@klever/connect-crypto

Cryptographic operations for Klever Connect SDK — key generation, signing, and verification.

Installation

npm install @klever/connect-crypto

Overview

This package provides secure cryptographic primitives for Klever blockchain:

Ed25519 Key Generation — Secure keypair creation
Message Signing — Sign messages and transactions with Ed25519
Signature Verification — Verify Ed25519 signatures
PEM File Support — Import/export keys in PEM format (encrypted and unencrypted)
Address Derivation — Convert public keys to Klever addresses
Async and Sync APIs — Both async and sync operations for flexibility

Security

Uses audited cryptographic libraries:

@noble/ed25519 — Audited Ed25519 implementation
@noble/hashes — Audited hash functions (SHA-512)
@scure/bip39 — Audited BIP39 mnemonic implementation

Quick Start

Generate a New Keypair

import { generateKeyPair } from '@klever/connect-crypto'

// Async (recommended)
const keyPair = await generateKeyPair()
console.log('Address:', keyPair.publicKey.toAddress())
console.log('Public Key:', keyPair.publicKey.toHex())

// Sync
import { generateKeyPairSync } from '@klever/connect-crypto'
const keyPair2 = generateKeyPairSync()

Sign a Message

import { crypto, generateKeyPair } from '@klever/connect-crypto'

const keyPair = await generateKeyPair()
const message = new TextEncoder().encode('Hello Klever!')

const signature = await crypto.signMessage(message, keyPair.privateKey)
console.log('Signature:', signature.toHex())

Verify a Signature

import { crypto } from '@klever/connect-crypto'

const isValid = await crypto.verifySignature(
  message,
  signature,
  keyPair.publicKey,
)
console.log('Valid:', isValid) // true

Load Key from PEM File

Both functions are async and return { privateKey: Uint8Array, address: string }. Use crypto when you need a PrivateKeyImpl with .toHex():

import { crypto } from '@klever/connect-crypto'

// From file path (Node.js only) — returns PrivateKeyImpl
const privateKey = await crypto.importPrivateKeyFromPemFile('./wallet.pem')
const privateKey2 = await crypto.importPrivateKeyFromPemFile(
  './encrypted.pem',
  { password: 'mypassword' },
)

console.log(privateKey.toHex()) // 64-char hex string

// From PEM string — returns PrivateKeyImpl
const privateKey3 = await crypto.importPrivateKeyFromPem(pemContent)

API Reference

Key Generation

`generateKeyPair(): Promise<KeyPair>`

Generate a new Ed25519 keypair asynchronously (recommended).

`generateKeyPairSync(): KeyPair`

Generate a new Ed25519 keypair synchronously.

`getPublicKeyFromPrivate(privateKey: PrivateKey): PublicKey`

Derive public key from private key.

Key Classes

`PrivateKeyImpl`

Represents an Ed25519 private key (32 bytes).

import { PrivateKeyImpl } from '@klever/connect-crypto'

const privateKey = PrivateKeyImpl.fromHex('abc123...')
console.log(privateKey.bytes.length) // 32
console.log(privateKey.hex) // 'abc123...'

Methods: toHex(), static fromHex(hex), static fromBytes(bytes)

`PublicKeyImpl`

Represents an Ed25519 public key (32 bytes).

import { PublicKeyImpl } from '@klever/connect-crypto'

const publicKey = PublicKeyImpl.fromHex('def456...')
console.log(publicKey.toAddress()) // 'klv1...'

Methods: toHex(), toAddress(), static fromHex(hex), static fromBytes(bytes)

Signing Operations

`signMessage(message: Uint8Array, privateKey: PrivateKey): Promise<Signature>`

Sign a message with Ed25519 asynchronously (recommended).

`signMessageSync(message: Uint8Array, privateKey: PrivateKey): Signature`

Sign a message with Ed25519 synchronously.

`verifySignature(message, signature, publicKey): Promise<boolean>`

Verify an Ed25519 signature asynchronously (recommended).

`verifySignatureSync(message, signature, publicKey): boolean`

Verify an Ed25519 signature synchronously.

Signature Class

`SignatureImpl`

Represents an Ed25519 signature (64 bytes).

import { SignatureImpl } from '@klever/connect-crypto'

const signature = SignatureImpl.fromHex('abc123...')
console.log(signature.toBase64())

Methods: toHex(), toBase64(), static fromHex(hex), static fromBase64(base64), static fromBytes(bytes)

Properties: bytes, hex

Crypto Provider

import { crypto } from '@klever/connect-crypto'

const keyPair = await crypto.generateKeyPair()
const signature = await crypto.signMessage(message, privateKey)

PEM Operations

`loadPrivateKeyFromPem(pemContent: string, password?: string): PrivateKey`

Load a private key from PEM content string.

`loadPrivateKeyFromPemFile(filePath: string, password?: string): PrivateKey`

Load a private key from a PEM file path (Node.js only).

Common Use Cases

Create New Wallet

async function createWallet() {
  const keyPair = await generateKeyPair()

  return {
    address: keyPair.publicKey.toAddress(),
    publicKey: keyPair.publicKey.toHex(),
    privateKey: keyPair.privateKey.toHex(), // Store securely!
  }
}

Sign Transaction Data

import { crypto } from '@klever/connect-crypto'
import { hashBlake2b } from '@klever/connect-encoding'

async function signTransaction(txBytes: Uint8Array, privateKey: PrivateKey) {
  const txHash = hashBlake2b(txBytes)
  return crypto.signMessage(txHash, privateKey)
}

Verify Message Signature

import { crypto, SignatureImpl, PublicKeyImpl } from '@klever/connect-crypto'

async function verifyMessageSignature(
  message: string,
  signatureHex: string,
  publicKeyHex: string,
): Promise<boolean> {
  const messageBytes = new TextEncoder().encode(message)
  const signature = SignatureImpl.fromHex(signatureHex)
  const publicKey = PublicKeyImpl.fromHex(publicKeyHex)

  return crypto.verifySignature(messageBytes, signature, publicKey)
}

Load Wallet from PEM

import { crypto } from '@klever/connect-crypto'

async function loadWalletFromPem(pemPath: string, password?: string) {
  const privateKey = await crypto.importPrivateKeyFromPemFile(pemPath, {
    password,
  })
  const publicKey = await crypto.getPublicKey(privateKey)

  return {
    privateKey,
    publicKey,
    address: publicKey.toAddress(),
  }
}

Async vs Sync

Use async (recommended) when:

Web applications (doesn't block UI)
Server applications (better concurrency)
Performance is not critical

Use sync when:

High-performance scenarios
Testing and scripts
Immediate results needed

Security Best Practices

Never expose private keys:

// BAD — don't do this
const privateKey = PrivateKeyImpl.fromHex('abc123...') // hardcoded

// GOOD — use environment variables
const privateKey = PrivateKeyImpl.fromHex(process.env.PRIVATE_KEY!)

Browser — use extension mode, not raw private keys:

// GOOD — extension manages keys
import { BrowserWallet } from '@klever/connect-wallet'
const wallet = await BrowserWallet.connect()

React Native — use secure storage:

import * as SecureStore from 'expo-secure-store'

async function storeKey(privateKey: PrivateKey) {
  await SecureStore.setItemAsync('privateKey', privateKey.toHex())
}

Key security guidelines:

Never expose private keys in client-side code
Use environment variables for server-side keys
Encrypt keys at rest using strong passwords
Use hardware wallets for high-value operations
Clear sensitive data from memory when done
Use PEM encryption when storing keys on disk
Implement key rotation for long-running services

Performance

Key Generation — ~0.5ms (async) or ~0.3ms (sync)
Signing — ~0.2ms (async) or ~0.1ms (sync)
Verification — ~0.5ms (async) or ~0.3ms (sync)
PEM Loading — ~1-5ms (depending on encryption)

TypeScript Support

import type {
  KeyPair,
  PrivateKey,
  PublicKey,
  Signature,
} from '@klever/connect-crypto'

const keyPair: KeyPair = await generateKeyPair()
const pk: PrivateKey = keyPair.privateKey
const pub: PublicKey = keyPair.publicKey