UNPKG

micro-key-producer

Version:

Produces secure keys and passwords. Supports SSH, PGP, BLS, OTP, and many others

github.com/paulmillr/micro-key-producer

paulmillr/micro-key-producer

145 lines 5.63 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
/** * Low-level primitive from EIP2333, generates key from bytes. * KeyGen from https://www.ietf.org/archive/id/draft-irtf-cfrg-bls-signature-05.html#name-keygen * @param ikm - secret octet string * @param keyInfo - additional key information */ export declare function hkdfModR(ikm: Uint8Array, keyInfo?: Uint8Array): Uint8Array; export declare function deriveMaster(seed: Uint8Array): Uint8Array; export declare function deriveChild(parentKey: Uint8Array, index: number): Uint8Array; export declare function deriveSeedTree(seed: Uint8Array, path: string): Uint8Array; export declare const EIP2334_KEY_TYPES: readonly ["withdrawal", "signing"]; export type EIP2334KeyType = (typeof EIP2334_KEY_TYPES)[number]; export declare function deriveEIP2334Key(seed: Uint8Array, type: EIP2334KeyType, index: number): { key: Uint8Array; path: string; }; /** * Derives signing key from withdrawal key without access to seed * @param withdrawalKey - result of deriveEIP2334Key(seed, 'withdrawal', index) * @returns same as deriveEIP2334Key(seed, 'signing', index), but without access to seed * @example * const signing = bls.deriveEIP2334Key(seed, 'signing', 0); * const withdrawal = bls.deriveEIP2334Key(seed, 'withdrawal', 0); * const derivedSigning = bls.deriveEIP2334SigningKey(withdrawal.key); * deepStrictEqual(derivedSigning, signing.key); */ export declare function deriveEIP2334SigningKey(withdrawalKey: Uint8Array, index?: number): Uint8Array; declare function normalizePassword(s: string): string; declare const KDFS: { scrypt: { dklen: number; n: number; r: number; p: number; }; pbkdf2: { dklen: number; c: number; prf: string; }; }; type KDFParams<T extends KDFType> = (typeof KDFS)[T]; type KDFType = keyof typeof KDFS; export type Keystore<T extends KDFType> = { version: number; description?: string; pubkey?: string; path: string; uuid: string; crypto: { kdf: { function: T; params: KDFParams<T> & { salt: string; }; message: ''; }; checksum: { function: 'sha256'; params: {}; message: string; }; cipher: { function: 'aes-128-ctr'; params: { iv: string; }; message: string; }; }; }; declare function deriveEIP2335Key(password: string, salt: Uint8Array, kdf: KDFType): Uint8Array; /** * Decrypts EIP2335 Keystore * NOTE: it validates publicKey if present (which mean you can use it from store if decryption is success) * @param store - js object * @param password - password * @returns decrypted secret and optionally path * @example decryptEIP2335Keystore(JSON.parse(keystoreString), 'my_password'); */ export declare function decryptEIP2335Keystore<T extends KDFType>(store: Keystore<T>, password: string): Uint8Array; /** * Secure PRNG function like 'randomBytes' from '@noble/hashes/utils' */ export type RandFn = (bytes: number) => Uint8Array; /** * Class for generation multiple keystores with same password * @example * const ctx = new EIP2335Keystore(password, 'scrypt'); * const res = [0, 1, 2, 3].map((i) => ctx.createDerivedEIP2334(seed, keyType, i)); * ctx.clean(); * console.log(res); // res is array of encrypted keystores with same password */ export declare class EIP2335Keystore<T extends KDFType> { private destroyed; private readonly kdf; private readonly randomBytes; private readonly key; private readonly salt; /** * Creates context for EIP2335 Keystore generation * @param password - password * @param kdf - scrypt | pbkdf2 * @param _random - (optional) secure PRNG function like 'randomBytes' from '@noble/hashes/utils' */ constructor(password: string, kdf: T, _random?: RandFn); /** * Creates keystore in EIP2335 format. * @param secret - some secret value to encrypt (usually private keys) * @param path - optional derivation path if secret * @param description - optional description of secret * @param pubkey - optional public key. Required if secret is private key. */ create(secret: Uint8Array, path?: string, // EIP2335 allows storing not derived keys description?: string, pubkey?: Uint8Array): Keystore<T>; /** * Creates keystore for derived private key (based on EIP2334 seed and index) * @param seed - EIP2334 seed to derive from * @param keyType - EIP2334 key type (withdrawal/signing) * @param index - account index * @param description - optional keystore description */ createDerivedEIP2334(seed: Uint8Array, keyType: EIP2334KeyType, index: number, description?: string): Keystore<T>; /** * Clean internal key material */ clean(): void; } /** * Exports multiple keystore from derived seed * @param password - password for file encryption * @param kdf - scrypt | pbkdf2 * @param seed - result of mnemonicToSeed() * @param keyType - signing | withdrawal * @param indexes - array of account indeces * @example * createDerivedEIP2334Keystores('my_password', 'scrypt', await mnemonicToSeed(mnemonic, ''), 'signing', [0, 1, 2, 3]) */ export declare function createDerivedEIP2334Keystores<T extends KDFType>(password: string, kdf: T, seed: Uint8Array, keyType: EIP2334KeyType, indexes: number[]): Keystore<T>[]; export declare const _TEST: { normalizePassword: typeof normalizePassword; deriveEIP2335Key: typeof deriveEIP2335Key; }; export {}; //# sourceMappingURL=bls.d.ts.map