UNPKG

@planq-network/encrypted-backup

Version:

Libraries for implemented password encrypted account backups

planq-sdk-docs.readthedocs.io/en/latest/encrypted-backup

planq-network/planq-sdk

75 lines (74 loc) 3.67 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
/// <reference types="node" /> import { Result } from '@planq-network/base/lib/result'; import { ReadOnlyWallet } from '@planq-network/connect'; import { ComputationalHardeningConfig } from './config'; import { DecryptionError, EncryptionError, PbkdfError, ScryptError } from './errors'; /** Pared down ReadOnlyWallet type that supports the required functions of EIP-712 signing. */ export type EIP712Wallet = Pick<ReadOnlyWallet, 'getAccounts' | 'hasAccount' | 'signTypedData'>; /** Info strings to separate distinct usages of the key derivation function */ export declare enum KDFInfo { PASSWORD = "Planq Backup Password and Nonce", FUSE_KEY = "Planq Backup Fuse Key", ODIS_AUTH_KEY = "Planq Backup ODIS Request Authorization Key", ODIS_KEY_HARDENING = "Planq Backup ODIS Key Hardening", PBKDF = "Planq Backup PBKDF Hardening", SCRYPT = "Planq Backup scrypt Hardening", FINALIZE = "Planq Backup Key Finalization" } /** * Key derivation function for mixing source keying material. * * @remarks This function does not add any hardening to the input keying material. It is used only * to mix the provided key material sources. It's output should not be used to directly derive a key * from a password or other low entropy sources. * * @param info Fixed string value used for domain separation. * @param sources An array of keying material source values (e.g. a password and a nonce). */ export declare function deriveKey(info: KDFInfo, sources: Buffer[]): Buffer; /** * AES-256-GCM encrypt the given data with the given 32-byte key. * Encode the ciphertext as { iv || data || auth tag } */ export declare function encrypt(key: Buffer, data: Buffer): Result<Buffer, EncryptionError>; /** * AES-256-GCM decrypt the given data with the given 32-byte key. * Ciphertext should be encoded as { iv || data || auth tag }. */ export declare function decrypt(key: Buffer, ciphertext: Buffer): Result<Buffer, DecryptionError>; /** * PBKDF2-SHA256 computational key hardening. * * @remarks When possible, a memory hard function such as scrypt should be used instead. * No salt parameter is provided as the intended use case of this function is to harden a * key value which is derived from a password but already has the salt mixed in. * * @see { @link * https://nodejs.org/api/crypto.html#cryptopbkdf2password-salt-iterations-keylen-digest-callback | * NodeJS crypto.pbkdf2 API } * * @param key Key buffer to compute hardening against. Should have a salt or nonce mixed in. * @param iterations Number of PBKDF2 iterations to execute for key hardening. */ export declare function pbkdf2(key: Buffer, iterations: number): Promise<Result<Buffer, PbkdfError>>; /** Cost parameters for the scrypt computational hardening function. */ export interface ScryptOptions { cost: number; blockSize?: number; parallelization?: number; } /** * scrypt computational key hardening. * * @remarks No salt parameter is provided as the intended use case of this function is to harden a * key value which is derived from a password but already has the salt mixed in. * * @see { @link * https://nodejs.org/api/crypto.html#cryptoscryptpassword-salt-keylen-options-callback | * NodeJS crypto.scrypt API } * * @param key Key buffer to compute hardening against. Should have a salt or nonce mixed in. * @param options Options to control the cost of the scrypt function. */ export declare function scrypt(key: Buffer, options: ScryptOptions): Promise<Result<Buffer, ScryptError>>; export declare function computationalHardenKey(key: Buffer, config: ComputationalHardeningConfig): Promise<Result<Buffer, PbkdfError | ScryptError>>;