node-opcua-crypto 5.1.0 → 5.3.0

package/dist/source/index_web.cjs

@@ -0,0 +1,155 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+var _chunkERHE4VFScjs = require('../chunk-ERHE4VFS.cjs');
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+exports.CertificatePurpose = _chunkERHE4VFScjs.CertificatePurpose; exports.PaddingAlgorithm = _chunkERHE4VFScjs.PaddingAlgorithm; exports.RSA_PKCS1_OAEP_PADDING = _chunkERHE4VFScjs.RSA_PKCS1_OAEP_PADDING; exports.RSA_PKCS1_PADDING = _chunkERHE4VFScjs.RSA_PKCS1_PADDING; exports.Subject = _chunkERHE4VFScjs.Subject; exports._coercePrivateKey = _chunkERHE4VFScjs._coercePrivateKey; exports.asn1 = _chunkERHE4VFScjs.asn1; exports.certificateMatchesPrivateKey = _chunkERHE4VFScjs.certificateMatchesPrivateKey; exports.coerceCertificate = _chunkERHE4VFScjs.coerceCertificate; exports.coerceCertificatePem = _chunkERHE4VFScjs.coerceCertificatePem; exports.coercePEMorDerToPrivateKey = _chunkERHE4VFScjs.coercePEMorDerToPrivateKey; exports.coercePrivateKeyPem = _chunkERHE4VFScjs.coercePrivateKeyPem; exports.coercePublicKeyPem = _chunkERHE4VFScjs.coercePublicKeyPem; exports.coerceRsaPublicKeyPem = _chunkERHE4VFScjs.coerceRsaPublicKeyPem; exports.combine_der = _chunkERHE4VFScjs.combine_der; exports.computeDerivedKeys = _chunkERHE4VFScjs.computeDerivedKeys; exports.computePaddingFooter = _chunkERHE4VFScjs.computePaddingFooter; exports.convertPEMtoDER = _chunkERHE4VFScjs.convertPEMtoDER; exports.createCertificateSigningRequest = _chunkERHE4VFScjs.createCertificateSigningRequest; exports.createPrivateKeyFromNodeJSCrypto = _chunkERHE4VFScjs.createPrivateKeyFromNodeJSCrypto; exports.createSelfSignedCertificate = _chunkERHE4VFScjs.createSelfSignedCertificate; exports.decryptBufferWithDerivedKeys = _chunkERHE4VFScjs.decryptBufferWithDerivedKeys; exports.derToPrivateKey = _chunkERHE4VFScjs.derToPrivateKey; exports.encryptBufferWithDerivedKeys = _chunkERHE4VFScjs.encryptBufferWithDerivedKeys; exports.exploreAsn1 = _chunkERHE4VFScjs.exploreAsn1; exports.exploreCertificate = _chunkERHE4VFScjs.exploreCertificate; exports.exploreCertificateInfo = _chunkERHE4VFScjs.exploreCertificateInfo; exports.exploreCertificateRevocationList = _chunkERHE4VFScjs.exploreCertificateRevocationList; exports.exploreCertificateSigningRequest = _chunkERHE4VFScjs.exploreCertificateSigningRequest; exports.explorePrivateKey = _chunkERHE4VFScjs.explorePrivateKey; exports.extractPublicKeyFromCertificate = _chunkERHE4VFScjs.extractPublicKeyFromCertificate; exports.extractPublicKeyFromCertificateSync = _chunkERHE4VFScjs.extractPublicKeyFromCertificateSync; exports.generateKeyPair = _chunkERHE4VFScjs.generateKeyPair; exports.generatePrivateKey = _chunkERHE4VFScjs.generatePrivateKey; exports.hexDump = _chunkERHE4VFScjs.hexDump; exports.identifyDERContent = _chunkERHE4VFScjs.identifyDERContent; exports.identifyPemType = _chunkERHE4VFScjs.identifyPemType; exports.isCrlIssuedByCertificate = _chunkERHE4VFScjs.isCrlIssuedByCertificate; exports.isKeyObject = _chunkERHE4VFScjs.isKeyObject; exports.makeMessageChunkSignature = _chunkERHE4VFScjs.makeMessageChunkSignature; exports.makeMessageChunkSignatureWithDerivedKeys = _chunkERHE4VFScjs.makeMessageChunkSignatureWithDerivedKeys; exports.makePrivateKeyFromPem = _chunkERHE4VFScjs.makePrivateKeyFromPem; exports.makePrivateKeyThumbPrint = _chunkERHE4VFScjs.makePrivateKeyThumbPrint; exports.makePseudoRandomBuffer = _chunkERHE4VFScjs.makePseudoRandomBuffer; exports.makeSHA1Thumbprint = _chunkERHE4VFScjs.makeSHA1Thumbprint; exports.pemToPrivateKey = _chunkERHE4VFScjs.pemToPrivateKey; exports.privateDecrypt = _chunkERHE4VFScjs.privateDecrypt; exports.privateDecrypt_long = _chunkERHE4VFScjs.privateDecrypt_long; exports.privateDecrypt_native = _chunkERHE4VFScjs.privateDecrypt_native; exports.privateKeyToPEM = _chunkERHE4VFScjs.privateKeyToPEM; exports.publicEncrypt = _chunkERHE4VFScjs.publicEncrypt; exports.publicEncrypt_long = _chunkERHE4VFScjs.publicEncrypt_long; exports.publicEncrypt_native = _chunkERHE4VFScjs.publicEncrypt_native; exports.publicKeyAndPrivateKeyMatches = _chunkERHE4VFScjs.publicKeyAndPrivateKeyMatches; exports.readCertificationRequestInfo = _chunkERHE4VFScjs.readCertificationRequestInfo; exports.readExtension = _chunkERHE4VFScjs.readExtension; exports.readNameForCrl = _chunkERHE4VFScjs.readNameForCrl; exports.readTbsCertificate = _chunkERHE4VFScjs.readTbsCertificate; exports.reduceLength = _chunkERHE4VFScjs.reduceLength; exports.removePadding = _chunkERHE4VFScjs.removePadding; exports.removeTrailingLF = _chunkERHE4VFScjs.removeTrailingLF; exports.rsaLengthPrivateKey = _chunkERHE4VFScjs.rsaLengthPrivateKey; exports.rsaLengthPublicKey = _chunkERHE4VFScjs.rsaLengthPublicKey; exports.rsaLengthRsaPublicKey = _chunkERHE4VFScjs.rsaLengthRsaPublicKey; exports.split_der = _chunkERHE4VFScjs.split_der; exports.toPem = _chunkERHE4VFScjs.toPem; exports.toPem2 = _chunkERHE4VFScjs.toPem2; exports.verifyCertificateChain = _chunkERHE4VFScjs.verifyCertificateChain; exports.verifyCertificateOrClrSignature = _chunkERHE4VFScjs.verifyCertificateOrClrSignature; exports.verifyCertificateRevocationListSignature = _chunkERHE4VFScjs.verifyCertificateRevocationListSignature; exports.verifyCertificateSignature = _chunkERHE4VFScjs.verifyCertificateSignature; exports.verifyChunkSignature = _chunkERHE4VFScjs.verifyChunkSignature; exports.verifyChunkSignatureWithDerivedKeys = _chunkERHE4VFScjs.verifyChunkSignatureWithDerivedKeys; exports.verifyCrlIssuedByCertificate = _chunkERHE4VFScjs.verifyCrlIssuedByCertificate; exports.verifyMessageChunkSignature = _chunkERHE4VFScjs.verifyMessageChunkSignature;
+//# sourceMappingURL=index_web.cjs.map

package/dist/source/index_web.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/home/runner/work/node-opcua-crypto/node-opcua-crypto/packages/node-opcua-crypto/dist/source/index_web.cjs"],"names":[],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,yDAA8B;AAC9B;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,4uKAAC","file":"/home/runner/work/node-opcua-crypto/node-opcua-crypto/packages/node-opcua-crypto/dist/source/index_web.cjs"}

package/dist/source/{index_web.d.mts → index_web.d.cts}

@@ -1,7 +1,7 @@
-import { g as CertificateRevocationList, C as Certificate, d as CertificatePEM, b as PEM, D as DER, P as PrivateKey, f as PublicKeyPEM, S as Signature, K as KeyObject, e as PrivateKeyPEM, a as PublicKey, N as Nonce, h as CertificatePurpose } from '../common-DxHkx4Pv.mjs';
-export { c as createPrivateKeyFromNodeJSCrypto, i as isKeyObject } from '../common-DxHkx4Pv.mjs';
-import { KeyLike } from 'node:crypto';
+import { g as CertificateRevocationList, C as Certificate, d as CertificatePEM, P as PrivateKey, K as KeyObject, h as CertificatePurpose, b as PEM, D as DER, f as PublicKeyPEM, S as Signature, e as PrivateKeyPEM, a as PublicKey, N as Nonce } from '../common-DxHkx4Pv.cjs';
+export { c as createPrivateKeyFromNodeJSCrypto, i as isKeyObject } from '../common-DxHkx4Pv.cjs';
 import * as x509 from '@peculiar/x509';
+import { KeyLike } from 'node:crypto';
 
 /**
  * Determine if a Certificate Revocation List (CRL) was issued by
@@ -217,155 +217,6 @@ declare function split_der(certificateChain: Certificate): Certificate[];
  */
 declare function combine_der(certificates: Certificate[]): Certificate;
 
-declare function identifyPemType(rawKey: Buffer | string): undefined | string;
-declare function removeTrailingLF(str: string): string;
-declare function toPem(raw_key: Buffer | string, pem: string): string;
-declare function convertPEMtoDER(raw_key: PEM): DER;
-declare function hexDump(buffer: Buffer, width?: number): string;
-interface MakeMessageChunkSignatureOptions {
-    signatureLength: number;
-    algorithm: string;
-    privateKey: PrivateKey;
-}
-declare function makeMessageChunkSignature(chunk: Buffer, options: MakeMessageChunkSignatureOptions): Buffer;
-interface VerifyMessageChunkSignatureOptions {
-    signatureLength?: number;
-    algorithm: string;
-    publicKey: PublicKeyPEM;
-}
-/**
- * @method verifyMessageChunkSignature
- *
- *     const signer = {
- *           signatureLength : 128,
- *           algorithm : "RSA-SHA256",
- *           publicKey: "qsdqsdqsd"
- *     };
- * @param blockToVerify
- * @param signature
- * @param options
- * @param options.signatureLength
- * @param options.algorithm    for example "RSA-SHA256"
- * @param options.publicKey
- * @return true if the signature is valid
- */
-declare function verifyMessageChunkSignature(blockToVerify: Buffer, signature: Signature, options: VerifyMessageChunkSignatureOptions): boolean;
-declare function makeSHA1Thumbprint(buffer: Buffer): Signature;
-declare const RSA_PKCS1_OAEP_PADDING: number;
-declare const RSA_PKCS1_PADDING: number;
-declare enum PaddingAlgorithm {
-    RSA_PKCS1_OAEP_PADDING = 4,
-    RSA_PKCS1_PADDING = 1
-}
-declare function publicEncrypt_native(buffer: Buffer, publicKey: KeyLike, algorithm?: PaddingAlgorithm): Buffer;
-declare function privateDecrypt_native(buffer: Buffer, privateKey: PrivateKey, algorithm?: PaddingAlgorithm): Buffer;
-declare const publicEncrypt: typeof publicEncrypt_native;
-declare const privateDecrypt: typeof privateDecrypt_native;
-declare function publicEncrypt_long(buffer: Buffer, publicKey: KeyLike, blockSize: number, padding?: number, paddingAlgorithm?: PaddingAlgorithm): Buffer;
-declare function privateDecrypt_long(buffer: Buffer, privateKey: PrivateKey, blockSize: number, paddingAlgorithm?: number): Buffer;
-declare function coerceCertificatePem(certificate: Certificate | CertificatePEM): CertificatePEM;
-declare function extractPublicKeyFromCertificateSync(certificate: Certificate | CertificatePEM): PublicKeyPEM;
-/**
- * extract the publickey from a certificate
- * @async
- */
-declare function extractPublicKeyFromCertificate(certificate: CertificatePEM | Certificate, callback: (err: Error | null, publicKeyPEM?: PublicKeyPEM) => void): void;
-
-/***
- * @method rsaLengthPrivateKey
- * A method to determine the rsa key length ( i.e 2048bits or 1024bits)
- * @param key  a PEM public key or a PEM rsa private key
- * @return the key length in bytes.
- */
-declare function rsaLengthPrivateKey(key: PrivateKey): number;
-/**
- * @method toPem2
- * @param raw_key
- * @param pem
- *
- *
- * @return a PEM string containing the Private Key
- *
- * Note:  a Pem key can be converted back to a private key object using coercePrivateKey
- *
- */
-declare function toPem2(raw_key: Buffer | string | KeyObject | PrivateKey, pem: string): string;
-declare function coercePrivateKeyPem(privateKey: PrivateKey): PrivateKeyPEM;
-declare function coercePublicKeyPem(publicKey: PublicKey | PublicKeyPEM): PublicKeyPEM;
-declare function coerceRsaPublicKeyPem(publicKey: PublicKey | KeyObject | PublicKeyPEM): PublicKeyPEM;
-declare function rsaLengthPublicKey(key: PublicKeyPEM | PublicKey): number;
-declare function rsaLengthRsaPublicKey(key: PublicKeyPEM | PublicKey): number;
-
-declare function makePseudoRandomBuffer(secret: Nonce, seed: Nonce, minLength: number, sha1or256: "SHA1" | "SHA256"): Buffer;
-interface ComputeDerivedKeysOptions {
-    signatureLength: number;
-    signingKeyLength: number;
-    encryptingKeyLength: number;
-    encryptingBlockSize: number;
-    algorithm: string;
-    sha1or256?: "SHA1" | "SHA256";
-}
-interface DerivedKeys extends ComputeDerivedKeysOptions {
-    signatureLength: number;
-    signingKeyLength: number;
-    encryptingKeyLength: number;
-    encryptingBlockSize: number;
-    algorithm: string;
-    sha1or256: "SHA1" | "SHA256";
-    signingKey: Buffer;
-    encryptingKey: Buffer;
-    initializationVector: Buffer;
-}
-declare function computeDerivedKeys(secret: Nonce, seed: Nonce, options: ComputeDerivedKeysOptions): DerivedKeys;
-/**
- * @method reduceLength
- * @param buffer
- * @param byteToRemove
- * @return buffer
- */
-declare function reduceLength(buffer: Buffer, byteToRemove: number): Buffer;
-/**
- * @method removePadding
- * @param buffer
- * @return buffer with padding removed
- */
-declare function removePadding(buffer: Buffer): Buffer;
-type VerifyChunkSignatureOptions = VerifyMessageChunkSignatureOptions;
-/**
- * @method verifyChunkSignature
- *
- *     const signer = {
- *           signatureLength : 128,
- *           algorithm : "RSA-SHA256",
- *           public_key: "qsdqsdqsd"
- *     };
- *
- * @param chunk  The message chunk to verify.
- * @param options
- * @param options.signatureLength
- * @param options.algorithm  the algorithm.
- * @param options.publicKey
- * @return {*}
- */
-declare function verifyChunkSignature(chunk: Buffer, options: VerifyChunkSignatureOptions): boolean;
-declare function computePaddingFooter(buffer: Buffer, derivedKeys: DerivedKeys): Buffer;
-declare function encryptBufferWithDerivedKeys(buffer: Buffer, derivedKeys: DerivedKeys): Buffer;
-declare function decryptBufferWithDerivedKeys(buffer: Buffer, derivedKeys: DerivedKeys): Buffer;
-/**
- * @method makeMessageChunkSignatureWithDerivedKeys
- * @param message
- * @param derivedKeys
- * @return
- */
-declare function makeMessageChunkSignatureWithDerivedKeys(message: Buffer, derivedKeys: DerivedKeys): Buffer;
-/**
- * @method verifyChunkSignatureWithDerivedKeys
- * @param chunk
- * @param derivedKeys
- * @return
- */
-declare function verifyChunkSignatureWithDerivedKeys(chunk: Buffer, derivedKeys: DerivedKeys): boolean;
-
 declare function exploreAsn1(buffer: Buffer): void;
 
 type Version = string;
@@ -439,12 +290,30 @@ interface PrivateKeyInternals {
  */
 declare function explorePrivateKey(privateKey2: PrivateKey): PrivateKeyInternals;
 
-declare function makePrivateKeyFromPem(privateKeyInPem: string): PrivateKey;
-
-declare function makePrivateKeyThumbPrint(_privateKey: PrivateKey): Buffer;
-
-declare function publicKeyAndPrivateKeyMatches(certificate: Certificate, privateKey: PrivateKey): boolean;
-declare function certificateMatchesPrivateKey(certificate: Certificate, privateKey: PrivateKey): boolean;
+/**
+ * The type of content found in a DER-encoded buffer.
+ */
+type DERContentType = "X509Certificate" | "X509CertificateChain" | "CertificateRevocationList" | "CertificateSigningRequest" | "PKCS12" | "PrivateKey" | "Unknown";
+/**
+ * Identify the content type of a DER-encoded buffer by inspecting
+ * its ASN.1 structure.
+ *
+ * This function does NOT fully parse the buffer — it only inspects
+ * the outermost tags to determine the type. It can distinguish:
+ *
+ * - **X509Certificate** — a single X.509 certificate (v1 or v3)
+ * - **X509CertificateChain** — multiple concatenated X.509 DER
+ *   certificates
+ * - **CertificateRevocationList** — an X.509 CRL (v1 or v2)
+ * - **CertificateSigningRequest** — a PKCS#10 CSR
+ * - **PKCS12** — a PKCS#12 / PFX container (version 3)
+ * - **PrivateKey** — a PKCS#8 or raw RSA private key
+ * - **Unknown** — could not identify the content
+ *
+ * @param buffer  A DER-encoded buffer to identify.
+ * @returns       The detected {@link DERContentType}.
+ */
+declare function identifyDERContent(buffer: Buffer): DERContentType;
 
 interface SubjectOptions {
     commonName?: string;
@@ -541,6 +410,162 @@ declare function createSelfSignedCertificate({ privateKey, notAfter, notBefore,
     der: x509.X509Certificate;
 }>;
 
+declare function identifyPemType(rawKey: Buffer | string): undefined | string;
+declare function removeTrailingLF(str: string): string;
+declare function toPem(raw_key: Buffer | string, pem: string): string;
+declare function convertPEMtoDER(raw_key: PEM): DER;
+declare function hexDump(buffer: Buffer, width?: number): string;
+interface MakeMessageChunkSignatureOptions {
+    signatureLength: number;
+    algorithm: string;
+    privateKey: PrivateKey;
+}
+declare function makeMessageChunkSignature(chunk: Buffer, options: MakeMessageChunkSignatureOptions): Buffer;
+interface VerifyMessageChunkSignatureOptions {
+    signatureLength?: number;
+    algorithm: string;
+    publicKey: PublicKeyPEM;
+}
+/**
+ * @method verifyMessageChunkSignature
+ *
+ *     const signer = {
+ *           signatureLength : 128,
+ *           algorithm : "RSA-SHA256",
+ *           publicKey: "qsdqsdqsd"
+ *     };
+ * @param blockToVerify
+ * @param signature
+ * @param options
+ * @param options.signatureLength
+ * @param options.algorithm    for example "RSA-SHA256"
+ * @param options.publicKey
+ * @return true if the signature is valid
+ */
+declare function verifyMessageChunkSignature(blockToVerify: Buffer, signature: Signature, options: VerifyMessageChunkSignatureOptions): boolean;
+declare function makeSHA1Thumbprint(buffer: Buffer): Signature;
+declare const RSA_PKCS1_OAEP_PADDING: number;
+declare const RSA_PKCS1_PADDING: number;
+declare enum PaddingAlgorithm {
+    RSA_PKCS1_OAEP_PADDING = 4,
+    RSA_PKCS1_PADDING = 1
+}
+declare function publicEncrypt_native(buffer: Buffer, publicKey: KeyLike, algorithm?: PaddingAlgorithm): Buffer;
+declare function privateDecrypt_native(buffer: Buffer, privateKey: PrivateKey, algorithm?: PaddingAlgorithm): Buffer;
+declare const publicEncrypt: typeof publicEncrypt_native;
+declare const privateDecrypt: typeof privateDecrypt_native;
+declare function publicEncrypt_long(buffer: Buffer, publicKey: KeyLike, blockSize: number, padding?: number, paddingAlgorithm?: PaddingAlgorithm): Buffer;
+declare function privateDecrypt_long(buffer: Buffer, privateKey: PrivateKey, blockSize: number, paddingAlgorithm?: number): Buffer;
+declare function coerceCertificatePem(certificate: Certificate | CertificatePEM): CertificatePEM;
+declare function extractPublicKeyFromCertificateSync(certificate: Certificate | CertificatePEM): PublicKeyPEM;
+/**
+ * extract the publickey from a certificate
+ * @async
+ */
+declare function extractPublicKeyFromCertificate(certificate: CertificatePEM | Certificate, callback: (err: Error | null, publicKeyPEM?: PublicKeyPEM) => void): void;
+
+/***
+ * @method rsaLengthPrivateKey
+ * A method to determine the rsa key length ( i.e 2048bits or 1024bits)
+ * @param key  a PEM public key or a PEM rsa private key
+ * @return the key length in bytes.
+ */
+declare function rsaLengthPrivateKey(key: PrivateKey): number;
+/**
+ * @method toPem2
+ * @param raw_key
+ * @param pem
+ *
+ *
+ * @return a PEM string containing the Private Key
+ *
+ * Note:  a Pem key can be converted back to a private key object using coercePrivateKey
+ *
+ */
+declare function toPem2(raw_key: Buffer | string | KeyObject | PrivateKey, pem: string): string;
+declare function coercePrivateKeyPem(privateKey: PrivateKey): PrivateKeyPEM;
+declare function coercePublicKeyPem(publicKey: PublicKey | PublicKeyPEM): PublicKeyPEM;
+declare function coerceRsaPublicKeyPem(publicKey: PublicKey | KeyObject | PublicKeyPEM): PublicKeyPEM;
+declare function rsaLengthPublicKey(key: PublicKeyPEM | PublicKey): number;
+declare function rsaLengthRsaPublicKey(key: PublicKeyPEM | PublicKey): number;
+
+declare function makePseudoRandomBuffer(secret: Nonce, seed: Nonce, minLength: number, sha1or256: "SHA1" | "SHA256"): Buffer;
+interface ComputeDerivedKeysOptions {
+    signatureLength: number;
+    signingKeyLength: number;
+    encryptingKeyLength: number;
+    encryptingBlockSize: number;
+    algorithm: string;
+    sha1or256?: "SHA1" | "SHA256";
+}
+interface DerivedKeys extends ComputeDerivedKeysOptions {
+    signatureLength: number;
+    signingKeyLength: number;
+    encryptingKeyLength: number;
+    encryptingBlockSize: number;
+    algorithm: string;
+    sha1or256: "SHA1" | "SHA256";
+    signingKey: Buffer;
+    encryptingKey: Buffer;
+    initializationVector: Buffer;
+}
+declare function computeDerivedKeys(secret: Nonce, seed: Nonce, options: ComputeDerivedKeysOptions): DerivedKeys;
+/**
+ * @method reduceLength
+ * @param buffer
+ * @param byteToRemove
+ * @return buffer
+ */
+declare function reduceLength(buffer: Buffer, byteToRemove: number): Buffer;
+/**
+ * @method removePadding
+ * @param buffer
+ * @return buffer with padding removed
+ */
+declare function removePadding(buffer: Buffer): Buffer;
+type VerifyChunkSignatureOptions = VerifyMessageChunkSignatureOptions;
+/**
+ * @method verifyChunkSignature
+ *
+ *     const signer = {
+ *           signatureLength : 128,
+ *           algorithm : "RSA-SHA256",
+ *           public_key: "qsdqsdqsd"
+ *     };
+ *
+ * @param chunk  The message chunk to verify.
+ * @param options
+ * @param options.signatureLength
+ * @param options.algorithm  the algorithm.
+ * @param options.publicKey
+ * @return {*}
+ */
+declare function verifyChunkSignature(chunk: Buffer, options: VerifyChunkSignatureOptions): boolean;
+declare function computePaddingFooter(buffer: Buffer, derivedKeys: DerivedKeys): Buffer;
+declare function encryptBufferWithDerivedKeys(buffer: Buffer, derivedKeys: DerivedKeys): Buffer;
+declare function decryptBufferWithDerivedKeys(buffer: Buffer, derivedKeys: DerivedKeys): Buffer;
+/**
+ * @method makeMessageChunkSignatureWithDerivedKeys
+ * @param message
+ * @param derivedKeys
+ * @return
+ */
+declare function makeMessageChunkSignatureWithDerivedKeys(message: Buffer, derivedKeys: DerivedKeys): Buffer;
+/**
+ * @method verifyChunkSignatureWithDerivedKeys
+ * @param chunk
+ * @param derivedKeys
+ * @return
+ */
+declare function verifyChunkSignatureWithDerivedKeys(chunk: Buffer, derivedKeys: DerivedKeys): boolean;
+
+declare function makePrivateKeyFromPem(privateKeyInPem: string): PrivateKey;
+
+declare function makePrivateKeyThumbPrint(_privateKey: PrivateKey): Buffer;
+
+declare function publicKeyAndPrivateKeyMatches(certificate: Certificate, privateKey: PrivateKey): boolean;
+declare function certificateMatchesPrivateKey(certificate: Certificate, privateKey: PrivateKey): boolean;
+
 declare const asn1: {
     readDirectoryName: typeof readDirectoryName;
     readTag: typeof readTag;
@@ -549,4 +574,4 @@ declare const asn1: {
     readSignatureValueBin: typeof readSignatureValueBin;
 };
 
-export { type AttributeTypeAndValue, type AuthorityKeyIdentifier, type BasicConstraints, Certificate, type CertificateExtension, type CertificateInfo, type CertificateInternals, CertificatePEM, CertificatePurpose, CertificateRevocationList, type CertificateRevocationListInfo, type CertificateSerialNumber, type CertificateSigningRequestInfo, type ComputeDerivedKeysOptions, type CreateSelfSignCertificateOptions, DER, type DerivedKeys, type DirectoryName, type ExtensionRequest, type Extensions, KeyObject, type Name, Nonce, PEM, PaddingAlgorithm, PrivateKey, type PrivateKeyInternals, PrivateKeyPEM, PublicKey, type PublicKeyLength, PublicKeyPEM, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, type RevokedCertificate, Signature, Subject, type SubjectAltName, type SubjectOptions, type SubjectPublicKey, type SubjectPublicKeyInfo, type TBSCertList, type TbsCertificate, type Validity, type VerifyChunkSignatureOptions, type VerifyMessageChunkSignatureOptions, type Version, type X509ExtKeyUsage, type X509KeyUsage, type _VerifyStatus, _coercePrivateKey, asn1, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreAsn1, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, generateKeyPair, generatePrivateKey, hexDump, identifyPemType, isCrlIssuedByCertificate, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePrivateKeyThumbPrint, makePseudoRandomBuffer, makeSHA1Thumbprint, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readExtension, readNameForCrl, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyCrlIssuedByCertificate, verifyMessageChunkSignature };
+export { type AttributeTypeAndValue, type AuthorityKeyIdentifier, type BasicConstraints, Certificate, type CertificateExtension, type CertificateInfo, type CertificateInternals, CertificatePEM, CertificatePurpose, CertificateRevocationList, type CertificateRevocationListInfo, type CertificateSerialNumber, type CertificateSigningRequestInfo, type ComputeDerivedKeysOptions, type CreateSelfSignCertificateOptions, DER, type DERContentType, type DerivedKeys, type DirectoryName, type ExtensionRequest, type Extensions, KeyObject, type Name, Nonce, PEM, PaddingAlgorithm, PrivateKey, type PrivateKeyInternals, PrivateKeyPEM, PublicKey, type PublicKeyLength, PublicKeyPEM, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, type RevokedCertificate, Signature, Subject, type SubjectAltName, type SubjectOptions, type SubjectPublicKey, type SubjectPublicKeyInfo, type TBSCertList, type TbsCertificate, type Validity, type VerifyChunkSignatureOptions, type VerifyMessageChunkSignatureOptions, type Version, type X509ExtKeyUsage, type X509KeyUsage, type _VerifyStatus, _coercePrivateKey, asn1, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreAsn1, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, generateKeyPair, generatePrivateKey, hexDump, identifyDERContent, identifyPemType, isCrlIssuedByCertificate, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePrivateKeyThumbPrint, makePseudoRandomBuffer, makeSHA1Thumbprint, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readExtension, readNameForCrl, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyCrlIssuedByCertificate, verifyMessageChunkSignature };