From d05151f6d0be3e46245ec280713f5e9dfbade327 Mon Sep 17 00:00:00 2001 From: tamarafinogina Date: Wed, 1 Apr 2026 15:48:44 +0200 Subject: [PATCH 1/6] add index key --- src/derive-key/deriveKeysFromKey.ts | 12 +++++++++++- src/index.ts | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/derive-key/deriveKeysFromKey.ts b/src/derive-key/deriveKeysFromKey.ts index 91babb4..beb7b9f 100644 --- a/src/derive-key/deriveKeysFromKey.ts +++ b/src/derive-key/deriveKeysFromKey.ts @@ -1,5 +1,5 @@ import { blake3 } from '@noble/hashes/blake3.js'; -import { AES_KEY_BYTE_LENGTH, CONTEXT_DERIVE } from '../constants'; +import { AES_KEY_BYTE_LENGTH, CONTEXT_DERIVE, CONTEXT_INDEX } from '../constants'; import { UTF8ToUint8 } from '../utils'; /** @@ -32,3 +32,13 @@ export function deriveSymmetricKeyFromTwoKeys(key1: Uint8Array, key2: Uint8Array throw new Error('Failed to derive symmetric key from two keys and context', { cause: error }); } } + +/** + * Derives database encryption key for the given user + * + * @param userID - The user ID + * @returns The symmetric key for protecting database + */ +export const deriveDatabaseKey = async (baseKey: Uint8Array): Promise => { + return deriveSymmetricKeyFromContext(CONTEXT_INDEX, baseKey); +}; diff --git a/src/index.ts b/src/index.ts index 1022f86..68d61ac 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,5 +1,5 @@ export { deriveSecretKey, generateEccKeys } from './asymmetric-crypto'; -export { deriveSymmetricKeyFromTwoKeys, deriveSymmetricKeyFromContext } from './derive-key'; +export { deriveSymmetricKeyFromTwoKeys, deriveSymmetricKeyFromContext, deriveDatabaseKey } from './derive-key'; export { getKeyFromPassword, getKeyFromPasswordAndSalt } from './derive-password'; export { encryptEmailHybrid, From 5c9b12ab9cfaa3b66820f22faf2cdf204c8e95d9 Mon Sep 17 00:00:00 2001 From: tamarafinogina Date: Wed, 1 Apr 2026 15:50:59 +0200 Subject: [PATCH 2/6] fix readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 41bdc05..0a5fd53 100644 --- a/README.md +++ b/README.md @@ -153,7 +153,7 @@ const userID = 'user ID'; const db = await openDatabase(userID); // Derive database key -const key = await deriveIndexKey(baseKey); +const key = await deriveDatabaseKey(baseKey); // Encrypt and store one or several emails await encryptAndStoreEmail(email, key, db); From d91052f692790ffff87ca57ccc2a0716f686c9d7 Mon Sep 17 00:00:00 2001 From: tamarafinogina Date: Wed, 1 Apr 2026 16:03:42 +0200 Subject: [PATCH 3/6] add tests --- src/derive-key/deriveKeysFromKey.ts | 2 +- tests/derive-keys/deriveKeys.test.ts | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/derive-key/deriveKeysFromKey.ts b/src/derive-key/deriveKeysFromKey.ts index beb7b9f..10ada44 100644 --- a/src/derive-key/deriveKeysFromKey.ts +++ b/src/derive-key/deriveKeysFromKey.ts @@ -36,7 +36,7 @@ export function deriveSymmetricKeyFromTwoKeys(key1: Uint8Array, key2: Uint8Array /** * Derives database encryption key for the given user * - * @param userID - The user ID + * @param baseKey - The base key (NOT PASSWORD!) * @returns The symmetric key for protecting database */ export const deriveDatabaseKey = async (baseKey: Uint8Array): Promise => { diff --git a/tests/derive-keys/deriveKeys.test.ts b/tests/derive-keys/deriveKeys.test.ts index 86f30e9..3838ab4 100644 --- a/tests/derive-keys/deriveKeys.test.ts +++ b/tests/derive-keys/deriveKeys.test.ts @@ -1,5 +1,5 @@ import { describe, expect, it } from 'vitest'; -import { deriveSymmetricKeyFromTwoKeys, deriveSymmetricKeyFromContext } from '../../src/derive-key'; +import { deriveSymmetricKeyFromTwoKeys, deriveSymmetricKeyFromContext, deriveDatabaseKey } from '../../src/derive-key'; import { uint8ArrayToHex } from '../../src/utils'; import { AES_KEY_BYTE_LENGTH } from '../../src/constants'; import { genSymmetricKey } from '../../src/symmetric-crypto'; @@ -38,4 +38,12 @@ describe('Test derive key', () => { /Failed to derive symmetric key from two keys/, ); }); + + it('should derive symmetric key for database encryption', async () => { + const baseKey = genSymmetricKey(); + const key = await deriveDatabaseKey(baseKey); + expect(key.length).toBe(AES_KEY_BYTE_LENGTH); + const key2 = await deriveDatabaseKey(baseKey); + expect(key2).toStrictEqual(key); + }); }); From f6936b3d0d2ddf859bcdf34d97e0dc5400897fd2 Mon Sep 17 00:00:00 2001 From: tamarafinogina Date: Wed, 1 Apr 2026 16:15:48 +0200 Subject: [PATCH 4/6] remove unused typr --- src/types.ts | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/types.ts b/src/types.ts index c28cc77..c3c7f0d 100644 --- a/src/types.ts +++ b/src/types.ts @@ -5,11 +5,6 @@ export type EncryptedKeystore = { privateKeyEncrypted: string; }; -export type User = { - email: string; - name: string; -}; - export type RecipientWithPublicKey = { email: string; publicHybridKey: Uint8Array; From 6712aed569df72e5ec3f0b7d2d24c26113456166 Mon Sep 17 00:00:00 2001 From: tamarafinogina Date: Wed, 1 Apr 2026 17:56:19 +0200 Subject: [PATCH 5/6] up the version --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index b27537c..de2c84f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "internxt-crypto", - "version": "1.0.2", + "version": "1.1.0", "main": "dist/index.js", "types": "dist/index.d.ts", "module": "dist/index.js", From 64fcbf9cf95ea7d02e2d1c23044167c4f96bd67c Mon Sep 17 00:00:00 2001 From: tamarafinogina Date: Thu, 2 Apr 2026 10:34:12 +0200 Subject: [PATCH 6/6] add aes encrypt/decrypt to API --- src/email-crypto/index.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/email-crypto/index.ts b/src/email-crypto/index.ts index 64a4848..31aa0c7 100644 --- a/src/email-crypto/index.ts +++ b/src/email-crypto/index.ts @@ -1,3 +1,4 @@ export * from './hybridEncyptedEmail'; export * from './pwdProtectedEmail'; export * from './emailKeys'; +export * from './core';