pal-explorer-cli 0.4.0

package/lib/core/webrtcStream.js

@@ -0,0 +1,396 @@
+import { getIceServersWithRelay, generateRoomId, getTransportConfig } from './streamTransport.js';
+import { isPrivateUrl } from './discoveryClient.js';
+import config from '../utils/config.js';
+import { EventEmitter } from 'events';
+
+// WebRTC streaming uses wrtc (node-webrtc) for Node.js / Electron main process
+let wrtc;
+try { wrtc = (await import('wrtc')).default; } catch {
+  // In Electron renderer or environments without wrtc, we'll use browser WebRTC APIs
+  wrtc = null;
+}
+
+const RTCPeerConnection = wrtc?.RTCPeerConnection || globalThis.RTCPeerConnection;
+const RTCSessionDescription = wrtc?.RTCSessionDescription || globalThis.RTCSessionDescription;
+
+export class StreamPeer extends EventEmitter {
+  constructor({ signalingUrl, roomId, isInitiator = false, iceServers = [] }) {
+    super();
+    this.signalingUrl = signalingUrl;
+    this.roomId = roomId;
+    this.isInitiator = isInitiator;
+    this.iceServers = iceServers;
+    this.ws = null;
+    this.pc = null;
+    this.dataChannel = null;
+    this.peerId = null;
+    this.remotePeerId = null;
+    this._closed = false;
+  }
+
+  async connect() {
+    if (!RTCPeerConnection) throw new Error('WebRTC not available');
+    if (isPrivateUrl(this.signalingUrl)) throw new Error('SSRF blocked: private/internal signaling URL');
+
+    const wsUrl = this.signalingUrl.replace(/^http/, 'ws') + '/ws/signaling';
+    const WS = globalThis.WebSocket || (await import('ws')).default;
+
+    return new Promise((resolve, reject) => {
+      this.ws = new WS(wsUrl);
+
+      this.ws.onopen = () => {
+        this.ws.send(JSON.stringify({
+          type: 'join',
+          roomId: this.roomId,
+          publicKey: config.get('identity')?.publicKey || '',
+        }));
+      };
+
+      this.ws.onmessage = async (event) => {
+        const msg = JSON.parse(typeof event.data === 'string' ? event.data : event.data.toString());
+
+        switch (msg.type) {
+          case 'connected':
+            this.peerId = msg.peerId;
+            break;
+
+          case 'joined':
+            if (this.isInitiator && msg.peers.length > 0) {
+              this.remotePeerId = msg.peers[0].peerId;
+              await this._createOffer();
+            }
+            break;
+
+          case 'peer-joined':
+            this.remotePeerId = msg.peerId;
+            if (this.isInitiator) await this._createOffer();
+            break;
+
+          case 'offer':
+            await this._handleOffer(msg);
+            break;
+
+          case 'answer':
+            await this._handleAnswer(msg);
+            break;
+
+          case 'ice-candidate':
+            await this._handleIceCandidate(msg);
+            break;
+
+          case 'peer-left':
+            this.emit('peer-disconnected');
+            break;
+
+          case 'error':
+            reject(new Error(msg.error));
+            break;
+        }
+      };
+
+      this.ws.onerror = (err) => reject(err);
+      this.ws.onclose = () => {
+        if (!this._closed) this.emit('signaling-disconnected');
+      };
+
+      // Resolve once the data channel is open
+      this.once('channel-open', () => resolve(this));
+
+      // Timeout after 30s
+      setTimeout(() => {
+        if (!this.dataChannel || this.dataChannel.readyState !== 'open') {
+          reject(new Error('WebRTC connection timeout'));
+        }
+      }, 30_000);
+    });
+  }
+
+  _createPeerConnection() {
+    this.pc = new RTCPeerConnection({ iceServers: this.iceServers });
+
+    this.pc.onicecandidate = (event) => {
+      if (event.candidate && this.ws?.readyState === 1) {
+        this.ws.send(JSON.stringify({
+          type: 'ice-candidate',
+          candidate: event.candidate,
+        }));
+      }
+    };
+
+    this.pc.oniceconnectionstatechange = () => {
+      const state = this.pc.iceConnectionState;
+      this.emit('ice-state', state);
+      if (state === 'connected' || state === 'completed') this.emit('connected');
+      if (state === 'failed' || state === 'disconnected') this.emit('disconnected');
+    };
+
+    this.pc.ondatachannel = (event) => {
+      this._setupDataChannel(event.channel);
+    };
+  }
+
+  _setupDataChannel(channel) {
+    this.dataChannel = channel;
+    channel.binaryType = 'arraybuffer';
+
+    channel.onopen = () => this.emit('channel-open');
+    channel.onclose = () => this.emit('channel-close');
+    channel.onerror = (err) => this.emit('error', err);
+    channel.onmessage = (event) => this.emit('data', event.data);
+  }
+
+  async _createOffer() {
+    this._createPeerConnection();
+
+    // Create data channel for streaming control + data
+    const dc = this.pc.createDataChannel('stream', {
+      ordered: true,
+      maxRetransmits: 3,
+    });
+    this._setupDataChannel(dc);
+
+    const offer = await this.pc.createOffer();
+    await this.pc.setLocalDescription(offer);
+
+    this.ws.send(JSON.stringify({
+      type: 'offer',
+      sdp: offer.sdp,
+    }));
+  }
+
+  async _handleOffer(msg) {
+    this._createPeerConnection();
+    await this.pc.setRemoteDescription(new RTCSessionDescription({ type: 'offer', sdp: msg.sdp }));
+    const answer = await this.pc.createAnswer();
+    await this.pc.setLocalDescription(answer);
+
+    this.ws.send(JSON.stringify({
+      type: 'answer',
+      sdp: answer.sdp,
+    }));
+  }
+
+  async _handleAnswer(msg) {
+    await this.pc.setRemoteDescription(new RTCSessionDescription({ type: 'answer', sdp: msg.sdp }));
+  }
+
+  async _handleIceCandidate(msg) {
+    if (msg.candidate && this.pc) {
+      try { await this.pc.addIceCandidate(msg.candidate); } catch {}
+    }
+  }
+
+  // Send a control message (JSON)
+  sendControl(msg) {
+    if (this.dataChannel?.readyState === 'open') {
+      this.dataChannel.send(JSON.stringify(msg));
+    }
+  }
+
+  // Send binary chunk
+  sendChunk(buffer) {
+    if (this.dataChannel?.readyState === 'open') {
+      this.dataChannel.send(buffer);
+    }
+  }
+
+  close() {
+    this._closed = true;
+    if (this.dataChannel) { try { this.dataChannel.close(); } catch {} }
+    if (this.pc) { try { this.pc.close(); } catch {} }
+    if (this.ws) {
+      try {
+        this.ws.send(JSON.stringify({ type: 'leave' }));
+        this.ws.close();
+      } catch {}
+    }
+    this.removeAllListeners();
+  }
+}
+
+// Host side: serve media over WebRTC data channel
+export class StreamHost extends StreamPeer {
+  constructor(opts) {
+    super({ ...opts, isInitiator: false });
+    this._fileHandler = null;
+  }
+
+  setFileHandler(handler) {
+    // handler(request) => { stream, size, mimeType } or null
+    this._fileHandler = handler;
+  }
+
+  async start() {
+    await this.connect();
+
+    this.on('data', async (raw) => {
+      let msg;
+      try { msg = JSON.parse(typeof raw === 'string' ? raw : new TextDecoder().decode(raw)); } catch { return; }
+
+      if (msg.type === 'media-library') {
+        this.sendControl({ type: 'media-library-response', ...await this._getMediaLibrary(msg.dir) });
+      } else if (msg.type === 'stream-request' && this._fileHandler) {
+        await this._streamFile(msg);
+      }
+    });
+  }
+
+  async _getMediaLibrary(dir) {
+    const fs = await import('fs');
+    const path = await import('path');
+    const os = await import('os');
+
+    const AUDIO = ['mp3', 'flac', 'wav', 'ogg', 'aac', 'm4a'];
+    const VIDEO = ['mp4', 'mkv', 'webm', 'avi', 'mov'];
+    const ALL = [...AUDIO, ...VIDEO];
+
+    let baseDir;
+    if (dir) {
+      const resolved = path.resolve(dir);
+      const musicDir = path.resolve(path.join(os.homedir(), 'Music'));
+      const videosDir = path.resolve(path.join(os.homedir(), 'Videos'));
+      const { listShares } = await import('./shares.js');
+      const shares = listShares({ allUsers: true });
+      const allowed = resolved === musicDir || resolved.startsWith(musicDir + path.sep)
+        || resolved === videosDir || resolved.startsWith(videosDir + path.sep)
+        || shares.some(s => s.sourcePath && (resolved === path.resolve(s.sourcePath) || resolved.startsWith(path.resolve(s.sourcePath) + path.sep)));
+      if (!allowed) {
+        return { files: [], baseDir: dir, error: 'Access denied' };
+      }
+      baseDir = resolved;
+    } else {
+      baseDir = path.join(os.homedir(), 'Music');
+    }
+    const results = [];
+    const MAX = 500;
+
+    function scan(d, depth) {
+      if (depth > 5 || results.length >= MAX) return;
+      let entries;
+      try { entries = fs.readdirSync(d, { withFileTypes: true }); } catch { return; }
+      for (const entry of entries) {
+        if (results.length >= MAX) return;
+        const full = path.join(d, entry.name);
+        if (entry.isDirectory() && !entry.name.startsWith('.')) scan(full, depth + 1);
+        else if (entry.isFile()) {
+          const ext = entry.name.split('.').pop().toLowerCase();
+          if (ALL.includes(ext)) {
+            let size = 0;
+            try { size = fs.statSync(full).size; } catch {}
+            results.push({ name: entry.name, path: full, size, type: AUDIO.includes(ext) ? 'audio' : 'video', ext });
+          }
+        }
+      }
+    }
+    scan(baseDir, 0);
+    results.sort((a, b) => a.name.localeCompare(b.name));
+    return { files: results, baseDir };
+  }
+
+  async _streamFile(request) {
+    const fs = await import('fs');
+    const pathMod = await import('path');
+    const { filePath, rangeStart, rangeEnd } = request;
+
+    if (!filePath || typeof filePath !== 'string') {
+      this.sendControl({ type: 'stream-error', error: 'Invalid path' });
+      return;
+    }
+    const resolved = pathMod.resolve(filePath);
+    const { listShares } = await import('./shares.js');
+    const shares = listShares({ allUsers: true });
+    const allowed = shares.some(s => {
+      if (!s.sourcePath) return false;
+      const shareBase = pathMod.resolve(s.sourcePath);
+      return resolved === shareBase || resolved.startsWith(shareBase + pathMod.sep);
+    });
+    if (!allowed) {
+      this.sendControl({ type: 'stream-error', error: 'Access denied' });
+      return;
+    }
+
+    let stat;
+    try { stat = fs.statSync(filePath); } catch {
+      this.sendControl({ type: 'stream-error', error: 'File not found' });
+      return;
+    }
+
+    const start = rangeStart || 0;
+    const end = rangeEnd || stat.size - 1;
+    const CHUNK_SIZE = 16384; // 16KB chunks for data channel
+
+    this.sendControl({
+      type: 'stream-start',
+      size: stat.size,
+      rangeStart: start,
+      rangeEnd: end,
+      fileName: request.filePath.split(/[/\\]/).pop(),
+    });
+
+    const stream = fs.createReadStream(filePath, { start, end });
+    for await (const chunk of stream) {
+      // Wait if data channel is buffered
+      while (this.dataChannel && this.dataChannel.bufferedAmount > 1024 * 1024) {
+        await new Promise(r => setTimeout(r, 10));
+      }
+      if (this.dataChannel?.readyState !== 'open') break;
+      this.sendChunk(chunk);
+    }
+
+    this.sendControl({ type: 'stream-end' });
+  }
+}
+
+// Client side: request and receive media over WebRTC
+export class StreamClient extends StreamPeer {
+  constructor(opts) {
+    super({ ...opts, isInitiator: true });
+    this._chunks = [];
+    this._streamResolve = null;
+  }
+
+  async requestMediaLibrary(dir) {
+    return new Promise((resolve) => {
+      const handler = (raw) => {
+        let msg;
+        try { msg = JSON.parse(typeof raw === 'string' ? raw : new TextDecoder().decode(raw)); } catch { return; }
+        if (msg.type === 'media-library-response') {
+          this.removeListener('data', handler);
+          resolve(msg);
+        }
+      };
+      this.on('data', handler);
+      this.sendControl({ type: 'media-library', dir });
+    });
+  }
+
+  async requestStream(filePath, { rangeStart, rangeEnd } = {}) {
+    return new Promise((resolve, reject) => {
+      let metadata = null;
+      const chunks = [];
+
+      const handler = (raw) => {
+        if (raw instanceof ArrayBuffer || Buffer.isBuffer(raw)) {
+          chunks.push(Buffer.isBuffer(raw) ? raw : Buffer.from(raw));
+          return;
+        }
+
+        let msg;
+        try { msg = JSON.parse(typeof raw === 'string' ? raw : new TextDecoder().decode(raw)); } catch { return; }
+
+        if (msg.type === 'stream-start') {
+          metadata = msg;
+        } else if (msg.type === 'stream-end') {
+          this.removeListener('data', handler);
+          resolve({ metadata, data: Buffer.concat(chunks) });
+        } else if (msg.type === 'stream-error') {
+          this.removeListener('data', handler);
+          reject(new Error(msg.error));
+        }
+      };
+
+      this.on('data', handler);
+      this.sendControl({ type: 'stream-request', filePath, rangeStart, rangeEnd });
+    });
+  }
+}

package/lib/crypto/chatEncryption.js

@@ -0,0 +1,57 @@
+import sodium from 'sodium-native';
+
+export function encryptMessage(plaintext, senderPrivateKey, recipientPublicKey) {
+  const senderEd = Buffer.isBuffer(senderPrivateKey) ? senderPrivateKey : Buffer.from(senderPrivateKey, 'hex');
+  const recipientEd = Buffer.isBuffer(recipientPublicKey) ? recipientPublicKey : Buffer.from(recipientPublicKey, 'hex');
+
+  const senderCurve = Buffer.alloc(sodium.crypto_box_SECRETKEYBYTES);
+  const recipientCurve = Buffer.alloc(sodium.crypto_box_PUBLICKEYBYTES);
+  sodium.crypto_sign_ed25519_sk_to_curve25519(senderCurve, senderEd);
+  sodium.crypto_sign_ed25519_pk_to_curve25519(recipientCurve, recipientEd);
+
+  const message = Buffer.from(plaintext, 'utf8');
+  const nonce = Buffer.alloc(sodium.crypto_box_NONCEBYTES);
+  sodium.randombytes_buf(nonce);
+
+  const cipher = Buffer.alloc(message.length + sodium.crypto_box_MACBYTES);
+  sodium.crypto_box_easy(cipher, message, nonce, recipientCurve, senderCurve);
+
+  return {
+    nonce: nonce.toString('hex'),
+    cipher: cipher.toString('hex'),
+  };
+}
+
+export function decryptMessage(encrypted, recipientPrivateKey, senderPublicKey) {
+  const recipientEd = Buffer.isBuffer(recipientPrivateKey) ? recipientPrivateKey : Buffer.from(recipientPrivateKey, 'hex');
+  const senderEd = Buffer.isBuffer(senderPublicKey) ? senderPublicKey : Buffer.from(senderPublicKey, 'hex');
+
+  const recipientCurve = Buffer.alloc(sodium.crypto_box_SECRETKEYBYTES);
+  const senderCurve = Buffer.alloc(sodium.crypto_box_PUBLICKEYBYTES);
+  sodium.crypto_sign_ed25519_sk_to_curve25519(recipientCurve, recipientEd);
+  sodium.crypto_sign_ed25519_pk_to_curve25519(senderCurve, senderEd);
+
+  const nonce = Buffer.from(encrypted.nonce, 'hex');
+  const cipher = Buffer.from(encrypted.cipher, 'hex');
+
+  const message = Buffer.alloc(cipher.length - sodium.crypto_box_MACBYTES);
+  const ok = sodium.crypto_box_open_easy(message, cipher, nonce, senderCurve, recipientCurve);
+  if (!ok) throw new Error('Decryption failed - message tampered or wrong key');
+
+  return message.toString('utf8');
+}
+
+export function signMessage(message, privateKey) {
+  const sk = Buffer.isBuffer(privateKey) ? privateKey : Buffer.from(privateKey, 'hex');
+  const msg = Buffer.from(message, 'utf8');
+  const signature = Buffer.alloc(sodium.crypto_sign_BYTES);
+  sodium.crypto_sign_detached(signature, msg, sk);
+  return signature.toString('hex');
+}
+
+export function verifySignature(message, signature, publicKey) {
+  const pk = Buffer.isBuffer(publicKey) ? publicKey : Buffer.from(publicKey, 'hex');
+  const msg = Buffer.from(message, 'utf8');
+  const sig = Buffer.from(signature, 'hex');
+  return sodium.crypto_sign_verify_detached(sig, msg, pk);
+}

package/lib/crypto/shareEncryption.js

@@ -0,0 +1,195 @@
+import sodium from 'sodium-native';
+import fs from 'fs';
+import path from 'path';
+import config from '../utils/config.js';
+
+const CHUNK_SIZE = 65536; // 64KB chunks for streaming encryption
+
+export function generateShareKey() {
+  const key = Buffer.alloc(sodium.crypto_secretstream_xchacha20poly1305_KEYBYTES);
+  sodium.randombytes_buf(key);
+  return key;
+}
+
+export function getEncryptedShareDir(shareId) {
+  const baseDir = path.dirname(config.path);
+  return path.join(baseDir, 'encrypted-shares', shareId);
+}
+
+export function getDecryptedOutputDir(shareName) {
+  const baseDir = path.dirname(config.path);
+  return path.join(baseDir, 'downloads', shareName);
+}
+
+// Encrypt a single file using secretstream. Output format:
+// [24-byte header][{4-byte LE chunk_len}{encrypted_chunk}...]
+export function encryptFile(inputPath, outputPath, shareKey) {
+  const state = Buffer.alloc(sodium.crypto_secretstream_xchacha20poly1305_STATEBYTES);
+  const header = Buffer.alloc(sodium.crypto_secretstream_xchacha20poly1305_HEADERBYTES);
+  sodium.crypto_secretstream_xchacha20poly1305_init_push(state, header, shareKey);
+
+  fs.mkdirSync(path.dirname(outputPath), { recursive: true });
+  const input = fs.openSync(inputPath, 'r');
+  const output = fs.openSync(outputPath, 'w');
+  fs.writeSync(output, header);
+
+  const plainBuf = Buffer.alloc(CHUNK_SIZE);
+  let bytesRead;
+  const fileSize = fs.fstatSync(input).size;
+  let totalRead = 0;
+
+  while (true) {
+    bytesRead = fs.readSync(input, plainBuf, 0, CHUNK_SIZE, null);
+    if (bytesRead === 0) break;
+    totalRead += bytesRead;
+    const isLast = totalRead >= fileSize;
+    const plain = plainBuf.subarray(0, bytesRead);
+    const cipher = Buffer.alloc(bytesRead + sodium.crypto_secretstream_xchacha20poly1305_ABYTES);
+    const tag = isLast
+      ? sodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL
+      : sodium.crypto_secretstream_xchacha20poly1305_TAG_MESSAGE;
+    sodium.crypto_secretstream_xchacha20poly1305_push(state, cipher, plain, null, tag);
+    const lenBuf = Buffer.alloc(4);
+    lenBuf.writeUInt32LE(cipher.length, 0);
+    fs.writeSync(output, lenBuf);
+    fs.writeSync(output, cipher);
+    if (isLast) break;
+  }
+
+  fs.closeSync(input);
+  fs.closeSync(output);
+}
+
+// Decrypt a single file encrypted by encryptFile
+export function decryptFile(inputPath, outputPath, shareKey) {
+  const state = Buffer.alloc(sodium.crypto_secretstream_xchacha20poly1305_STATEBYTES);
+  const header = Buffer.alloc(sodium.crypto_secretstream_xchacha20poly1305_HEADERBYTES);
+
+  fs.mkdirSync(path.dirname(outputPath), { recursive: true });
+  const input = fs.openSync(inputPath, 'r');
+  const tmpPath = outputPath + '.tmp';
+  const output = fs.openSync(tmpPath, 'w');
+
+  fs.readSync(input, header, 0, header.length, null);
+  // sodium-native v5: init_pull returns void, throws are surfaced by pull()
+  sodium.crypto_secretstream_xchacha20poly1305_init_pull(state, header, shareKey);
+
+  const lenBuf = Buffer.alloc(4);
+  let fileOffset = header.length;
+
+  try {
+    while (true) {
+      const readLen = fs.readSync(input, lenBuf, 0, 4, fileOffset);
+      if (readLen < 4) break;
+      fileOffset += 4;
+      const chunkLen = lenBuf.readUInt32LE(0);
+      const maxChunk = CHUNK_SIZE + sodium.crypto_secretstream_xchacha20poly1305_ABYTES;
+      if (chunkLen === 0 || chunkLen > maxChunk + 64) {
+        throw new Error('Corrupt ciphertext: invalid chunk length');
+      }
+      const cipher = Buffer.alloc(chunkLen);
+      fs.readSync(input, cipher, 0, chunkLen, fileOffset);
+      fileOffset += chunkLen;
+      const plain = Buffer.alloc(chunkLen - sodium.crypto_secretstream_xchacha20poly1305_ABYTES);
+      const tag = Buffer.alloc(1);
+      // sodium-native v5: pull throws on failure instead of returning -1
+      sodium.crypto_secretstream_xchacha20poly1305_pull(state, plain, tag, cipher, null);
+      fs.writeSync(output, plain);
+      if (tag[0] === sodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL) break;
+    }
+  } catch {
+    fs.closeSync(input);
+    fs.closeSync(output);
+    try { fs.unlinkSync(tmpPath); } catch {}
+    throw new Error('Decryption failed — data corrupted or wrong key');
+  }
+
+  fs.closeSync(input);
+  fs.closeSync(output);
+  fs.renameSync(tmpPath, outputPath);
+}
+
+// Encrypt entire directory tree recursively into destDir
+// Includes per-file timeout (60s default) to prevent hangs on platforms with sodium-native issues (e.g. WSL)
+export function encryptDirectory(sourcePath, destDir, shareKey, { timeoutMs = 60000 } = {}) {
+  const results = [];
+  function encryptWithTimeout(inputPath, outputPath) {
+    const start = Date.now();
+    encryptFile(inputPath, outputPath, shareKey);
+    if (Date.now() - start > timeoutMs) {
+      throw new Error(`Encryption timed out for ${path.basename(inputPath)} (>${timeoutMs / 1000}s). This may indicate a platform issue with sodium-native.`);
+    }
+  }
+  function walk(dir, relBase) {
+    const entries = fs.readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      const fullPath = path.join(dir, entry.name);
+      const rel = relBase ? path.join(relBase, entry.name) : entry.name;
+      if (entry.isDirectory()) {
+        walk(fullPath, rel);
+      } else if (entry.isFile()) {
+        const encPath = path.join(destDir, rel + '.pal');
+        encryptWithTimeout(fullPath, encPath);
+        results.push({ original: rel, encrypted: rel + '.pal' });
+      }
+    }
+  }
+  if (fs.statSync(sourcePath).isDirectory()) {
+    walk(sourcePath, '');
+  } else {
+    const name = path.basename(sourcePath) + '.pal';
+    const encPath = path.join(destDir, name);
+    encryptWithTimeout(sourcePath, encPath);
+    results.push({ original: path.basename(sourcePath), encrypted: name });
+  }
+  return results;
+}
+
+// Decrypt all .pal files in encryptedDir into destDir
+export function decryptDirectory(encryptedDir, destDir, shareKey) {
+  function walk(dir, relBase) {
+    const entries = fs.readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      const fullPath = path.join(dir, entry.name);
+      const rel = relBase ? path.join(relBase, entry.name) : entry.name;
+      if (entry.isDirectory()) {
+        walk(fullPath, rel);
+      } else if (entry.isFile() && entry.name.endsWith('.pal')) {
+        const originalName = rel.slice(0, -4); // remove .pal
+        const outPath = path.join(destDir, originalName);
+        decryptFile(fullPath, outPath, shareKey);
+      }
+    }
+  }
+  walk(encryptedDir, '');
+}
+
+// Wrap shareKey for a recipient using crypto_box_seal (anonymous ECIES)
+// recipientPublicKeyHex: Ed25519 public key (will be converted to Curve25519)
+export function encryptShareKeyForRecipient(shareKey, recipientPublicKeyHex) {
+  const ed25519Pk = Buffer.from(recipientPublicKeyHex, 'hex');
+  const curve25519Pk = Buffer.alloc(sodium.crypto_box_PUBLICKEYBYTES);
+  sodium.crypto_sign_ed25519_pk_to_curve25519(curve25519Pk, ed25519Pk);
+
+  const ciphertext = Buffer.alloc(shareKey.length + sodium.crypto_box_SEALBYTES);
+  sodium.crypto_box_seal(ciphertext, shareKey, curve25519Pk);
+  return ciphertext.toString('hex');
+}
+
+// Unwrap shareKey using own Ed25519 keypair (converted to Curve25519)
+export function decryptShareKey(encryptedShareKeyHex, myPublicKeyHex, myPrivateKeyHex) {
+  const ed25519Pk = Buffer.from(myPublicKeyHex, 'hex');
+  const ed25519Sk = Buffer.from(myPrivateKeyHex, 'hex');
+  if (ed25519Pk.length !== sodium.crypto_sign_PUBLICKEYBYTES) throw new Error('Invalid public key length');
+  if (ed25519Sk.length !== sodium.crypto_sign_SECRETKEYBYTES) throw new Error('Invalid private key length');
+  const curve25519Pk = Buffer.alloc(sodium.crypto_box_PUBLICKEYBYTES);
+  const curve25519Sk = Buffer.alloc(sodium.crypto_box_SECRETKEYBYTES);
+  sodium.crypto_sign_ed25519_pk_to_curve25519(curve25519Pk, ed25519Pk);
+  sodium.crypto_sign_ed25519_sk_to_curve25519(curve25519Sk, ed25519Sk);
+
+  const ciphertext = Buffer.from(encryptedShareKeyHex, 'hex');
+  const shareKey = Buffer.alloc(ciphertext.length - sodium.crypto_box_SEALBYTES);
+  const ok = sodium.crypto_box_seal_open(shareKey, ciphertext, curve25519Pk, curve25519Sk);
+  if (!ok) throw new Error('Failed to decrypt share key — wrong identity or corrupted data');
+  return shareKey;
+}

package/lib/crypto/sharePassword.js

@@ -0,0 +1,35 @@
+import sodium from 'sodium-native';
+import crypto from 'crypto';
+
+const OPSLIMIT = sodium.crypto_pwhash_OPSLIMIT_SENSITIVE;
+const MEMLIMIT = sodium.crypto_pwhash_MEMLIMIT_SENSITIVE;
+const ALG = sodium.crypto_pwhash_ALG_ARGON2ID13;
+
+export function hashSharePassword(password) {
+  const salt = Buffer.alloc(sodium.crypto_pwhash_SALTBYTES);
+  sodium.randombytes_buf(salt);
+
+  const key = Buffer.alloc(32);
+  sodium.crypto_pwhash(key, Buffer.from(password, 'utf8'), salt, OPSLIMIT, MEMLIMIT, ALG);
+
+  return {
+    salt: salt.toString('hex'),
+    hash: key.toString('hex'),
+  };
+}
+
+export function verifySharePassword(password, salt, hash) {
+  const saltBuf = Buffer.from(salt, 'hex');
+  const key = Buffer.alloc(32);
+  sodium.crypto_pwhash(key, Buffer.from(password, 'utf8'), saltBuf, OPSLIMIT, MEMLIMIT, ALG);
+  const hashBuf = Buffer.from(hash, 'hex');
+  if (key.length !== hashBuf.length) return false;
+  return crypto.timingSafeEqual(key, hashBuf);
+}
+
+export function deriveKeyFromPassword(password, salt) {
+  const saltBuf = Buffer.isBuffer(salt) ? salt : Buffer.from(salt, 'hex');
+  const key = Buffer.alloc(32);
+  sodium.crypto_pwhash(key, Buffer.from(password, 'utf8'), saltBuf, OPSLIMIT, MEMLIMIT, ALG);
+  return key;
+}