npm - qr-secure-send - Versions diffs - 1.7.2 → 1.8.0 - Mend

qr-secure-send 1.7.2 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.html CHANGED Viewed

@@ -159,7 +159,7 @@
   <header>
     <h1>QR Secure Send</h1>
     <p>Encrypt and transfer secrets via QR code</p>
-    <p style="font-size:0.7rem;color:#484f58;margin-top:0.2rem">v1.7.2</p>
+    <p style="font-size:0.7rem;color:#484f58;margin-top:0.2rem">v1.8.0</p>
   </header>
   <div class="tabs">
@@ -190,8 +190,9 @@
         </label>
         <div id="send-wallet-fields" class="wallet-fields">
           <p class="info" style="text-align:left;margin-bottom:0.5rem;line-height:1.5">
-            MetaMask will sign a fixed message using your private key.
+            Each QR code gets a unique random seed. MetaMask signs it with your private key.
             The resulting signature becomes the encryption key &mdash; only the same wallet can reproduce it.
+            If a signature leaks, only that specific QR is exposed, not future ones.
             Your private key never leaves MetaMask.
             You can also set a passphrase above for extra security (both will be needed to decrypt).
           </p>
@@ -227,7 +228,7 @@
         <p style="font-size:0.82rem;color:#d29922;margin-bottom:0.5rem;">
           This secret was encrypted with a wallet. Connect the same wallet to decrypt.
         </p>
-        <button class="wallet-btn" id="recv-wallet-connect-btn">Connect & Sign with MetaMask</button>
+        <button class="wallet-btn" id="recv-wallet-connect-btn">Connect MetaMask</button>
         <a class="wallet-btn" id="recv-wallet-deeplink" style="display:none;text-decoration:none;text-align:center" target="_blank">Open in MetaMask App</a>
         <div id="recv-wallet-status" class="wallet-address" style="display:none"></div>
       </div>
@@ -1019,18 +1020,24 @@
   // PAYLOAD HELPERS
   // =========================================================================
-  const APP_VERSION = "1.7.2";
+  const APP_VERSION = "1.8.0";
   const GH_PAGES_URL = "https://degenddy.github.io/qr-secure-send/?v=" + APP_VERSION;
   const METAMASK_DEEP_URL = "https://link.metamask.io/dapp/degenddy.github.io/qr-secure-send/?v=" + APP_VERSION;
-  const WALLET_SIGN_MSG = "QR Secure Send: generate encryption key";
+  const WALLET_SIGN_PREFIX = "QR Secure Send: ";
-  // Ask MetaMask to sign a deterministic message. Returns the signature (hex string).
-  // Same wallet + same message = same signature every time (RFC 6979).
-  async function getWalletSignature(account) {
+  function generateNonce() {
+    const bytes = crypto.getRandomValues(new Uint8Array(16));
+    return Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
+  }
+  // Ask MetaMask to sign a message with a unique nonce. Returns the signature (hex string).
+  // Same wallet + same nonce = same signature every time (RFC 6979).
+  async function getWalletSignature(account, nonce) {
+    const msg = WALLET_SIGN_PREFIX + nonce;
     const sig = await window.ethereum.request({
       method: 'personal_sign',
-      params: [WALLET_SIGN_MSG, account]
+      params: [msg, account]
     });
     return sig;
   }
@@ -1039,13 +1046,20 @@
     return walletSignature ? passphrase + ':' + walletSignature : passphrase;
   }
-  // Extract encrypted data from raw or URL form. Returns { data, wallet } or null.
+  // Extract encrypted data from raw or URL form.
+  // Returns { data, wallet, nonce } or null.
+  // Wallet format: QRSECW:<nonce>:<base64>
   function extractPayload(text) {
     const sources = [text];
     try { const h = new URL(text).hash; if (h) sources.push(h.slice(1)); } catch (_) {}
     for (const s of sources) {
-      if (s.startsWith("QRSECW:")) return { data: s.slice(7), wallet: true };
-      if (s.startsWith("QRSEC:"))  return { data: s.slice(6), wallet: false };
+      if (s.startsWith("QRSECW:")) {
+        const rest = s.slice(7);
+        const colonIdx = rest.indexOf(':');
+        if (colonIdx === -1) return null;
+        return { data: rest.slice(colonIdx + 1), wallet: true, nonce: rest.slice(0, colonIdx) };
+      }
+      if (s.startsWith("QRSEC:")) return { data: s.slice(6), wallet: false, nonce: null };
     }
     return null;
   }
@@ -1091,8 +1105,8 @@
     document.getElementById("send-wallet-fields").classList.toggle("active", e.target.checked);
   });
-  // Send wallet connect
-  let sendWalletSignature = null;
+  // Send wallet connect (just connects — signing happens at generate time with a fresh nonce)
+  let sendWalletAccount = null;
   document.getElementById("send-wallet-connect-btn").addEventListener("click", async () => {
     const errEl = document.getElementById("send-error");
@@ -1104,14 +1118,13 @@
     try {
       const accounts = await window.ethereum.request({ method: 'eth_requestAccounts' });
       if (!accounts.length) { errEl.textContent = "No accounts returned."; return; }
-      const account = accounts[0];
-      sendWalletSignature = await getWalletSignature(account);
-      statusEl.textContent = "Signed with: " + account.toLowerCase();
+      sendWalletAccount = accounts[0];
+      statusEl.textContent = "Connected: " + sendWalletAccount.toLowerCase();
       statusEl.style.display = "block";
       document.getElementById("send-wallet-connect-btn").textContent = "Wallet Connected";
       document.getElementById("send-wallet-connect-btn").disabled = true;
     } catch (e) {
-      errEl.textContent = "Wallet connection/signing failed: " + (e.message || "User rejected.");
+      errEl.textContent = "Wallet connection failed: " + (e.message || "User rejected.");
     }
   });
@@ -1140,15 +1153,21 @@
       }
     }
-    if (useWallet && !sendWalletSignature) {
-      errEl.textContent = "Connect and sign with MetaMask first.";
+    if (useWallet && !sendWalletAccount) {
+      errEl.textContent = "Connect MetaMask first.";
       return;
     }
     try {
-      const keyInput = buildKeyInput(passphrase, useWallet ? sendWalletSignature : null);
+      let walletSig = null;
+      let nonce = null;
+      if (useWallet) {
+        nonce = generateNonce();
+        walletSig = await getWalletSignature(sendWalletAccount, nonce);
+      }
+      const keyInput = buildKeyInput(passphrase, walletSig);
       const encrypted = await encryptSecret(secret, keyInput);
-      const prefix = useWallet ? "QRSECW:" : "QRSEC:";
+      const prefix = useWallet ? "QRSECW:" + nonce + ":" : "QRSEC:";
       const payload = GH_PAGES_URL + "#" + prefix + encrypted;
       if (payload.length > 2953) {
@@ -1172,8 +1191,8 @@
       "loaded from the internet when you start the camera.";
   }
-  // Wallet connect & sign (receive side)
-  let recvWalletSignature = null;
+  // Wallet connect (receive side) — just connects; signing happens at decrypt time with the nonce
+  let recvWalletAccount = null;
   document.getElementById("recv-wallet-connect-btn").addEventListener("click", async () => {
     const statusEl = document.getElementById("recv-wallet-status");
@@ -1188,32 +1207,28 @@
     try {
       const accounts = await window.ethereum.request({ method: 'eth_requestAccounts' });
       if (!accounts.length) { errEl.textContent = "No accounts returned."; return; }
-      const account = accounts[0];
-      recvWalletSignature = await getWalletSignature(account);
-      statusEl.textContent = "Signed with: " + account.toLowerCase();
+      recvWalletAccount = accounts[0];
+      statusEl.textContent = "Connected: " + recvWalletAccount.toLowerCase();
       statusEl.style.display = "block";
-      document.getElementById("recv-wallet-connect-btn").textContent = "Wallet Signed";
+      document.getElementById("recv-wallet-connect-btn").textContent = "Wallet Connected";
       document.getElementById("recv-wallet-connect-btn").disabled = true;
     } catch (e) {
-      errEl.textContent = "Wallet connection/signing failed: " + (e.message || "User rejected.");
+      errEl.textContent = "Wallet connection failed: " + (e.message || "User rejected.");
     }
   });
-  // Re-sign if user switches account in MetaMask
   if (typeof window.ethereum !== 'undefined') {
-    window.ethereum.on('accountsChanged', async (accounts) => {
+    window.ethereum.on('accountsChanged', (accounts) => {
       if (accounts.length) {
-        try {
-          recvWalletSignature = await getWalletSignature(accounts[0]);
-          const statusEl = document.getElementById("recv-wallet-status");
-          statusEl.textContent = "Signed with: " + accounts[0].toLowerCase();
-          statusEl.style.display = "block";
-        } catch (_) { recvWalletSignature = null; }
+        recvWalletAccount = accounts[0];
+        const statusEl = document.getElementById("recv-wallet-status");
+        statusEl.textContent = "Connected: " + recvWalletAccount.toLowerCase();
+        statusEl.style.display = "block";
       } else {
-        recvWalletSignature = null;
+        recvWalletAccount = null;
         document.getElementById("recv-wallet-status").style.display = "none";
         const btn = document.getElementById("recv-wallet-connect-btn");
-        btn.textContent = "Connect & Sign with MetaMask"; btn.disabled = false;
+        btn.textContent = "Connect MetaMask"; btn.disabled = false;
       }
     });
   }
@@ -1243,13 +1258,15 @@
         }
         if (payload.wallet) {
           document.getElementById("recv-wallet-section").style.display = "block";
-          if (!recvWalletSignature) {
-            errEl.textContent = "This secret requires wallet signing. Connect & sign with MetaMask first, then scan again.";
+          if (!recvWalletAccount) {
+            errEl.textContent = "This secret requires wallet authentication. Connect MetaMask first, then scan again.";
             return false;
           }
         }
         try {
-          const keyInput = buildKeyInput(passphrase, payload.wallet ? recvWalletSignature : null);
+          let walletSig = null;
+          if (payload.wallet) walletSig = await getWalletSignature(recvWalletAccount, payload.nonce);
+          const keyInput = buildKeyInput(passphrase, walletSig);
           const secret = await decryptSecret(payload.data, keyInput);
           document.getElementById("recv-value").textContent = secret;
           resultBox.style.display = "block";
@@ -1296,14 +1313,16 @@
     const payload = extractPayload(location.hash.slice(1));
     if (!payload) { errEl.textContent = "No encrypted data found in URL."; return; }
-    if (payload.wallet && !recvWalletSignature) {
-      errEl.textContent = "This secret requires wallet signing. Connect & sign with MetaMask first.";
+    if (payload.wallet && !recvWalletAccount) {
+      errEl.textContent = "This secret requires wallet authentication. Connect MetaMask first.";
       document.getElementById("recv-wallet-section").style.display = "block";
       return;
     }
     try {
-      const keyInput = buildKeyInput(passphrase, payload.wallet ? recvWalletSignature : null);
+      let walletSig = null;
+      if (payload.wallet) walletSig = await getWalletSignature(recvWalletAccount, payload.nonce);
+      const keyInput = buildKeyInput(passphrase, walletSig);
       const secret = await decryptSecret(payload.data, keyInput);
       document.getElementById("recv-value").textContent = secret;
       resultBox.style.display = "block";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "qr-secure-send",
-  "version": "1.7.2",
+  "version": "1.8.0",
   "description": "Encrypt and transfer secrets via QR code",
   "keywords": ["qr", "qrcode", "encryption", "password", "secure", "transfer"],
   "author": "",
@@ -13,6 +13,7 @@
     "qr-secure-send": "cli.js"
   },
   "scripts": {
-    "start": "node cli.js"
+    "start": "node cli.js",
+    "test": "node --test test.js"
   }
 }

package/test.js ADDED Viewed

@@ -0,0 +1,464 @@
+const { describe, it } = require('node:test');
+const assert = require('node:assert');
+const { webcrypto } = require('crypto');
+const vm = require('vm');
+const fs = require('fs');
+const path = require('path');
+// ---------------------------------------------------------------------------
+// Setup: extract JS from index.html and evaluate in a sandboxed VM context
+// ---------------------------------------------------------------------------
+const html = fs.readFileSync(path.join(__dirname, 'index.html'), 'utf8');
+const scriptMatch = html.match(/<script>([\s\S]*?)<\/script>/);
+let jsCode = scriptMatch[1];
+// Expose QRGen.encode for testing
+jsCode = jsCode.replace('return { toCanvas };', 'return { toCanvas, encode };');
+// Make const/let top-level declarations accessible from the sandbox
+jsCode = jsCode.replace('const QRGen =', 'var QRGen =');
+jsCode = jsCode.replace('const QRScan =', 'var QRScan =');
+jsCode = jsCode.replace(/^  const (BRUTE_FORCE_NOTE|GH_PAGES_URL|METAMASK_DEEP_URL|APP_VERSION|WALLET_SIGN_PREFIX) =/gm,
+  '  var $1 =');
+// Truncate at UI LOGIC to avoid DOM-dependent code
+jsCode = jsCode.split('// UI LOGIC')[0];
+const sandbox = {
+  crypto: webcrypto,
+  TextEncoder,
+  TextDecoder,
+  btoa,
+  atob,
+  URL,
+  console,
+  performance,
+  window: { ethereum: undefined },
+  document: {
+    createElement: () => ({
+      getContext: () => ({ fillStyle: '', fillRect: () => {} }),
+      width: 0, height: 0, style: {},
+    }),
+  },
+  navigator: {},
+  location: { hash: '' },
+  requestAnimationFrame: () => {},
+  cancelAnimationFrame: () => {},
+};
+vm.createContext(sandbox);
+vm.runInContext(jsCode, sandbox);
+const {
+  QRGen, encryptSecret, decryptSecret, deriveKey,
+  evaluatePassphraseStrength, extractPayload, buildKeyInput,
+  WALLET_SIGN_PREFIX, generateNonce,
+} = sandbox;
+// =========================================================================
+// extractPayload
+// =========================================================================
+describe('extractPayload', () => {
+  it('parses raw QRSEC: prefix', () => {
+    const r = extractPayload('QRSEC:abc123');
+    assert.strictEqual(r.data, 'abc123'); assert.strictEqual(r.wallet, false);
+    assert.strictEqual(r.nonce, null);
+  });
+  it('parses raw QRSECW: with nonce', () => {
+    const r = extractPayload('QRSECW:mynonce123:abc123');
+    assert.strictEqual(r.data, 'abc123'); assert.strictEqual(r.wallet, true);
+    assert.strictEqual(r.nonce, 'mynonce123');
+  });
+  it('returns null for QRSECW: without nonce separator', () => {
+    assert.strictEqual(extractPayload('QRSECW:nodatahere'), null);
+  });
+  it('parses URL with QRSEC: in hash', () => {
+    const r = extractPayload('https://example.com/page#QRSEC:xyz');
+    assert.strictEqual(r.data, 'xyz'); assert.strictEqual(r.wallet, false);
+  });
+  it('parses URL with QRSECW: in hash', () => {
+    const r = extractPayload('https://example.com/page#QRSECW:nonce42:xyz');
+    assert.strictEqual(r.data, 'xyz'); assert.strictEqual(r.wallet, true);
+    assert.strictEqual(r.nonce, 'nonce42');
+  });
+  it('returns null for unrelated text', () => {
+    assert.strictEqual(extractPayload('hello world'), null);
+  });
+  it('returns null for URL without valid hash', () => {
+    assert.strictEqual(extractPayload('https://example.com/page#other'), null);
+  });
+  it('returns null for empty string', () => {
+    assert.strictEqual(extractPayload(''), null);
+  });
+  it('handles URL with query params and hash', () => {
+    const r = extractPayload('https://example.com?v=1#QRSEC:data');
+    assert.strictEqual(r.data, 'data'); assert.strictEqual(r.wallet, false);
+  });
+  it('generateNonce produces unique 32-char hex strings', () => {
+    const n1 = generateNonce();
+    const n2 = generateNonce();
+    assert.strictEqual(n1.length, 32);
+    assert.ok(/^[0-9a-f]{32}$/.test(n1));
+    assert.notStrictEqual(n1, n2);
+  });
+});
+// =========================================================================
+// buildKeyInput
+// =========================================================================
+describe('buildKeyInput', () => {
+  it('returns passphrase alone when no wallet sig', () => {
+    assert.strictEqual(buildKeyInput('mypass', null), 'mypass');
+    assert.strictEqual(buildKeyInput('mypass', undefined), 'mypass');
+  });
+  it('returns passphrase alone when wallet sig is empty string', () => {
+    assert.strictEqual(buildKeyInput('mypass', ''), 'mypass');
+  });
+  it('concatenates passphrase and wallet sig with colon', () => {
+    assert.strictEqual(buildKeyInput('mypass', '0xabc'), 'mypass:0xabc');
+  });
+  it('works with empty passphrase and wallet sig', () => {
+    assert.strictEqual(buildKeyInput('', '0xabc'), ':0xabc');
+  });
+  it('works with empty passphrase and no wallet sig', () => {
+    assert.strictEqual(buildKeyInput('', null), '');
+  });
+});
+// =========================================================================
+// evaluatePassphraseStrength
+// =========================================================================
+describe('evaluatePassphraseStrength', () => {
+  it('returns none for empty/falsy', () => {
+    assert.strictEqual(evaluatePassphraseStrength('').level, 'none');
+    assert.strictEqual(evaluatePassphraseStrength(null).level, 'none');
+    assert.strictEqual(evaluatePassphraseStrength(undefined).level, 'none');
+  });
+  it('returns weak for short lowercase', () => {
+    const r = evaluatePassphraseStrength('abc');
+    assert.strictEqual(r.level, 'weak');
+    assert.ok(r.bits < 35);
+  });
+  it('returns weak for repeated character', () => {
+    const r = evaluatePassphraseStrength('aaaaaaaaaaaa');
+    assert.strictEqual(r.level, 'weak');
+    assert.ok(r.bits <= 10, `Expected very low bits for repeated char, got ${r.bits}`);
+  });
+  it('returns weak for short numeric (< 6 chars)', () => {
+    const r = evaluatePassphraseStrength('12345');
+    assert.strictEqual(r.level, 'weak');
+    assert.ok(r.bits <= 20);
+  });
+  it('returns moderate for medium mixed-case + digit', () => {
+    const r = evaluatePassphraseStrength('Hello1ab');
+    assert.strictEqual(r.level, 'moderate');
+  });
+  it('returns strong for long mixed with symbols', () => {
+    const r = evaluatePassphraseStrength('C0mpl3x!P@ssw0rd#2024');
+    assert.strictEqual(r.level, 'strong');
+    assert.ok(r.bits >= 50);
+  });
+  it('weak message mentions rate-limiting', () => {
+    const r = evaluatePassphraseStrength('abc');
+    assert.ok(r.message.includes('rate-limiting'));
+  });
+  it('all-lowercase gets 0.7 factor applied', () => {
+    const r = evaluatePassphraseStrength('abcdefghij');
+    assert.ok(r.bits < 35);
+  });
+});
+// =========================================================================
+// Encryption round-trip
+// =========================================================================
+describe('Encryption round-trip', () => {
+  it('encrypts and decrypts with passphrase', async () => {
+    const encrypted = await encryptSecret('hello world', 'mypassphrase');
+    const decrypted = await decryptSecret(encrypted, 'mypassphrase');
+    assert.strictEqual(decrypted, 'hello world');
+  });
+  it('encrypts and decrypts with empty passphrase', async () => {
+    const encrypted = await encryptSecret('secret data', '');
+    const decrypted = await decryptSecret(encrypted, '');
+    assert.strictEqual(decrypted, 'secret data');
+  });
+  it('encrypts and decrypts with simulated wallet signature only', async () => {
+    const walletSig = '0x' + 'ab'.repeat(65);
+    const keyInput = buildKeyInput('', walletSig);
+    const encrypted = await encryptSecret('wallet-protected', keyInput);
+    const decrypted = await decryptSecret(encrypted, keyInput);
+    assert.strictEqual(decrypted, 'wallet-protected');
+  });
+  it('encrypts and decrypts with passphrase + wallet signature', async () => {
+    const walletSig = '0x' + 'cd'.repeat(65);
+    const keyInput = buildKeyInput('mypass', walletSig);
+    const encrypted = await encryptSecret('dual-protected', keyInput);
+    const decrypted = await decryptSecret(encrypted, keyInput);
+    assert.strictEqual(decrypted, 'dual-protected');
+  });
+  it('handles unicode and emoji secrets', async () => {
+    const secret = 'Hello \u4e16\u754c \ud83d\udd10\ud83d\udee1\ufe0f';
+    const encrypted = await encryptSecret(secret, 'pass');
+    const decrypted = await decryptSecret(encrypted, 'pass');
+    assert.strictEqual(decrypted, secret);
+  });
+  it('handles empty secret', async () => {
+    const encrypted = await encryptSecret('', 'pass');
+    const decrypted = await decryptSecret(encrypted, 'pass');
+    assert.strictEqual(decrypted, '');
+  });
+  it('handles special characters in passphrase', async () => {
+    const pass = "p@$$w0rd!#%^&*()_+-=[]{}|;':\",./<>?";
+    const encrypted = await encryptSecret('test', pass);
+    const decrypted = await decryptSecret(encrypted, pass);
+    assert.strictEqual(decrypted, 'test');
+  });
+  it('handles very long secret (1500+ chars)', async () => {
+    const secret = 'A'.repeat(1500);
+    const encrypted = await encryptSecret(secret, 'pass');
+    const decrypted = await decryptSecret(encrypted, 'pass');
+    assert.strictEqual(decrypted, secret);
+  });
+  it('handles binary-like content', async () => {
+    const secret = Array.from({ length: 256 }, (_, i) => String.fromCharCode(i)).join('');
+    const encrypted = await encryptSecret(secret, 'pass');
+    const decrypted = await decryptSecret(encrypted, 'pass');
+    assert.strictEqual(decrypted, secret);
+  });
+});
+// =========================================================================
+// Security / attack resistance
+// =========================================================================
+describe('Security / attack resistance', () => {
+  it('wrong passphrase fails decryption', async () => {
+    const encrypted = await encryptSecret('secret', 'correct-pass');
+    await assert.rejects(() => decryptSecret(encrypted, 'wrong-pass'));
+  });
+  it('wrong wallet signature fails decryption', async () => {
+    const keyEnc = buildKeyInput('pass', '0xaaa');
+    const keyDec = buildKeyInput('pass', '0xbbb');
+    const encrypted = await encryptSecret('secret', keyEnc);
+    await assert.rejects(() => decryptSecret(encrypted, keyDec));
+  });
+  it('tampered ciphertext fails GCM authentication', async () => {
+    const encrypted = await encryptSecret('secret', 'pass');
+    const raw = Uint8Array.from(atob(encrypted), c => c.charCodeAt(0));
+    raw[30] ^= 0xff;
+    const tampered = btoa(String.fromCharCode(...raw));
+    await assert.rejects(() => decryptSecret(tampered, 'pass'));
+  });
+  it('tampered salt fails', async () => {
+    const encrypted = await encryptSecret('secret', 'pass');
+    const raw = Uint8Array.from(atob(encrypted), c => c.charCodeAt(0));
+    raw[0] ^= 0xff;
+    const tampered = btoa(String.fromCharCode(...raw));
+    await assert.rejects(() => decryptSecret(tampered, 'pass'));
+  });
+  it('tampered IV fails', async () => {
+    const encrypted = await encryptSecret('secret', 'pass');
+    const raw = Uint8Array.from(atob(encrypted), c => c.charCodeAt(0));
+    raw[16] ^= 0xff;
+    const tampered = btoa(String.fromCharCode(...raw));
+    await assert.rejects(() => decryptSecret(tampered, 'pass'));
+  });
+  it('single bit-flip in middle of ciphertext fails', async () => {
+    const encrypted = await encryptSecret('secret message here', 'pass');
+    const raw = Uint8Array.from(atob(encrypted), c => c.charCodeAt(0));
+    const mid = Math.floor((28 + raw.length) / 2);
+    raw[mid] ^= 0x01;
+    const tampered = btoa(String.fromCharCode(...raw));
+    await assert.rejects(() => decryptSecret(tampered, 'pass'));
+  });
+  it('truncated ciphertext (salt+iv only) fails', async () => {
+    const encrypted = await encryptSecret('secret', 'pass');
+    const raw = Uint8Array.from(atob(encrypted), c => c.charCodeAt(0));
+    const truncated = btoa(String.fromCharCode(...raw.slice(0, 28)));
+    await assert.rejects(() => decryptSecret(truncated, 'pass'));
+  });
+  it('empty ciphertext string throws', async () => {
+    await assert.rejects(() => decryptSecret('', 'pass'));
+  });
+  it('same secret + passphrase produces different ciphertext (random salt/IV)', async () => {
+    const e1 = await encryptSecret('same', 'same');
+    const e2 = await encryptSecret('same', 'same');
+    assert.notStrictEqual(e1, e2);
+  });
+  it('different secrets with same passphrase produce different ciphertext', async () => {
+    const e1 = await encryptSecret('secret1', 'pass');
+    const e2 = await encryptSecret('secret2', 'pass');
+    assert.notStrictEqual(e1, e2);
+  });
+  it('PBKDF2 key derivation takes meaningful time (>10ms)', async () => {
+    const salt = new Uint8Array(16);
+    const start = performance.now();
+    await deriveKey('test', salt);
+    const elapsed = performance.now() - start;
+    assert.ok(elapsed > 10, `Key derivation too fast (${elapsed.toFixed(1)}ms) — iterations may be too low`);
+  });
+  it('similar passphrases produce different keys / fail cross-decrypt', async () => {
+    const e1 = await encryptSecret('test', 'password1');
+    await assert.rejects(() => decryptSecret(e1, 'password2'));
+  });
+  it('no plaintext leakage in encrypted output', async () => {
+    const secret = 'UNIQUE_PLAINTEXT_MARKER_12345';
+    const encrypted = await encryptSecret(secret, 'pass');
+    assert.ok(!encrypted.includes('UNIQUE_PLAINTEXT_MARKER'));
+    const raw = atob(encrypted);
+    assert.ok(!raw.includes('UNIQUE_PLAINTEXT_MARKER'));
+  });
+  it('timing consistency across encryptions', async () => {
+    const times = [];
+    for (let i = 0; i < 5; i++) {
+      const start = performance.now();
+      await encryptSecret('timing test', 'pass');
+      times.push(performance.now() - start);
+    }
+    const min = Math.min(...times);
+    const max = Math.max(...times);
+    assert.ok(max < min * 5, `Timing variance too high: min=${min.toFixed(1)}ms, max=${max.toFixed(1)}ms`);
+  });
+});
+// =========================================================================
+// QR encoding
+// =========================================================================
+describe('QR encoding', () => {
+  it('encodes short text as version 1 (21x21)', () => {
+    const { matrix, size } = QRGen.encode('Hi');
+    assert.strictEqual(size, 21);
+    assert.strictEqual(matrix.length, 21);
+    assert.strictEqual(matrix[0].length, 21);
+  });
+  it('uses higher version for longer text', () => {
+    const { size: s1 } = QRGen.encode('A');
+    const { size: s2 } = QRGen.encode('A'.repeat(100));
+    assert.ok(s2 > s1, `Expected larger QR for longer text: got ${s1} vs ${s2}`);
+  });
+  it('matrix contains only 1 (black) and 2 (white)', () => {
+    const { matrix, size } = QRGen.encode('test data');
+    for (let r = 0; r < size; r++)
+      for (let c = 0; c < size; c++)
+        assert.ok(matrix[r][c] === 1 || matrix[r][c] === 2,
+          `Invalid value ${matrix[r][c]} at [${r}][${c}]`);
+  });
+  it('throws for data exceeding QR capacity', () => {
+    assert.throws(() => QRGen.encode('A'.repeat(3000)), /too large/i);
+  });
+  it('handles version 2+ (alignment patterns)', () => {
+    const { size } = QRGen.encode('A'.repeat(25));
+    assert.ok(size >= 25);
+  });
+  it('produces deterministic output for same input', () => {
+    const r1 = QRGen.encode('deterministic');
+    const r2 = QRGen.encode('deterministic');
+    assert.strictEqual(r1.size, r2.size);
+    for (let r = 0; r < r1.size; r++)
+      for (let c = 0; c < r1.size; c++)
+        assert.strictEqual(r1.matrix[r][c], r2.matrix[r][c],
+          `Mismatch at [${r}][${c}]`);
+  });
+});
+// =========================================================================
+// Payload format integration (full flow)
+// =========================================================================
+describe('Payload format integration', () => {
+  it('full flow: encrypt -> QRSEC: -> extractPayload -> decrypt', async () => {
+    const encrypted = await encryptSecret('my secret', 'mypass');
+    const payload = 'QRSEC:' + encrypted;
+    const extracted = extractPayload(payload);
+    assert.strictEqual(extracted.wallet, false);
+    const decrypted = await decryptSecret(extracted.data, 'mypass');
+    assert.strictEqual(decrypted, 'my secret');
+  });
+  it('full flow with QRSECW: prefix and nonce', async () => {
+    const nonce = generateNonce();
+    const keyInput = buildKeyInput('pass', '0xfakewalletsig');
+    const encrypted = await encryptSecret('wallet secret', keyInput);
+    const payload = 'QRSECW:' + nonce + ':' + encrypted;
+    const extracted = extractPayload(payload);
+    assert.strictEqual(extracted.wallet, true);
+    assert.strictEqual(extracted.nonce, nonce);
+    const decrypted = await decryptSecret(extracted.data, keyInput);
+    assert.strictEqual(decrypted, 'wallet secret');
+  });
+  it('URL wrapping with GitHub Pages URL', async () => {
+    const encrypted = await encryptSecret('via link', 'pass');
+    const url = 'https://degenddy.github.io/qr-secure-send/?v=1.7.2#QRSEC:' + encrypted;
+    const extracted = extractPayload(url);
+    assert.strictEqual(extracted.wallet, false);
+    const decrypted = await decryptSecret(extracted.data, 'pass');
+    assert.strictEqual(decrypted, 'via link');
+  });
+  it('encrypted output is valid base64', async () => {
+    const encrypted = await encryptSecret('test', 'pass');
+    assert.doesNotThrow(() => atob(encrypted));
+    assert.ok(/^[A-Za-z0-9+/]+=*$/.test(encrypted));
+  });
+  it('encrypted output has correct structure (salt + IV + ciphertext)', async () => {
+    const encrypted = await encryptSecret('test', 'pass');
+    const raw = Uint8Array.from(atob(encrypted), c => c.charCodeAt(0));
+    // salt(16) + iv(12) + plaintext(4) + GCM-tag(16) = 48
+    assert.ok(raw.length >= 44, `Output too short: ${raw.length} bytes`);
+    assert.strictEqual(raw.length, 48);
+  });
+});