jsonauthtoken 1.0.1 → 3.0.0

package/README.md

@@ -4,7 +4,7 @@ jsonauthtoken is a JavaScript library to secure authentication.
 
 ## Overview
 
-This project demonstrates the usage of the `jsonauthtoken` package to create and verify secure encrypted authentication tokens and store sensitive datas. Tokens are used to sign and encrypt data for secure communication. The `jsonauthtoken` library provides methods to generate and verify tokens with configurable expiration times, hashing algorithms, and payload data.
+This project demonstrates the usage of the `jsonauthtoken` package to create and verify secure encrypted authentication tokens and store sensitive datas. Tokens are used to encrypt data for secure communication. The `jsonauthtoken` library provides methods to generate and verify tokens with configurable expiration times, encryption algorithms, payload data and also offer key generation.
 
 
 ## Node.js (Install)
@@ -20,47 +20,26 @@ npm install jsonauthtoken
 
 ### Usage
 
-To create jsonauthtoken:
 
 ```javascript
-import jat from "jsonauthtoken";
-
-// Create a token
-let encToken = jat().create(
-    {
-        signKey: process.env.SIGN_KEY, // Signature key
-        encKey: process.env.ENC_KEY   // Encryption key
-    },
-    {
-        expiresAt: '4MIN',            // Token expiration time
-        algorithm: 'sha256'           // Optional: Hash algorithms list ['sha256', 'sha384', 'sha512'] 
-    },
-    {
-        data: {                       // Data payload
-            status: true,
-            name:'Arpan Biswas',
-            dob: '15.11.2008'
-        }
-    }
-);
-
-console.log("encToken: ", encToken);
+import { JAT } from "jsonauthtoken";
 
-```
+(async () => {
+    
+    const jat = JAT()
 
-To decrypt and verify jsonauthtoken:
+    const payload = {
+        name: 'jsonauthtoken'
+    } as const
 
-```javascript
-import jat from "jsonauthtoken";
+    //to create token
+    const token = await jat.create({ key: process.env.KEY }, payload)
 
-// Decrypt and verify jsonauthtoken
+    //to verify token
+    const verify =await jat.verify<typeof payload>(token, process.env.KEY)
 
-let token = 'your-token-here';  // Replace with your generated token
-let datas = jat().verify(token, {
-    signKey: process.env.SIGN_KEY, // Signature key
-    encKey: process.env.ENC_KEY    // Encryption key
-});
+    console.log(verify)
 
-console.log("Enc Data: ", datas);
+})()
 
 ```

package/dist/config/algo.config.d.ts

@@ -0,0 +1,2 @@
+export declare const SUPPORTED_ALGORITHM: Record<Runtime, AlgorithmDetails[]>;
+export declare const DEFAULT_ALGORITHM: Record<Runtime, AlgorithmDetails[]>;

package/dist/config/algo.config.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_ALGORITHM = exports.SUPPORTED_ALGORITHM = void 0;
+exports.SUPPORTED_ALGORITHM = {
+    node: [
+        { name: 'AES-256-GCM', value: 'aes-256-gcm', type: 'symmetric' },
+        { name: 'RSA+A256GCM', value: 'rsa+a256gcm', type: 'asymmetric' },
+    ],
+    web: [
+        { name: 'AES-GCM', value: 'AES-GCM', type: 'symmetric' },
+        { name: 'RSA+AES-GCM', value: 'RSA+AES-GCM', type: 'asymmetric' }
+    ],
+    edge: [
+        { name: 'AES-GCM', value: 'AES-GCM', type: 'symmetric' },
+        { name: 'RSA+AES-GCM', value: 'RSA+AES-GCM', type: 'asymmetric' }
+    ]
+};
+exports.DEFAULT_ALGORITHM = {
+    node: [
+        { name: 'AES-256-GCM', value: 'aes-256-gcm', type: 'symmetric' },
+    ],
+    web: [
+        { name: 'AES-GCM', value: 'AES-GCM', type: 'symmetric' },
+    ],
+    edge: [
+        { name: 'AES-GCM', value: 'AES-GCM', type: 'symmetric' },
+    ]
+};

package/dist/config/name.config.d.ts

@@ -0,0 +1 @@
+export declare const RUNTIME: Runtime[];

package/dist/config/name.config.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RUNTIME = void 0;
+exports.RUNTIME = ['node', 'edge', 'web'];

package/dist/config/runtime.config.d.ts

@@ -0,0 +1 @@
+export declare function detectRuntime(): Runtime;

package/dist/config/runtime.config.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectRuntime = detectRuntime;
+function detectRuntime() {
+    if (typeof process !== 'undefined' && process.versions?.node) {
+        return 'node';
+    }
+    if (typeof window !== 'undefined' && window.crypto?.subtle) {
+        return 'web';
+    }
+    if (typeof globalThis !== 'undefined' && globalThis.crypto?.subtle) {
+        return 'edge';
+    }
+    return 'node';
+}

package/dist/crypto/crypto.d.ts

@@ -0,0 +1,12 @@
+export declare class Crypto {
+    private node;
+    private web;
+    private getModule;
+    createToken(runtime: Runtime, algo: string, key: string, payload: any, exp: number): Promise<string>;
+    verifyToken<T>(currentRuntime: Runtime, token: string, key: string): Promise<{
+        payload: T;
+        exp: number;
+    }>;
+    rsaKeyDrivation(runtime: Runtime, type: 'keyPair'): Promise<GenerateKeyPair>;
+    rsaKeyDrivation(runtime: Runtime, type: 'publickey', privateKeyPem: string): Promise<string>;
+}

package/dist/crypto/crypto.js

@@ -0,0 +1,152 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Crypto = void 0;
+const algo_config_1 = require("../config/algo.config");
+const functions_lib_1 = require("../lib/functions.lib");
+class Crypto {
+    node;
+    web;
+    async getModule(runtime) {
+        if (runtime === 'node' && this.node === undefined) {
+            const { NodeCrypto } = await Promise.resolve().then(() => __importStar(require('./node.crypto')));
+            this.node = new NodeCrypto();
+        }
+        else if (runtime === 'web' && this.web === undefined) {
+            const { WebCrypto } = await Promise.resolve().then(() => __importStar(require('./web.crypto')));
+            this.web = new WebCrypto();
+        }
+        else if (runtime === 'edge' && this.web === undefined) {
+            const { WebCrypto } = await Promise.resolve().then(() => __importStar(require('./web.crypto')));
+            this.web = new WebCrypto();
+        }
+    }
+    async createToken(runtime, algo, key, payload, exp) {
+        const algorithms = algo_config_1.SUPPORTED_ALGORITHM[runtime];
+        const algoData = algorithms.find(({ name }) => { return name == algo; });
+        if (!algoData) {
+            throw new Error(`Algorithm ${algo} is not supported for ${runtime}`);
+        }
+        await this.getModule(runtime);
+        if (runtime === 'node') {
+            if (algoData.type === 'asymmetric') {
+                if (algoData.value !== 'ras+a256gcm') {
+                    throw new Error(`Algorithm ${algoData.name} is not supported for asymmetric encryption`);
+                }
+                return this.node.encryptRSA(payload, key, exp);
+            }
+            else {
+                if (algoData.value !== 'aes-256-gcm') {
+                    throw new Error(`Algorithm ${algoData.name} is not supported for symmetric encryption`);
+                }
+                return this.node.encrypt(algoData.value, key, payload, exp);
+            }
+        }
+        else {
+            if (algoData.type === 'asymmetric') {
+                if (algoData.value !== 'RSA+AES-GCM') {
+                    throw new Error(`Algorithm ${algoData.name} is not supported for asymmetric encryption`);
+                }
+                return await this.web.encryptRSA(payload, key, exp);
+            }
+            else {
+                if (algoData.value !== 'AES-GCM') {
+                    throw new Error(`Algorithm ${algoData.name} is not supported for symmetric encryption`);
+                }
+                return await this.web.encrypt(algoData.value, key, payload, exp);
+            }
+        }
+    }
+    async verifyToken(currentRuntime, token, key) {
+        const { meta, encrypted } = (0, functions_lib_1.tokenFormatVerify)(token);
+        const { runtime, algo, type, v, iv, tag, encryptedKey } = meta;
+        if (currentRuntime !== runtime) {
+            throw new Error('Runtime not matching');
+        }
+        await this.getModule(runtime);
+        if (runtime === 'node') {
+            if (type === 'asymmetric') {
+                if (algo !== 'RSA+A256GCM') {
+                    throw new Error(`Algorithm ${algo} is not supported for asymmetric encryption`);
+                }
+                return this.node.decryptRSA(key, encryptedKey, { iv, encrypted, tag });
+            }
+            else {
+                if (algo !== 'AES-256-GCM') {
+                    throw new Error(`Algorithm ${algo} is not supported for symmetric encryption`);
+                }
+                return this.node.decrypt("aes-256-gcm", key, { iv, encrypted, tag });
+            }
+        }
+        else {
+            if (type === 'asymmetric') {
+                if (algo !== 'RSA+AES-GCM') {
+                    throw new Error(`Algorithm ${algo} is not supported for asymmetric encryption`);
+                }
+                return await this.web.decryptRSA(key, encryptedKey, { iv, encrypted });
+            }
+            else {
+                if (algo !== 'AES-GCM') {
+                    throw new Error(`Algorithm ${algo} is not supported for symmetric encryption`);
+                }
+                return await this.web.decrypt('AES-GCM', key, { iv, encrypted });
+            }
+        }
+    }
+    async rsaKeyDrivation(runtime, type, privateKeyPem) {
+        await this.getModule(runtime);
+        if (runtime === 'node') {
+            if (type === 'keyPair') {
+                return this.node.rsaPrivatePublicKeyGeneration();
+            }
+            else {
+                if (!privateKeyPem)
+                    throw new Error('privateKeyPem is required');
+                return this.node.rsaPublicKeyGeneration(privateKeyPem);
+            }
+        }
+        else {
+            if (type === 'keyPair') {
+                return await this.web.rsaPrivatePublicKeyGeneration();
+            }
+            else {
+                if (!privateKeyPem)
+                    throw new Error('privateKeyPem is required');
+                return await this.web.rsaPublicKeyGeneration(privateKeyPem);
+            }
+        }
+    }
+}
+exports.Crypto = Crypto;

package/dist/crypto/node.crypto.d.ts

@@ -0,0 +1,29 @@
+export declare class NodeCrypto {
+    private _encrypt;
+    private _decrypt;
+    private _rsaPublicKeyGeneration;
+    private _rsaPrivatePublicKeyGeneration;
+    encrypt(algo: 'aes-256-gcm', key: string, payload: any, exp: number): string;
+    decrypt<T>(algo: 'aes-256-gcm', key: string, encryptedData: {
+        iv: string;
+        encrypted: string;
+        tag: string;
+    }): {
+        payload: T;
+        exp: number;
+    };
+    encryptRSA(payload: any, publicKey: string, exp: number): string;
+    decryptRSA<T>(privateKey: string, encryptedKey: string, encryptedData: {
+        iv: string;
+        encrypted: string;
+        tag: string;
+    }): {
+        payload: T;
+        exp: number;
+    };
+    rsaPrivatePublicKeyGeneration(): {
+        privateKey: string;
+        publicKey: string;
+    };
+    rsaPublicKeyGeneration(privateKeyPem: string): string | Buffer<ArrayBufferLike>;
+}

package/dist/crypto/node.crypto.js

@@ -0,0 +1,105 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NodeCrypto = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const functions_lib_1 = require("../lib/functions.lib");
+class NodeCrypto {
+    _encrypt(algorithm, key, payload) {
+        const iv = crypto_1.default.randomBytes(12);
+        const cipher = crypto_1.default.createCipheriv(algorithm, key, iv);
+        const data = JSON.stringify(payload);
+        let encrypted = cipher.update(data, 'utf8', 'base64');
+        encrypted += cipher.final('base64');
+        const tag = cipher.getAuthTag().toString('base64');
+        return {
+            iv: iv.toString('base64'),
+            encrypted,
+            tag
+        };
+    }
+    _decrypt(algorithm, key, encryptedData) {
+        const { iv, encrypted, tag } = encryptedData;
+        const decipher = crypto_1.default.createDecipheriv(algorithm, key, Buffer.from(iv, 'base64'));
+        decipher.setAuthTag(Buffer.from(tag, 'base64'));
+        let decrypted = decipher.update(encrypted, 'base64', 'utf8');
+        decrypted += decipher.final('utf8');
+        return JSON.parse(decrypted);
+    }
+    _rsaPublicKeyGeneration(privateKeyPem) {
+        const privateKeyObject = crypto_1.default.createPrivateKey({
+            key: privateKeyPem.replace(/\\n/g, '\n'),
+            format: 'pem',
+            type: 'pkcs8'
+        });
+        const publicKeyObject = crypto_1.default.createPublicKey(privateKeyObject);
+        return publicKeyObject.export({ type: 'spki', format: 'pem' });
+    }
+    _rsaPrivatePublicKeyGeneration() {
+        const { publicKey, privateKey } = crypto_1.default.generateKeyPairSync('rsa', {
+            modulusLength: 2048,
+            publicKeyEncoding: {
+                type: 'spki',
+                format: 'pem'
+            },
+            privateKeyEncoding: {
+                type: 'pkcs8',
+                format: 'pem'
+            }
+        });
+        return { privateKey, publicKey };
+    }
+    encrypt(algo, key, payload, exp) {
+        const keyHash = crypto_1.default.createHash('sha256').update(key).digest();
+        const newPayload = { payload: payload, exp: exp };
+        const { iv, encrypted, tag } = this._encrypt(algo, keyHash, newPayload);
+        return (0, functions_lib_1.tokenFormatCreate)({
+            runtime: 'node',
+            algo: 'AES-256-GCM',
+            type: 'symmetric',
+            v: '1',
+            iv,
+            tag
+        }, encrypted);
+    }
+    decrypt(algo, key, encryptedData) {
+        const keyHash = crypto_1.default.createHash('sha256').update(key).digest();
+        return this._decrypt(algo, keyHash, encryptedData);
+    }
+    encryptRSA(payload, publicKey, exp) {
+        const symmetricKey = crypto_1.default.randomBytes(32);
+        const newPayload = { payload: payload, exp: exp };
+        const { iv, encrypted, tag } = this._encrypt('aes-256-gcm', symmetricKey, newPayload);
+        const encryptedSymmetricKey = crypto_1.default.publicEncrypt({
+            key: publicKey,
+            padding: crypto_1.default.constants.RSA_PKCS1_OAEP_PADDING,
+            oaepHash: 'sha256'
+        }, symmetricKey);
+        return (0, functions_lib_1.tokenFormatCreate)({
+            runtime: 'node',
+            algo: 'RSA+A256GCM',
+            type: 'asymmetric',
+            v: '1',
+            iv,
+            tag,
+            encryptedKey: encryptedSymmetricKey.toString('base64')
+        }, encrypted);
+    }
+    decryptRSA(privateKey, encryptedKey, encryptedData) {
+        const decryptedSymmetricKey = crypto_1.default.privateDecrypt({
+            key: privateKey,
+            padding: crypto_1.default.constants.RSA_PKCS1_OAEP_PADDING,
+            oaepHash: 'sha256'
+        }, Buffer.from(encryptedKey, 'base64'));
+        return this._decrypt('aes-256-gcm', decryptedSymmetricKey, encryptedData);
+    }
+    rsaPrivatePublicKeyGeneration() {
+        return this._rsaPrivatePublicKeyGeneration();
+    }
+    rsaPublicKeyGeneration(privateKeyPem) {
+        return this._rsaPublicKeyGeneration(privateKeyPem);
+    }
+}
+exports.NodeCrypto = NodeCrypto;

package/dist/crypto/web.crypto.d.ts

@@ -0,0 +1,38 @@
+export declare class WebCrypto {
+    private textEncoder;
+    private textDecoder;
+    private __importAESKey;
+    private __uint8ArrayToBase64;
+    private __base64ToUint8Array;
+    private __arrayBufferToBase64;
+    private __base64ToArrayBuffer;
+    private __pemToArrayBuffer;
+    private __arrayBufferToPem;
+    private __importPublicKey;
+    private __importPrivateKey;
+    private _encrypt;
+    private _decrypt;
+    private _rsaPublicKeyGeneration;
+    private _rsaPrivatePublicKeyGeneration;
+    encrypt(algo: 'AES-GCM', key: string, payload: any, exp: number): Promise<string>;
+    decrypt<T>(algo: 'AES-GCM', key: string, encryptedData: {
+        iv: string;
+        encrypted: string;
+    }): Promise<{
+        payload: T;
+        exp: number;
+    }>;
+    encryptRSA(payload: any, publicKeyPem: string, exp: number): Promise<string>;
+    decryptRSA<T>(privateKeyPem: string, encryptedKey: string, encryptedData: {
+        iv: string;
+        encrypted: string;
+    }): Promise<{
+        payload: T;
+        exp: number;
+    }>;
+    rsaPrivatePublicKeyGeneration(): Promise<{
+        privateKey: string;
+        publicKey: string;
+    }>;
+    rsaPublicKeyGeneration(privateKeyPem: string): Promise<string>;
+}

package/dist/crypto/web.crypto.js

@@ -0,0 +1,180 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebCrypto = void 0;
+const functions_lib_1 = require("../lib/functions.lib");
+class WebCrypto {
+    textEncoder = new TextEncoder();
+    textDecoder = new TextDecoder();
+    async __importAESKey(password) {
+        const passwordBuffer = this.textEncoder.encode(password);
+        const hashBuffer = await crypto.subtle.digest('SHA-256', passwordBuffer);
+        return await crypto.subtle.importKey('raw', hashBuffer, { name: 'AES-GCM' }, false, ['encrypt', 'decrypt']);
+    }
+    __uint8ArrayToBase64(uint8Array) {
+        let binary = '';
+        const len = uint8Array.byteLength;
+        for (let i = 0; i < len; i++) {
+            binary += String.fromCharCode(uint8Array[i]);
+        }
+        return btoa(binary);
+    }
+    __base64ToUint8Array(base64) {
+        const binaryString = atob(base64);
+        const len = binaryString.length;
+        const bytes = new Uint8Array(len);
+        for (let i = 0; i < len; i++) {
+            bytes[i] = binaryString.charCodeAt(i);
+        }
+        return bytes;
+    }
+    __arrayBufferToBase64(buffer) {
+        const bytes = new Uint8Array(buffer);
+        let binary = '';
+        for (let i = 0; i < bytes.length; i++) {
+            binary += String.fromCharCode(bytes[i]);
+        }
+        return btoa(binary);
+    }
+    __base64ToArrayBuffer(base64) {
+        const binary = atob(base64);
+        const bytes = new Uint8Array(binary.length);
+        for (let i = 0; i < binary.length; i++) {
+            bytes[i] = binary.charCodeAt(i);
+        }
+        return bytes.buffer;
+    }
+    __pemToArrayBuffer(pem, type) {
+        const pemHeader = `-----BEGIN ${type} KEY-----`;
+        const pemFooter = `-----END ${type} KEY-----`;
+        const pemContents = pem
+            .replace(pemHeader, '')
+            .replace(pemFooter, '')
+            .replace(/\\n/g, '')
+            .replace(/\s/g, '');
+        return this.__base64ToArrayBuffer(pemContents);
+    }
+    __arrayBufferToPem(buffer, type) {
+        const base64 = this.__arrayBufferToBase64(buffer);
+        const pemContents = base64.match(/.{1,64}/g)?.join('\n') || base64;
+        return `-----BEGIN ${type} KEY-----\n${pemContents}\n-----END ${type} KEY-----`;
+    }
+    async __importPublicKey(publicKeyPem) {
+        const keyData = this.__pemToArrayBuffer(publicKeyPem, 'PUBLIC');
+        return await crypto.subtle.importKey('spki', keyData, {
+            name: 'RSA-OAEP',
+            hash: 'SHA-256'
+        }, true, ['encrypt']);
+    }
+    async __importPrivateKey(privateKeyPem) {
+        const keyData = this.__pemToArrayBuffer(privateKeyPem.replace(/\\n/g, '\n'), 'PRIVATE');
+        return await crypto.subtle.importKey('pkcs8', keyData, {
+            name: 'RSA-OAEP',
+            hash: 'SHA-256'
+        }, true, ['decrypt']);
+    }
+    async _encrypt(algo, key, payload) {
+        const iv = crypto.getRandomValues(new Uint8Array(12));
+        const data = this.textEncoder.encode(JSON.stringify(payload));
+        const encryptedBuffer = await crypto.subtle.encrypt({
+            name: algo,
+            iv: iv,
+            tagLength: 128
+        }, key, data);
+        const encryptedBytes = new Uint8Array(encryptedBuffer);
+        return {
+            iv: this.__uint8ArrayToBase64(iv),
+            encrypted: this.__uint8ArrayToBase64(encryptedBytes),
+        };
+    }
+    async _decrypt(algo, key, encryptedData) {
+        const { iv, encrypted } = encryptedData;
+        const ivBuffer = this.__base64ToUint8Array(iv);
+        const encryptedBuffer = this.__base64ToUint8Array(encrypted);
+        const decryptedBuffer = await crypto.subtle.decrypt({
+            name: algo,
+            iv: ivBuffer,
+            tagLength: 128
+        }, key, encryptedBuffer);
+        return JSON.parse(this.textDecoder.decode(decryptedBuffer));
+    }
+    async _rsaPublicKeyGeneration(privateKeyPem) {
+        const privateKey = await this.__importPrivateKey(privateKeyPem);
+        const jwk = await crypto.subtle.exportKey('jwk', privateKey);
+        delete jwk.d;
+        delete jwk.dp;
+        delete jwk.dq;
+        delete jwk.q;
+        delete jwk.qi;
+        jwk.key_ops = ['encrypt'];
+        const publicKey = await crypto.subtle.importKey('jwk', jwk, {
+            name: 'RSA-OAEP',
+            hash: 'SHA-256'
+        }, true, ['encrypt']);
+        const exportedPublicKey = await crypto.subtle.exportKey('spki', publicKey);
+        return this.__arrayBufferToPem(exportedPublicKey, 'PUBLIC');
+    }
+    async _rsaPrivatePublicKeyGeneration() {
+        const keyPair = await crypto.subtle.generateKey({
+            name: 'RSA-OAEP',
+            modulusLength: 2048,
+            publicExponent: new Uint8Array([1, 0, 1]),
+            hash: 'SHA-256'
+        }, true, ['encrypt', 'decrypt']);
+        const privateKeyBuffer = await crypto.subtle.exportKey('pkcs8', keyPair.privateKey);
+        const publicKeyBuffer = await crypto.subtle.exportKey('spki', keyPair.publicKey);
+        return {
+            privateKey: this.__arrayBufferToPem(privateKeyBuffer, 'PRIVATE'),
+            publicKey: this.__arrayBufferToPem(publicKeyBuffer, 'PUBLIC')
+        };
+    }
+    async encrypt(algo, key, payload, exp) {
+        const cryptoKey = await this.__importAESKey(key);
+        const newPayload = { payload: payload, exp: exp };
+        const { iv, encrypted } = await this._encrypt(algo, cryptoKey, newPayload);
+        return (0, functions_lib_1.tokenFormatCreate)({
+            runtime: 'web',
+            algo: 'AES-GCM',
+            type: 'symmetric',
+            v: '1',
+            iv,
+        }, encrypted);
+    }
+    async decrypt(algo, key, encryptedData) {
+        const cryptoKey = await this.__importAESKey(key);
+        return await this._decrypt(algo, cryptoKey, encryptedData);
+    }
+    async encryptRSA(payload, publicKeyPem, exp) {
+        const symmetricKey = await crypto.subtle.generateKey({ name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']);
+        const newPayload = { payload: payload, exp: exp };
+        const { iv, encrypted } = await this._encrypt('AES-GCM', symmetricKey, newPayload);
+        const symmetricKeyBuffer = await crypto.subtle.exportKey('raw', symmetricKey);
+        const publicKey = await this.__importPublicKey(publicKeyPem);
+        const encryptedSymmetricKey = await crypto.subtle.encrypt({
+            name: 'RSA-OAEP'
+        }, publicKey, symmetricKeyBuffer);
+        return (0, functions_lib_1.tokenFormatCreate)({
+            runtime: 'web',
+            algo: 'RSA+AES-GCM',
+            type: 'asymmetric',
+            v: '1',
+            iv,
+            encryptedKey: this.__arrayBufferToBase64(encryptedSymmetricKey)
+        }, encrypted);
+    }
+    async decryptRSA(privateKeyPem, encryptedKey, encryptedData) {
+        const privateKey = await this.__importPrivateKey(privateKeyPem);
+        const encryptedKeyBuffer = this.__base64ToArrayBuffer(encryptedKey);
+        const decryptedSymmetricKeyBuffer = await crypto.subtle.decrypt({
+            name: 'RSA-OAEP'
+        }, privateKey, encryptedKeyBuffer);
+        const symmetricKey = await crypto.subtle.importKey('raw', decryptedSymmetricKeyBuffer, { name: 'AES-GCM' }, false, ['decrypt']);
+        return await this._decrypt('AES-GCM', symmetricKey, encryptedData);
+    }
+    async rsaPrivatePublicKeyGeneration() {
+        return await this._rsaPrivatePublicKeyGeneration();
+    }
+    async rsaPublicKeyGeneration(privateKeyPem) {
+        return await this._rsaPublicKeyGeneration(privateKeyPem);
+    }
+}
+exports.WebCrypto = WebCrypto;