xypriss-security
Version:
Advanced High-Performance Security Framework. Military-grade encryption, post-quantum resilience, and fortified data structures.
168 lines • 7.19 kB
TypeScript
/**
* Key Management and Derivation
* High-performance Go-backed operations
*/
import { KeyDerivationOptions } from "../types";
export declare class Keys {
/**
* Derives a cryptographically strong key from an input secret.
* Supports complex derivation paths including Argon2id, PBKDF2, and HKDF.
*
* @param input - The base secret or password to derive from.
* @param options - Detailed configuration for the derivation process.
* @returns A Promise resolving to the derived key (hex format for PBKDF2/HKDF, signed for others).
*/
static deriveKey(input: string | Uint8Array, options?: KeyDerivationOptions): Promise<string>;
/**
* Generates a new RSA key pair in JSON format.
* @returns A Promise resolving to an object containing publicKey and privateKey.
*/
static generateRSAKeyPair(): Promise<{
publicKey: string;
privateKey: string;
}>;
/**
* Signs data using RSA-PSS.
* @param privateKey - The PEM-encoded RSA private key.
* @param data - The data to sign.
* @returns The signature in hex format.
*/
static rsaSign(privateKey: string, data: string): Promise<string>;
/**
* Verifies an RSA-PSS signature.
* @param publicKey - The PEM-encoded RSA public key.
* @param data - The original data.
* @param signature - The hex-encoded signature.
* @returns True if the signature is valid.
*/
static rsaVerify(publicKey: string, data: string, signature: string): Promise<boolean>;
/**
* Encrypts data using RSA-OAEP.
* @param publicKey - The PEM-encoded RSA public key.
* @param data - The data to encrypt.
* @returns The encrypted data in hex format.
*/
static rsaEncrypt(publicKey: string, data: string): Promise<string>;
/**
* Decrypts RSA-OAEP encrypted data.
* @param privateKey - The PEM-encoded RSA private key.
* @param encryptedHex - The hex-encoded encrypted data.
* @returns The decrypted plaintext.
*/
static rsaDecrypt(privateKey: string, encryptedHex: string): Promise<string>;
/**
* Verifies an Ed25519 signature.
* @param publicKey - The public key (hex or Uint8Array).
* @param data - The data that was signed (string or Uint8Array).
* @param signature - The signature (base64 or Uint8Array).
* @returns True if valid.
*/
static ed25519Verify(publicKey: string | Uint8Array, data: string | Uint8Array, signature: string | Uint8Array): boolean;
/**
* Encrypts a large file using high-performance, hardware-accelerated chunking.
*
* @description
* Processes files via a native encryption bridge using derived keys (PBKDF2).
* Implements a staging strategy to ensure data integrity: ciphertext is
* finalized with a 32-byte salt header before an atomic move to the target path.
*
* @param {string} inputPath - Absolute path to the source file.
* @param {string} outputPath - Target destination for the encrypted data.
* @param {string} key - Raw passphrase for cryptographic derivation.
* @param {object} [options={}] - Encryption parameters.
* @param {string} [options.algorithm="aes-256-gcm"] - Selection of the cipher suite.
* @param {number} [options.keyDerivationIterations=100000] - Cost factor for PBKDF2.
* @param {boolean} [options.quantumSafe=false] - If true, enforces Post-Quantum resistant ciphers.
*
* @throws {Error | SystemError} On bridge failure, I/O exhaustion, or permission issues.
* @returns {Promise<void>}
*
* @example
* await Cipher.crypto.encryptFile('./data.zip', './data.vault', 'secret-key');
*/
static encryptFile(inputPath: string, outputPath: string, key: string, options?: any): Promise<void>;
/**
* Decrypts a large file using PBKDF2 key derivation and a secure bridge.
*
* @description
* This method extracts a 32-byte salt from the input file header, derives a 256-bit key
* (100,000 iterations), and performs decryption via temporary staging files to
* ensure data integrity. The final output is moved atomically.
*
* @param {string} inputPath - Absolute path to the encrypted source file.
* @param {string} outputPath - Destination path for the decrypted plaintext.
* @param {string} key - The raw passphrase used for key derivation.
*
* @throws {Error} If the salt extraction fails or the decryption bridge returns an error.
* @throws {SystemError} If disk space is insufficient for temp files or if file moves fail.
*
* @returns {Promise<void>} Resolves once the file is successfully decrypted and moved to `outputPath`.
*
* @example
* await Cipher.crypto.decryptFile('./vault.enc', './vault.txt', 'super-secret-key');
*/
static decryptFile(inputPath: string, outputPath: string, key: string): Promise<void>;
/**
* Moves a file atomically from src to dest.
* Handles EXDEV errors for cross-partition moves.
*/
private static moveFileAtomic;
}
/**
* Generates a high-entropy 4096-bit RSA key pair.
*
* @returns A promise resolving to an object containing PEM-encoded publicKey and privateKey.
*/
export declare const generateRSAKeyPair: typeof Keys.generateRSAKeyPair;
/**
* Signs data using RSA-PSS with SHA-256.
*
* @param privateKey - The PEM-encoded RSA private key.
* @param data - The data string to sign.
* @returns A promise resolving to the hex-encoded signature.
*/
export declare const rsaSign: typeof Keys.rsaSign;
/**
* Verifies an RSA-PSS signature.
*
* @param publicKey - The PEM-encoded RSA public key.
* @param data - The original data string that was signed.
* @param signature - The hex-encoded signature to verify.
* @returns A promise resolving to true if valid, false otherwise.
*/
export declare const rsaVerify: typeof Keys.rsaVerify;
/**
* Encrypts data using RSA-OAEP with SHA-256.
*
* @param publicKey - The PEM-encoded RSA public key.
* @param data - The plaintext data string to encrypt.
* @returns A promise resolving to the hex-encoded ciphertext.
*/
export declare const rsaEncrypt: typeof Keys.rsaEncrypt;
/**
* Decrypts data using RSA-OAEP with SHA-256.
*
* @param privateKey - The PEM-encoded RSA private key.
* @param encryptedHex - The hex-encoded ciphertext to decrypt.
* @returns A promise resolving to the decrypted plaintext string.
*/
export declare const rsaDecrypt: typeof Keys.rsaDecrypt;
/**
* Verifies an Ed25519 signature.
*
* @param publicKey - Public key (hex or Uint8Array).
* @param data - Original data.
* @param signature - Signature (base64 or Uint8Array).
* @returns True if valid.
*/
export declare const ed25519Verify: typeof Keys.ed25519Verify;
/**
* Derives a cryptographically strong key from an input secret.
* Supports multiple algorithms including Argon2id, PBKDF2, and HKDF.
*
* @param input - The base secret or password.
* @param options - Configuration for the derivation process.
* @returns A promise resolving to the derived key.
*/
export declare const deriveKey: typeof Keys.deriveKey;
//# sourceMappingURL=keys.d.ts.map