encrypt-rsa 3.3.0 → 4.0.0

package/README.md

@@ -1,237 +1,300 @@
 # NodeRSA
 
-**NodeRSA** is a library that provides easy-to-use methods for RSA encryption and decryption. It allows generating RSA key pairs, encrypting, and decrypting strings with RSA public and private keys. This library is ideal for secure data transmission, authentication systems, and any application requiring cryptographic security.
+**NodeRSA** is a library that provides easy-to-use methods for RSA encryption and decryption. It supports **Node.js** and **browser** (web) with the same API. Generate RSA key pairs, encrypt and decrypt strings with public and private keys. Ideal for secure data transmission, authentication systems, and any application requiring cryptographic security.
 
 ## Installation
+
 ```bash
 npm install encrypt-rsa
-// OR
+# OR
 yarn add encrypt-rsa
 ```
 
+## Breaking changes (vs 3.x)
+
+If you are upgrading from **3.x**, this release includes breaking changes. You should bump to **4.0.0** when publishing:
+
+1. **Async API** – All crypto methods now return **Promises** (sync → async). You must use `await` or `.then()`.
+   - **Before (3.x):** `const encrypted = nodeRSA.encryptStringWithRsaPublicKey({ text, publicKey });`
+   - **After (4.x):** `const encrypted = await nodeRSA.encryptStringWithRsaPublicKey({ text, publicKey });`
+2. **Entry points** – The package now has separate Node and Web builds. `main`/`module`/`types` point to the Node build; the `browser` field and conditional `exports` point to the Web build. If you required a specific path (e.g. `encrypt-rsa/build/index.js`), update to the new entry points or use the package root `encrypt-rsa`.
+3. **Buffer methods** – `decryptBufferWithRsaPrivateKey` now returns `Promise<Uint8Array>` (type). In Node the runtime value is still a `Buffer` (extends `Uint8Array`). Prefer `Uint8Array` in types; avoid relying on `instanceof Buffer` in shared code.
+
+See [CHANGELOG.md](./CHANGELOG.md) for the full list of changes.
+
+## Node and Web (browser)
+
+One package, two environments:
+
+- **Node.js**: Uses the built-in `crypto` module. All crypto methods return **Promises** (async API).
+- **Browser**: Uses the Web Crypto API. Same async API; bundlers resolve the web build via `exports` / `browser` field.
+
+You use the same import; the correct implementation is chosen at build/runtime:
+
+```ts
+import NodeRSA from 'encrypt-rsa';
+```
+
+- In Node (or when your bundler targets Node), you get the Node build.
+- When your bundler targets the browser, you get the web build.
+
+**Browser note:** In the browser build, `encrypt(privateKey)` and `decrypt(publicKey)` are not supported (Web Crypto does not support that flow) and will throw. Use `encryptStringWithRsaPublicKey` / `decryptStringWithRsaPrivateKey` for encryption and decryption.
+
+### Same interface (Node and Web)
+
+Both the Node and Web builds expose the **same class and method signatures** (they implement the shared `INodeRSA` interface). You write the same code; only the resolved implementation changes:
+
+- **Same class:** `NodeRSA`
+- **Same constructor:** `(publicKey?: string, privateKey?: string, modulusLength?: number)`
+- **Same methods:** `encryptStringWithRsaPublicKey`, `decryptStringWithRsaPrivateKey`, `encrypt`, `decrypt`, `createPrivateAndPublicKeys`, `encryptBufferWithRsaPublicKey`, `decryptBufferWithRsaPrivateKey`
+- **Same parameter and return types:** All crypto methods return `Promise<...>`; buffer methods use `Uint8Array` (in Node, `Buffer` extends `Uint8Array` so it works as well).
+
+See [docs/FEATURE_PARITY.md](docs/FEATURE_PARITY.md) for a feature-by-feature comparison of Node vs Web (including the browser limitation for `encrypt`/`decrypt` with private/public key).
+
 ## Usage
-**Importing the Library**
+
+### Example: Node.js
 
 ```ts
+// Node (CommonJS or ESM)
 import NodeRSA from 'encrypt-rsa';
+
+const nodeRSA = new NodeRSA();
+const { publicKey, privateKey } = await nodeRSA.createPrivateAndPublicKeys(2048);
+
+const encrypted = await nodeRSA.encryptStringWithRsaPublicKey({
+  text: 'Secret message',
+  publicKey,
+});
+console.log('Encrypted:', encrypted);
+
+const decrypted = await nodeRSA.decryptStringWithRsaPrivateKey({
+  text: encrypted,
+  privateKey,
+});
+console.log('Decrypted:', decrypted);
+```
+
+### Example: Browser (Web)
+
+```ts
+// Browser (ESM or bundled) – same API
+import NodeRSA from 'encrypt-rsa';
+
+const nodeRSA = new NodeRSA();
+const { publicKey, privateKey } = await nodeRSA.createPrivateAndPublicKeys(2048);
+
+const encrypted = await nodeRSA.encryptStringWithRsaPublicKey({
+  text: 'Secret message',
+  publicKey,
+});
+console.log('Encrypted:', encrypted);
+
+const decrypted = await nodeRSA.decryptStringWithRsaPrivateKey({
+  text: encrypted,
+  privateKey,
+});
+console.log('Decrypted:', decrypted);
 ```
 
-## Creating an Instance
+When your bundler targets the browser, it resolves the web build; the code above is unchanged.
 
-You can create an instance of the NodeRSA class with optional public and private keys and modulus length.
+### Creating an instance
 
 ```ts
-const nodeRSA = new NodeRSA(publicKey, privateKey, modulusLength);
+const nodeRSA = new NodeRSA(publicKey?, privateKey?, modulusLength?);
 ```
 
-## Generating RSA Key Pairs
-To generate a new pair of RSA keys:
+### Generating RSA key pairs
+
+All crypto methods return **Promises**. Use `await` or `.then()`:
 
 ```ts
-const { publicKey, privateKey } = nodeRSA.createPrivateAndPublicKeys(modulusLength);
+const { publicKey, privateKey } = await nodeRSA.createPrivateAndPublicKeys(modulusLength);
 console.log('Public Key:', publicKey);
 console.log('Private Key:', privateKey);
 ```
 
-## Encrypting and Decrypting Strings
-### Encrypting with RSA Public Key
+### Encrypting and decrypting strings
+
+#### Encrypt with public key, decrypt with private key
+
 ```ts
-const text = "Hello, World!";
-const encryptedString = nodeRSA.encryptStringWithRsaPublicKey({ text, publicKey });
+const text = 'Hello, World!';
+const encryptedString = await nodeRSA.encryptStringWithRsaPublicKey({ text, publicKey });
 console.log('Encrypted:', encryptedString);
-```
 
-### Decrypting with RSA Private Key
-```ts
-const decryptedString = nodeRSA.decryptStringWithRsaPrivateKey({ text: encryptedString, privateKey });
+const decryptedString = await nodeRSA.decryptStringWithRsaPrivateKey({
+  text: encryptedString,
+  privateKey,
+});
 console.log('Decrypted:', decryptedString);
 ```
 
-### Encrypting with RSA Private Key
+#### Encrypt with private key, decrypt with public key (Node only)
+
+In the **browser build**, these methods throw. In **Node**, they work:
+
 ```ts
-const text = "Hello, World!";
-const encryptedString = nodeRSA.encrypt({ text, privateKey });
+const encryptedString = await nodeRSA.encrypt({ text, privateKey });
 console.log('Encrypted with Private Key:', encryptedString);
+
+const decryptedString = await nodeRSA.decrypt({ text: encryptedString, publicKey });
+console.log('Decrypted with Public Key:', decryptedString);
 ```
 
-### Decrypting with RSA Public Key
+### Buffer encryption (same interface: `Uint8Array`)
+
+Both Node and Web use **`Uint8Array`** in the method signature. In Node, `Buffer` extends `Uint8Array`, so you can pass a `Buffer` as well. Return type is `Promise<Uint8Array>` in both environments.
+
 ```ts
-const decryptedString = nodeRSA.decrypt({ text: encryptedString, publicKey });
-console.log('Decrypted with Public Key:', decryptedString);
+// Node
+const buffer = Buffer.from('This is some binary data');
+
+// Browser (or shared code)
+const buffer = new TextEncoder().encode('This is some binary data');
+
+const encryptedBuffer = await nodeRSA.encryptBufferWithRsaPublicKey(buffer, publicKey);
+const decryptedBuffer = await nodeRSA.decryptBufferWithRsaPrivateKey(
+  encryptedBuffer,
+  privateKey
+);
+
+// Node: decryptedBuffer is Buffer
+// Browser: decryptedBuffer is Uint8Array
+console.log(
+  decryptedBuffer instanceof Uint8Array
+    ? new TextDecoder().decode(decryptedBuffer)
+    : decryptedBuffer.toString()
+);
 ```
 
 ## API
-### NodeRSA Class
 
-### Constructor
+### NodeRSA class
+
+#### Constructor
+
 ```ts
 constructor(publicKey?: string, privateKey?: string, modulusLength?: number)
 ```
-- `publicKey`: Optional. The RSA public key.
-- `privateKey`: Optional. The RSA private key.
-- `modulusLength`: Optional. The modulus length for the RSA key pair (default is 2048).
-
-### Methods
-1. `createPrivateAndPublicKeys(modulusLength: number = this.modulusLength): returnCreateKeys`
-    - Generates a new pair of RSA keys.
-    - `modulusLength`: Optional. The modulus length for the RSA key pair (default is the instance's modulus length).
-    - Returns an object containing the `publicKey` and `privateKey`.
-2. `encryptStringWithRsaPublicKey(args: parametersOfEncrypt): string`
-   - Encrypts a string with the given RSA public key.
-   - `args`: Object containing `text` and optionally `publicKey`.
-   - Returns the encrypted string in base64 format.
-  
-3. `decryptStringWithRsaPrivateKey(args: parametersOfDecrypt): string`
-    - Decrypts a string with the given RSA private key.
-    - `args`: Object containing `text` and optionally `privateKey`.
-    - Returns the decrypted string.
-  
-4. `encrypt(args: parametersOfEncryptPrivate): string`
-    - Encrypts a string with the given RSA private key.
-    - `args`: Object containing `text` and optionally `privateKey`.
-    - Returns the encrypted string in base64 format.
-    - 
-5. `decrypt(args: parametersOfDecryptPublic): string`
-    - Decrypts a string with the given RSA public key.
-    - `args`: Object containing `text` and optionally `publicKey`.
-    - Returns the decrypted string.
-  
-### Types
-1. parametersOfEncrypt
-```ts
-{
-  text: string;
-  publicKey?: string;
-}
-```
-2. parametersOfDecrypt
-```ts
-{
-  text: string;
-  privateKey?: string;
-}
-```
-3. parametersOfEncryptPrivate
-```ts
-{
-  text: string;
-  privateKey?: string;
-}
-```
-4. parametersOfDecryptPublic
-```ts
-{
-  text: string;
-  publicKey?: string;
-}
-```
-5. returnCreateKeys
-```ts
-{
-  publicKey: string;
-  privateKey: string;
-}
-```
 
-### Utilities
-1. `convertKetToBase64(key: string): string` 
-   Converts a given key to base64 format.
+- `publicKey`: Optional. RSA public key (PEM).
+- `privateKey`: Optional. RSA private key (PEM).
+- `modulusLength`: Optional. Modulus length in bits (default 2048).
 
-### Helper Functions
-1. `encode`
-Encodes a string to base64.
+#### Methods (all crypto methods return `Promise<...>`)
 
-2. `decode`
-Decodes a base64 string.
+| Method | Returns | Description |
+|--------|---------|-------------|
+| `createPrivateAndPublicKeys(modulusLength?)` | `Promise<{ publicKey, privateKey }>` | Generate RSA key pair (PEM). |
+| `encryptStringWithRsaPublicKey(args)` | `Promise<string>` | Encrypt with public key. |
+| `decryptStringWithRsaPrivateKey(args)` | `Promise<string>` | Decrypt with private key. |
+| `encrypt(args)` | `Promise<string>` | Encrypt with private key. **Node only.** |
+| `decrypt(args)` | `Promise<string>` | Decrypt with public key. **Node only.** |
+| `encryptBufferWithRsaPublicKey(buffer, publicKey?)` | `Promise<string>` | Encrypt buffer; returns base64 string. |
+| `decryptBufferWithRsaPrivateKey(encryptedText, privateKey?)` | `Promise<Uint8Array>` | Decrypt to buffer (same type in Node and Web). |
 
-### Use Cases
+#### Parameter types
 
-#### Secure Data Transmission
+- `parametersOfEncrypt`: `{ text: string; publicKey?: string }`
+- `parametersOfDecrypt`: `{ text: string; privateKey?: string }`
+- `parametersOfEncryptPrivate`: `{ text: string; privateKey?: string }`
+- `parametersOfDecryptPublic`: `{ text: string; publicKey?: string }`
+- `returnCreateKeys`: `{ publicKey: string; privateKey: string }`
 
-NodeRSA can be used to securely transmit sensitive data over insecure channels. Encrypt data with the recipient's public key before sending it. Only the recipient can decrypt the data with their private key.
+### Algorithm and key format
 
+- **RSA-OAEP** with **SHA-1** for encrypt/decrypt with public/private key (cross-compatible between Node and browser).
+- Keys are **PEM** (SPKI for public, PKCS#8 for private). Keys generated on one side work on the other.
+
+## Use cases
+
+### Secure data transmission
 
 ```ts
 // Sender
-const encryptedMessage = nodeRSA.encryptStringWithRsaPublicKey({ text: "Sensitive data", publicKey: recipientPublicKey });
-// Send `encryptedMessage` to the recipient
+const encryptedMessage = await nodeRSA.encryptStringWithRsaPublicKey({
+  text: 'Sensitive data',
+  publicKey: recipientPublicKey,
+});
+// Send encryptedMessage to the recipient
 
 // Recipient
-const decryptedMessage = nodeRSA.decryptStringWithRsaPrivateKey({ text: encryptedMessage, privateKey: recipientPrivateKey });
+const decryptedMessage = await nodeRSA.decryptStringWithRsaPrivateKey({
+  text: encryptedMessage,
+  privateKey: recipientPrivateKey,
+});
 console.log('Decrypted Message:', decryptedMessage);
 ```
 
-#### Authentication Systems
-NodeRSA can be used in authentication systems to encrypt credentials and sensitive information.
-
+### Authentication
 
 ```ts
-// Encrypting user credentials
-const encryptedCredentials = nodeRSA.encryptStringWithRsaPublicKey({ text: "username:password", publicKey: serverPublicKey });
-
-// Decrypting credentials on the server
-const decryptedCredentials = nodeRSA.decryptStringWithRsaPrivateKey({ text: encryptedCredentials, privateKey: serverPrivateKey });
+const encryptedCredentials = await nodeRSA.encryptStringWithRsaPublicKey({
+  text: 'username:password',
+  publicKey: serverPublicKey,
+});
+
+const decryptedCredentials = await nodeRSA.decryptStringWithRsaPrivateKey({
+  text: encryptedCredentials,
+  privateKey: serverPrivateKey,
+});
 console.log('Decrypted Credentials:', decryptedCredentials);
 ```
 
-### Buffer Encryption/Decryption Methods:
+## Testing
 
-1. `encryptBufferWithRsaPublicKey`: Converts a buffer to Base64 and then encrypts the Base64 string.
-2. `decryptBufferWithRsaPrivateKey`: Decrypts the Base64 string and converts it back to a buffer.
+The project includes tests for both the **Node** and **web** builds:
 
-#### Example Usage
-```ts
-const nodeRSA = new NodeRSA();
+- **Node tests** (`tests/functionalty.node.spec.ts`): Run against the Node build; cover all methods including encrypt/decrypt with private/public key and buffer operations.
+- **Web tests** (`tests/functionalty.web.spec.ts`): Run against the web build; require `crypto.subtle` (Node 19+ or a browser). Skipped automatically when Web Crypto is not available.
 
-// Generate keys
-const { publicKey, privateKey } = nodeRSA.createPrivateAndPublicKeys();
+```bash
+npm test
+```
 
-// Example buffer
-const buffer = Buffer.from('This is some binary data');
+Both suites run with `npm test`. Web tests are skipped when `crypto.subtle` is not available (e.g. Node below 19).
+
+## Documentation
 
-// Encrypt the buffer
-const encryptedBuffer = nodeRSA.encryptBufferWithRsaPublicKey(buffer, publicKey);
-console.log('Encrypted Buffer:', encryptedBuffer);
+API documentation is generated with [Compodoc](https://compodoc.app). To generate the docs (from the Node build source):
 
-// Decrypt back to buffer
-const decryptedBuffer = nodeRSA.decryptBufferWithRsaPrivateKey(encryptedBuffer, privateKey);
-console.log('Decrypted Buffer:', decryptedBuffer.toString());  // should log: 'This is some binary data'
+```bash
+npm run docs
+```
+
+Generated files are written to the `docs/` folder. To serve them locally:
+
+```bash
+npm run docs:serve
 ```
 
+The docs reflect the **NodeRSA** class and its async API (Node and web share the same interface).
 
-#### Digital Signatures
+## Releasing
 
-Although not directly covered by the current implementation, RSA can also be used for creating and verifying digital signatures to ensure data integrity and authenticity.
+- **Changelog from commits:** Run `npm run changelog` to update [CHANGELOG.md](./CHANGELOG.md) from conventional commits since the last tag (`feat:`, `fix:`, `BREAKING CHANGE:`, etc.).
+- **Full release:** Run `npm run release -- --release-as major|minor|patch` to bump version, update the changelog, commit, and tag. Push to `master` to trigger the publish workflow (see [.github/workflows/publish.yml](./.github/workflows/publish.yml)).
 
+**Publish via GitHub Actions (on merge to `master`):**
+
+1. **Secret:** In the repo go to **Settings → Secrets and variables → Actions** and add **NPM_TOKEN** (npm automation token with “Publish” permission).
+2. **Trigger:** Merging (or pushing) to the **master** branch runs the workflow: install → test → build → publish. The [JS-DevTools/npm-publish](https://github.com/JS-DevTools/npm-publish) action publishes only if the version in `package.json` is **greater** than the latest on npm; otherwise the job succeeds but skips publishing.
+3. **Optional:** To make installs reproducible in CI, commit `package-lock.json` (remove it from `.gitignore`) and change the workflow step from `npm install` to `npm ci`.
 
 ## Contribution
-We welcome contributions to the NodeRSA library! If you'd like to contribute, please follow these steps:
 
 1. Fork the repository on GitHub.
-2. Clone your forked repository to your local machine.
-```bash
-git clone git@github.com:miladezzat/encrypt-rsa.git
-```
-3. Create a new branch for your feature or bugfix.
-```bash
-git checkout -b feature/your-feature-name
-```
-4. Make your changes to the codebase.
-5. Commit your changes with a clear and descriptive commit message.
-```bash
-git commit -m "Description of your feature or fix"
-```
-6. Push your changes to your forked repository.
-```bash
-git push origin feature/your-feature-name
-```
-7. Create a pull request on the original repository. Be sure to include a detailed description of your changes and the problem they solve.
+2. Clone your fork: `git clone git@github.com:miladezzat/encrypt-rsa.git`
+3. Create a branch: `git checkout -b feature/your-feature-name`
+4. Make your changes, then commit with a clear message.
+5. Push to your fork and open a pull request with a description of your changes.
 
-## Code of Conduct
-Please note that this project is released with a [Contributor Code of Conduct](./CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.
+## Code of conduct
 
+This project is released with a [Contributor Code of Conduct](./CODE_OF_CONDUCT.md). By participating you agree to abide by its terms.
 
-## Reporting Issues
-If you encounter any issues, please report them using the GitHub issue tracker. Include details about the problem and your environment (OS, Node.js version, etc.).
+## Reporting issues
 
-Thank you for contributing to NodeRSA!
+Please report issues via the [GitHub issue tracker](https://github.com/miladezzat/encrypt-rsa/issues). Include details about the problem and your environment (OS, Node.js version, bundler, etc.).

package/build/node/node/convertKetToBase64.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Converts an RSA key to a base64-encoded string.
+ * Removes leading spaces from each line, then base64-encodes.
+ */
+export declare function convertKetToBase64(key: string): string;
+export default convertKetToBase64;

package/build/{functions → node/node}/convertKetToBase64.js

@@ -1,15 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.convertKetToBase64 = void 0;
-var helpers_1 = require("../utils/helpers");
+var helpers_1 = require("../shared/helpers");
 /**
  * Converts an RSA key to a base64-encoded string.
- *
- * This function removes any leading spaces from each line of the key and then
- * encodes it to base64 format.
- *
- * @param {string} key - The RSA key to be converted to base64. It may contain leading spaces in each line.
- * @returns {string} The base64-encoded version of the RSA key.
+ * Removes leading spaces from each line, then base64-encodes.
  */
 function convertKetToBase64(key) {
     return (0, helpers_1.encode)(key.replace(/^ +/gm, ''));

package/build/node/node/crypto.d.ts

@@ -0,0 +1,6 @@
+import type { parametersOfDecrypt, parametersOfDecryptPublic, parametersOfEncrypt, parametersOfEncryptPrivate, returnCreateKeys } from '../shared/types';
+export declare function encryptStringWithRsaPublicKey(args: parametersOfEncrypt): string;
+export declare function decryptStringWithRsaPrivateKey(args: parametersOfDecrypt): string;
+export declare function encryptPrivate(args: parametersOfEncryptPrivate): string;
+export declare function decryptPublic(args: parametersOfDecryptPublic): string;
+export declare function createPrivateAndPublicKeys(modulusLength?: number): returnCreateKeys;

package/build/node/node/crypto.js

@@ -0,0 +1,98 @@
+"use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createPrivateAndPublicKeys = exports.decryptPublic = exports.encryptPrivate = exports.decryptStringWithRsaPrivateKey = exports.encryptStringWithRsaPublicKey = void 0;
+/**
+ * Node-specific crypto implementation using Node's crypto module and Buffer.
+ * Uses RSA-OAEP with SHA-1 for cross-compatibility with Web Crypto.
+ */
+var crypto = __importStar(require("crypto"));
+var helpers_1 = require("../shared/helpers");
+var OAEP_OPTIONS = {
+    padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
+    oaepHash: 'sha1',
+};
+function encryptStringWithRsaPublicKey(args) {
+    var text = args.text, publicKey = args.publicKey;
+    var publicKeyDecoded = (0, helpers_1.decode)(publicKey);
+    var buffer = Buffer.from(text);
+    var encrypted = crypto.publicEncrypt(__assign({ key: publicKeyDecoded }, OAEP_OPTIONS), buffer);
+    return encrypted.toString('base64');
+}
+exports.encryptStringWithRsaPublicKey = encryptStringWithRsaPublicKey;
+function decryptStringWithRsaPrivateKey(args) {
+    var text = args.text, privateKey = args.privateKey;
+    var privateKeyDecoded = (0, helpers_1.decode)(privateKey);
+    var buffer = Buffer.from(text, 'base64');
+    var decrypted = crypto.privateDecrypt(__assign({ key: privateKeyDecoded }, OAEP_OPTIONS), buffer);
+    return decrypted.toString('utf8');
+}
+exports.decryptStringWithRsaPrivateKey = decryptStringWithRsaPrivateKey;
+function encryptPrivate(args) {
+    var text = args.text, privateKey = args.privateKey;
+    var privateKeyDecoded = (0, helpers_1.decode)(privateKey);
+    var buffer = Buffer.from(text);
+    var encrypted = crypto.privateEncrypt(privateKeyDecoded, buffer);
+    return encrypted.toString('base64');
+}
+exports.encryptPrivate = encryptPrivate;
+function decryptPublic(args) {
+    var text = args.text, publicKey = args.publicKey;
+    var publicKeyDecoded = (0, helpers_1.decode)(publicKey);
+    var buffer = Buffer.from(text, 'base64');
+    var decrypted = crypto.publicDecrypt(publicKeyDecoded, buffer);
+    return decrypted.toString('utf8');
+}
+exports.decryptPublic = decryptPublic;
+function createPrivateAndPublicKeys(modulusLength) {
+    if (modulusLength === void 0) { modulusLength = 2048; }
+    if (typeof crypto.generateKeyPairSync === 'function') {
+        var _a = crypto.generateKeyPairSync('rsa', {
+            modulusLength: modulusLength,
+            publicKeyEncoding: {
+                type: 'spki',
+                format: 'pem',
+            },
+            privateKeyEncoding: {
+                type: 'pkcs8',
+                format: 'pem',
+            },
+        }), privateKey = _a.privateKey, publicKey = _a.publicKey;
+        return { publicKey: publicKey, privateKey: privateKey };
+    }
+    return { privateKey: '', publicKey: '' };
+}
+exports.createPrivateAndPublicKeys = createPrivateAndPublicKeys;

package/build/node/node/index.d.ts

@@ -0,0 +1,17 @@
+import type { parametersOfDecrypt, parametersOfDecryptPublic, parametersOfEncrypt, parametersOfEncryptPrivate, returnCreateKeys, INodeRSA } from '../shared/types';
+export type { returnCreateKeys, parametersOfEncrypt, parametersOfDecrypt, parametersOfEncryptPrivate, parametersOfDecryptPublic, INodeRSA, } from '../shared/types';
+declare class NodeRSA implements INodeRSA {
+    private publicKey;
+    private privateKey;
+    private modulusLength;
+    private keyBase64;
+    constructor(publicKey?: string, privateKey?: string, modulusLength?: number);
+    encryptStringWithRsaPublicKey(args: parametersOfEncrypt): Promise<string>;
+    decryptStringWithRsaPrivateKey(args: parametersOfDecrypt): Promise<string>;
+    encrypt(args: parametersOfEncryptPrivate): Promise<string>;
+    decrypt(args: parametersOfDecryptPublic): Promise<string>;
+    createPrivateAndPublicKeys(modulusLength?: number): Promise<returnCreateKeys>;
+    encryptBufferWithRsaPublicKey(buffer: Uint8Array, publicKey?: string): Promise<string>;
+    decryptBufferWithRsaPrivateKey(encryptedText: string, privateKey?: string): Promise<Uint8Array>;
+}
+export default NodeRSA;

package/build/node/node/index.js

@@ -0,0 +1,61 @@
+"use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * Node build: NodeRSA with async API (Option A).
+ * Same interface as web build; wraps sync Node crypto in Promise.resolve.
+ */
+var convertKetToBase64_1 = __importDefault(require("./convertKetToBase64"));
+var crypto_1 = require("./crypto");
+var NodeRSA = /** @class */ (function () {
+    function NodeRSA(publicKey, privateKey, modulusLength) {
+        this.keyBase64 = 'base64';
+        this.publicKey = publicKey;
+        this.privateKey = privateKey;
+        this.modulusLength = modulusLength !== null && modulusLength !== void 0 ? modulusLength : 2048;
+    }
+    NodeRSA.prototype.encryptStringWithRsaPublicKey = function (args) {
+        var _a = args.publicKey, publicKey = _a === void 0 ? this.publicKey : _a;
+        return Promise.resolve((0, crypto_1.encryptStringWithRsaPublicKey)(__assign(__assign({}, args), { publicKey: (0, convertKetToBase64_1.default)(publicKey) })));
+    };
+    NodeRSA.prototype.decryptStringWithRsaPrivateKey = function (args) {
+        var _a = args.privateKey, privateKey = _a === void 0 ? this.privateKey : _a;
+        return Promise.resolve((0, crypto_1.decryptStringWithRsaPrivateKey)(__assign(__assign({}, args), { privateKey: (0, convertKetToBase64_1.default)(privateKey) })));
+    };
+    NodeRSA.prototype.encrypt = function (args) {
+        var _a = args.privateKey, privateKey = _a === void 0 ? this.privateKey : _a;
+        return Promise.resolve((0, crypto_1.encryptPrivate)(__assign(__assign({}, args), { privateKey: (0, convertKetToBase64_1.default)(privateKey) })));
+    };
+    NodeRSA.prototype.decrypt = function (args) {
+        var _a = args.publicKey, publicKey = _a === void 0 ? this.publicKey : _a;
+        return Promise.resolve((0, crypto_1.decryptPublic)(__assign(__assign({}, args), { publicKey: (0, convertKetToBase64_1.default)(publicKey) })));
+    };
+    NodeRSA.prototype.createPrivateAndPublicKeys = function (modulusLength) {
+        if (modulusLength === void 0) { modulusLength = this.modulusLength; }
+        return Promise.resolve((0, crypto_1.createPrivateAndPublicKeys)(modulusLength));
+    };
+    NodeRSA.prototype.encryptBufferWithRsaPublicKey = function (buffer, publicKey) {
+        var buf = Buffer.isBuffer(buffer) ? buffer : Buffer.from(buffer);
+        var base64String = buf.toString(this.keyBase64);
+        return this.encryptStringWithRsaPublicKey({ text: base64String, publicKey: publicKey });
+    };
+    NodeRSA.prototype.decryptBufferWithRsaPrivateKey = function (encryptedText, privateKey) {
+        var _this = this;
+        return this.decryptStringWithRsaPrivateKey({ text: encryptedText, privateKey: privateKey }).then(function (decryptedBase64) { return Buffer.from(decryptedBase64, _this.keyBase64); });
+    };
+    return NodeRSA;
+}());
+exports.default = NodeRSA;