vouchsafe/dist/node-XM4sulif.js

Self-verifying identity and offline trust verification for JWTs, including attestations, vouches, revocations, and multi-hop trust chains.

'use strict';

var node_crypto = require('node:crypto');

async function generateKeyPair() {
    const {
        publicKey,
        privateKey
    } = node_crypto.generateKeyPairSync('ed25519');
    let result = {
        publicKey: publicKey.export({ type: 'spki', format: 'der' }),
        privateKey: privateKey.export({ type: 'pkcs8', format: 'der' }),
    };
    return result;
}

async function sign(data, privateKeyDer) {
    const key = crypto.createPrivateKey({ key: privateKeyDer, format: 'der', type: 'pkcs8' });
    const sig = node_crypto.createSign('sha256').update(data).sign(key);
    return sig;
}

async function verify(data, signature, publicKeyDer) {
    const key = crypto.createPublicKey({ key: publicKeyDer, format: 'der', type: 'spki' });
    return node_crypto.createVerify('sha256').update(data).verify(key, signature);
}

async function sha256(data) {
    return node_crypto.createHash('sha256').update(data).digest();
}

async function sha512(data) {
    return node_crypto.createHash('sha512').update(data).digest();
}

async function getKeyBytes(type, keyDer) {
    let der;
    if (typeof keyDer == 'string') {
        der = Buffer.from(keyDer, 'base64');
    } else {
        der = Buffer.from(keyDer);
    }

    try {
        let key;
        let raw;

        if (type === 'public') {
            key = await node_crypto.webcrypto.subtle.importKey('spki', der, { name: 'Ed25519' }, true, ['verify']);
            raw = new Uint8Array(await node_crypto.webcrypto.subtle.exportKey('raw', key));

            if (raw.length !== 32) {
                throw new Error('Public key must be 32 bytes');
            }

        } else if (type === 'private') {
            key = await node_crypto.webcrypto.subtle.importKey('pkcs8', der, { name: 'Ed25519' }, true, ['sign']);
            raw = new Uint8Array(await node_crypto.webcrypto.subtle.exportKey('pkcs8', key));

            if (raw.length < 32) {
                throw new Error('Private key DER structure is too short');
            }

        } else {
            throw new Error(`Unsupported key type: ${type}`);
        }

        return raw;
    } catch (err) {
        throw new Error(`Invalid Ed25519 ${type} key (node): ${err.message}`);
    }
}

exports.generateKeyPair = generateKeyPair;
exports.getKeyBytes = getKeyBytes;
exports.sha256 = sha256;
exports.sha512 = sha512;
exports.sign = sign;
exports.verify = verify;