG54_cjs = require('./chunk-UIV6DG54.cjs');
 
 // src/web/kit.ts
 var kit_exports = {};
-chunkRXXVBCWL_cjs.__export(kit_exports, {
+chunkUIV6DG54_cjs.__export(kit_exports, {
   convertBytesToStr: () => convertBytesToStr,
   convertEncoding: () => convertEncoding,
   convertStrToBytes: () => convertStrToBytes,
@@ -16,6 +16,7 @@ chunkRXXVBCWL_cjs.__export(kit_exports, {
   generateUuid: () => generateUuid,
   hash: () => hash,
   hashPassword: () => hashPassword,
+  isWebSecretKey: () => isWebSecretKey,
   tryConvertBytesToStr: () => tryConvertBytesToStr,
   tryConvertEncoding: () => tryConvertEncoding,
   tryConvertStrToBytes: () => tryConvertStrToBytes,
@@ -34,34 +35,34 @@ chunkRXXVBCWL_cjs.__export(kit_exports, {
 var textEncoder = new TextEncoder();
 var textDecoder = new TextDecoder();
 function $convertStrToBytes(data, inputEncoding = "utf8") {
-  if (!chunkRXXVBCWL_cjs.$isStr(data)) {
-    return chunkRXXVBCWL_cjs.$err({
+  if (!chunkUIV6DG54_cjs.$isStr(data)) {
+    return chunkUIV6DG54_cjs.$err({
       msg: "Crypto Web API - String to Bytes: Empty data",
       desc: "Data must be a non-empty string"
     });
   }
-  if (!chunkRXXVBCWL_cjs.ENCODINGS.includes(inputEncoding)) {
-    return chunkRXXVBCWL_cjs.$err({
+  if (!chunkUIV6DG54_cjs.ENCODING.includes(inputEncoding)) {
+    return chunkUIV6DG54_cjs.$err({
       msg: `Crypto Web API - String to Bytes: Unsupported encoding: ${inputEncoding}`,
       desc: "Use base64, base64url, hex, utf8, or latin1"
     });
   }
   try {
     const bytes = strToBytes[inputEncoding](data);
-    return chunkRXXVBCWL_cjs.$ok({ result: bytes });
+    return chunkUIV6DG54_cjs.$ok({ result: bytes });
   } catch (error) {
-    return chunkRXXVBCWL_cjs.$err({ msg: "Crypto Web API - String to Bytes: Failed to convert data", desc: chunkRXXVBCWL_cjs.$fmtError(error) });
+    return chunkUIV6DG54_cjs.$err({ msg: "Crypto Web API - String to Bytes: Failed to convert data", desc: chunkUIV6DG54_cjs.$fmtError(error) });
   }
 }
 function $convertBytesToStr(data, outputEncoding = "utf8") {
   if (!(data instanceof ArrayBuffer || data instanceof Uint8Array)) {
-    return chunkRXXVBCWL_cjs.$err({
+    return chunkUIV6DG54_cjs.$err({
       msg: "Crypto Web API - Bytes to String: Invalid data type",
       desc: "Data must be an ArrayBuffer or Uint8Array"
     });
   }
-  if (!chunkRXXVBCWL_cjs.ENCODINGS.includes(outputEncoding)) {
-    return chunkRXXVBCWL_cjs.$err({
+  if (!chunkUIV6DG54_cjs.ENCODING.includes(outputEncoding)) {
+    return chunkUIV6DG54_cjs.$err({
       msg: `Crypto Web API - Bytes to String: Unsupported encoding: ${outputEncoding}`,
       desc: "Use base64, base64url, hex, utf8, or latin1"
     });
@@ -69,29 +70,29 @@ function $convertBytesToStr(data, outputEncoding = "utf8") {
   try {
     const bytes = data instanceof Uint8Array ? data : new Uint8Array(data);
     const str = bytesToStr[outputEncoding](bytes);
-    return chunkRXXVBCWL_cjs.$ok(str);
+    return chunkUIV6DG54_cjs.$ok(str);
   } catch (error) {
-    return chunkRXXVBCWL_cjs.$err({ msg: "Crypto Web API - Bytes to String: Failed to convert data", desc: chunkRXXVBCWL_cjs.$fmtError(error) });
+    return chunkUIV6DG54_cjs.$err({ msg: "Crypto Web API - Bytes to String: Failed to convert data", desc: chunkUIV6DG54_cjs.$fmtError(error) });
   }
 }
 function $convertEncoding(data, from, to) {
-  if (!chunkRXXVBCWL_cjs.$isStr(data)) {
-    return chunkRXXVBCWL_cjs.$err({
+  if (!chunkUIV6DG54_cjs.$isStr(data)) {
+    return chunkUIV6DG54_cjs.$err({
       msg: "Crypto Web API - Convert Format: Empty data",
       desc: "Data must be a non-empty string"
     });
   }
-  if (!chunkRXXVBCWL_cjs.ENCODINGS.includes(from) || !chunkRXXVBCWL_cjs.ENCODINGS.includes(to)) {
-    return chunkRXXVBCWL_cjs.$err({
+  if (!chunkUIV6DG54_cjs.ENCODING.includes(from) || !chunkUIV6DG54_cjs.ENCODING.includes(to)) {
+    return chunkUIV6DG54_cjs.$err({
       msg: `Crypto Web API - Convert Format: Unsupported encoding: from ${from} to ${to}`,
       desc: "Use base64, base64url, hex, utf8, or latin1"
     });
   }
   const bytes = $convertStrToBytes(data, from);
-  if (bytes.error) return chunkRXXVBCWL_cjs.$err({ msg: bytes.error.message, desc: bytes.error.description });
+  if (bytes.error) return chunkUIV6DG54_cjs.$err({ msg: bytes.error.message, desc: bytes.error.description });
   const str = $convertBytesToStr(bytes.result, to);
-  if (str.error) return chunkRXXVBCWL_cjs.$err({ msg: str.error.message, desc: str.error.description });
-  return chunkRXXVBCWL_cjs.$ok({ result: str.result });
+  if (str.error) return chunkUIV6DG54_cjs.$err({ msg: str.error.message, desc: str.error.description });
+  return chunkUIV6DG54_cjs.$ok({ result: str.result });
 }
 var strToBytes = {
   base64: $fromBase64,
@@ -157,45 +158,45 @@ function $fromHex(data) {
 // src/web/web-encrypt.ts
 function $generateUuid() {
   try {
-    return chunkRXXVBCWL_cjs.$ok(crypto.randomUUID());
+    return chunkUIV6DG54_cjs.$ok(crypto.randomUUID());
   } catch (error) {
-    return chunkRXXVBCWL_cjs.$err({ msg: "Crypto Web API - UUID Generation: Failed to generate UUID", desc: chunkRXXVBCWL_cjs.$fmtError(error) });
+    return chunkUIV6DG54_cjs.$err({ msg: `${chunkUIV6DG54_cjs.title("web", "UUID Generation")}: Failed to generate UUID`, desc: chunkUIV6DG54_cjs.$fmtError(error) });
   }
 }
 async function $createSecretKey(secret, options = {}) {
-  if (!chunkRXXVBCWL_cjs.$isStr(secret)) {
-    return chunkRXXVBCWL_cjs.$err({ msg: "Crypto Web API - Key Generation: Empty Secret", desc: "Secret must be a non-empty string" });
+  if (!chunkUIV6DG54_cjs.$isStr(secret)) {
+    return chunkUIV6DG54_cjs.$err({ msg: `${chunkUIV6DG54_cjs.title("web", "Key Generation")}: Empty Secret`, desc: "Secret must be a non-empty string" });
   }
   const algorithm = options.algorithm ?? "aes256gcm";
-  if (!(algorithm in chunkRXXVBCWL_cjs.ENCRYPTION_ALGORITHMS)) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: `Crypto NodeJS API - Key Generation: Unsupported algorithm: ${algorithm}`,
-      desc: `Supported algorithms are: ${Object.keys(chunkRXXVBCWL_cjs.ENCRYPTION_ALGORITHMS).join(", ")}`
+  if (!(algorithm in chunkUIV6DG54_cjs.ENCRYPTION_ALGORITHMS)) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Key Generation")}: Unsupported algorithm: ${algorithm}`,
+      desc: `Supported algorithms are: ${Object.keys(chunkUIV6DG54_cjs.ENCRYPTION_ALGORITHMS).join(", ")}`
     });
   }
   const digest = options.digest ?? "sha256";
-  if (!(digest in chunkRXXVBCWL_cjs.DIGEST_ALGORITHMS)) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: `Crypto NodeJS API - Key Generation: Unsupported digest: ${digest}`,
-      desc: `Supported digests are: ${Object.keys(chunkRXXVBCWL_cjs.DIGEST_ALGORITHMS).join(", ")}`
+  if (!(digest in chunkUIV6DG54_cjs.DIGEST_ALGORITHMS)) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Key Generation")}: Unsupported digest: ${digest}`,
+      desc: `Supported digests are: ${Object.keys(chunkUIV6DG54_cjs.DIGEST_ALGORITHMS).join(", ")}`
     });
   }
   const salt = options.salt ?? "cipher-kit-salt";
-  if (!chunkRXXVBCWL_cjs.$isStr(salt, 8)) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: "Crypto NodeJS API - Key Generation: Weak salt",
+  if (!chunkUIV6DG54_cjs.$isStr(salt, 8)) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Key Generation")}: Weak salt`,
       desc: "Salt must be a non-empty string with at least 8 characters"
     });
   }
   const info = options.info ?? "cipher-kit";
-  if (!chunkRXXVBCWL_cjs.$isStr(info)) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: "Crypto NodeJS API - Key Generation: Invalid info",
+  if (!chunkUIV6DG54_cjs.$isStr(info)) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Key Generation")}: Invalid info`,
       desc: "Info must be a non-empty string"
     });
   }
-  const encryptAlgo = chunkRXXVBCWL_cjs.ENCRYPTION_ALGORITHMS[algorithm];
-  const digestAlgo = chunkRXXVBCWL_cjs.DIGEST_ALGORITHMS[digest];
+  const encryptAlgo = chunkUIV6DG54_cjs.ENCRYPTION_ALGORITHMS[algorithm];
+  const digestAlgo = chunkUIV6DG54_cjs.DIGEST_ALGORITHMS[digest];
   try {
     const ikm = await crypto.subtle.importKey("raw", textEncoder.encode(secret.normalize("NFKC")), "HKDF", false, [
       "deriveKey"
@@ -215,182 +216,185 @@ async function $createSecretKey(secret, options = {}) {
     const secretKey = Object.freeze({
       platform: "web",
       digest,
-      algo: encryptAlgo,
+      algorithm,
       key
     });
-    return chunkRXXVBCWL_cjs.$ok({ result: secretKey });
+    return chunkUIV6DG54_cjs.$ok({ result: secretKey });
   } catch (error) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: "Crypto Web API - Key Generation: Failed to create secret key",
-      desc: chunkRXXVBCWL_cjs.$fmtError(error)
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Key Generation")}: Failed to create secret key`,
+      desc: chunkUIV6DG54_cjs.$fmtError(error)
     });
   }
 }
 async function $encrypt(data, secretKey, options = {}) {
-  if (!chunkRXXVBCWL_cjs.$isStr(data)) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: "Crypto Web API - Encryption: Empty data for encryption",
+  if (!chunkUIV6DG54_cjs.$isStr(data)) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Encryption")}: Empty data for encryption`,
       desc: "Data must be a non-empty string"
     });
   }
-  const inputEncoding = options.inputEncoding ?? "utf8";
-  const outputEncoding = options.outputEncoding ?? "base64url";
-  if (!chunkRXXVBCWL_cjs.ENCODINGS.includes(inputEncoding) || !chunkRXXVBCWL_cjs.ENCODINGS.includes(outputEncoding)) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: `Crypto Web API - Encryption: Unsupported encoding: input ${inputEncoding} or output ${outputEncoding}`,
-      desc: "Use base64, base64url, hex, utf8, or latin1"
+  const encoding = options.encoding ?? "base64url";
+  if (!chunkUIV6DG54_cjs.CIPHER_ENCODING.includes(encoding)) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Encryption")}: Unsupported output encoding: ${encoding}`,
+      desc: "Use base64, base64url, or hex"
     });
   }
-  if (!chunkRXXVBCWL_cjs.isSecretKey(secretKey, "web")) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: "Crypto Web API - Encryption: Invalid Secret Key",
+  const injectedKey = chunkUIV6DG54_cjs.$isSecretKey(secretKey, "web");
+  if (!injectedKey) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Encryption")}: Invalid Secret Key`,
       desc: "Expected a Web SecretKey"
     });
   }
-  const { result, error } = $convertStrToBytes(data, inputEncoding);
-  if (error) return chunkRXXVBCWL_cjs.$err(error);
+  const { result, error } = $convertStrToBytes(data, "utf8");
+  if (error) return chunkUIV6DG54_cjs.$err(error);
   try {
-    const iv = crypto.getRandomValues(new Uint8Array(secretKey.algo.ivLength));
-    const cipherWithTag = await crypto.subtle.encrypt({ name: secretKey.algo.web, iv }, secretKey.key, result);
-    const ivStr = $convertBytesToStr(iv, outputEncoding);
-    const cipherStr = $convertBytesToStr(cipherWithTag, outputEncoding);
+    const iv = crypto.getRandomValues(new Uint8Array(injectedKey.injected.ivLength));
+    const cipherWithTag = await crypto.subtle.encrypt(
+      { name: injectedKey.injected.web, iv },
+      injectedKey.key,
+      result
+    );
+    const ivStr = $convertBytesToStr(iv, encoding);
+    const cipherStr = $convertBytesToStr(cipherWithTag, encoding);
     if (ivStr.error || cipherStr.error) {
-      return chunkRXXVBCWL_cjs.$err({
-        msg: "Crypto Web API - Encryption: Failed to convert IV or encrypted data",
-        desc: `Conversion error: ${ivStr.error || cipherStr.error}`
+      return chunkUIV6DG54_cjs.$err({
+        msg: `${chunkUIV6DG54_cjs.title("web", "Encryption")}: Failed to convert IV or encrypted data`,
+        desc: `Conversion error: ${chunkUIV6DG54_cjs.$fmtResultErr(ivStr.error || cipherStr.error)}`
       });
     }
-    return chunkRXXVBCWL_cjs.$ok(`${ivStr.result}.${cipherStr.result}.`);
+    return chunkUIV6DG54_cjs.$ok(`${ivStr.result}.${cipherStr.result}.`);
   } catch (error2) {
-    return chunkRXXVBCWL_cjs.$err({ msg: "Crypto Web API - Encryption: Failed to encrypt data", desc: chunkRXXVBCWL_cjs.$fmtError(error2) });
+    return chunkUIV6DG54_cjs.$err({ msg: `${chunkUIV6DG54_cjs.title("web", "Encryption")}: Failed to encrypt data`, desc: chunkUIV6DG54_cjs.$fmtError(error2) });
   }
 }
 async function $decrypt(encrypted, secretKey, options = {}) {
-  if (chunkRXXVBCWL_cjs.matchPattern(encrypted, "web") === false) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: "Crypto Web API - Decryption: Invalid encrypted data format",
+  if (chunkUIV6DG54_cjs.matchPattern(encrypted, "web") === false) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Decryption")}: Invalid encrypted data format`,
       desc: 'Encrypted data must be in the format "iv.cipherWithTag."'
     });
   }
-  const inputEncoding = options.inputEncoding ?? "base64url";
-  const outputEncoding = options.outputEncoding ?? "utf8";
-  if (!chunkRXXVBCWL_cjs.ENCODINGS.includes(inputEncoding) || !chunkRXXVBCWL_cjs.ENCODINGS.includes(outputEncoding)) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: `Crypto Web API - Decryption: Unsupported encoding: input ${inputEncoding} or output ${outputEncoding}`,
-      desc: "Use base64, base64url, hex, utf8, or latin1"
+  const encoding = options.encoding ?? "base64url";
+  if (!chunkUIV6DG54_cjs.CIPHER_ENCODING.includes(encoding)) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Decryption")}: Unsupported input encoding: ${encoding}`,
+      desc: "Use base64, base64url, or hex"
     });
   }
   const [iv, encryptedWithTag] = encrypted.split(".", 3);
-  if (!chunkRXXVBCWL_cjs.$isStr(iv) || !chunkRXXVBCWL_cjs.$isStr(encryptedWithTag)) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: "Crypto Web API - Decryption: Invalid encrypted data",
+  if (!chunkUIV6DG54_cjs.$isStr(iv) || !chunkUIV6DG54_cjs.$isStr(encryptedWithTag)) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Decryption")}: Invalid encrypted data`,
       desc: "Encrypted data must contain valid IV, encrypted and tag components"
     });
   }
-  if (!chunkRXXVBCWL_cjs.isSecretKey(secretKey, "web")) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: "Crypto Web API - Decryption: Invalid Secret Key",
+  const injectedKey = chunkUIV6DG54_cjs.$isSecretKey(secretKey, "web");
+  if (!injectedKey) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Decryption")}: Invalid Secret Key`,
       desc: "Expected a Web SecretKey"
     });
   }
-  const ivBytes = $convertStrToBytes(iv, inputEncoding);
-  const cipherWithTagBytes = $convertStrToBytes(encryptedWithTag, inputEncoding);
+  const ivBytes = $convertStrToBytes(iv, encoding);
+  const cipherWithTagBytes = $convertStrToBytes(encryptedWithTag, encoding);
   if (ivBytes.error || cipherWithTagBytes.error) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: "Crypto Web API - Decryption: Failed to convert IV or encrypted data",
-      desc: `Conversion error: ${ivBytes.error || cipherWithTagBytes.error}`
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Decryption")}: Failed to convert IV or encrypted data`,
+      desc: `Conversion error: ${chunkUIV6DG54_cjs.$fmtResultErr(ivBytes.error || cipherWithTagBytes.error)}`
     });
   }
   try {
     const decrypted = await crypto.subtle.decrypt(
-      { name: secretKey.algo.web, iv: ivBytes.result },
-      secretKey.key,
+      { name: injectedKey.injected.web, iv: ivBytes.result },
+      injectedKey.key,
       cipherWithTagBytes.result
     );
     return $convertBytesToStr(decrypted, "utf8");
   } catch (error) {
-    return chunkRXXVBCWL_cjs.$err({ msg: "Crypto Web API - Decryption: Failed to decrypt data", desc: chunkRXXVBCWL_cjs.$fmtError(error) });
+    return chunkUIV6DG54_cjs.$err({ msg: `${chunkUIV6DG54_cjs.title("web", "Decryption")}: Failed to decrypt data`, desc: chunkUIV6DG54_cjs.$fmtError(error) });
   }
 }
 async function $encryptObj(data, secretKey, options = {}) {
-  const { result, error } = chunkRXXVBCWL_cjs.$stringifyObj(data);
-  if (error) return chunkRXXVBCWL_cjs.$err(error);
+  const { result, error } = chunkUIV6DG54_cjs.$stringifyObj(data);
+  if (error) return chunkUIV6DG54_cjs.$err(error);
   return await $encrypt(result, secretKey, options);
 }
 async function $decryptObj(encrypted, secretKey, options = {}) {
   const { result, error } = await $decrypt(encrypted, secretKey, options);
-  if (error) return chunkRXXVBCWL_cjs.$err(error);
-  return chunkRXXVBCWL_cjs.$parseToObj(result);
+  if (error) return chunkUIV6DG54_cjs.$err(error);
+  return chunkUIV6DG54_cjs.$parseToObj(result);
 }
 async function $hash(data, options = {}) {
-  if (!chunkRXXVBCWL_cjs.$isStr(data)) {
-    return chunkRXXVBCWL_cjs.$err({ msg: "Crypto Web API - Hashing: Empty data for hashing", desc: "Data must be a non-empty string" });
-  }
-  const inputEncoding = options.inputEncoding ?? "utf8";
-  const outputEncoding = options.outputEncoding ?? "base64url";
-  if (!chunkRXXVBCWL_cjs.ENCODINGS.includes(inputEncoding) || !chunkRXXVBCWL_cjs.ENCODINGS.includes(outputEncoding)) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: `Crypto Web API - Hashing: Unsupported input encoding: ${inputEncoding} or output encoding: ${outputEncoding}`,
-      desc: "Use base64, base64url, hex, utf8, or latin1"
+  if (!chunkUIV6DG54_cjs.$isStr(data)) {
+    return chunkUIV6DG54_cjs.$err({ msg: `${chunkUIV6DG54_cjs.title("web", "Hashing")}: Empty data for hashing`, desc: "Data must be a non-empty string" });
+  }
+  const encoding = options.encoding ?? "base64url";
+  if (!chunkUIV6DG54_cjs.CIPHER_ENCODING.includes(encoding)) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Hashing")}: Unsupported output encoding: ${encoding}`,
+      desc: "Use base64, base64url, or hex"
     });
   }
   const digest = options.digest ?? "sha256";
-  if (!(digest in chunkRXXVBCWL_cjs.DIGEST_ALGORITHMS)) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: `Crypto Web API - Hashing: Unsupported digest: ${digest}`,
-      desc: `Supported digests are: ${Object.keys(chunkRXXVBCWL_cjs.DIGEST_ALGORITHMS).join(", ")}`
+  if (!(digest in chunkUIV6DG54_cjs.DIGEST_ALGORITHMS)) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Hashing")}: Unsupported digest: ${digest}`,
+      desc: `Supported digests are: ${Object.keys(chunkUIV6DG54_cjs.DIGEST_ALGORITHMS).join(", ")}`
     });
   }
-  const digestAlgo = chunkRXXVBCWL_cjs.DIGEST_ALGORITHMS[digest];
-  const { result, error } = $convertStrToBytes(data, inputEncoding);
-  if (error) return chunkRXXVBCWL_cjs.$err(error);
+  const digestAlgo = chunkUIV6DG54_cjs.DIGEST_ALGORITHMS[digest];
+  const { result, error } = $convertStrToBytes(data, "utf8");
+  if (error) return chunkUIV6DG54_cjs.$err(error);
   try {
     const hashed = await crypto.subtle.digest(digestAlgo.web, result);
-    return $convertBytesToStr(hashed, outputEncoding);
+    return $convertBytesToStr(hashed, encoding);
   } catch (error2) {
-    return chunkRXXVBCWL_cjs.$err({ msg: "Crypto Web API - Hashing: Failed to hash data", desc: chunkRXXVBCWL_cjs.$fmtError(error2) });
+    return chunkUIV6DG54_cjs.$err({ msg: `${chunkUIV6DG54_cjs.title("web", "Hashing")}: Failed to hash data`, desc: chunkUIV6DG54_cjs.$fmtError(error2) });
   }
 }
 async function $hashPassword(password, options = {}) {
-  if (!chunkRXXVBCWL_cjs.$isStr(password)) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: "Crypto Web API - Password Hashing: Empty password",
+  if (!chunkUIV6DG54_cjs.$isStr(password)) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Password Hashing")}: Empty password`,
       desc: "Password must be a non-empty string"
     });
   }
   const digest = options.digest ?? "sha512";
-  if (!(digest in chunkRXXVBCWL_cjs.DIGEST_ALGORITHMS)) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: `Crypto Web API - Password Hashing: Unsupported digest: ${digest}`,
-      desc: `Supported digests are: ${Object.keys(chunkRXXVBCWL_cjs.DIGEST_ALGORITHMS).join(", ")}`
+  if (!(digest in chunkUIV6DG54_cjs.DIGEST_ALGORITHMS)) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Password Hashing")}: Unsupported digest: ${digest}`,
+      desc: `Supported digests are: ${Object.keys(chunkUIV6DG54_cjs.DIGEST_ALGORITHMS).join(", ")}`
     });
   }
-  const digestAlgo = chunkRXXVBCWL_cjs.DIGEST_ALGORITHMS[digest];
-  const outputEncoding = options.outputEncoding ?? "base64url";
-  if (!chunkRXXVBCWL_cjs.ENCODINGS.includes(outputEncoding)) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: `Crypto Web API - Password Hashing: Unsupported output encoding: ${outputEncoding}`,
-      desc: "Use base64, base64url, hex, utf8, or latin1"
+  const digestAlgo = chunkUIV6DG54_cjs.DIGEST_ALGORITHMS[digest];
+  const encoding = options.encoding ?? "base64url";
+  if (!chunkUIV6DG54_cjs.CIPHER_ENCODING.includes(encoding)) {
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Password Hashing")}: Unsupported output encoding: ${encoding}`,
+      desc: "Use base64, base64url, or hex"
     });
   }
   const saltLength = options.saltLength ?? 16;
   if (typeof saltLength !== "number" || saltLength < 8) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: "Crypto Web API - Password Hashing: Weak salt length",
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Password Hashing")}: Weak salt length`,
       desc: "Salt length must be a number and at least 8 bytes (recommended 16)"
     });
   }
   const iterations = options.iterations ?? 32e4;
   if (typeof iterations !== "number" || iterations < 1e3) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: "Crypto Web API - Password Hashing: Weak iteration count",
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Password Hashing")}: Weak iteration count`,
       desc: "Iterations must be a number and at least 1000 (recommended 320,000 or more)"
     });
   }
   const keyLength = options.keyLength ?? 64;
   if (typeof keyLength !== "number" || keyLength < 16) {
-    return chunkRXXVBCWL_cjs.$err({
-      msg: "Crypto Web API - Password Hashing: Weak key length",
+    return chunkUIV6DG54_cjs.$err({
+      msg: `${chunkUIV6DG54_cjs.title("web", "Password Hashing")}: Weak key length`,
       desc: "Key length must be a number and at least 16 bytes (recommended 64)"
     });
   }
@@ -408,29 +412,29 @@ async function $hashPassword(password, options = {}) {
       baseKey,
       keyLength * 8
     );
-    const saltStr = $convertBytesToStr(salt, outputEncoding);
-    if (saltStr.error) return chunkRXXVBCWL_cjs.$err(saltStr.error);
-    const hashedPasswordStr = $convertBytesToStr(bits, outputEncoding);
-    if (hashedPasswordStr.error) return chunkRXXVBCWL_cjs.$err(hashedPasswordStr.error);
-    return chunkRXXVBCWL_cjs.$ok({ hash: hashedPasswordStr.result, salt: saltStr.result });
+    const saltStr = $convertBytesToStr(salt, encoding);
+    if (saltStr.error) return chunkUIV6DG54_cjs.$err(saltStr.error);
+    const hashedPasswordStr = $convertBytesToStr(bits, encoding);
+    if (hashedPasswordStr.error) return chunkUIV6DG54_cjs.$err(hashedPasswordStr.error);
+    return chunkUIV6DG54_cjs.$ok({ hash: hashedPasswordStr.result, salt: saltStr.result });
   } catch (error) {
-    return chunkRXXVBCWL_cjs.$err({ msg: "Crypto Web API - Password Hashing: Failed to hash password", desc: chunkRXXVBCWL_cjs.$fmtError(error) });
+    return chunkUIV6DG54_cjs.$err({ msg: `${chunkUIV6DG54_cjs.title("web", "Password Hashing")}: Failed to hash password`, desc: chunkUIV6DG54_cjs.$fmtError(error) });
   }
 }
 async function $verifyPassword(password, hashedPassword, salt, options = {}) {
-  if (!chunkRXXVBCWL_cjs.$isStr(password) || !chunkRXXVBCWL_cjs.$isStr(hashedPassword) || !chunkRXXVBCWL_cjs.$isStr(salt)) return false;
+  if (!chunkUIV6DG54_cjs.$isStr(password) || !chunkUIV6DG54_cjs.$isStr(hashedPassword) || !chunkUIV6DG54_cjs.$isStr(salt)) return false;
   const digest = options.digest ?? "sha512";
-  if (!(digest in chunkRXXVBCWL_cjs.DIGEST_ALGORITHMS)) return false;
-  const digestAlgo = chunkRXXVBCWL_cjs.DIGEST_ALGORITHMS[digest];
-  const inputEncoding = options.inputEncoding ?? "base64url";
-  if (!chunkRXXVBCWL_cjs.ENCODINGS.includes(inputEncoding)) return false;
+  if (!(digest in chunkUIV6DG54_cjs.DIGEST_ALGORITHMS)) return false;
+  const digestAlgo = chunkUIV6DG54_cjs.DIGEST_ALGORITHMS[digest];
+  const encoding = options.encoding ?? "base64url";
+  if (!chunkUIV6DG54_cjs.CIPHER_ENCODING.includes(encoding)) return false;
   const iterations = options.iterations ?? 32e4;
   if (typeof iterations !== "number" || iterations < 1e3) return false;
   const keyLength = options.keyLength ?? 64;
   if (typeof keyLength !== "number" || keyLength < 16) return false;
-  const saltBytes = $convertStrToBytes(salt, "base64url");
+  const saltBytes = $convertStrToBytes(salt, encoding);
   if (saltBytes.error) return false;
-  const hashedPasswordBytes = $convertStrToBytes(hashedPassword, "base64url");
+  const hashedPasswordBytes = $convertStrToBytes(hashedPassword, encoding);
   if (hashedPasswordBytes.error) return false;
   try {
     const baseKey = await crypto.subtle.importKey(
@@ -452,24 +456,28 @@ async function $verifyPassword(password, hashedPassword, salt, options = {}) {
         keyLength * 8
       )
     );
+    if (bits === void 0 || hashedPasswordBytes.result === void 0) return false;
     if (bits.length !== hashedPasswordBytes.result.length) return false;
-    let isMatch = true;
+    let diff = 0;
     for (let i = 0; i < bits.length; i++) {
-      if (bits[i] !== hashedPasswordBytes.result[i]) isMatch = false;
+      diff |= bits[i] ^ hashedPasswordBytes.result[i];
     }
-    return isMatch;
+    return diff === 0;
   } catch {
     return false;
   }
 }
 
 // src/web/kit.ts
+function isWebSecretKey(x) {
+  return chunkUIV6DG54_cjs.$isSecretKey(x, "web") !== null;
+}
 function tryGenerateUuid() {
   return $generateUuid();
 }
 function generateUuid() {
   const { result, error } = $generateUuid();
-  if (error) throw new Error(chunkRXXVBCWL_cjs.$fmtResultErr(error));
+  if (error) throw new Error(chunkUIV6DG54_cjs.$fmtResultErr(error));
   return result;
 }
 async function tryCreateSecretKey(secret, options = {}) {
@@ -477,15 +485,15 @@ async function tryCreateSecretKey(secret, options = {}) {
 }
 async function createSecretKey(secret, options = {}) {
   const { result, error } = await $createSecretKey(secret, options);
-  if (error) throw new Error(chunkRXXVBCWL_cjs.$fmtResultErr(error));
+  if (error) throw new Error(chunkUIV6DG54_cjs.$fmtResultErr(error));
   return result;
 }
 async function tryEncrypt(data, secretKey, options = {}) {
   return await $encrypt(data, secretKey, options);
 }
 async function encrypt(data, secretKey, options = {}) {
-  const { result, error } = await $encrypt(data, secretKey);
-  if (error) throw new Error(chunkRXXVBCWL_cjs.$fmtResultErr(error));
+  const { result, error } = await $encrypt(data, secretKey, options);
+  if (error) throw new Error(chunkUIV6DG54_cjs.$fmtResultErr(error));
   return result;
 }
 async function tryDecrypt(encrypted, secretKey, options = {}) {
@@ -493,7 +501,7 @@ async function tryDecrypt(encrypted, secretKey, options = {}) {
 }
 async function decrypt(encrypted, secretKey, options = {}) {
   const { result, error } = await $decrypt(encrypted, secretKey, options);
-  if (error) throw new Error(chunkRXXVBCWL_cjs.$fmtResultErr(error));
+  if (error) throw new Error(chunkUIV6DG54_cjs.$fmtResultErr(error));
   return result;
 }
 async function tryEncryptObj(data, secretKey, options = {}) {
@@ -501,7 +509,7 @@ async function tryEncryptObj(data, secretKey, options = {}) {
 }
 async function encryptObj(data, secretKey, options = {}) {
   const { result, error } = await $encryptObj(data, secretKey, options);
-  if (error) throw new Error(chunkRXXVBCWL_cjs.$fmtResultErr(error));
+  if (error) throw new Error(chunkUIV6DG54_cjs.$fmtResultErr(error));
   return result;
 }
 async function tryDecryptObj(encrypted, secretKey, options = {}) {
@@ -509,7 +517,7 @@ async function tryDecryptObj(encrypted, secretKey, options = {}) {
 }
 async function decryptObj(encrypted, secretKey, options = {}) {
   const { result, error } = await $decryptObj(encrypted, secretKey, options);
-  if (error) throw new Error(chunkRXXVBCWL_cjs.$fmtResultErr(error));
+  if (error) throw new Error(chunkUIV6DG54_cjs.$fmtResultErr(error));
   return result;
 }
 async function tryHash(data, options = {}) {
@@ -517,7 +525,7 @@ async function tryHash(data, options = {}) {
 }
 async function hash(data, options = {}) {
   const { result, error } = await $hash(data, options);
-  if (error) throw new Error(chunkRXXVBCWL_cjs.$fmtResultErr(error));
+  if (error) throw new Error(chunkUIV6DG54_cjs.$fmtResultErr(error));
   return result;
 }
 async function tryHashPassword(password, options = {}) {
@@ -525,7 +533,7 @@ async function tryHashPassword(password, options = {}) {
 }
 async function hashPassword(password, options = {}) {
   const { hash: hash2, salt, error } = await $hashPassword(password, options);
-  if (error) throw new Error(chunkRXXVBCWL_cjs.$fmtResultErr(error));
+  if (error) throw new Error(chunkUIV6DG54_cjs.$fmtResultErr(error));
   return { hash: hash2, salt };
 }
 async function verifyPassword(password, hashedPassword, salt, options = {}) {
@@ -536,7 +544,7 @@ function tryConvertStrToBytes(data, inputEncoding = "utf8") {
 }
 function convertStrToBytes(data, inputEncoding = "utf8") {
   const { result, error } = $convertStrToBytes(data, inputEncoding);
-  if (error) throw new Error(chunkRXXVBCWL_cjs.$fmtResultErr(error));
+  if (error) throw new Error(chunkUIV6DG54_cjs.$fmtResultErr(error));
   return result;
 }
 function tryConvertBytesToStr(data, outputEncoding = "utf8") {
@@ -544,7 +552,7 @@ function tryConvertBytesToStr(data, outputEncoding = "utf8") {
 }
 function convertBytesToStr(data, outputEncoding = "utf8") {
   const { result, error } = $convertBytesToStr(data, outputEncoding);
-  if (error) throw new Error(chunkRXXVBCWL_cjs.$fmtResultErr(error));
+  if (error) throw new Error(chunkUIV6DG54_cjs.$fmtResultErr(error));
   return result;
 }
 function tryConvertEncoding(data, from, to) {
@@ -552,7 +560,7 @@ function tryConvertEncoding(data, from, to) {
 }
 function convertEncoding(data, from, to) {
   const { result, error } = $convertEncoding(data, from, to);
-  if (error) throw new Error(chunkRXXVBCWL_cjs.$fmtResultErr(error));
+  if (error) throw new Error(chunkUIV6DG54_cjs.$fmtResultErr(error));
   return result;
 }
 
@@ -567,6 +575,7 @@ exports.encryptObj = encryptObj;
 exports.generateUuid = generateUuid;
 exports.hash = hash;
 exports.hashPassword = hashPassword;
+exports.isWebSecretKey = isWebSecretKey;
 exports.kit_exports = kit_exports;
 exports.tryConvertBytesToStr = tryConvertBytesToStr;
 exports.tryConvertEncoding = tryConvertEncoding;
@@ -580,5 +589,5 @@ exports.tryGenerateUuid = tryGenerateUuid;
 exports.tryHash = tryHash;
 exports.tryHashPassword = tryHashPassword;
 exports.verifyPassword = verifyPassword;
-//# sourceMappingURL=chunk-WIZT7AYM.cjs.map
-//# sourceMappingURL=chunk-WIZT7AYM.cjs.map
+//# sourceMappingURL=chunk-XIWV7XVI.cjs.map
+//# sourceMappingURL=chunk-XIWV7XVI.cjs.map