import * as Native from './Native.js'; import ByteArray from './zkgroup/internal/ByteArray.js'; import { Aci } from './Address.js'; import { PrivateKey } from './EcKeys.js'; /** * The randomly-generated user-memorized entropy used to derive the backup key, * with other possible future uses. * * Contains log_2(36^64) = ~330 bits of entropy. */ export declare class AccountEntropyPool { /** * Randomly generates an Account Entropy Pool and returns the canonical string * representation of that pool. * * @returns cryptographically random 64 character string of characters a-z, 0-9 */ static generate(): string; /** * Checks whether a string can be used as an account entropy pool. * * @returns `true` if the string is a structurally valid account entropy value. */ static isValid(accountEntropyPool: string): boolean; /** * Derives an SVR key from the given account entropy pool. * * `accountEntropyPool` must be a **validated** account entropy pool; * passing an arbitrary string here is considered a programmer error. */ static deriveSvrKey(accountEntropyPool: string): Uint8Array; /** * Derives a backup key from the given account entropy pool. * * `accountEntropyPool` must be a **validated** account entropy pool; * passing an arbitrary string here is considered a programmer error. * * @see {@link BackupKey.generateRandom} */ static deriveBackupKey(accountEntropyPool: string): BackupKey; } /** * A key used for many aspects of backups. * * Clients are typically concerned with two long-lived keys: a "messages" key (sometimes called "the * root backup key" or just "the backup key") that's derived from an {@link AccountEntropyPool}, and * a "media" key (formally the "media root backup key") that's not derived from anything else. */ export declare class BackupKey extends ByteArray { private readonly __type?; static SIZE: number; constructor(contents: Uint8Array); /** * Generates a random backup key. * * Useful for tests and for the media root backup key, which is not derived from anything else. * * @see {@link AccountEntropyPool.deriveBackupKey} */ static generateRandom(): BackupKey; /** * Derives the backup ID to use given the current device's ACI. * * Used for both message and media backups. */ deriveBackupId(aci: Aci): Uint8Array; /** * Derives the backup EC key to use given the current device's ACI. * * Used for both message and media backups. */ deriveEcKey(aci: Aci): PrivateKey; /** * Derives the AES key used for encrypted fields in local backup metadata. * * Only relevant for message backup keys. */ deriveLocalBackupMetadataKey(): Uint8Array; /** * Derives the ID for uploading media with the name `mediaName`. * * Only relevant for media backup keys. */ deriveMediaId(mediaName: string): Uint8Array; /** * Derives the composite encryption key for re-encrypting media with the given ID. * * This is a concatenation of an HMAC key (32 bytes) and an AES-CBC key (also 32 bytes). * * Only relevant for media backup keys. */ deriveMediaEncryptionKey(mediaId: Uint8Array): Uint8Array; /** * Derives the composite encryption key for uploading thumbnails with the given ID to the "transit * tier" CDN. * * This is a concatenation of an HMAC key (32 bytes) and an AES-CBC key (also 32 bytes). * * Only relevant for media backup keys. */ deriveThumbnailTransitEncryptionKey(mediaId: Uint8Array): Uint8Array; } /** * A hash of the pin that can be used to interact with a Secure Value Recovery service. * * Holds an opaque native handle. Use {@link PinHash.fromSalt} or * {@link PinHash.fromUsernameMrenclave} to construct. */ export declare class PinHash { readonly _nativeHandle: Native.PinHash; private constructor(); /** * Hash a pin using an explicit salt. * * @param normalizedPin A normalized, UTF-8 encoded byte representation of the pin * @param salt A 32 byte salt */ static fromSalt(normalizedPin: Uint8Array, salt: Uint8Array): PinHash; /** * Hash a pin for use with SVR2, deriving the salt from the username and mrenclave. * * @param normalizedPin A normalized, UTF-8 encoded byte representation of the pin * @param username The Basic Auth username used to authenticate with SVR2 * @param mrenclave The mrenclave where the hashed pin will be stored */ static fromUsernameMrenclave(normalizedPin: Uint8Array, username: string, mrenclave: Uint8Array): PinHash; /** A 32 byte encryption key that can be used to encrypt or decrypt values before uploading them to a secure store. */ get encryptionKey(): Uint8Array; /** A 32 byte secret that can be used to access a value in a secure store. */ get accessKey(): Uint8Array; } /** * Supports operations on pins for Secure Value Recovery. * * Provides hashing pins for local verification and for use with the remote SVR * service. In either case, all pins are UTF-8 encoded bytes that must be * normalized *before* being provided. Normalizing a string pin requires the * following steps: * * 1. The string should be trimmed for leading and trailing whitespace. * 2. If the whole string consists of digits, then non-arabic digits must be replaced with their * arabic 0-9 equivalents. * 3. The string must then be NKFD normalized. */ export declare const Pin: { /** * Create an encoded password hash string for local pin verification only. * * @param normalizedPin A normalized, UTF-8 encoded byte representation of the pin * @returns A hashed pin string that can be verified later */ localHash(normalizedPin: Uint8Array): string; /** * Verify an encoded password hash against a pin. * * @param encodedHash An encoded string of the hash, as returned by {@link Pin.localHash} * @param normalizedPin A normalized, UTF-8 encoded byte representation of the pin to verify * @returns true if the pin matches the hash, false otherwise */ verifyLocalHash(encodedHash: string, normalizedPin: Uint8Array): boolean; }; /** * A forward secrecy token used for deriving message backup keys. * * This token is retrieved from the server when restoring a backup and is used together * with the backup key to derive the actual encryption keys for message backups. */ export declare class BackupForwardSecrecyToken extends ByteArray { private readonly __type?; static SIZE: number; constructor(contents: Uint8Array); }