signify-ts/dist/keri/core/manager.d.ts

Signing at the edge for KERI, ACDC, and KERIA

import { Encrypter } from './encrypter.ts';
import { Decrypter } from './decrypter.ts';
import { Salter, Tier } from './salter.ts';
import { Signer } from './signer.ts';
import { Verfer } from './verfer.ts';
import { Diger } from './diger.ts';
import { Cigar } from './cigar.ts';
import { Siger } from './siger.ts';
/**
 * Kinds of key pair generation algorithms.
 * Salty is deterministic based on a salt and stem.
 * Randy is random.
 * Group is a multi-signature group algorithm indicating keys are retrieved from a group member which will be either Salty or Randy.
 * Extern is an external key pair algorithm indicating keys are provided by an external source such as an HSM.
 */
export declare enum Algos {
    randy = "randy",
    salty = "salty",
    group = "group",
    extern = "extern"
}
/**
 * Lot (set) of public keys as an ordered list with indexes and the time created.
 * Indexes refer to the index of the ordered sequence of keys in an establishment event (inception or rotation).
 * Assumes the same length for each set of keys across all PubLot instances used for a given identifier.
 */
declare class PubLot {
    /**
     * List of fully qualified, Base64 encoded public keys. Defaults to empty.
     */
    pubs: Array<string>;
    /**
     * Rotation index; index of rotation (est event) that uses this public key set.
     * The index of the key set for an inception event is 0.
     */
    ridx: number;
    /**
     * Key index; index of the starting key in the key set for this lot in sequence
     * with reference to all public keys for the identifier.
     * For example, if each set (PubLot.pubs) has 3 keys then ridx 2 has kidx of 2*3 = 6.
     * Defaults to 0.
     */
    kidx: number;
    /**
     * Datetime of when key set created formatted as an ISO 8601 compliant string.
     */
    dt: string;
}
/**
 * Prefix's public key situation (set of public keys).
 */
declare class PreSit {
    /**
     * Previous publot; previous public key set.
     */
    old: PubLot;
    /**
     * New, current publot; current public key set.
     */
    new: PubLot;
    /**
     * Next public publot
     */
    nxt: PubLot;
}
/**
 * Identifier prefix parameters for creating new key pairs.
 */
declare class PrePrm {
    /**
     * Prefix index for this keypair sequence.
     */
    pidx: number;
    /**
     * Key generation algorithm type.
     * Defaults to Salty.
     * Salty default uses indices and salt to create new key pairs.
     */
    algo: Algos;
    /**
     * Used for salty algo. Defaults to empty. Unused for randy algo.
     */
    salt: string;
    /**
     * Default unique path prefix used by the salty algo during key generation.
     */
    stem: string;
    /**
     * Security tier for stretch index; used by the salty algo.
     */
    tier: string;
}
/**
 * An identifier prefix's public key set (list) at a given rotation index ridx.
 */
declare class PubSet {
    /**
     * List of fully qualified, Base64 encoded public keys.
     */
    pubs: Array<string>;
}
/**
 * Describes a path to a specific derived keypair for a given identifier
 */
declare class PubPath {
    /**
     * The path to a specific keypair. To generate a keypair you combine the path with the salt and tier.
     */
    path: string;
    /**
     * Derivation code indicating the kind of cryptographic keypair to generate. Defaults to Ed25519.
     */
    code: string;
    /**
     * Security tier to use to generate a keypair. Defaults to high.
     */
    tier: string;
    /**
     * Flag to control whether to generate a low security, temporary key. Used for speed for unit tests. Do NOT use for production identifiers.
     */
    temp: boolean;
}
declare class Keys {
    private readonly _signers;
    private readonly _paths?;
    constructor(signers: Array<Signer>, paths?: Array<string>);
    get paths(): Array<string> | undefined;
    get signers(): Array<Signer>;
}
/**
 * Interface for creating a key pair based on an algorithm.
 */
export interface Creator {
    /**
     * Creates a key pair
     * @param codes list of derivation codes one per key pair to create
     * @param count count of key pairs to create if codes not provided
     * @param code derivation code to use for count key pairs if codes not provided
     * @param transferable true means use transferable derivation code. Otherwise, non-transferable derivation code.
     * @param pidx prefix index for this keypair sequence
     * @param ridx rotation index for this key pair set
     * @param kidx starting key index for this key pair set
     * @param temp true means use temp stretch otherwise use time set by tier for streching
     */
    create(codes: Array<string> | undefined, count: number, code: string, transferable: boolean, pidx: number, ridx: number, kidx: number, temp: boolean): Keys;
    /**
     * Salt used for key pair generation.
     * Used only for Salty key creation.
     */
    salt: string;
    /**
     * String prefix used to stretch the prefix, salt, and seed into the key pair.
     * Used only for Salty key creation.
     */
    stem: string;
    /**
     * Security tier used during stretching.
     */
    tier: Tier;
}
export declare class RandyCreator implements Creator {
    create(codes?: Array<string> | undefined, count?: number, code?: string, transferable?: boolean): Keys;
    /**
     * Unused for random key generation.
     */
    get salt(): string;
    /**
     * Unused for random key generation.
     */
    get stem(): string;
    /**
     * Unused for random key generation.
     */
    get tier(): Tier;
}
/**
 * Deterministically creates a key pair based on combining a salt with a path stretch algorithm.
 * The salt is randomized if not provided.
 */
export declare class SaltyCreator implements Creator {
    /**
     * The salter used to create the key pair. Contains the private key.
     */
    salter: Salter;
    /**
     * Key material prefix used during key stretching.
     * @private
     */
    private readonly _stem;
    constructor(salt?: string | undefined, tier?: Tier | undefined, stem?: string | undefined);
    get salt(): string;
    get stem(): string;
    get tier(): Tier;
    create(codes?: Array<string> | undefined, count?: number, code?: string, transferable?: boolean, pidx?: number, ridx?: number, kidx?: number, temp?: boolean): Keys;
}
export declare class Creatory {
    private readonly _make;
    constructor(algo?: Algos);
    make(...args: any[]): Creator;
    _makeRandy(): Creator;
    _makeSalty(...args: any[]): Creator;
}
export declare function openManager(passcode: string, salt?: string): Manager;
export interface ManagerArgs {
    ks?: KeyStore | undefined;
    seed?: string | undefined;
    aeid?: string | undefined;
    pidx?: number | undefined;
    algo?: Algos | undefined;
    salter?: Salter | undefined;
    tier?: string | undefined;
}
export interface ManagerInceptArgs {
    icodes?: any | undefined;
    icount?: number;
    icode?: string;
    ncodes?: any | undefined;
    ncount?: number;
    ncode?: string;
    dcode?: string;
    algo?: Algos | undefined;
    salt?: string | undefined;
    stem?: string | undefined;
    tier?: string | undefined;
    rooted?: boolean;
    transferable?: boolean;
    temp?: boolean;
}
interface RotateArgs {
    pre: string;
    ncodes?: any | undefined;
    ncount?: number;
    ncode?: string;
    dcode?: string;
    transferable?: boolean;
    temp?: boolean;
    erase?: boolean;
}
interface SignArgs {
    ser: Uint8Array;
    pubs?: Array<string> | undefined;
    verfers?: Array<Verfer> | undefined;
    indexed?: boolean;
    indices?: Array<number> | undefined;
    ondices?: Array<number> | undefined;
}
/**
 * Manages key pair creation, retrieval, and message signing.
 */
export declare class Manager {
    private _seed?;
    private _salt?;
    private _encrypter;
    private _decrypter;
    private readonly _ks;
    constructor(args: ManagerArgs);
    get ks(): KeyStore;
    get encrypter(): Encrypter | undefined;
    get decrypter(): Decrypter | undefined;
    get seed(): string | undefined;
    /**
     * qb64 auth encrypt id prefix
     */
    get aeid(): string | undefined;
    get pidx(): number | undefined;
    set pidx(pidx: number | undefined);
    get salt(): string | undefined;
    set salt(salt: string | undefined);
    get tier(): string | undefined;
    set tier(tier: string | undefined);
    get algo(): Algos | undefined;
    set algo(algo: Algos | undefined);
    private updateAeid;
    incept(args: ManagerInceptArgs): [Array<Verfer>, Array<Diger>];
    move(old: string, gnu: string): void;
    rotate(args: RotateArgs): [Array<Verfer>, Array<Diger>];
    sign(args: SignArgs): Siger[] | Cigar[];
}
export declare function riKey(pre: string, ridx: number): string;
/**
 * Sub interface for key store specific functions.
 */
export interface KeyStore {
    getGbls(key: string): string | undefined;
    pinGbls(key: string, val: string): void;
    prmsElements(): Array<[string, PrePrm]>;
    getPrms(keys: string): PrePrm | undefined;
    pinPrms(keys: string, data: PrePrm): void;
    putPrms(keys: string, data: PrePrm): boolean;
    remPrms(keys: string): boolean;
    prisElements(decrypter: Decrypter): Array<[string, Signer]>;
    getPris(keys: string, decrypter: Decrypter): Signer | undefined;
    pinPris(keys: string, data: Signer, encrypter: Encrypter): void;
    putPris(pubKey: string, signer: Signer, encrypter: Encrypter): boolean;
    remPris(pubKey: string): void;
    getPths(pubKey: string): PubPath | undefined;
    putPths(pubKey: string, val: PubPath): boolean;
    pinPths(pubKey: string, val: PubPath): boolean;
    getPres(pre: string): Uint8Array | undefined;
    putPres(pre: string, val: Uint8Array): boolean;
    pinPres(pre: string, val: Uint8Array): boolean;
    getSits(keys: string): PreSit | undefined;
    putSits(pre: string, val: PreSit): boolean;
    pinSits(pre: string, val: PreSit): boolean;
    remSits(keys: string): boolean;
    getPubs(keys: string): PubSet | undefined;
    putPubs(keys: string, data: PubSet): boolean;
}
export {};