UNPKG

xypriss-security

Version:

Advanced High-Performance Security Framework. Military-grade encryption, post-quantum resilience, and fortified data structures.

168 lines 7.19 kB
/** * Key Management and Derivation * High-performance Go-backed operations */ import { KeyDerivationOptions } from "../types"; export declare class Keys { /** * Derives a cryptographically strong key from an input secret. * Supports complex derivation paths including Argon2id, PBKDF2, and HKDF. * * @param input - The base secret or password to derive from. * @param options - Detailed configuration for the derivation process. * @returns A Promise resolving to the derived key (hex format for PBKDF2/HKDF, signed for others). */ static deriveKey(input: string | Uint8Array, options?: KeyDerivationOptions): Promise<string>; /** * Generates a new RSA key pair in JSON format. * @returns A Promise resolving to an object containing publicKey and privateKey. */ static generateRSAKeyPair(): Promise<{ publicKey: string; privateKey: string; }>; /** * Signs data using RSA-PSS. * @param privateKey - The PEM-encoded RSA private key. * @param data - The data to sign. * @returns The signature in hex format. */ static rsaSign(privateKey: string, data: string): Promise<string>; /** * Verifies an RSA-PSS signature. * @param publicKey - The PEM-encoded RSA public key. * @param data - The original data. * @param signature - The hex-encoded signature. * @returns True if the signature is valid. */ static rsaVerify(publicKey: string, data: string, signature: string): Promise<boolean>; /** * Encrypts data using RSA-OAEP. * @param publicKey - The PEM-encoded RSA public key. * @param data - The data to encrypt. * @returns The encrypted data in hex format. */ static rsaEncrypt(publicKey: string, data: string): Promise<string>; /** * Decrypts RSA-OAEP encrypted data. * @param privateKey - The PEM-encoded RSA private key. * @param encryptedHex - The hex-encoded encrypted data. * @returns The decrypted plaintext. */ static rsaDecrypt(privateKey: string, encryptedHex: string): Promise<string>; /** * Verifies an Ed25519 signature. * @param publicKey - The public key (hex or Uint8Array). * @param data - The data that was signed (string or Uint8Array). * @param signature - The signature (base64 or Uint8Array). * @returns True if valid. */ static ed25519Verify(publicKey: string | Uint8Array, data: string | Uint8Array, signature: string | Uint8Array): boolean; /** * Encrypts a large file using high-performance, hardware-accelerated chunking. * * @description * Processes files via a native encryption bridge using derived keys (PBKDF2). * Implements a staging strategy to ensure data integrity: ciphertext is * finalized with a 32-byte salt header before an atomic move to the target path. * * @param {string} inputPath - Absolute path to the source file. * @param {string} outputPath - Target destination for the encrypted data. * @param {string} key - Raw passphrase for cryptographic derivation. * @param {object} [options={}] - Encryption parameters. * @param {string} [options.algorithm="aes-256-gcm"] - Selection of the cipher suite. * @param {number} [options.keyDerivationIterations=100000] - Cost factor for PBKDF2. * @param {boolean} [options.quantumSafe=false] - If true, enforces Post-Quantum resistant ciphers. * * @throws {Error | SystemError} On bridge failure, I/O exhaustion, or permission issues. * @returns {Promise<void>} * * @example * await Cipher.crypto.encryptFile('./data.zip', './data.vault', 'secret-key'); */ static encryptFile(inputPath: string, outputPath: string, key: string, options?: any): Promise<void>; /** * Decrypts a large file using PBKDF2 key derivation and a secure bridge. * * @description * This method extracts a 32-byte salt from the input file header, derives a 256-bit key * (100,000 iterations), and performs decryption via temporary staging files to * ensure data integrity. The final output is moved atomically. * * @param {string} inputPath - Absolute path to the encrypted source file. * @param {string} outputPath - Destination path for the decrypted plaintext. * @param {string} key - The raw passphrase used for key derivation. * * @throws {Error} If the salt extraction fails or the decryption bridge returns an error. * @throws {SystemError} If disk space is insufficient for temp files or if file moves fail. * * @returns {Promise<void>} Resolves once the file is successfully decrypted and moved to `outputPath`. * * @example * await Cipher.crypto.decryptFile('./vault.enc', './vault.txt', 'super-secret-key'); */ static decryptFile(inputPath: string, outputPath: string, key: string): Promise<void>; /** * Moves a file atomically from src to dest. * Handles EXDEV errors for cross-partition moves. */ private static moveFileAtomic; } /** * Generates a high-entropy 4096-bit RSA key pair. * * @returns A promise resolving to an object containing PEM-encoded publicKey and privateKey. */ export declare const generateRSAKeyPair: typeof Keys.generateRSAKeyPair; /** * Signs data using RSA-PSS with SHA-256. * * @param privateKey - The PEM-encoded RSA private key. * @param data - The data string to sign. * @returns A promise resolving to the hex-encoded signature. */ export declare const rsaSign: typeof Keys.rsaSign; /** * Verifies an RSA-PSS signature. * * @param publicKey - The PEM-encoded RSA public key. * @param data - The original data string that was signed. * @param signature - The hex-encoded signature to verify. * @returns A promise resolving to true if valid, false otherwise. */ export declare const rsaVerify: typeof Keys.rsaVerify; /** * Encrypts data using RSA-OAEP with SHA-256. * * @param publicKey - The PEM-encoded RSA public key. * @param data - The plaintext data string to encrypt. * @returns A promise resolving to the hex-encoded ciphertext. */ export declare const rsaEncrypt: typeof Keys.rsaEncrypt; /** * Decrypts data using RSA-OAEP with SHA-256. * * @param privateKey - The PEM-encoded RSA private key. * @param encryptedHex - The hex-encoded ciphertext to decrypt. * @returns A promise resolving to the decrypted plaintext string. */ export declare const rsaDecrypt: typeof Keys.rsaDecrypt; /** * Verifies an Ed25519 signature. * * @param publicKey - Public key (hex or Uint8Array). * @param data - Original data. * @param signature - Signature (base64 or Uint8Array). * @returns True if valid. */ export declare const ed25519Verify: typeof Keys.ed25519Verify; /** * Derives a cryptographically strong key from an input secret. * Supports multiple algorithms including Argon2id, PBKDF2, and HKDF. * * @param input - The base secret or password. * @param options - Configuration for the derivation process. * @returns A promise resolving to the derived key. */ export declare const deriveKey: typeof Keys.deriveKey; //# sourceMappingURL=keys.d.ts.map