internxt · TamaraFinogina · Apr 2, 2026 · Apr 1, 2026 · Apr 1, 2026 · Apr 1, 2026
diff --git a/README.md b/README.md
@@ -153,7 +153,7 @@ const userID = 'user ID';
 const db = await openDatabase(userID);
 
 // Derive database key
-const key = await deriveIndexKey(baseKey);
+const key = await deriveDatabaseKey(baseKey);
 
 // Encrypt and store one or several emails
 await encryptAndStoreEmail(email, key, db);

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "internxt-crypto",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "module": "dist/index.js",

diff --git a/src/derive-key/deriveKeysFromKey.ts b/src/derive-key/deriveKeysFromKey.ts
@@ -1,5 +1,5 @@
 import { blake3 } from '@noble/hashes/blake3.js';
-import { AES_KEY_BYTE_LENGTH, CONTEXT_DERIVE } from '../constants';
+import { AES_KEY_BYTE_LENGTH, CONTEXT_DERIVE, CONTEXT_INDEX } from '../constants';
 import { UTF8ToUint8 } from '../utils';
 
 /**
@@ -32,3 +32,13 @@ export function deriveSymmetricKeyFromTwoKeys(key1: Uint8Array, key2: Uint8Array
     throw new Error('Failed to derive symmetric key from two keys and context', { cause: error });
   }
 }
+
+/**
+ * Derives database encryption key for the given user
+ *
+ * @param baseKey - The base key (NOT PASSWORD!)
+ * @returns The symmetric key for protecting database
+ */
+export const deriveDatabaseKey = async (baseKey: Uint8Array): Promise<Uint8Array> => {
+  return deriveSymmetricKeyFromContext(CONTEXT_INDEX, baseKey);
+};
diff --git a/src/index.ts b/src/index.ts
@@ -1,5 +1,5 @@
 export { deriveSecretKey, generateEccKeys } from './asymmetric-crypto';
-export { deriveSymmetricKeyFromTwoKeys, deriveSymmetricKeyFromContext } from './derive-key';
+export { deriveSymmetricKeyFromTwoKeys, deriveSymmetricKeyFromContext, deriveDatabaseKey } from './derive-key';
 export { getKeyFromPassword, getKeyFromPasswordAndSalt } from './derive-password';
 export {
   encryptEmailHybrid,

diff --git a/src/types.ts b/src/types.ts
@@ -5,11 +5,6 @@ export type EncryptedKeystore = {
   privateKeyEncrypted: string;
 };
 
-export type User = {
-  email: string;
-  name: string;
-};
-
 export type RecipientWithPublicKey = {
   email: string;
   publicHybridKey: Uint8Array;

diff --git a/tests/derive-keys/deriveKeys.test.ts b/tests/derive-keys/deriveKeys.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from 'vitest';
-import { deriveSymmetricKeyFromTwoKeys, deriveSymmetricKeyFromContext } from '../../src/derive-key';
+import { deriveSymmetricKeyFromTwoKeys, deriveSymmetricKeyFromContext, deriveDatabaseKey } from '../../src/derive-key';
 import { uint8ArrayToHex } from '../../src/utils';
 import { AES_KEY_BYTE_LENGTH } from '../../src/constants';
 import { genSymmetricKey } from '../../src/symmetric-crypto';
@@ -38,4 +38,12 @@ describe('Test derive key', () => {
       /Failed to derive symmetric key from two keys/,
     );
   });
+
+  it('should derive symmetric key for database encryption', async () => {
+    const baseKey = genSymmetricKey();
+    const key = await deriveDatabaseKey(baseKey);
+    expect(key.length).toBe(AES_KEY_BYTE_LENGTH);
+    const key2 = await deriveDatabaseKey(baseKey);
+    expect(key2).toStrictEqual(key);
+  });
 });