@dfinity/identity - npm Package Compare versions

Comparing version 0.21.1 to 0.21.2

lib/cjs/identity/delegation.d.ts

 import { DerEncodedPublicKey, HttpAgentRequest, PublicKey, Signature, SignIdentity } from '@dfinity/agent';
 import { Principal } from '@dfinity/principal';
 import * as cbor from 'simple-cbor';
+import { PartialIdentity } from './partial';
 /**
@@ -64,3 +65,2 @@ * A single delegation object that is signed by a private key. This is constructed by
      * passing the previous delegation chain into the options argument. For example:
-     *
      * @example
@@ -80,3 +80,2 @@ * const rootKey = createKey();
      * const identity = DelegationIdentity.fromDelegation(bottomKey, middleToBottom);
-     *
      * @param from The identity that will delegate.
@@ -97,3 +96,2 @@ * @param to The identity that gets delegated. It can now sign messages as if it was the
      * Creates a DelegationChain object from a JSON string.
-     *
      * @param json The JSON string to parse.
@@ -104,3 +102,2 @@ */
      * Creates a DelegationChain object from a list of delegations and a DER-encoded public key.
-     *
      * @param delegations The list of delegations.
@@ -124,3 +121,2 @@ * @param publicKey The DER-encoded public key of the key-pair signing the first delegation.
      * Create a delegation without having access to delegateKey.
-     *
      * @param key The key used to sign the reqyests.
@@ -137,2 +133,20 @@ * @param delegation A delegation object created using `createDelegation`.
 /**
+ * A partial delegated identity, representing a delegation chain and the public key that it targets
+ */
+export declare class PartialDelegationIdentity extends PartialIdentity {
+    #private;
+    /**
+     * The Delegation Chain of this identity.
+     */
+    get delegation(): DelegationChain;
+    private constructor();
+    /**
+     * Create a {@link PartialDelegationIdentity} from a {@link PublicKey} and a {@link DelegationChain}.
+     * @param key The {@link PublicKey} to delegate to.
+     * @param delegation a {@link DelegationChain} targeting the inner key.
+     * @constructs PartialDelegationIdentity
+     */
+    static fromDelegation(key: PublicKey, delegation: DelegationChain): PartialDelegationIdentity;
+}
+/**
  * List of things to check for a delegation chain validity.
@@ -139,0 +153,0 @@ */

lib/cjs/identity/delegation.js

@@ -25,2 +25,13 @@ "use strict";
 };
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
 var __rest = (this && this.__rest) || function (s, e) {
@@ -37,8 +48,9 @@ var t = {};
 };
+var _PartialDelegationIdentity_delegation;
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isDelegationValid = exports.DelegationIdentity = exports.DelegationChain = exports.Delegation = void 0;
+exports.isDelegationValid = exports.PartialDelegationIdentity = exports.DelegationIdentity = exports.DelegationChain = exports.Delegation = void 0;
 const agent_1 = require("@dfinity/agent");
 const principal_1 = require("@dfinity/principal");
 const cbor = __importStar(require("simple-cbor"));
-const buffer_1 = require("../buffer");
+const partial_1 = require("./partial");
 const domainSeparator = new TextEncoder().encode('\x1Aic-request-auth-delegation');
@@ -50,3 +62,3 @@ const requestDomainSeparator = new TextEncoder().encode('\x0Aic-request');
     }
-    return (0, buffer_1.fromHexString)(value);
+    return (0, agent_1.fromHex)(value);
 }
@@ -75,3 +87,3 @@ /**
         // with an OID). After de-hex, if it's not obvious what it is, it's an ArrayBuffer.
-        return Object.assign({ expiration: this.expiration.toString(16), pubkey: (0, buffer_1.toHexString)(this.pubkey) }, (this.targets && { targets: this.targets.map(p => p.toHex()) }));
+        return Object.assign({ expiration: this.expiration.toString(16), pubkey: (0, agent_1.toHex)(this.pubkey) }, (this.targets && { targets: this.targets.map(p => p.toHex()) }));
     }
@@ -82,3 +94,2 @@ }
  * Sign a single delegation object for a period of time.
- *
  * @param from The identity that lends its delegation.
@@ -113,2 +124,6 @@ * @param to The identity that receives the delegation.
 class DelegationChain {
+    constructor(delegations, publicKey) {
+        this.delegations = delegations;
+        this.publicKey = publicKey;
+    }
     /**
@@ -120,3 +135,2 @@ * Create a delegation chain between two (or more) keys. By default, the expiration time
      * passing the previous delegation chain into the options argument. For example:
-     *
      * @example
@@ -136,3 +150,2 @@ * const rootKey = createKey();
      * const identity = DelegationIdentity.fromDelegation(bottomKey, middleToBottom);
-     *
      * @param from The identity that will delegate.
@@ -154,3 +167,2 @@ * @param to The identity that gets delegated. It can now sign messages as if it was the
      * Creates a DelegationChain object from a JSON string.
-     *
      * @param json The JSON string to parse.
@@ -170,3 +182,3 @@ */
             return {
-                delegation: new Delegation(_parseBlob(pubkey), BigInt(`0x${expiration}`), // expiration in JSON is an hexa string (See toJSON() below).
+                delegation: new Delegation(_parseBlob(pubkey), BigInt('0x' + expiration), // expiration in JSON is an hexa string (See toJSON() below).
                 targets &&
@@ -186,3 +198,2 @@ targets.map((t) => {
      * Creates a DelegationChain object from a list of delegations and a DER-encoded public key.
-     *
      * @param delegations The list of delegations.
@@ -194,6 +205,2 @@ * @param publicKey The DER-encoded public key of the key-pair signing the first delegation.
     }
-    constructor(delegations, publicKey) {
-        this.delegations = delegations;
-        this.publicKey = publicKey;
-    }
     toJSON() {
@@ -205,9 +212,9 @@ return {
                 return {
-                    delegation: Object.assign({ expiration: delegation.expiration.toString(16), pubkey: (0, buffer_1.toHexString)(delegation.pubkey) }, (targets && {
+                    delegation: Object.assign({ expiration: delegation.expiration.toString(16), pubkey: (0, agent_1.toHex)(delegation.pubkey) }, (targets && {
                         targets: targets.map(t => t.toHex()),
                     })),
-                    signature: (0, buffer_1.toHexString)(signature),
+                    signature: (0, agent_1.toHex)(signature),
                 };
             }),
-            publicKey: (0, buffer_1.toHexString)(this.publicKey),
+            publicKey: (0, agent_1.toHex)(this.publicKey),
         };
@@ -224,5 +231,9 @@ }
 class DelegationIdentity extends agent_1.SignIdentity {
+    constructor(_inner, _delegation) {
+        super();
+        this._inner = _inner;
+        this._delegation = _delegation;
+    }
     /**
      * Create a delegation without having access to delegateKey.
-     *
      * @param key The key used to sign the reqyests.
@@ -234,7 +245,2 @@ * @param delegation A delegation object created using `createDelegation`.
     }
-    constructor(_inner, _delegation) {
-        super();
-        this._inner = _inner;
-        this._delegation = _delegation;
-    }
     getDelegation() {
@@ -245,2 +251,3 @@ return this._delegation;
         return {
+            derKey: this._delegation.publicKey,
             toDer: () => this._delegation.publicKey,
@@ -265,2 +272,29 @@ };
 /**
+ * A partial delegated identity, representing a delegation chain and the public key that it targets
+ */
+class PartialDelegationIdentity extends partial_1.PartialIdentity {
+    constructor(inner, delegation) {
+        super(inner);
+        _PartialDelegationIdentity_delegation.set(this, void 0);
+        __classPrivateFieldSet(this, _PartialDelegationIdentity_delegation, delegation, "f");
+    }
+    /**
+     * The Delegation Chain of this identity.
+     */
+    get delegation() {
+        return __classPrivateFieldGet(this, _PartialDelegationIdentity_delegation, "f");
+    }
+    /**
+     * Create a {@link PartialDelegationIdentity} from a {@link PublicKey} and a {@link DelegationChain}.
+     * @param key The {@link PublicKey} to delegate to.
+     * @param delegation a {@link DelegationChain} targeting the inner key.
+     * @constructs PartialDelegationIdentity
+     */
+    static fromDelegation(key, delegation) {
+        return new PartialDelegationIdentity(key, delegation);
+    }
+}
+exports.PartialDelegationIdentity = PartialDelegationIdentity;
+_PartialDelegationIdentity_delegation = new WeakMap();
+/**
  * Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
@@ -267,0 +301,0 @@ * scope.

lib/cjs/identity/ecdsa.d.ts

@@ -1,6 +0,6 @@
-import { DerEncodedPublicKey, Signature, SignIdentity } from '@dfinity/agent';
+import { DerEncodedPublicKey, PublicKey, Signature, SignIdentity } from '@dfinity/agent';
 /**
  * Options used in a {@link ECDSAKeyIdentity}
  */
-export type CryptoKeyOptions = {
+export declare type CryptoKeyOptions = {
     extractable?: boolean;
@@ -33,4 +33,4 @@ keyUsages?: KeyUsage[];
      * generates an identity from a public and private key. Please ensure that you are generating these keys securely and protect the user's private key
-     * @param keyPair a {@link CryptoKeyPair}
-     * @param subtleCrypto a {@link SubtleCrypto} interface in case one is not available globally
+     * @param keyPair a CryptoKeyPair
+     * @param subtleCrypto - a SubtleCrypto interface in case one is not available globally
      * @returns an {@link ECDSAKeyIdentity}
@@ -48,3 +48,3 @@ */
      * Return the internally-used key pair.
-     * @returns a {@link CryptoKeyPair}
+     * @returns a CryptoKeyPair
      */
@@ -54,5 +54,5 @@ getKeyPair(): CryptoKeyPair;
      * Return the public key.
-     * @returns an {@link DerCryptoKey}
+     * @returns an {@link PublicKey & DerCryptoKey}
      */
-    getPublicKey(): DerCryptoKey;
+    getPublicKey(): PublicKey & DerCryptoKey;
     /**
@@ -59,0 +59,0 @@ * Signs a blob of data, with this identity's private key.

lib/cjs/identity/ecdsa.js

@@ -19,2 +19,5 @@ "use strict";
 function _getEffectiveCrypto(subtleCrypto) {
+    if (typeof global !== 'undefined' && global['crypto'] && global['crypto']['subtle']) {
+        return global['crypto']['subtle'];
+    }
     if (subtleCrypto) {
@@ -34,2 +37,9 @@ return subtleCrypto;
 class ECDSAKeyIdentity extends agent_1.SignIdentity {
+    // `fromKeyPair` and `generate` should be used for instantiation, not this constructor.
+    constructor(keyPair, derKey, subtleCrypto) {
+        super();
+        this._keyPair = keyPair;
+        this._derKey = derKey;
+        this._subtleCrypto = subtleCrypto;
+    }
     /**
@@ -56,4 +66,4 @@ * Generates a randomly generated identity for use in calls to the Internet Computer.
      * generates an identity from a public and private key. Please ensure that you are generating these keys securely and protect the user's private key
-     * @param keyPair a {@link CryptoKeyPair}
-     * @param subtleCrypto a {@link SubtleCrypto} interface in case one is not available globally
+     * @param keyPair a CryptoKeyPair
+     * @param subtleCrypto - a SubtleCrypto interface in case one is not available globally
      * @returns an {@link ECDSAKeyIdentity}
@@ -66,12 +76,5 @@ */
     }
-    // `fromKeyPair` and `generate` should be used for instantiation, not this constructor.
-    constructor(keyPair, derKey, subtleCrypto) {
-        super();
-        this._keyPair = keyPair;
-        this._derKey = derKey;
-        this._subtleCrypto = subtleCrypto;
-    }
     /**
      * Return the internally-used key pair.
-     * @returns a {@link CryptoKeyPair}
+     * @returns a CryptoKeyPair
      */
@@ -83,3 +86,3 @@ getKeyPair() {
      * Return the public key.
-     * @returns an {@link DerCryptoKey}
+     * @returns an {@link PublicKey & DerCryptoKey}
      */
@@ -86,0 +89,0 @@ getPublicKey() {

lib/cjs/identity/ed25519.d.ts

 import { DerEncodedPublicKey, KeyPair, PublicKey, Signature, SignIdentity } from '@dfinity/agent';
 export declare class Ed25519PublicKey implements PublicKey {
-    static from(key: PublicKey): Ed25519PublicKey;
+    #private;
+    /**
+     * Construct Ed25519PublicKey from an existing PublicKey
+     * @param {unknown} maybeKey - existing PublicKey, ArrayBuffer, DerEncodedPublicKey, or hex string
+     * @returns {Ed25519PublicKey} Instance of Ed25519PublicKey
+     */
+    static from(maybeKey: unknown): Ed25519PublicKey;
     static fromRaw(rawKey: ArrayBuffer): Ed25519PublicKey;
@@ -9,4 +15,4 @@ static fromDer(derKey: DerEncodedPublicKey): Ed25519PublicKey;
     private static derDecode;
-    private readonly rawKey;
-    private readonly derKey;
+    get rawKey(): ArrayBuffer;
+    get derKey(): DerEncodedPublicKey;
     private constructor();
@@ -17,3 +23,3 @@ toDer(): DerEncodedPublicKey;
 export declare class Ed25519KeyIdentity extends SignIdentity {
-    protected _privateKey: ArrayBuffer;
+    #private;
     static generate(seed?: Uint8Array): Ed25519KeyIdentity;
@@ -24,4 +30,3 @@ static fromParsedJson(obj: JsonnableEd25519KeyIdentity): Ed25519KeyIdentity;
     static fromSecretKey(secretKey: ArrayBuffer): Ed25519KeyIdentity;
-    protected _publicKey: Ed25519PublicKey;
-    protected constructor(publicKey: PublicKey, _privateKey: ArrayBuffer);
+    protected constructor(publicKey: PublicKey, privateKey: ArrayBuffer);
     /**
@@ -38,3 +43,3 @@ * Serialize this key to JSON.
      */
-    getPublicKey(): PublicKey;
+    getPublicKey(): Required<PublicKey>;
     /**
@@ -45,6 +50,14 @@ * Signs a blob of data, with this identity's private key.
     sign(challenge: ArrayBuffer): Promise<Signature>;
+    /**
+     * Verify
+     * @param sig - signature to verify
+     * @param msg - message to verify
+     * @param pk - public key
+     * @returns - true if the signature is valid, false otherwise
+     */
+    static verify(sig: ArrayBuffer | Uint8Array | string, msg: ArrayBuffer | Uint8Array | string, pk: ArrayBuffer | Uint8Array | string): boolean;
 }
-type PublicKeyHex = string;
-type SecretKeyHex = string;
-export type JsonnableEd25519KeyIdentity = [PublicKeyHex, SecretKeyHex];
+declare type PublicKeyHex = string;
+declare type SecretKeyHex = string;
+export declare type JsonnableEd25519KeyIdentity = [PublicKeyHex, SecretKeyHex];
 export {};

lib/cjs/identity/ed25519.js

 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
 };
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _Ed25519PublicKey_rawKey, _Ed25519PublicKey_derKey, _Ed25519KeyIdentity_publicKey, _Ed25519KeyIdentity_privateKey;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Ed25519KeyIdentity = exports.Ed25519PublicKey = void 0;
 const agent_1 = require("@dfinity/agent");
-const tweetnacl = __importStar(require("tweetnacl"));
-const buffer_1 = require("../buffer");
-const der_1 = require("./der");
+const ed25519_1 = require("@noble/curves/ed25519");
+function isObject(value) {
+    return value !== null && typeof value === 'object';
+}
 class Ed25519PublicKey {
-    static from(key) {
-        return this.fromDer(key.toDer());
+    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
+    constructor(key) {
+        _Ed25519PublicKey_rawKey.set(this, void 0);
+        _Ed25519PublicKey_derKey.set(this, void 0);
+        if (key.byteLength !== Ed25519PublicKey.RAW_KEY_LENGTH) {
+            throw new Error('An Ed25519 public key must be exactly 32bytes long');
+        }
+        __classPrivateFieldSet(this, _Ed25519PublicKey_rawKey, key, "f");
+        __classPrivateFieldSet(this, _Ed25519PublicKey_derKey, Ed25519PublicKey.derEncode(key), "f");
     }
+    /**
+     * Construct Ed25519PublicKey from an existing PublicKey
+     * @param {unknown} maybeKey - existing PublicKey, ArrayBuffer, DerEncodedPublicKey, or hex string
+     * @returns {Ed25519PublicKey} Instance of Ed25519PublicKey
+     */
+    static from(maybeKey) {
+        if (typeof maybeKey === 'string') {
+            const key = (0, agent_1.fromHex)(maybeKey);
+            return this.fromRaw(key);
+        }
+        else if (isObject(maybeKey)) {
+            const key = maybeKey;
+            if (isObject(key) && Object.hasOwnProperty.call(key, '__derEncodedPublicKey__')) {
+                return this.fromDer(key);
+            }
+            else if (ArrayBuffer.isView(key)) {
+                const view = key;
+                return this.fromRaw((0, agent_1.bufFromBufLike)(view.buffer));
+            }
+            else if (key instanceof ArrayBuffer) {
+                return this.fromRaw(key);
+            }
+            else if ('rawKey' in key) {
+                return this.fromRaw(key.rawKey);
+            }
+            else if ('derKey' in key) {
+                return this.fromDer(key.derKey);
+            }
+            else if ('toDer' in key) {
+                return this.fromDer(key.toDer());
+            }
+        }
+        throw new Error('Cannot construct Ed25519PublicKey from the provided key.');
+    }
     static fromRaw(rawKey) {
@@ -42,6 +73,8 @@ return new Ed25519PublicKey(rawKey);
     static derEncode(publicKey) {
-        return (0, der_1.wrapDER)(publicKey, der_1.ED25519_OID).buffer;
+        const key = (0, agent_1.wrapDER)(publicKey, agent_1.ED25519_OID).buffer;
+        key.__derEncodedPublicKey__ = undefined;
+        return key;
     }
     static derDecode(key) {
-        const unwrapped = (0, der_1.unwrapDER)(key, der_1.ED25519_OID);
+        const unwrapped = (0, agent_1.unwrapDER)(key, agent_1.ED25519_OID);
         if (unwrapped.length !== this.RAW_KEY_LENGTH) {
@@ -52,7 +85,8 @@ throw new Error('An Ed25519 public key must be exactly 32bytes long');
     }
-    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
-    constructor(key) {
-        this.rawKey = key;
-        this.derKey = Ed25519PublicKey.derEncode(key);
+    get rawKey() {
+        return __classPrivateFieldGet(this, _Ed25519PublicKey_rawKey, "f");
     }
+    get derKey() {
+        return __classPrivateFieldGet(this, _Ed25519PublicKey_derKey, "f");
+    }
     toDer() {
@@ -66,15 +100,29 @@ return this.derKey;
 exports.Ed25519PublicKey = Ed25519PublicKey;
+_Ed25519PublicKey_rawKey = new WeakMap(), _Ed25519PublicKey_derKey = new WeakMap();
 // The length of Ed25519 public keys is always 32 bytes.
 Ed25519PublicKey.RAW_KEY_LENGTH = 32;
 class Ed25519KeyIdentity extends agent_1.SignIdentity {
-    static generate(seed) {
+    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
+    constructor(publicKey, privateKey) {
+        super();
+        _Ed25519KeyIdentity_publicKey.set(this, void 0);
+        _Ed25519KeyIdentity_privateKey.set(this, void 0);
+        __classPrivateFieldSet(this, _Ed25519KeyIdentity_publicKey, Ed25519PublicKey.from(publicKey), "f");
+        __classPrivateFieldSet(this, _Ed25519KeyIdentity_privateKey, new Uint8Array(privateKey), "f");
+    }
+    static generate(seed = new Uint8Array(32)) {
         if (seed && seed.length !== 32) {
             throw new Error('Ed25519 Seed needs to be 32 bytes long.');
         }
-        const { publicKey, secretKey } = seed === undefined ? tweetnacl.sign.keyPair() : tweetnacl.sign.keyPair.fromSeed(seed);
-        return new this(Ed25519PublicKey.fromRaw(publicKey), secretKey);
+        if (!seed)
+            seed = ed25519_1.ed25519.utils.randomPrivateKey();
+        const sk = new Uint8Array(32);
+        for (let i = 0; i < 32; i++)
+            sk[i] = new Uint8Array(seed)[i];
+        const pk = ed25519_1.ed25519.getPublicKey(sk);
+        return Ed25519KeyIdentity.fromKeyPair(pk, sk);
     }
     static fromParsedJson(obj) {
         const [publicKeyDer, privateKeyRaw] = obj;
-        return new Ed25519KeyIdentity(Ed25519PublicKey.fromDer((0, buffer_1.fromHexString)(publicKeyDer)), (0, buffer_1.fromHexString)(privateKeyRaw));
+        return new Ed25519KeyIdentity(Ed25519PublicKey.fromDer((0, agent_1.fromHex)(publicKeyDer)), (0, agent_1.fromHex)(privateKeyRaw));
     }
@@ -97,11 +145,5 @@ static fromJSON(json) {
     static fromSecretKey(secretKey) {
-        const keyPair = tweetnacl.sign.keyPair.fromSecretKey(new Uint8Array(secretKey));
-        return Ed25519KeyIdentity.fromKeyPair(keyPair.publicKey, keyPair.secretKey);
+        const publicKey = ed25519_1.ed25519.getPublicKey(new Uint8Array(secretKey));
+        return Ed25519KeyIdentity.fromKeyPair(publicKey, secretKey);
     }
-    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
-    constructor(publicKey, _privateKey) {
-        super();
-        this._privateKey = _privateKey;
-        this._publicKey = Ed25519PublicKey.from(publicKey);
-    }
     /**
@@ -111,3 +153,3 @@ * Serialize this key to JSON.
     toJSON() {
-        return [(0, buffer_1.toHexString)(this._publicKey.toDer()), (0, buffer_1.toHexString)(this._privateKey)];
+        return [(0, agent_1.toHex)(__classPrivateFieldGet(this, _Ed25519KeyIdentity_publicKey, "f").toDer()), (0, agent_1.toHex)(__classPrivateFieldGet(this, _Ed25519KeyIdentity_privateKey, "f"))];
     }
@@ -119,4 +161,4 @@ /**
         return {
-            secretKey: this._privateKey,
-            publicKey: this._publicKey,
+            secretKey: __classPrivateFieldGet(this, _Ed25519KeyIdentity_privateKey, "f"),
+            publicKey: __classPrivateFieldGet(this, _Ed25519KeyIdentity_publicKey, "f"),
         };
@@ -128,3 +170,3 @@ }
     getPublicKey() {
-        return this._publicKey;
+        return __classPrivateFieldGet(this, _Ed25519KeyIdentity_publicKey, "f");
     }
@@ -137,7 +179,33 @@ /**
         const blob = new Uint8Array(challenge);
-        const signature = tweetnacl.sign.detached(blob, new Uint8Array(this._privateKey)).buffer;
+        // Some implementations of Ed25519 private keys append a public key to the end of the private key. We only want the private key.
+        const signature = (0, agent_1.uint8ToBuf)(ed25519_1.ed25519.sign(blob, __classPrivateFieldGet(this, _Ed25519KeyIdentity_privateKey, "f").slice(0, 32)));
+        // add { __signature__: void; } to the signature to make it compatible with the agent
+        Object.defineProperty(signature, '__signature__', {
+            enumerable: false,
+            value: undefined,
+        });
         return signature;
     }
+    /**
+     * Verify
+     * @param sig - signature to verify
+     * @param msg - message to verify
+     * @param pk - public key
+     * @returns - true if the signature is valid, false otherwise
+     */
+    static verify(sig, msg, pk) {
+        const [signature, message, publicKey] = [sig, msg, pk].map(x => {
+            if (typeof x === 'string') {
+                x = (0, agent_1.fromHex)(x);
+            }
+            if (x instanceof Uint8Array) {
+                x = x.buffer;
+            }
+            return new Uint8Array(x);
+        });
+        return ed25519_1.ed25519.verify(message, signature, publicKey);
+    }
 }
 exports.Ed25519KeyIdentity = Ed25519KeyIdentity;
+_Ed25519KeyIdentity_publicKey = new WeakMap(), _Ed25519KeyIdentity_privateKey = new WeakMap();
 //# sourceMappingURL=ed25519.js.map

lib/cjs/identity/webauthn.js

 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
@@ -32,7 +9,5 @@ return (mod && mod.__esModule) ? mod : { "default": mod };
 const borc_1 = __importDefault(require("borc"));
-const tweetnacl = __importStar(require("tweetnacl"));
-const buffer_1 = require("../buffer");
-const der_1 = require("./der");
+const utils_1 = require("@noble/hashes/utils");
 function _coseToDerEncodedBlob(cose) {
-    return (0, der_1.wrapDER)(cose, der_1.DER_COSE_OID).buffer;
+    return (0, agent_1.wrapDER)(cose, agent_1.DER_COSE_OID).buffer;
 }
@@ -45,3 +20,2 @@ /**
  * See https://webauthn.guide/#registration (subsection "Example: Parsing the authenticator data").
- *
  * @param authData The authData field of the attestation response.
@@ -76,3 +50,2 @@ * @returns The COSE key of the authData.
  * generated.
- *
  * @param challenge The challenge to transform into a byte array. By default a hard
@@ -109,3 +82,3 @@ *        coded string.
             user: {
-                id: tweetnacl.randomBytes(16),
+                id: (0, utils_1.randomBytes)(16),
                 name: 'Internet Identity',
@@ -136,2 +109,8 @@ displayName: 'Internet Identity',
 class WebAuthnIdentity extends agent_1.SignIdentity {
+    constructor(rawId, cose, authenticatorAttachment) {
+        super();
+        this.rawId = rawId;
+        this.authenticatorAttachment = authenticatorAttachment;
+        this._publicKey = new CosePublicKey(cose);
+    }
     /**
@@ -146,3 +125,3 @@ * Create an identity from a JSON serialization.
         }
-        return new this((0, buffer_1.fromHexString)(rawId), (0, buffer_1.fromHexString)(publicKey), undefined);
+        return new this((0, agent_1.fromHex)(rawId), (0, agent_1.fromHex)(publicKey), undefined);
     }
@@ -167,8 +146,2 @@ /**
     }
-    constructor(rawId, cose, authenticatorAttachment) {
-        super();
-        this.rawId = rawId;
-        this.authenticatorAttachment = authenticatorAttachment;
-        this._publicKey = new CosePublicKey(cose);
-    }
     getPublicKey() {
@@ -226,4 +199,4 @@ return this._publicKey;
         return {
-            publicKey: (0, buffer_1.toHexString)(this._publicKey.getCose()),
-            rawId: (0, buffer_1.toHexString)(this.rawId),
+            publicKey: (0, agent_1.toHex)(this._publicKey.getCose()),
+            rawId: (0, agent_1.toHex)(this.rawId),
         };
@@ -230,0 +203,0 @@ }

lib/cjs/index.d.ts

@@ -5,3 +5,3 @@ export { Ed25519KeyIdentity, Ed25519PublicKey } from './identity/ed25519';
 export { WebAuthnIdentity } from './identity/webauthn';
-export { wrapDER, unwrapDER, DER_COSE_OID, ED25519_OID } from './identity/der';
+export { wrapDER, unwrapDER, DER_COSE_OID, ED25519_OID } from '@dfinity/agent';
 /**
@@ -8,0 +8,0 @@ * @deprecated due to size of dependencies. Use `@dfinity/identity-secp256k1` instead.

lib/cjs/index.js

@@ -25,7 +25,7 @@ "use strict";
 Object.defineProperty(exports, "WebAuthnIdentity", { enumerable: true, get: function () { return webauthn_1.WebAuthnIdentity; } });
-var der_1 = require("./identity/der");
-Object.defineProperty(exports, "wrapDER", { enumerable: true, get: function () { return der_1.wrapDER; } });
-Object.defineProperty(exports, "unwrapDER", { enumerable: true, get: function () { return der_1.unwrapDER; } });
-Object.defineProperty(exports, "DER_COSE_OID", { enumerable: true, get: function () { return der_1.DER_COSE_OID; } });
-Object.defineProperty(exports, "ED25519_OID", { enumerable: true, get: function () { return der_1.ED25519_OID; } });
+var agent_1 = require("@dfinity/agent");
+Object.defineProperty(exports, "wrapDER", { enumerable: true, get: function () { return agent_1.wrapDER; } });
+Object.defineProperty(exports, "unwrapDER", { enumerable: true, get: function () { return agent_1.unwrapDER; } });
+Object.defineProperty(exports, "DER_COSE_OID", { enumerable: true, get: function () { return agent_1.DER_COSE_OID; } });
+Object.defineProperty(exports, "ED25519_OID", { enumerable: true, get: function () { return agent_1.ED25519_OID; } });
 /**
@@ -32,0 +32,0 @@ * @deprecated due to size of dependencies. Use `@dfinity/identity-secp256k1` instead.

lib/esm/identity/delegation.d.ts

 import { DerEncodedPublicKey, HttpAgentRequest, PublicKey, Signature, SignIdentity } from '@dfinity/agent';
 import { Principal } from '@dfinity/principal';
 import * as cbor from 'simple-cbor';
+import { PartialIdentity } from './partial';
 /**
@@ -64,3 +65,2 @@ * A single delegation object that is signed by a private key. This is constructed by
      * passing the previous delegation chain into the options argument. For example:
-     *
      * @example
@@ -80,3 +80,2 @@ * const rootKey = createKey();
      * const identity = DelegationIdentity.fromDelegation(bottomKey, middleToBottom);
-     *
      * @param from The identity that will delegate.
@@ -97,3 +96,2 @@ * @param to The identity that gets delegated. It can now sign messages as if it was the
      * Creates a DelegationChain object from a JSON string.
-     *
      * @param json The JSON string to parse.
@@ -104,3 +102,2 @@ */
      * Creates a DelegationChain object from a list of delegations and a DER-encoded public key.
-     *
      * @param delegations The list of delegations.
@@ -124,3 +121,2 @@ * @param publicKey The DER-encoded public key of the key-pair signing the first delegation.
      * Create a delegation without having access to delegateKey.
-     *
      * @param key The key used to sign the reqyests.
@@ -137,2 +133,20 @@ * @param delegation A delegation object created using `createDelegation`.
 /**
+ * A partial delegated identity, representing a delegation chain and the public key that it targets
+ */
+export declare class PartialDelegationIdentity extends PartialIdentity {
+    #private;
+    /**
+     * The Delegation Chain of this identity.
+     */
+    get delegation(): DelegationChain;
+    private constructor();
+    /**
+     * Create a {@link PartialDelegationIdentity} from a {@link PublicKey} and a {@link DelegationChain}.
+     * @param key The {@link PublicKey} to delegate to.
+     * @param delegation a {@link DelegationChain} targeting the inner key.
+     * @constructs PartialDelegationIdentity
+     */
+    static fromDelegation(key: PublicKey, delegation: DelegationChain): PartialDelegationIdentity;
+}
+/**
  * List of things to check for a delegation chain validity.
@@ -139,0 +153,0 @@ */

lib/esm/identity/delegation.js

@@ -0,1 +1,12 @@
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
 var __rest = (this && this.__rest) || function (s, e) {
@@ -12,6 +23,7 @@ var t = {};
 };
-import { requestIdOf, SignIdentity, } from '@dfinity/agent';
+var _PartialDelegationIdentity_delegation;
+import { fromHex, requestIdOf, SignIdentity, toHex, } from '@dfinity/agent';
 import { Principal } from '@dfinity/principal';
 import * as cbor from 'simple-cbor';
-import { fromHexString, toHexString } from '../buffer';
+import { PartialIdentity } from './partial';
 const domainSeparator = new TextEncoder().encode('\x1Aic-request-auth-delegation');
@@ -23,3 +35,3 @@ const requestDomainSeparator = new TextEncoder().encode('\x0Aic-request');
     }
-    return fromHexString(value);
+    return fromHex(value);
 }
@@ -48,3 +60,3 @@ /**
         // with an OID). After de-hex, if it's not obvious what it is, it's an ArrayBuffer.
-        return Object.assign({ expiration: this.expiration.toString(16), pubkey: toHexString(this.pubkey) }, (this.targets && { targets: this.targets.map(p => p.toHex()) }));
+        return Object.assign({ expiration: this.expiration.toString(16), pubkey: toHex(this.pubkey) }, (this.targets && { targets: this.targets.map(p => p.toHex()) }));
     }
@@ -54,3 +66,2 @@ }
  * Sign a single delegation object for a period of time.
- *
  * @param from The identity that lends its delegation.
@@ -85,2 +96,6 @@ * @param to The identity that receives the delegation.
 export class DelegationChain {
+    constructor(delegations, publicKey) {
+        this.delegations = delegations;
+        this.publicKey = publicKey;
+    }
     /**
@@ -92,3 +107,2 @@ * Create a delegation chain between two (or more) keys. By default, the expiration time
      * passing the previous delegation chain into the options argument. For example:
-     *
      * @example
@@ -108,3 +122,2 @@ * const rootKey = createKey();
      * const identity = DelegationIdentity.fromDelegation(bottomKey, middleToBottom);
-     *
      * @param from The identity that will delegate.
@@ -126,3 +139,2 @@ * @param to The identity that gets delegated. It can now sign messages as if it was the
      * Creates a DelegationChain object from a JSON string.
-     *
      * @param json The JSON string to parse.
@@ -142,3 +154,3 @@ */
             return {
-                delegation: new Delegation(_parseBlob(pubkey), BigInt(`0x${expiration}`), // expiration in JSON is an hexa string (See toJSON() below).
+                delegation: new Delegation(_parseBlob(pubkey), BigInt('0x' + expiration), // expiration in JSON is an hexa string (See toJSON() below).
                 targets &&
@@ -158,3 +170,2 @@ targets.map((t) => {
      * Creates a DelegationChain object from a list of delegations and a DER-encoded public key.
-     *
      * @param delegations The list of delegations.
@@ -166,6 +177,2 @@ * @param publicKey The DER-encoded public key of the key-pair signing the first delegation.
     }
-    constructor(delegations, publicKey) {
-        this.delegations = delegations;
-        this.publicKey = publicKey;
-    }
     toJSON() {
@@ -177,9 +184,9 @@ return {
                 return {
-                    delegation: Object.assign({ expiration: delegation.expiration.toString(16), pubkey: toHexString(delegation.pubkey) }, (targets && {
+                    delegation: Object.assign({ expiration: delegation.expiration.toString(16), pubkey: toHex(delegation.pubkey) }, (targets && {
                         targets: targets.map(t => t.toHex()),
                     })),
-                    signature: toHexString(signature),
+                    signature: toHex(signature),
                 };
             }),
-            publicKey: toHexString(this.publicKey),
+            publicKey: toHex(this.publicKey),
         };
@@ -195,5 +202,9 @@ }
 export class DelegationIdentity extends SignIdentity {
+    constructor(_inner, _delegation) {
+        super();
+        this._inner = _inner;
+        this._delegation = _delegation;
+    }
     /**
      * Create a delegation without having access to delegateKey.
-     *
      * @param key The key used to sign the reqyests.
@@ -205,7 +216,2 @@ * @param delegation A delegation object created using `createDelegation`.
     }
-    constructor(_inner, _delegation) {
-        super();
-        this._inner = _inner;
-        this._delegation = _delegation;
-    }
     getDelegation() {
@@ -216,2 +222,3 @@ return this._delegation;
         return {
+            derKey: this._delegation.publicKey,
             toDer: () => this._delegation.publicKey,
@@ -235,2 +242,28 @@ };
 /**
+ * A partial delegated identity, representing a delegation chain and the public key that it targets
+ */
+export class PartialDelegationIdentity extends PartialIdentity {
+    constructor(inner, delegation) {
+        super(inner);
+        _PartialDelegationIdentity_delegation.set(this, void 0);
+        __classPrivateFieldSet(this, _PartialDelegationIdentity_delegation, delegation, "f");
+    }
+    /**
+     * The Delegation Chain of this identity.
+     */
+    get delegation() {
+        return __classPrivateFieldGet(this, _PartialDelegationIdentity_delegation, "f");
+    }
+    /**
+     * Create a {@link PartialDelegationIdentity} from a {@link PublicKey} and a {@link DelegationChain}.
+     * @param key The {@link PublicKey} to delegate to.
+     * @param delegation a {@link DelegationChain} targeting the inner key.
+     * @constructs PartialDelegationIdentity
+     */
+    static fromDelegation(key, delegation) {
+        return new PartialDelegationIdentity(key, delegation);
+    }
+}
+_PartialDelegationIdentity_delegation = new WeakMap();
+/**
  * Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
@@ -237,0 +270,0 @@ * scope.

lib/esm/identity/ecdsa.d.ts

@@ -1,6 +0,6 @@
-import { DerEncodedPublicKey, Signature, SignIdentity } from '@dfinity/agent';
+import { DerEncodedPublicKey, PublicKey, Signature, SignIdentity } from '@dfinity/agent';
 /**
  * Options used in a {@link ECDSAKeyIdentity}
  */
-export type CryptoKeyOptions = {
+export declare type CryptoKeyOptions = {
     extractable?: boolean;
@@ -33,4 +33,4 @@ keyUsages?: KeyUsage[];
      * generates an identity from a public and private key. Please ensure that you are generating these keys securely and protect the user's private key
-     * @param keyPair a {@link CryptoKeyPair}
-     * @param subtleCrypto a {@link SubtleCrypto} interface in case one is not available globally
+     * @param keyPair a CryptoKeyPair
+     * @param subtleCrypto - a SubtleCrypto interface in case one is not available globally
      * @returns an {@link ECDSAKeyIdentity}
@@ -48,3 +48,3 @@ */
      * Return the internally-used key pair.
-     * @returns a {@link CryptoKeyPair}
+     * @returns a CryptoKeyPair
      */
@@ -54,5 +54,5 @@ getKeyPair(): CryptoKeyPair;
      * Return the public key.
-     * @returns an {@link DerCryptoKey}
+     * @returns an {@link PublicKey & DerCryptoKey}
      */
-    getPublicKey(): DerCryptoKey;
+    getPublicKey(): PublicKey & DerCryptoKey;
     /**
@@ -59,0 +59,0 @@ * Signs a blob of data, with this identity's private key.

lib/esm/identity/ecdsa.js

@@ -15,2 +15,5 @@ import { SignIdentity } from '@dfinity/agent';
 function _getEffectiveCrypto(subtleCrypto) {
+    if (typeof global !== 'undefined' && global['crypto'] && global['crypto']['subtle']) {
+        return global['crypto']['subtle'];
+    }
     if (subtleCrypto) {
@@ -30,2 +33,9 @@ return subtleCrypto;
 export class ECDSAKeyIdentity extends SignIdentity {
+    // `fromKeyPair` and `generate` should be used for instantiation, not this constructor.
+    constructor(keyPair, derKey, subtleCrypto) {
+        super();
+        this._keyPair = keyPair;
+        this._derKey = derKey;
+        this._subtleCrypto = subtleCrypto;
+    }
     /**
@@ -52,4 +62,4 @@ * Generates a randomly generated identity for use in calls to the Internet Computer.
      * generates an identity from a public and private key. Please ensure that you are generating these keys securely and protect the user's private key
-     * @param keyPair a {@link CryptoKeyPair}
-     * @param subtleCrypto a {@link SubtleCrypto} interface in case one is not available globally
+     * @param keyPair a CryptoKeyPair
+     * @param subtleCrypto - a SubtleCrypto interface in case one is not available globally
      * @returns an {@link ECDSAKeyIdentity}
@@ -62,12 +72,5 @@ */
     }
-    // `fromKeyPair` and `generate` should be used for instantiation, not this constructor.
-    constructor(keyPair, derKey, subtleCrypto) {
-        super();
-        this._keyPair = keyPair;
-        this._derKey = derKey;
-        this._subtleCrypto = subtleCrypto;
-    }
     /**
      * Return the internally-used key pair.
-     * @returns a {@link CryptoKeyPair}
+     * @returns a CryptoKeyPair
      */
@@ -79,3 +82,3 @@ getKeyPair() {
      * Return the public key.
-     * @returns an {@link DerCryptoKey}
+     * @returns an {@link PublicKey & DerCryptoKey}
      */
@@ -82,0 +85,0 @@ getPublicKey() {

lib/esm/identity/ed25519.d.ts

 import { DerEncodedPublicKey, KeyPair, PublicKey, Signature, SignIdentity } from '@dfinity/agent';
 export declare class Ed25519PublicKey implements PublicKey {
-    static from(key: PublicKey): Ed25519PublicKey;
+    #private;
+    /**
+     * Construct Ed25519PublicKey from an existing PublicKey
+     * @param {unknown} maybeKey - existing PublicKey, ArrayBuffer, DerEncodedPublicKey, or hex string
+     * @returns {Ed25519PublicKey} Instance of Ed25519PublicKey
+     */
+    static from(maybeKey: unknown): Ed25519PublicKey;
     static fromRaw(rawKey: ArrayBuffer): Ed25519PublicKey;
@@ -9,4 +15,4 @@ static fromDer(derKey: DerEncodedPublicKey): Ed25519PublicKey;
     private static derDecode;
-    private readonly rawKey;
-    private readonly derKey;
+    get rawKey(): ArrayBuffer;
+    get derKey(): DerEncodedPublicKey;
     private constructor();
@@ -17,3 +23,3 @@ toDer(): DerEncodedPublicKey;
 export declare class Ed25519KeyIdentity extends SignIdentity {
-    protected _privateKey: ArrayBuffer;
+    #private;
     static generate(seed?: Uint8Array): Ed25519KeyIdentity;
@@ -24,4 +30,3 @@ static fromParsedJson(obj: JsonnableEd25519KeyIdentity): Ed25519KeyIdentity;
     static fromSecretKey(secretKey: ArrayBuffer): Ed25519KeyIdentity;
-    protected _publicKey: Ed25519PublicKey;
-    protected constructor(publicKey: PublicKey, _privateKey: ArrayBuffer);
+    protected constructor(publicKey: PublicKey, privateKey: ArrayBuffer);
     /**
@@ -38,3 +43,3 @@ * Serialize this key to JSON.
      */
-    getPublicKey(): PublicKey;
+    getPublicKey(): Required<PublicKey>;
     /**
@@ -45,6 +50,14 @@ * Signs a blob of data, with this identity's private key.
     sign(challenge: ArrayBuffer): Promise<Signature>;
+    /**
+     * Verify
+     * @param sig - signature to verify
+     * @param msg - message to verify
+     * @param pk - public key
+     * @returns - true if the signature is valid, false otherwise
+     */
+    static verify(sig: ArrayBuffer | Uint8Array | string, msg: ArrayBuffer | Uint8Array | string, pk: ArrayBuffer | Uint8Array | string): boolean;
 }
-type PublicKeyHex = string;
-type SecretKeyHex = string;
-export type JsonnableEd25519KeyIdentity = [PublicKeyHex, SecretKeyHex];
+declare type PublicKeyHex = string;
+declare type SecretKeyHex = string;
+export declare type JsonnableEd25519KeyIdentity = [PublicKeyHex, SecretKeyHex];
 export {};

lib/esm/identity/ed25519.js

@@ -1,9 +0,63 @@
-import { SignIdentity } from '@dfinity/agent';
-import * as tweetnacl from 'tweetnacl';
-import { fromHexString, toHexString } from '../buffer';
-import { ED25519_OID, unwrapDER, wrapDER } from './der';
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _Ed25519PublicKey_rawKey, _Ed25519PublicKey_derKey, _Ed25519KeyIdentity_publicKey, _Ed25519KeyIdentity_privateKey;
+import { SignIdentity, uint8ToBuf, ED25519_OID, unwrapDER, wrapDER, fromHex, toHex, bufFromBufLike, } from '@dfinity/agent';
+import { ed25519 } from '@noble/curves/ed25519';
+function isObject(value) {
+    return value !== null && typeof value === 'object';
+}
 export class Ed25519PublicKey {
-    static from(key) {
-        return this.fromDer(key.toDer());
+    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
+    constructor(key) {
+        _Ed25519PublicKey_rawKey.set(this, void 0);
+        _Ed25519PublicKey_derKey.set(this, void 0);
+        if (key.byteLength !== Ed25519PublicKey.RAW_KEY_LENGTH) {
+            throw new Error('An Ed25519 public key must be exactly 32bytes long');
+        }
+        __classPrivateFieldSet(this, _Ed25519PublicKey_rawKey, key, "f");
+        __classPrivateFieldSet(this, _Ed25519PublicKey_derKey, Ed25519PublicKey.derEncode(key), "f");
     }
+    /**
+     * Construct Ed25519PublicKey from an existing PublicKey
+     * @param {unknown} maybeKey - existing PublicKey, ArrayBuffer, DerEncodedPublicKey, or hex string
+     * @returns {Ed25519PublicKey} Instance of Ed25519PublicKey
+     */
+    static from(maybeKey) {
+        if (typeof maybeKey === 'string') {
+            const key = fromHex(maybeKey);
+            return this.fromRaw(key);
+        }
+        else if (isObject(maybeKey)) {
+            const key = maybeKey;
+            if (isObject(key) && Object.hasOwnProperty.call(key, '__derEncodedPublicKey__')) {
+                return this.fromDer(key);
+            }
+            else if (ArrayBuffer.isView(key)) {
+                const view = key;
+                return this.fromRaw(bufFromBufLike(view.buffer));
+            }
+            else if (key instanceof ArrayBuffer) {
+                return this.fromRaw(key);
+            }
+            else if ('rawKey' in key) {
+                return this.fromRaw(key.rawKey);
+            }
+            else if ('derKey' in key) {
+                return this.fromDer(key.derKey);
+            }
+            else if ('toDer' in key) {
+                return this.fromDer(key.toDer());
+            }
+        }
+        throw new Error('Cannot construct Ed25519PublicKey from the provided key.');
+    }
     static fromRaw(rawKey) {
@@ -16,3 +70,5 @@ return new Ed25519PublicKey(rawKey);
     static derEncode(publicKey) {
-        return wrapDER(publicKey, ED25519_OID).buffer;
+        const key = wrapDER(publicKey, ED25519_OID).buffer;
+        key.__derEncodedPublicKey__ = undefined;
+        return key;
     }
@@ -26,7 +82,8 @@ static derDecode(key) {
     }
-    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
-    constructor(key) {
-        this.rawKey = key;
-        this.derKey = Ed25519PublicKey.derEncode(key);
+    get rawKey() {
+        return __classPrivateFieldGet(this, _Ed25519PublicKey_rawKey, "f");
     }
+    get derKey() {
+        return __classPrivateFieldGet(this, _Ed25519PublicKey_derKey, "f");
+    }
     toDer() {
@@ -39,15 +96,29 @@ return this.derKey;
 }
+_Ed25519PublicKey_rawKey = new WeakMap(), _Ed25519PublicKey_derKey = new WeakMap();
 // The length of Ed25519 public keys is always 32 bytes.
 Ed25519PublicKey.RAW_KEY_LENGTH = 32;
 export class Ed25519KeyIdentity extends SignIdentity {
-    static generate(seed) {
+    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
+    constructor(publicKey, privateKey) {
+        super();
+        _Ed25519KeyIdentity_publicKey.set(this, void 0);
+        _Ed25519KeyIdentity_privateKey.set(this, void 0);
+        __classPrivateFieldSet(this, _Ed25519KeyIdentity_publicKey, Ed25519PublicKey.from(publicKey), "f");
+        __classPrivateFieldSet(this, _Ed25519KeyIdentity_privateKey, new Uint8Array(privateKey), "f");
+    }
+    static generate(seed = new Uint8Array(32)) {
         if (seed && seed.length !== 32) {
             throw new Error('Ed25519 Seed needs to be 32 bytes long.');
         }
-        const { publicKey, secretKey } = seed === undefined ? tweetnacl.sign.keyPair() : tweetnacl.sign.keyPair.fromSeed(seed);
-        return new this(Ed25519PublicKey.fromRaw(publicKey), secretKey);
+        if (!seed)
+            seed = ed25519.utils.randomPrivateKey();
+        const sk = new Uint8Array(32);
+        for (let i = 0; i < 32; i++)
+            sk[i] = new Uint8Array(seed)[i];
+        const pk = ed25519.getPublicKey(sk);
+        return Ed25519KeyIdentity.fromKeyPair(pk, sk);
     }
     static fromParsedJson(obj) {
         const [publicKeyDer, privateKeyRaw] = obj;
-        return new Ed25519KeyIdentity(Ed25519PublicKey.fromDer(fromHexString(publicKeyDer)), fromHexString(privateKeyRaw));
+        return new Ed25519KeyIdentity(Ed25519PublicKey.fromDer(fromHex(publicKeyDer)), fromHex(privateKeyRaw));
     }
@@ -70,11 +141,5 @@ static fromJSON(json) {
     static fromSecretKey(secretKey) {
-        const keyPair = tweetnacl.sign.keyPair.fromSecretKey(new Uint8Array(secretKey));
-        return Ed25519KeyIdentity.fromKeyPair(keyPair.publicKey, keyPair.secretKey);
+        const publicKey = ed25519.getPublicKey(new Uint8Array(secretKey));
+        return Ed25519KeyIdentity.fromKeyPair(publicKey, secretKey);
     }
-    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
-    constructor(publicKey, _privateKey) {
-        super();
-        this._privateKey = _privateKey;
-        this._publicKey = Ed25519PublicKey.from(publicKey);
-    }
     /**
@@ -84,3 +149,3 @@ * Serialize this key to JSON.
     toJSON() {
-        return [toHexString(this._publicKey.toDer()), toHexString(this._privateKey)];
+        return [toHex(__classPrivateFieldGet(this, _Ed25519KeyIdentity_publicKey, "f").toDer()), toHex(__classPrivateFieldGet(this, _Ed25519KeyIdentity_privateKey, "f"))];
     }
@@ -92,4 +157,4 @@ /**
         return {
-            secretKey: this._privateKey,
-            publicKey: this._publicKey,
+            secretKey: __classPrivateFieldGet(this, _Ed25519KeyIdentity_privateKey, "f"),
+            publicKey: __classPrivateFieldGet(this, _Ed25519KeyIdentity_publicKey, "f"),
         };
@@ -101,3 +166,3 @@ }
     getPublicKey() {
-        return this._publicKey;
+        return __classPrivateFieldGet(this, _Ed25519KeyIdentity_publicKey, "f");
     }
@@ -110,6 +175,32 @@ /**
         const blob = new Uint8Array(challenge);
-        const signature = tweetnacl.sign.detached(blob, new Uint8Array(this._privateKey)).buffer;
+        // Some implementations of Ed25519 private keys append a public key to the end of the private key. We only want the private key.
+        const signature = uint8ToBuf(ed25519.sign(blob, __classPrivateFieldGet(this, _Ed25519KeyIdentity_privateKey, "f").slice(0, 32)));
+        // add { __signature__: void; } to the signature to make it compatible with the agent
+        Object.defineProperty(signature, '__signature__', {
+            enumerable: false,
+            value: undefined,
+        });
         return signature;
     }
+    /**
+     * Verify
+     * @param sig - signature to verify
+     * @param msg - message to verify
+     * @param pk - public key
+     * @returns - true if the signature is valid, false otherwise
+     */
+    static verify(sig, msg, pk) {
+        const [signature, message, publicKey] = [sig, msg, pk].map(x => {
+            if (typeof x === 'string') {
+                x = fromHex(x);
+            }
+            if (x instanceof Uint8Array) {
+                x = x.buffer;
+            }
+            return new Uint8Array(x);
+        });
+        return ed25519.verify(message, signature, publicKey);
+    }
 }
+_Ed25519KeyIdentity_publicKey = new WeakMap(), _Ed25519KeyIdentity_privateKey = new WeakMap();
 //# sourceMappingURL=ed25519.js.map

lib/esm/identity/webauthn.js

@@ -1,6 +0,4 @@
-import { SignIdentity } from '@dfinity/agent';
+import { SignIdentity, wrapDER, DER_COSE_OID, fromHex, toHex, } from '@dfinity/agent';
 import borc from 'borc';
-import * as tweetnacl from 'tweetnacl';
-import { fromHexString, toHexString } from '../buffer';
-import { DER_COSE_OID, wrapDER } from './der';
+import { randomBytes } from '@noble/hashes/utils';
 function _coseToDerEncodedBlob(cose) {
@@ -15,3 +13,2 @@ return wrapDER(cose, DER_COSE_OID).buffer;
  * See https://webauthn.guide/#registration (subsection "Example: Parsing the authenticator data").
- *
  * @param authData The authData field of the attestation response.
@@ -45,3 +42,2 @@ * @returns The COSE key of the authData.
  * generated.
- *
  * @param challenge The challenge to transform into a byte array. By default a hard
@@ -78,3 +74,3 @@ *        coded string.
             user: {
-                id: tweetnacl.randomBytes(16),
+                id: randomBytes(16),
                 name: 'Internet Identity',
@@ -105,2 +101,8 @@ displayName: 'Internet Identity',
 export class WebAuthnIdentity extends SignIdentity {
+    constructor(rawId, cose, authenticatorAttachment) {
+        super();
+        this.rawId = rawId;
+        this.authenticatorAttachment = authenticatorAttachment;
+        this._publicKey = new CosePublicKey(cose);
+    }
     /**
@@ -115,3 +117,3 @@ * Create an identity from a JSON serialization.
         }
-        return new this(fromHexString(rawId), fromHexString(publicKey), undefined);
+        return new this(fromHex(rawId), fromHex(publicKey), undefined);
     }
@@ -136,8 +138,2 @@ /**
     }
-    constructor(rawId, cose, authenticatorAttachment) {
-        super();
-        this.rawId = rawId;
-        this.authenticatorAttachment = authenticatorAttachment;
-        this._publicKey = new CosePublicKey(cose);
-    }
     getPublicKey() {
@@ -195,4 +191,4 @@ return this._publicKey;
         return {
-            publicKey: toHexString(this._publicKey.getCose()),
-            rawId: toHexString(this.rawId),
+            publicKey: toHex(this._publicKey.getCose()),
+            rawId: toHex(this.rawId),
         };
@@ -199,0 +195,0 @@ }

lib/esm/index.d.ts

@@ -5,3 +5,3 @@ export { Ed25519KeyIdentity, Ed25519PublicKey } from './identity/ed25519';
 export { WebAuthnIdentity } from './identity/webauthn';
-export { wrapDER, unwrapDER, DER_COSE_OID, ED25519_OID } from './identity/der';
+export { wrapDER, unwrapDER, DER_COSE_OID, ED25519_OID } from '@dfinity/agent';
 /**
@@ -8,0 +8,0 @@ * @deprecated due to size of dependencies. Use `@dfinity/identity-secp256k1` instead.

lib/esm/index.js

@@ -5,3 +5,3 @@ export { Ed25519KeyIdentity, Ed25519PublicKey } from './identity/ed25519';
 export { WebAuthnIdentity } from './identity/webauthn';
-export { wrapDER, unwrapDER, DER_COSE_OID, ED25519_OID } from './identity/der';
+export { wrapDER, unwrapDER, DER_COSE_OID, ED25519_OID } from '@dfinity/agent';
 /**
@@ -8,0 +8,0 @@ * @deprecated due to size of dependencies. Use `@dfinity/identity-secp256k1` instead.

package.json

 {
   "name": "@dfinity/identity",
-  "version": "0.21.1",
+  "version": "0.21.2",
   "author": "DFINITY Stiftung <sdk@dfinity.org>",
@@ -48,4 +48,4 @@ "license": "Apache-2.0",
   "peerDependencies": {
-    "@dfinity/agent": "^0.21.1",
-    "@dfinity/principal": "^0.21.1",
+    "@dfinity/agent": "^0.21.2",
+    "@dfinity/principal": "^0.21.2",
     "@peculiar/webcrypto": "^1.4.0"
@@ -52,0 +52,0 @@ },

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

369653

increased by14.65%

Number of package files

55

increased by12.24%

Lines of code

3025

increased by17.16%

No dependency changes