diff --git a/README.md b/README.md index 41bdc05..0a5fd53 100644 --- a/README.md +++ b/README.md @@ -153,7 +153,7 @@ const userID = 'user ID'; const db = await openDatabase(userID); // Derive database key -const key = await deriveIndexKey(baseKey); +const key = await deriveDatabaseKey(baseKey); // Encrypt and store one or several emails await encryptAndStoreEmail(email, key, db); diff --git a/package.json b/package.json index b27537c..de2c84f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "internxt-crypto", - "version": "1.0.2", + "version": "1.1.0", "main": "dist/index.js", "types": "dist/index.d.ts", "module": "dist/index.js", diff --git a/src/derive-key/deriveKeysFromKey.ts b/src/derive-key/deriveKeysFromKey.ts index 91babb4..10ada44 100644 --- a/src/derive-key/deriveKeysFromKey.ts +++ b/src/derive-key/deriveKeysFromKey.ts @@ -1,5 +1,5 @@ import { blake3 } from '@noble/hashes/blake3.js'; -import { AES_KEY_BYTE_LENGTH, CONTEXT_DERIVE } from '../constants'; +import { AES_KEY_BYTE_LENGTH, CONTEXT_DERIVE, CONTEXT_INDEX } from '../constants'; import { UTF8ToUint8 } from '../utils'; /** @@ -32,3 +32,13 @@ export function deriveSymmetricKeyFromTwoKeys(key1: Uint8Array, key2: Uint8Array throw new Error('Failed to derive symmetric key from two keys and context', { cause: error }); } } + +/** + * Derives database encryption key for the given user + * + * @param baseKey - The base key (NOT PASSWORD!) + * @returns The symmetric key for protecting database + */ +export const deriveDatabaseKey = async (baseKey: Uint8Array): Promise => { + return deriveSymmetricKeyFromContext(CONTEXT_INDEX, baseKey); +}; diff --git a/src/email-crypto/index.ts b/src/email-crypto/index.ts index 64a4848..31aa0c7 100644 --- a/src/email-crypto/index.ts +++ b/src/email-crypto/index.ts @@ -1,3 +1,4 @@ export * from './hybridEncyptedEmail'; export * from './pwdProtectedEmail'; export * from './emailKeys'; +export * from './core'; diff --git a/src/index.ts b/src/index.ts index 1022f86..68d61ac 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,5 +1,5 @@ export { deriveSecretKey, generateEccKeys } from './asymmetric-crypto'; -export { deriveSymmetricKeyFromTwoKeys, deriveSymmetricKeyFromContext } from './derive-key'; +export { deriveSymmetricKeyFromTwoKeys, deriveSymmetricKeyFromContext, deriveDatabaseKey } from './derive-key'; export { getKeyFromPassword, getKeyFromPasswordAndSalt } from './derive-password'; export { encryptEmailHybrid, diff --git a/src/types.ts b/src/types.ts index c28cc77..c3c7f0d 100644 --- a/src/types.ts +++ b/src/types.ts @@ -5,11 +5,6 @@ export type EncryptedKeystore = { privateKeyEncrypted: string; }; -export type User = { - email: string; - name: string; -}; - export type RecipientWithPublicKey = { email: string; publicHybridKey: Uint8Array; diff --git a/tests/derive-keys/deriveKeys.test.ts b/tests/derive-keys/deriveKeys.test.ts index 86f30e9..3838ab4 100644 --- a/tests/derive-keys/deriveKeys.test.ts +++ b/tests/derive-keys/deriveKeys.test.ts @@ -1,5 +1,5 @@ import { describe, expect, it } from 'vitest'; -import { deriveSymmetricKeyFromTwoKeys, deriveSymmetricKeyFromContext } from '../../src/derive-key'; +import { deriveSymmetricKeyFromTwoKeys, deriveSymmetricKeyFromContext, deriveDatabaseKey } from '../../src/derive-key'; import { uint8ArrayToHex } from '../../src/utils'; import { AES_KEY_BYTE_LENGTH } from '../../src/constants'; import { genSymmetricKey } from '../../src/symmetric-crypto'; @@ -38,4 +38,12 @@ describe('Test derive key', () => { /Failed to derive symmetric key from two keys/, ); }); + + it('should derive symmetric key for database encryption', async () => { + const baseKey = genSymmetricKey(); + const key = await deriveDatabaseKey(baseKey); + expect(key.length).toBe(AES_KEY_BYTE_LENGTH); + const key2 = await deriveDatabaseKey(baseKey); + expect(key2).toStrictEqual(key); + }); });