types.ts (1922B)
1 import type { IdbClientConfig, ResolveError } from "@radroots/utils"; 2 3 export type CryptoKeyStatus = "active" | "rotated"; 4 5 export type CryptoEnvelope = { 6 version: number; 7 key_id: string; 8 iv: Uint8Array; 9 created_at: number; 10 ciphertext: Uint8Array; 11 }; 12 13 export type CryptoKeyEntry = { 14 key_id: string; 15 store_id: string; 16 created_at: number; 17 status: CryptoKeyStatus; 18 wrapped_key: Uint8Array; 19 wrap_iv: Uint8Array; 20 kdf_salt: Uint8Array; 21 kdf_iterations: number; 22 iv_length: number; 23 algorithm: "AES-GCM"; 24 provider_id: string; 25 }; 26 27 export type CryptoStoreIndex = { 28 store_id: string; 29 active_key_id: string; 30 key_ids: string[]; 31 created_at: number; 32 }; 33 34 export type CryptoRegistryExport = { 35 stores: CryptoStoreIndex[]; 36 keys: CryptoKeyEntry[]; 37 }; 38 39 export type CryptoDecryptOutcome = { 40 plaintext: Uint8Array; 41 needs_reencrypt: boolean; 42 reencrypted?: Uint8Array; 43 }; 44 45 export type LegacyKeyConfig = { 46 idb_config: IdbClientConfig; 47 key_name: string; 48 iv_length: number; 49 algorithm: string; 50 }; 51 52 export type CryptoStoreConfig = { 53 store_id: string; 54 legacy_key?: LegacyKeyConfig; 55 iv_length?: number; 56 }; 57 58 export interface KeyMaterialProvider { 59 get_key_material(): Promise<Uint8Array>; 60 get_provider_id(): Promise<string>; 61 } 62 63 export interface IWebCryptoService { 64 register_store_config(config: CryptoStoreConfig): void; 65 encrypt(store_id: string, plaintext: Uint8Array): Promise<ResolveError<Uint8Array>>; 66 decrypt(store_id: string, blob: Uint8Array): Promise<ResolveError<Uint8Array>>; 67 decrypt_record(store_id: string, blob: Uint8Array): Promise<ResolveError<CryptoDecryptOutcome>>; 68 rotate_store_key(store_id: string): Promise<ResolveError<string>>; 69 export_registry(): Promise<ResolveError<CryptoRegistryExport>>; 70 import_registry(registry: CryptoRegistryExport): Promise<ResolveError<void>>; 71 }