npm - spd-lib - Versions diffs - 1.2.2 → 1.2.4 - Mend

spd-lib 1.2.2 → 1.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/ai.py +66 -0
package/dist/index.js +1 -415
package/fatman.spd +0 -0
package/high-zip/index.js +28 -0
package/high-zip/node_modules/.package-lock.json +7 -0
package/high-zip/package-lock.json +13 -0
package/high-zip/package.json +13 -0
package/high-zip/tool.js +78 -0
package/img.py +44 -0
package/obfuscate.js +131 -0
package/package/dist/index.js +1 -0
package/package/package-lock.json +1332 -0
package/package/package.json +34 -0
package/package.json +5 -2
package/readme.md +137 -0
package/readme.md.gz +0 -0
package/readme.md.gz.lo +137 -0
package/src/index.js +972 -0
package/t.py +47 -0
package/test.js +10 -0

package/src/index.js ADDED Viewed

@@ -0,0 +1,972 @@
+const fs = require('fs')
+const zlib = require('zlib');
+const sodium = require('libsodium-wrappers');
+const crypto = require('crypto');
+const argon2 = require('argon2');
+class SPD {
+    constructor() {
+        this.data = [];
+        this.keyPair; // Generate a key pair for encryption/decryption
+        this.userKey;
+        this.salt;
+        this.hash = 'sha3-512'
+        this.compression_level = 9
+    }
+    async init() {
+        await sodium.ready;
+    }
+    async changePasscode(oldPasscode, newPasscode) {
+        if (!oldPasscode || !newPasscode) {
+            throw new Error('Old and new passcodes must be provided.');
+        }
+        // Ensure sodium is ready
+        await sodium.ready;
+        // Step 1: Derive key from old passcode and check MAC
+        const { pqcKey: oldPQCKey, salt: currentSalt } = await this.convertPasscodeToPQCKeySalted(oldPasscode, this.salt);
+        const oldUserKey = oldPQCKey.privateKey;
+        // Rebuild MAC to verify old passcode
+        const spdPayload = { data: this.data, salt: Array.from(this.salt) };
+        const spdBuffer = Buffer.from(JSON.stringify(spdPayload), 'utf8');
+        const expectedMac = crypto.createHmac('sha512', oldUserKey).update(spdBuffer).digest();
+        const currentMac = this.generateMAC(spdBuffer, this.userKey);
+        if (!crypto.timingSafeEqual(expectedMac, currentMac)) {
+            throw new Error('Old passcode is incorrect or data integrity check failed.');
+        }
+        // Step 2: Decrypt everything with old key
+        const decryptedEntries = await Promise.all(
+            this.data.map(async dat => {
+                const decrypted = sodium.crypto_aead_xchacha20poly1305_ietf_decrypt(
+                    Buffer.from(dat.data),
+                    Buffer.from(dat.nonce),
+                    oldUserKey
+                );
+                const decompressed = zlib.inflateSync(decrypted);
+                const originalData = decompressed.toString('utf8');
+                return {
+                    name: dat.dataName,
+                    parsed: await this.CSTI(originalData, dat.dataType),
+                    type: dat.dataType
+                };
+            })
+        );
+        // Step 3: Generate new salt + key
+        const { pqcKey: newPQCKey, salt: newSalt } = await this.convertPasscodeToPQCKey(newPasscode);
+        const newUserKey = newPQCKey.privateKey;
+        // Step 4: Re-encrypt data
+        this.salt = newSalt;
+        this.userKey = newUserKey;
+        this.data = [];
+        for (const entry of decryptedEntries) {
+            await this.addData(entry.name, entry.parsed);
+        }
+        // Done: data is now re-encrypted under the new key
+    }
+    generateMAC(dataBuffer, key, meta = {}) {
+        const macInput = Buffer.concat([
+            dataBuffer,
+            Buffer.from(meta.dataName || '', 'utf8'),
+            Buffer.from(meta.dataType || '', 'utf8')
+        ]);
+        return crypto.createHmac('sha512', key).update(macInput).digest();
+    }
+    checkPasscodeStrength(passcode) {
+        const minLength = 12;
+        const entropyChecks = [
+            /[a-z]/,     // lowercase
+            /[A-Z]/,     // uppercase
+            /[0-9]/,     // digits
+            /[^A-Za-z0-9]/ // special characters
+        ];
+        if (typeof passcode !== 'string' || passcode.length < minLength) {
+            throw new Error(`Passcode must be at least ${minLength} characters long.`);
+        }
+        const failed = entropyChecks.filter(regex => !regex.test(passcode));
+        if (failed.length > 1) {
+            throw new Error('Passcode must contain at least three of the following: lowercase letters, uppercase letters, digits, special characters.');
+        }
+        return true;
+    }
+    #passcode
+    async setPassKey(passcode){
+        this.checkPasscodeStrength(passcode);
+            await sodium.ready;
+            await this.init()
+            const { pqcKey, salt } = await this.convertPasscodeToPQCKey(passcode);
+const userKey = pqcKey.privateKey;
+this.userKey = userKey;
+this.salt = salt;
+    }
+    setHash(hash="sha3-512")
+    {
+        this.hash = hash
+    }
+    setCompressionLevel(level=9)
+    {
+        this.compression_level = level
+    }
+    getSodium(){
+        return sodium
+    }
+    sanitizeName(name) {
+        if (typeof name !== 'string') throw new Error('dataName must be a string');
+        // Normalize Unicode, lowercase, trim, and remove unsafe characters
+        return name
+            .normalize('NFKC')   // Normalize full-width, diacritics, etc.
+            .trim()
+            .toLowerCase()
+            .replace(/[^a-z0-9_\-]/g, '_'); // Keep a-z, 0-9, underscore, dash
+    }
+    async addData(name, data) {
+        const dmap = await this.CITS(data)
+        await sodium.ready;
+        const dat = Buffer.from(dmap[0]);
+        const compressedData = zlib.deflateSync(dat,{
+            level:this.compression_level
+        });
+        const safeName = this.sanitizeName(name);
+        const nonce = sodium.randombytes_buf(sodium.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
+        const encryptedData = sodium.crypto_aead_xchacha20poly1305_ietf_encrypt(
+            compressedData,
+            null,
+            null,
+            nonce,
+            this.userKey
+        )
+        //sodium.crypto_secretbox_easy(compressedData, nonce, this.userKey);
+        const hash = crypto.createHash(this.hash).update(encryptedData).digest('hex');
+        this.data.push({ dataName: name, nonce: Buffer.from(nonce), data: Buffer.from(encryptedData), hash, dataType: dmap[1] });
+    }
+    async addMany(dataItems) {
+        await sodium.ready;
+        const tasks = dataItems.map(async ({ name, data }) => {
+            const dmap = await this.CITS(data);
+            const dat = Buffer.from(dmap[0]);
+            const compressedData = zlib.deflateSync(dat, { level: this.compression_level });
+            const nonce = sodium.randombytes_buf(sodium.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
+            const encryptedData = sodium.crypto_aead_xchacha20poly1305_ietf_encrypt(compressedData, null, null, nonce, this.userKey);
+            const hash = crypto.createHash(this.hash).update(encryptedData).digest('hex');
+            return {
+                dataName: name,
+                nonce: Array.from(nonce),
+                data: Array.from(encryptedData),
+                hash,
+                dataType: dmap[1],
+            };
+        });
+        const results = await Promise.all(tasks);
+        this.data.push(...results);
+    }
+    clearCache(){
+        this.data = []
+        this.salt = null
+        this.userKey = null
+    }
+    async saveToFile(outputPath,passcode) {
+        if (
+            typeof outputPath !== 'string' ||
+            !outputPath.trim()
+        ) {
+            throw new Error('Invalid output path.');
+        }
+        const { encryptedSalt, saltNonce, wrapSalt } = await SPD.encryptSalt(this.salt, passcode);
+        const spdPayload = {
+            data: this.data,
+            encryptedSalt,
+            saltNonce,
+            wrapSalt,
+            version:24
+        };
+        const spdDataJSON = JSON.stringify(spdPayload);
+        const spdBuffer = Buffer.from(spdDataJSON, 'utf8');
+        const mac = this.generateMAC(spdBuffer, this.userKey, {
+            dataName: '', // Entire dataset, use blank or static label
+            dataType: 'application/json' // Or whatever label you want for top-level
+        });
+        const finalObject = {
+            payload: Buffer.from(spdBuffer),
+            mac: Buffer.from(mac),
+        };
+        const finalBuffer = zlib.deflateSync(Buffer.from(JSON.stringify(finalObject)), {
+            level: this.compression_level
+        });
+        fs.writeFileSync(outputPath, finalBuffer, { mode: 0o600 });
+    }
+    static async loadFromFile(spdPath, passcode,hash='sha3-512',compression_level=9) {
+            try{
+        if (!spdPath || typeof spdPath !== 'string' || !spdPath.trim() || !passcode || typeof passcode !== 'string' || !passcode.trim()) {
+            throw new Error('Invalid SPD path or passcode.')
+        }
+        await sodium.ready;
+        const compressedSpdData = fs.readFileSync(spdPath);
+        const spdData = zlib.inflateSync(compressedSpdData,{level:compression_level}).toString('utf8');
+        const { payload,mac } = JSON.parse(spdData);
+        const spdBuffer = Buffer.from(payload);
+        const t = new SPD()
+        const { data, encryptedSalt, saltNonce, wrapSalt,version } = JSON.parse(Buffer.from(payload).toString("utf-8"));
+        if (typeof version !== 'number' || version !== 24) {
+            throw new Error(`Unsupported SPD version: ${version}`);
+        }
+        const salt = await SPD.decryptSalt(encryptedSalt, saltNonce, wrapSalt, passcode);
+        const { pqcKey } = await t.convertPasscodeToPQCKey(passcode, new Uint8Array(salt));
+        const pbk = pqcKey.privateKey;
+const expectedMac = crypto.createHmac('sha512', pbk).update(Buffer.concat([
+    spdBuffer,
+    Buffer.from('', 'utf8'),
+    Buffer.from('application/json', 'utf8')
+])).digest();
+if (!crypto.timingSafeEqual(Buffer.from(mac), expectedMac)) {
+    throw new Error('MAC verification failed — data may be tampered with.');
+}
+        const spd = new SPD();
+        spd.setHash(hash)
+        spd.setCompressionLevel(compression_level)
+        spd.userKey = pbk;
+        spd.keyPair = {
+            publicKey: pbk.publicKey
+        };
+        spd.data = data.map(dat => ({
+            dataName: dat.dataName,
+            nonce: Buffer.from(dat.nonce),
+            data: Buffer.from(dat.data),
+            hash: dat.hash,
+            dataType: dat.dataType
+        }));
+        await Promise.all(spd.data.map(dat => {
+            const calculatedHash = crypto.createHash(hash).update(Buffer.from(dat.data)).digest('hex');
+            if (calculatedHash !== dat.hash) {
+                throw new Error(`Data integrity check failed for ${dat.dataName}`);
+            }
+        }));
+        return spd;
+    }catch(err){
+        throw new Error(err)
+    }
+    }
+    async extractData() {
+        await sodium.ready;
+        const tasks = this.data.map(async dat => {
+            try {
+                const decryptedData = sodium.crypto_aead_xchacha20poly1305_ietf_decrypt(null,dat.data,null,dat.nonce, this.userKey);
+                const decompressedData = zlib.inflateSync(decryptedData, { level: this.compression_level });
+                const dt = decompressedData.toString('utf8');
+                const parsed = await this.CSTI(dt, dat.dataType);
+                return [dat.dataName, parsed];
+            } catch (err) {
+                throw new Error(`Failed to process ${dat.dataName}: ${err.message}`);
+            }
+        });
+        const results = await Promise.all(tasks);
+        return Object.fromEntries(results);
+    }
+    static async derivePBK(passcode, salt) {
+        if (!salt || !(salt instanceof Uint8Array) || salt.length !== 16) {
+            throw new Error('Invalid salt.');
+        }
+        if (!passcode || typeof passcode !== 'string' || !salt || !(salt instanceof Uint8Array) || salt.length !== 16) {
+            throw new Error('Invalid passcode or salt.');
+        }
+        // 2. Hash again with SHA-512 to get deterministic binary seed material
+        const derivedKey = await argon2.hash(passcode, {
+            salt: Buffer.from(salt),
+            type: argon2.argon2id,
+            raw: true, // <- raw output as Buffer
+            memoryCost: 2 ** 16,  // 64 MB
+            timeCost: 5,
+            parallelism: 1,
+            hashLength: sodium.crypto_kx_SEEDBYTES // usually 32 bytes
+        });
+        // 3. Slice securely to get the 32-byte seed for libsodium
+        const seed = derivedKey.slice(0, sodium.crypto_kx_SEEDBYTES);
+        return { pbk: seed, salt };
+    }
+    async saveData(passcode="") {
+        const { encryptedSalt, saltNonce, wrapSalt } = await SPD.encryptSalt(this.salt, passcode);
+const spdPayload = {
+    data: this.data,
+    encryptedSalt,
+    saltNonce,
+    wrapSalt,
+    version: 24
+};
+        const spdDataJSON = JSON.stringify(spdPayload);
+        const spdBuffer = Buffer.from(spdDataJSON, 'utf8');
+        const mac = this.generateMAC(spdBuffer, this.userKey, {
+            dataName: '', // Entire dataset, use blank or static label
+            dataType: 'application/json' // Or whatever label you want for top-level
+        });
+        const finalObject = {
+            payload: Buffer.from(spdBuffer),
+            mac: Buffer.from(mac),
+        };
+        const compressedSpdData = zlib.deflateSync(Buffer.from(JSON.stringify(finalObject)), {
+            level: this.compression_level
+        });
+        return compressedSpdData.toString('base64');
+    }
+    static async decryptSalt(encryptedSalt, saltNonce, wrapSalt, passcode) {
+        const { pbk } = await SPD.derivePBK(passcode, new Uint8Array(wrapSalt));
+        await sodium.ready;
+        const salt = sodium.crypto_aead_xchacha20poly1305_ietf_decrypt(null,
+            new Uint8Array(encryptedSalt),
+            null,
+            new Uint8Array(saltNonce),
+            new Uint8Array(pbk)
+        );
+        if (!salt) throw new Error('Failed to decrypt salt.');
+        return salt;
+    }
+    static async encryptSalt(salt, passcode) {
+        const wrapSalt = crypto.getRandomValues(new Uint8Array(16));
+        const { pbk } = await SPD.derivePBK(passcode, wrapSalt);
+        await sodium.ready;
+        const nonce = sodium.randombytes_buf(sodium.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
+        const encryptedSalt = sodium.crypto_aead_xchacha20poly1305_ietf_encrypt(salt, null,null, nonce, new Uint8Array(pbk));
+        return {
+            encryptedSalt: Array.from(encryptedSalt),
+            saltNonce: Array.from(nonce),
+            wrapSalt: Array.from(wrapSalt)
+        };
+    }
+    static async loadFromString(spdData, passcode,hash='sha3-512',compression_level=9) {
+            try{
+        if (!spdData || typeof spdData !== 'string' || !spdData.trim() || !passcode || typeof passcode !== 'string' || !passcode.trim()) {
+            throw new Error('Invalid SPD path or passcode.')
+        }
+        await sodium.ready;
+        const spdDataBuffer = Buffer.from(spdData, 'base64');
+        const spdData2 = zlib.inflateSync(spdDataBuffer,{level:compression_level}).toString('utf8');
+        const { payload, mac } = JSON.parse(spdData2);
+        const { data, encryptedSalt, saltNonce, wrapSalt,version } = JSON.parse(Buffer.from(payload).toString("utf-8"));
+const salt = await SPD.decryptSalt(encryptedSalt, saltNonce, wrapSalt, passcode);
+if (typeof version !== 'number' || version !== 24) {
+    throw new Error(`Unsupported SPD version: ${version}`);
+}
+        const spdBuffer = Buffer.from(payload);
+        const t = new SPD()
+        const { pqcKey } = await t.convertPasscodeToPQCKey(passcode, new Uint8Array(salt));
+        const pbk = pqcKey.privateKey;
+const expectedMac = crypto.createHmac('sha512', pbk).update(Buffer.concat([
+    spdBuffer,
+    Buffer.from('', 'utf8'),
+    Buffer.from('application/json', 'utf8')
+])).digest();
+if (!crypto.timingSafeEqual(Buffer.from(mac), expectedMac)) {
+    throw new Error('MAC verification failed — data may be tampered with.');
+}
+        const spd = new SPD();
+        spd.setHash(hash)
+        spd.setCompressionLevel(compression_level)
+        spd.userKey = pbk;
+        spd.keyPair = {
+            publicKey: pbk.publicKey
+        };
+        spd.data = data.map(dat => ({
+            dataName: dat.dataName,
+            nonce: Buffer.from(dat.nonce),
+            data: Buffer.from(dat.data),
+            hash: dat.hash,
+            dataType: dat.dataType
+        }));
+        await Promise.all(spd.data.map(dat => {
+            const calculatedHash = crypto.createHash(hash).update(Buffer.from(dat.data)).digest('hex');
+            if (calculatedHash !== dat.hash) {
+                throw new Error(`Data integrity check failed for ${dat.dataName}`);
+            }
+        }));
+        return spd;
+    }catch(err){
+        throw new Error(err)
+    }
+      }
+      static toBase64(buffer) {
+        return Buffer.from(buffer).toString('base64');
+    }
+    static fromBase64(str) {
+        return new Uint8Array(Buffer.from(str, 'base64'));
+    }
+    async convertPasscodeToPQCKey(passcode, salt = crypto.getRandomValues(new Uint8Array(16))) {
+        if (typeof passcode !== 'string' || passcode.length < 8)
+            throw new Error('Invalid passcode.');
+        const { pbk } = await SPD.derivePBK(passcode, salt);
+        await this.init();
+        const keyPair = sodium.crypto_kx_seed_keypair(pbk);
+        sodium.memzero(pbk);
+        return { pqcKey: { privateKey: keyPair.privateKey }, salt };
+    }
+    async TDT(data) {
+        const classTypeMap = {
+            '[object Array]': 'Array',
+            '[object Uint8Array]': 'Uint8Array',
+            '[object Uint16Array]': 'Uint16Array',
+            '[object Uint32Array]': 'Uint32Array',
+            '[object BigInt64Array]': 'BigInt64Array',
+            '[object BigUint64Array]': 'BigUint64Array',
+            '[object Float32Array]': 'Float32Array',
+            '[object Float64Array]': 'Float64Array',
+            '[object Map]': 'Map',
+            '[object Set]': 'Set',
+            '[object Date]': 'Date',
+            '[object RegExp]': 'RegExp',
+            '[object Error]': 'Error'
+        };
+        const objectType = Object.prototype.toString.call(data);
+        const mappedType = classTypeMap[objectType];
+        return mappedType;
+    }
+    async isNumArr(dataType) {
+        if(dataType === 'Uint8Array' || dataType === 'Uint16Array' || dataType === 'Uint32Array' || dataType === 'BigInt64Array' || dataType === 'BigUint64Array' || dataType === 'Float32Array' || dataType === 'Float64Array'){
+            return true;
+        }
+    }
+    async isSWM(dataType) {
+        if(dataType === 'Map' || dataType === 'Set' || dataType === 'WeakMap' || dataType === 'WeakSet'){
+            return true;
+        }
+    }
+    async isDRE(dataType) {
+        if(dataType === 'Date' || dataType === 'RegExp' || dataType === 'Error'){
+            return true;
+        }
+    }
+    async CITS(data) {
+        const dataType = typeof data;
+        if (dataType === 'string' || dataType === 'number' || dataType === 'boolean') {
+            return [data.toString(), dataType];
+        }
+        if(typeof data === 'object'){
+            const type = await this.TDT(data)
+            if(type === 'Array'){
+                return [JSON.stringify(data),'Array'];
+            }
+            if(await this.isNumArr(type)){
+                return [JSON.stringify(Array.from(data)),type];
+            }
+            if(await this.isSWM(type)){
+                return [JSON.stringify([...data]),type];
+            }
+            if(await this.isDRE(type)){
+                return [data.toString(),type];
+            }
+            return [JSON.stringify(data), typeof data];
+        }
+    }
+    async CSTI(data, type) {
+        try {
+            switch (type) {
+                case 'string':
+                    if (typeof data !== 'string') throw new Error('Expected string');
+                    return data;
+                case 'number':
+                    const num = parseFloat(data);
+                    if (isNaN(num)) throw new Error('Invalid number');
+                    return num;
+                case 'boolean':
+                    if (data !== 'true' && data !== 'false') throw new Error('Invalid boolean');
+                    return data === 'true';
+                case 'Array':
+                case 'object':
+                    const obj = JSON.parse(data);
+                    if (typeof obj !== 'object' || obj === null) throw new Error('Invalid object');
+                    return obj;
+                case 'Uint8Array':
+                    return new Uint8Array(JSON.parse(data));
+                case 'Uint16Array':
+                    return new Uint16Array(JSON.parse(data));
+                case 'Uint32Array':
+                    return new Uint32Array(JSON.parse(data));
+                case 'BigInt64Array':
+                    return new BigInt64Array(JSON.parse(data));
+                case 'BigUint64Array':
+                    return new BigUint64Array(JSON.parse(data));
+                case 'Float32Array':
+                    return new Float32Array(JSON.parse(data));
+                case 'Float64Array':
+                    return new Float64Array(JSON.parse(data));
+                case 'Map':
+                    return new Map(JSON.parse(data));
+                case 'Set':
+                    return new Set(JSON.parse(data));
+                case 'Date':
+                    const d = new Date(data);
+                    if (isNaN(d.getTime())) throw new Error('Invalid Date');
+                    return d;
+                case 'RegExp':
+                    return new RegExp(data);
+                case 'Error':
+                    return new Error(data);
+                default:
+                    throw new Error(`Unknown or unsupported type: ${type}`);
+            }
+        } catch (err) {
+            throw new Error(`Failed to restore data of type "${type}": ${err.message}`);
+        }
+    }
+}
+class SPD_Legacy {
+    constructor() {
+        this.data = [];
+        this.keyPair; // Generate a key pair for encryption/decryption
+        this.userKey;
+        this.salt;
+        this.init();
+    }
+    async init() {
+        await sodium.ready;
+        this.keyPair = sodium.crypto_box_keypair()
+    }
+    async setPassKey(passcode){
+            await sodium.ready;
+            this.init()
+            const { pqcKey, salt } = await new SPD_Legacy().convertPasscodeToPQCKey(passcode);
+const userKey = pqcKey.publicKey;
+this.userKey = userKey;
+this.salt = salt;
+    }
+    async addData(name, data) {
+        const dmap = await this.CITS(data)
+        await sodium.ready;
+        const dat = Buffer.from(dmap[0]);
+        const compressedData = zlib.deflateSync(dat,{
+            level:9
+        });
+        const nonce = sodium.randombytes_buf(sodium.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
+        const encryptedData = sodium.crypto_secretbox_easy(compressedData, nonce, this.userKey);
+        const hash = crypto.createHash('sha256').update(encryptedData).digest('hex');
+        this.data.push({ dataName: name, nonce: Array.from(nonce), data: Array.from(encryptedData), hash, dataType: dmap[1] });
+    }
+    saveToFile(outputPath) {
+        if (!outputPath || typeof outputPath !== 'string' || !outputPath.trim() || !this.salt || !(this.salt instanceof Uint8Array) || this.salt.length !== 16) {
+            throw new Error('Invalid output path or salt.');
+        }
+        const spdData = JSON.stringify({ data: this.data, salt: Array.from(this.salt) });
+        const compressedSpdData = zlib.deflateSync(spdData,{
+            level:9
+        });
+        fs.writeFileSync(outputPath, compressedSpdData, { mode: 0o600 });
+    }
+    static async loadFromFile(spdPath, passcode) {
+        if (
+            !spdPath || typeof spdPath !== 'string' || !spdPath.trim() ||
+            !passcode || typeof passcode !== 'string' || !passcode.trim()
+        ) {
+            throw new Error('Invalid SPD path or passcode.');
+        }
+        await sodium.ready;
+        try {
+            const compressedSpdData = fs.readFileSync(spdPath);
+            const spdData = zlib.inflateSync(compressedSpdData, { level: 9 }).toString('utf8');
+            const { data, salt } = JSON.parse(spdData);
+            const legacyInstance = new SPD_Legacy();
+            const { pqcKey } = await legacyInstance.convertPasscodeToPQCKeySalted(passcode, new Uint8Array(salt));
+            const pbk = pqcKey.publicKey;
+            const spd = new SPD_Legacy();
+            spd.userKey = pbk;
+            spd.keyPair = { publicKey: pbk.publicKey };
+            spd.data = data.map(dat => ({
+                dataName: dat.dataName,
+                nonce: Buffer.from(dat.nonce),
+                data: Buffer.from(dat.data),
+                hash: dat.hash,
+                dataType: dat.dataType
+            }));
+            // ✅ Run hash validation in parallel
+            const validationTasks = spd.data.map(dat => {
+                return new Promise((resolve, reject) => {
+                    const calculatedHash = crypto.createHash('sha256').update(dat.data).digest('hex');
+                    if (calculatedHash !== dat.hash) {
+                        reject(new Error(`Data integrity check failed for ${dat.dataName}`));
+                    } else {
+                        resolve();
+                    }
+                });
+            });
+            await Promise.all(validationTasks);
+            return spd;
+        } catch (err) {
+            throw new Error(`Failed to load SPD file: ${err.message}`);
+        }
+    }
+    async extractData() {
+        await sodium.ready;
+        try {
+            const extractionTasks = this.data.map(async dat => {
+                try {
+                    const decryptedData = sodium.crypto_secretbox_open_easy(dat.data, dat.nonce, this.userKey);
+                    const decompressedData = zlib.inflateSync(decryptedData, { level: 9 });
+                    const dt = decompressedData.toString('utf8');
+                    const parsed = await this.CSTI(dt, dat.dataType);
+                    return [dat.dataName, parsed];
+                } catch (err) {
+                    throw new Error(`Failed to process ${dat.dataName}: ${err.message}`);
+                }
+            });
+            const results = await Promise.all(extractionTasks);
+            return Object.fromEntries(results);
+        } catch (err) {
+            throw new Error(`Data extraction failed: ${err.message}`);
+        }
+    }
+    static async derivePBK(passcode, salt) {
+        if (!passcode || typeof passcode !== 'string' || !passcode.trim() || !salt || !(salt instanceof Uint8Array) || salt.length !== 16) {
+            throw new Error('Invalid passcode or salt.');
+        }
+        return new Promise((resolve, reject) => {
+            crypto.pbkdf2(passcode, salt, 100000, 32, 'sha256', (err, derivedKey) => {
+                if (err) {
+                    reject(err);
+                } else {
+                    resolve({ pbk: derivedKey, salt: salt });
+                }
+            });
+        });
+    }
+    saveData() {
+        const spdData = JSON.stringify({ data: this.data, salt: Array.from(this.salt) });
+        const compressedSpdData = zlib.deflateSync(spdData,{level:9});
+        return compressedSpdData;
+    }
+    static async loadFromString(spdData, passcode) {
+        if (!spdData || typeof spdData !== 'string' || !spdData.trim() ||
+            !passcode || typeof passcode !== 'string' || !passcode.trim()) {
+            throw new Error('Invalid SPD data or passcode.');
+        }
+        await sodium.ready;
+        try {
+            const spdDataBuffer = Buffer.from(spdData, 'base64');
+            const decompressed = zlib.inflateSync(spdDataBuffer, { level: 9 }).toString('utf8');
+            const { data, salt } = JSON.parse(decompressed);
+            const legacyInstance = new SPD_Legacy();
+            const { pqcKey } = await legacyInstance.convertPasscodeToPQCKeySalted(passcode, new Uint8Array(salt));
+            const pbk = pqcKey.publicKey;
+            const spd = new SPD_Legacy();
+            spd.userKey = pbk;
+            spd.keyPair = { publicKey: pbk.publicKey };
+            // Deserialize data
+            spd.data = data.map(dat => ({
+                dataName: dat.dataName,
+                nonce: Buffer.from(dat.nonce),
+                data: Buffer.from(dat.data),
+                hash: dat.hash,
+                dataType: dat.dataType
+            }));
+            // ✅ Validate hashes in parallel
+            const validationTasks = spd.data.map(dat => {
+                return new Promise((resolve, reject) => {
+                    const calculatedHash = crypto.createHash('sha256').update(dat.data).digest('hex');
+                    if (calculatedHash !== dat.hash) {
+                        reject(new Error(`Data integrity check failed for ${dat.dataName}`));
+                    } else {
+                        resolve();
+                    }
+                });
+            });
+            await Promise.all(validationTasks);
+            return spd;
+        } catch (err) {
+            throw new Error(`Failed to load SPD data: ${err.message}`);
+        }
+    }
+    async convertPasscodeToPQCKeySalted(passcode, salt) {
+        if (!passcode || typeof passcode !== 'string' || !passcode.trim() || passcode.length < 8 || !salt || !(salt instanceof Uint8Array) || salt.length !== 16) {
+            throw new Error('Invalid passcode or salt.');
+        }
+        const { pbk } = await SPD.derivePBK(passcode, salt);
+        await sodium.ready;
+        const keyPair = sodium.crypto_kx_seed_keypair(pbk)
+        return { pqcKey: { publicKey: keyPair.publicKey }, salt };
+    }
+    async convertPasscodeToPQCKey(passcode) {
+        if (!passcode || typeof passcode !== 'string' || !passcode.trim() || passcode.length < 8) {
+            throw new Error('Invalid passcode.');
+        }
+        const { pbk, salt } = await SPD.derivePBK(passcode, crypto.getRandomValues(new Uint8Array(16)));
+        await sodium.ready;
+        const keyPair = sodium.crypto_kx_seed_keypair(pbk.slice(0, sodium.crypto_kx_SEEDBYTES));
+        return { pqcKey: { publicKey: keyPair.publicKey }, salt };
+    }
+    async TDT(data) {
+        const classTypeMap = {
+            '[object Array]': 'Array',
+            '[object Uint8Array]': 'Uint8Array',
+            '[object Uint16Array]': 'Uint16Array',
+            '[object Uint32Array]': 'Uint32Array',
+            '[object BigInt64Array]': 'BigInt64Array',
+            '[object BigUint64Array]': 'BigUint64Array',
+            '[object Float32Array]': 'Float32Array',
+            '[object Float64Array]': 'Float64Array',
+            '[object Map]': 'Map',
+            '[object Set]': 'Set',
+            '[object Date]': 'Date',
+            '[object RegExp]': 'RegExp',
+            '[object Error]': 'Error'
+        };
+        const objectType = Object.prototype.toString.call(data);
+        const mappedType = classTypeMap[objectType];
+        return mappedType;
+    }
+    async isNumArr(dataType) {
+        if(dataType === 'Uint8Array' || dataType === 'Uint16Array' || dataType === 'Uint32Array' || dataType === 'BigInt64Array' || dataType === 'BigUint64Array' || dataType === 'Float32Array' || dataType === 'Float64Array'){
+            return true;
+        }
+    }
+    async isSWM(dataType) {
+        if(dataType === 'Map' || dataType === 'Set' || dataType === 'WeakMap' || dataType === 'WeakSet'){
+            return true;
+        }
+    }
+    async isDRE(dataType) {
+        if(dataType === 'Date' || dataType === 'RegExp' || dataType === 'Error'){
+            return true;
+        }
+    }
+    async CITS(data) {
+        const dataType = typeof data;
+        if (dataType === 'string' || dataType === 'number' || dataType === 'boolean') {
+            return [data.toString(), dataType];
+        }
+        if(typeof data === 'object'){
+            const type = await this.TDT(data)
+            if(type === 'Array'){
+                return [JSON.stringify(data),'Array'];
+            }
+            if(await this.isNumArr(type)){
+                return [JSON.stringify(Array.from(data)),type];
+            }
+            if(await this.isSWM(type)){
+                return [JSON.stringify([...data]),type];
+            }
+            if(await this.isDRE(type)){
+                return [data.toString(),type];
+            }
+            return [JSON.stringify(data), typeof data];
+        }
+    }
+    async CSTI(data,type) {
+        if(type === 'string') {
+            return data
+        }
+        if(type === 'number'){
+            return parseFloat(data);
+        }
+        if(type === 'boolean'){
+            return (data === 'true')&&(data !== 'false');
+        }
+        if(type === 'object' || type === 'Array'){
+            return JSON.parse(data);
+        }
+        if(type === 'Uint8Array'){
+            return new Uint8Array(JSON.parse(data));
+        }
+        if(type === 'Uint16Array'){
+            return new Uint16Array(JSON.parse(data));
+        }
+        if(type === 'Uint32Array'){
+            return new Uint32Array(JSON.parse(data));
+        }
+        if(type === 'BigInt64Array'){
+            return new BigInt64Array(JSON.parse(data));
+        }
+        if(type === 'BigUint64Array'){
+            return new BigUint64Array(JSON.parse(data));
+        }
+        if(type === 'Float32Array'){
+            return new Float32Array(JSON.parse(data));
+        }
+        if(type === 'Float64Array'){
+            return new Float64Array(JSON.parse(data));
+        }
+        if(type === 'Map'){
+            return new Map(JSON.parse(data));
+        }
+        if(type === 'Set'){
+            return new Set(JSON.parse(data));
+        }
+        if(type === 'WeakMap'){
+            return new WeakMap(JSON.parse(data));
+        }
+        if(type === 'WeakSet'){
+            return new WeakSet(JSON.parse(data));
+        }
+        if(type === 'Date'){
+            return new Date(data);
+        }
+        if(type === 'RegExp'){
+            return new RegExp(data);
+        }
+        if(type === 'Error'){
+            return new Error(data);
+        }
+    }
+}
+module.exports = {
+    SPD,
+    SPD_LEG:SPD_Legacy
+};