UNPKG

zero-sight-protocol

Version:

A secure, zero-knowledge, PIN-based encryption protocol for custodial Web3 wallets.

github.com/dejaguarkyng/zsp

dejaguarkyng/zsp

136 lines (112 loc) 3.15 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
/** * Zero Sight Protocol - Cryptographic Protocol for Secure PIN Management */ export interface EncryptedData { iv: string ciphertext: string tag: string } export interface EncryptedWallet { encrypted: EncryptedData salt: string } export interface SessionToken { token: string userId: string expiresAt: number } export interface OtpResult { target: string expiresAt: number attempts: number } export interface RecoverySession { id: string email?: string phone?: string status: string encryptedWallet: EncryptedData salt: string } export interface TrustedDevice { userId: string deviceId: string addedAt: number } declare class ZeroSightProtocol { /** * Encrypts wallet data with a user PIN */ static encryptWallet(pin: string, walletData: string): Promise<EncryptedWallet> /** * Decrypts wallet with PIN and salt */ static decryptWallet(pin: string, encryptedWallet: EncryptedData, saltHex: string): Promise<string> /** * Encrypts data using a client secret (app-level PIN encryption) */ static encryptWithSecret(clientSecret: string, plaintext: string): EncryptedData /** * Decrypts data using a client secret */ static decryptWithSecret(clientSecret: string, ivHex: string, ciphertextHex: string, tagHex: string): string /** * Creates a timestamped encrypted payload for secure PIN transmission */ static createTimestampedPayload(data: string, clientSecret: string): string /** * Validates and decrypts a timestamped payload */ static validateTimestampedPayload(encryptedPayload: string, clientSecret: string, timeWindowMs?: number): string /** * Creates a session token for a user */ static createSession(userId: string): SessionToken /** * Verifies and decodes a session token */ static verifySession(token: string): SessionToken | null /** * Generates an OTP for recovery */ static generateOtp(target: string): OtpResult /** * Verifies an OTP */ static verifyOtp(target: string, otp: string): boolean /** * Initiates account recovery */ static initiateRecovery( email: string | undefined, phone: string | undefined, encryptedWallet: EncryptedData, salt: string, ): RecoverySession /** * Verifies recovery with OTPs */ static verifyRecovery( email: string | undefined, phone: string | undefined, emailOtp: string | undefined, smsOtp: string | undefined, ): boolean /** * Resets PIN during recovery */ static resetPin(email: string | undefined, phone: string | undefined, newPin: string): EncryptedWallet /** * Adds a trusted device */ static addTrustedDevice(userId: string, deviceId: string): TrustedDevice /** * Checks if a device is trusted */ static isTrustedDevice(userId: string, deviceId: string): boolean /** * Removes a trusted device */ static removeTrustedDevice(userId: string, deviceId: string): boolean } export default ZeroSightProtocol