hd-wallet-wasm 1.5.4 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +69 -0
  2. package/dist/hd-wallet.js +1 -1
  3. package/dist/hd-wallet.wasm +0 -0
  4. package/dist/index.d.ts +311 -0
  5. package/package.json +14 -3
  6. package/src/epm-attestation.mjs +302 -0
  7. package/src/generated/sdn_plugin_manifest.mjs +7 -0
  8. package/src/index.d.ts +311 -0
  9. package/src/index.mjs +551 -3
package/README.md CHANGED
@@ -6,6 +6,7 @@ A comprehensive HD (Hierarchical Deterministic) wallet implementation compiled t
6
6
 
7
7
  - **BIP-32/39/44/49/84** - Complete HD wallet derivation standards
8
8
  - **Multi-curve support** - secp256k1, Ed25519, P-256, P-384, X25519
9
+ - **X.509 PKI** - P-256/P-384 certificate issuance, PEM/DER/PKCS#12 interop, wallet attestations
9
10
  - **Multi-chain** - Bitcoin, Ethereum, Solana, Cosmos, Polkadot
10
11
  - **AES-256-GCM** - Authenticated encryption via WASM (Crypto++/OpenSSL)
11
12
  - **Hardware wallet ready** - Trezor, Ledger, KeepKey abstraction layer
@@ -66,6 +67,74 @@ ethKey.wipe();
66
67
  master.wipe();
67
68
  ```
68
69
 
70
+ ## X.509 PKI
71
+
72
+ The package includes a native `wallet.x509` API for regular Web PKI workflows.
73
+ That means you can generate interoperable X.509 certificates for TLS or device
74
+ identity, then optionally bind those certificates to an HD-wallet-backed key.
75
+
76
+ Why this exists:
77
+
78
+ - X.509 is what browsers, load balancers, mTLS stacks, and enterprise PKI tools already use
79
+ - wallet ecosystems use different key types and trust models
80
+ - `hd-wallet-wasm` bridges the two by embedding a wallet attestation inside a standard certificate
81
+
82
+ What it supports:
83
+
84
+ - P-256 and P-384 certificate keys
85
+ - self-signed and issuer-signed certificate issuance
86
+ - PEM, DER, and PKCS#12 import/export
87
+ - certificate parsing and wallet-attestation verification
88
+
89
+ Wallet attestation is additive. Certificate validation still happens through the
90
+ normal X.509 chain. The attestation adds a second proof path showing that the
91
+ certificate was bound by a selected wallet key.
92
+
93
+ ```javascript
94
+ import init, { Curve, X509Encoding } from 'hd-wallet-wasm';
95
+
96
+ const wallet = await init();
97
+ const now = Math.floor(Date.now() / 1000);
98
+
99
+ const certKey = wallet.x509.generatePrivateKey(Curve.P256);
100
+ const certPem = wallet.x509.createSelfSignedCertificate(
101
+ {
102
+ subjectDn: 'CN=wallet.example.com,O=Digital Arsenal,C=US',
103
+ serialHex: '1001',
104
+ notBeforeUnix: now - 300,
105
+ notAfterUnix: now + 31536000,
106
+ dnsNames: ['wallet.example.com'],
107
+ keyUsage: ['digitalSignature', 'keyEncipherment'],
108
+ extendedKeyUsage: ['serverAuth'],
109
+ walletAttestation: {
110
+ curve: Curve.SECP256K1,
111
+ privateKey: wallet.utils.decodeHex(
112
+ '000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'
113
+ ),
114
+ keyLabel: 'btc-root'
115
+ }
116
+ },
117
+ Curve.P256,
118
+ certKey,
119
+ X509Encoding.PEM
120
+ );
121
+
122
+ const parsed = wallet.x509.parseCertificate(certPem);
123
+ const valid = wallet.x509.verifyWalletAttestation(certPem);
124
+ const pkcs12 = wallet.x509.exportPkcs12(
125
+ certPem,
126
+ X509Encoding.PEM,
127
+ Curve.P256,
128
+ certKey,
129
+ 'changeit',
130
+ 'wallet-example'
131
+ );
132
+ ```
133
+
134
+ Certificate keys use interoperable NIST curves. Wallet attestations can be
135
+ signed with secp256k1, Ed25519, P-256, or P-384 keys depending on the wallet
136
+ identity you want to bind.
137
+
69
138
  ## API Overview
70
139
 
71
140
  ### Mnemonic (BIP-39)