Cryptography

import { Tenzro } from 'tenzro';

const tenzro = new Tenzro();

// Generate Ed25519 keypair
const ed25519 = await tenzro.crypto.generateKeyPair({
  algorithm: 'ed25519',
});

// Generate post-quantum keypair (Dilithium)
const dilithium = await tenzro.crypto.generateKeyPair({
  algorithm: 'dilithium3',
});

// Generate from mnemonic
const mnemonic = await tenzro.crypto.generateMnemonic(24);
const hdKey = await tenzro.crypto.fromMnemonic(mnemonic, {
  algorithm: 'ed25519',
  path: "m/44'/0'/0'",
});

// Sign data
const signature = await tenzro.crypto.sign({
  data: messageBytes,
  privateKey: keyPair.privateKey,
  algorithm: 'ed25519',
});

// Verify signature
const isValid = await tenzro.crypto.verify({
  data: messageBytes,
  signature,
  publicKey: keyPair.publicKey,
  algorithm: 'ed25519',
});

console.log('Valid:', isValid); // true

// Symmetric encryption (AES-256-GCM)
const encrypted = await tenzro.crypto.encrypt({
  plaintext: sensitiveData,
  key: encryptionKey,
  algorithm: 'aes-256-gcm',
});

// Decrypt
const decrypted = await tenzro.crypto.decrypt({
  ciphertext: encrypted.ciphertext,
  key: encryptionKey,
  nonce: encrypted.nonce,
  algorithm: 'aes-256-gcm',
});

// Asymmetric encryption (hybrid)
const sealed = await tenzro.crypto.seal({
  plaintext: sensitiveData,
  publicKey: recipientPublicKey,
});

const opened = await tenzro.crypto.open({
  ciphertext: sealed,
  privateKey: recipientPrivateKey,
});

// Blake3 (recommended)
const hash = await tenzro.crypto.hash({
  data: input,
  algorithm: 'blake3',
});

// SHA-256
const sha256 = await tenzro.crypto.hash({
  data: input,
  algorithm: 'sha256',
});

// Keyed hash (MAC)
const mac = await tenzro.crypto.mac({
  data: input,
  key: macKey,
  algorithm: 'blake3',
});

// Derive key from password
const derived = await tenzro.crypto.deriveKey({
  password: userPassword,
  salt: randomSalt,
  algorithm: 'argon2id',
  keyLength: 32,
});

// Derive multiple keys (HKDF)
const keys = await tenzro.crypto.hkdf({
  secret: masterKey,
  salt: salt,
  info: 'encryption-key',
  keyLength: 32,
});

// Generate BLS keypair
const blsKey = await tenzro.crypto.generateKeyPair({
  algorithm: 'bls12-381',
});

// Sign with BLS
const sig1 = await tenzro.crypto.sign({
  data: message,
  privateKey: key1.privateKey,
  algorithm: 'bls12-381',
});

const sig2 = await tenzro.crypto.sign({
  data: message,
  privateKey: key2.privateKey,
  algorithm: 'bls12-381',
});

// Aggregate signatures
const aggregated = await tenzro.crypto.aggregateSignatures([sig1, sig2]);

// Verify aggregate (single verification for multiple signers)
const valid = await tenzro.crypto.verifyAggregate({
  data: message,
  signature: aggregated,
  publicKeys: [key1.publicKey, key2.publicKey],
});

// Dilithium signatures (NIST PQC standard)
const dilithium = await tenzro.crypto.generateKeyPair({
  algorithm: 'dilithium3', // or 'dilithium5'
});

const signature = await tenzro.crypto.sign({
  data: message,
  privateKey: dilithium.privateKey,
  algorithm: 'dilithium3',
});

// Kyber key encapsulation
const kyber = await tenzro.crypto.generateKeyPair({
  algorithm: 'kyber768', // or 'kyber1024'
});

const { ciphertext, sharedSecret } = await tenzro.crypto.encapsulate({
  publicKey: kyber.publicKey,
});

const decapsulated = await tenzro.crypto.decapsulate({
  ciphertext,
  privateKey: kyber.privateKey,
});

// Generate random bytes
const random = await tenzro.crypto.randomBytes(32);

// Generate random number in range
const number = await tenzro.crypto.randomInt(1, 100);

// Generate UUID
const uuid = await tenzro.crypto.uuid();

// Store key securely
await tenzro.crypto.storeKey({
  id: 'my-signing-key',
  key: privateKey,
  metadata: { purpose: 'signing' },
});

// Retrieve key
const stored = await tenzro.crypto.getKey('my-signing-key');

// List keys
const keys = await tenzro.crypto.listKeys();

// Delete key
await tenzro.crypto.deleteKey('my-signing-key');