Sterister
80c410f518
Ships the Prism FR (encrypted-profile-storage-v4.9.md) as a generic relay-side encrypted blob primitive: deterministically-located, AEAD-sealed blobs keyed by a 32-byte slotId derived client-side via HKDF from the user's master key. Unlocks credential-only bootstrap of new devices into existing E2EE state — no QR, no physical access. Server: BlobStore interface + Memory/Sqlite/Postgres impls, createBlobRoutes for GET/PUT/DELETE /v1/blob/:slotId with TOFU pubkey auth and If-Match CAS (409/412 semantics). Mounted on the same Hono app as the inbox; SHADE_BLOB_PG_URL / SHADE_BLOB_DB_PATH / SHADE_DISABLE_BLOB env-var plumbing in standalone. SDK: createProfileNamespace high-level wrapper (HKDF derivation, random-nonce AEAD seal, slotId-bound AAD) + low-level BlobClient. Cross-platform test vectors in test-vectors/blob-storage.json. New errors: ConflictError (409), PreconditionFailedError (412). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
19 lines
721 B
TypeScript
19 lines
721 B
TypeScript
import { ed25519 } from '@noble/curves/ed25519.js';
|
|
|
|
/**
|
|
* Deterministically derive an Ed25519 public key from a 32-byte seed.
|
|
*
|
|
* In the @noble/curves convention the "private key" *is* the seed —
|
|
* `sign(seed, msg)` works directly, and `getPublicKey(seed)` recovers
|
|
* the matching public key. V4.9's encrypted-blob primitive uses this
|
|
* to mint a per-slot signing keypair from an HKDF output rooted at the
|
|
* user's master key, so the same credentials always reproduce the same
|
|
* keypair.
|
|
*/
|
|
export function ed25519PublicKeyFromSeed(seed: Uint8Array): Uint8Array {
|
|
if (seed.length !== 32) {
|
|
throw new Error(`Ed25519 seed must be 32 bytes, got ${seed.length}`);
|
|
}
|
|
return ed25519.getPublicKey(seed);
|
|
}
|