UNPKG

@nucypher/taco

Version:

### [`nucypher/taco-web`](../../README.md)

95 lines 5.02 kB
import { AccessControlPolicy, encryptForDkg, ThresholdMessageKit, } from '@nucypher/nucypher-core'; import { DkgCoordinatorAgent, fromHexString, getPorterUris, PorterClient, toBytes, } from '@nucypher/shared'; import { keccak256 } from 'ethers/lib/utils'; import { ConditionExpression } from './conditions/condition-expr'; import { DkgClient } from './dkg'; import { retrieveAndDecrypt } from './tdec'; /** * Encrypts a message under given conditions using a public key from an active DKG ritual. * * @export * @param {ethers.providers.Provider} provider - Instance of ethers provider which is used to interact with * your selected network. * @param {Domain} domain - Represents the logical network in which the encryption will be performed. * Must match the `ritualId`. * @param {Uint8Array | string} message - The message to be encrypted. * @param {Condition} condition - Condition under which the message will be encrypted. Those conditions must be * satisfied in order to decrypt the message. * @param {number} ritualId - The ID of the DKG Ritual to be used for encryption. The message will be encrypted * under the public key of this ritual. * @param {ethers.Signer} authSigner - The signer that will be used to sign the encrypter authorization. * * @returns {Promise<ThresholdMessageKit>} Returns Promise that resolves with an instance of ThresholdMessageKit. * It represents the encrypted message. * * @throws {Error} If the active DKG Ritual cannot be retrieved an error is thrown. */ export const encrypt = async (provider, domain, message, condition, ritualId, authSigner) => { // TODO(#264): Enable ritual initialization // if (ritualId === undefined) { // ritualId = await DkgClient.initializeRitual( // provider, // this.cohort.ursulaAddresses, // true // ); // } // if (ritualId === undefined) { // // Given that we just initialized the ritual, this should never happen // throw new Error('Ritual ID is undefined'); // } const dkgRitual = await DkgClient.getActiveRitual(provider, domain, ritualId); return await encryptWithPublicKey(message, condition, dkgRitual.dkgPublicKey, authSigner); }; /** * Encrypts a message with the given DKG public key under a specified condition. * * @export * @param {Uint8Array | string} message - The message to be encrypted. * @param {Condition} condition - Condition under which the message will be encrypted. Those conditions must be * satisfied in order to decrypt the message. * @param {DkgPublicKey} dkgPublicKey - The public key of an active DKG Ritual to be used for encryption * @param {ethers.Signer} authSigner - The signer that will be used to sign the encrypter authorization. * * @returns {Promise<ThresholdMessageKit>} Returns Promise that resolves with an instance of ThresholdMessageKit. * It represents the encrypted message. * * @throws {Error} If the encryption process throws an error, an error is thrown. */ export const encryptWithPublicKey = async (message, condition, dkgPublicKey, authSigner) => { if (typeof message === 'string') { message = toBytes(message); } const conditionExpr = new ConditionExpression(condition); const [ciphertext, authenticatedData] = encryptForDkg(message, dkgPublicKey, conditionExpr.toCoreCondition()); const headerHash = keccak256(ciphertext.header.toBytes()); const authorization = await authSigner.signMessage(fromHexString(headerHash)); const acp = new AccessControlPolicy(authenticatedData, fromHexString(authorization)); return new ThresholdMessageKit(ciphertext, acp); }; /** * Decrypts an encrypted message. * * @export * @param {ethers.providers.Provider} provider - Instance of ethers provider which is used to interact with * your selected network. * @param {Domain} domain - Represents the logical network in which the decryption will be performed. * Must match the `ritualId`. * @param {ThresholdMessageKit} messageKit - The kit containing the message to be decrypted * @param {ConditionContext} context - Optional context data used for decryption time values for the condition(s) within the `messageKit`. * @param {string[]} [porterUris] - Optional URI(s) for the Porter service. If not provided, a value will be obtained * from the Domain * * @returns {Promise<Uint8Array>} Returns Promise that resolves with a decrypted message * * @throws {Error} If the active DKG Ritual cannot be retrieved or decryption process throws an error, * an error is thrown. */ export const decrypt = async (provider, domain, messageKit, context, porterUris) => { const porterUrisFull = porterUris ? porterUris : await getPorterUris(domain); const porter = new PorterClient(porterUrisFull); const ritualId = await DkgCoordinatorAgent.getRitualIdFromPublicKey(provider, domain, messageKit.acp.publicKey); return retrieveAndDecrypt(provider, domain, porter, messageKit, ritualId, context); }; //# sourceMappingURL=taco.js.map