index
cifer-sdk API Reference v0.5.0
cifer-sdk API Reference v0.5.0
CIFER SDK - Cryptographic Infrastructure for Encrypted Records.
This SDK provides a complete toolkit for working with the CIFER encryption system, which offers quantum-resistant encryption using ML-KEM-768 key encapsulation and AES-GCM symmetric encryption.
Main Features​
- keyManagement: Secret creation, delegation, and ownership management
- blackbox: Payload and file encryption/decryption via the blackbox API
- commitments: On-chain encrypted data storage and retrieval
- flows: High-level orchestrated operations
Getting Started​
Examples​
import { createCiferSdk, Eip1193SignerAdapter } from 'cifer-sdk';
// Create the SDK instance with auto-discovery
const sdk = await createCiferSdk({
blackboxUrl: 'https://blackbox.cifersecurity.com:3010',
});
// Connect any EIP-1193 wallet
const signer = new Eip1193SignerAdapter(window.ethereum);
// Get chain configuration
const chainId = 752025;
const controllerAddress = sdk.getControllerAddress(chainId);
// Read operations
const fee = await sdk.keyManagement.getSecretCreationFee({
chainId,
controllerAddress,
readClient: sdk.readClient,
});
// Build transactions (execute with your wallet)
const txIntent = sdk.keyManagement.buildCreateSecretTx({
chainId,
controllerAddress,
fee,
});
// Execute with your preferred method
const hash = await wallet.sendTransaction(txIntent);
import { blackbox } from 'cifer-sdk';
// Encrypt a payload
const encrypted = await blackbox.payload.encryptPayload({
chainId: 752025,
secretId: 123n,
plaintext: 'My secret message',
signer,
readClient: sdk.readClient,
blackboxUrl: sdk.blackboxUrl,
});
// Decrypt the payload
const decrypted = await blackbox.payload.decryptPayload({
chainId: 752025,
secretId: 123n,
encryptedMessage: encrypted.encryptedMessage,
cifer: encrypted.cifer,
signer,
readClient: sdk.readClient,
blackboxUrl: sdk.blackboxUrl,
});
console.log(decrypted.decryptedMessage); // 'My secret message'
Namespaces​
Classes​
Eip1193SignerAdapter​
Defined in: internal/adapters/eip1193-signer.ts:37
Signer adapter for EIP-1193 compatible providers
This adapter works with any EIP-1193 provider including:
- MetaMask (window.ethereum)
- WalletConnect
- Coinbase Wallet
- Any wagmi connector
Example​
// Browser with MetaMask
const signer = new Eip1193SignerAdapter(window.ethereum);
// With wagmi
const provider = await connector.getProvider();
const signer = new Eip1193SignerAdapter(provider);
// Usage
const address = await signer.getAddress();
const signature = await signer.signMessage('Hello, CIFER!');
Implements​
Constructors​
Constructor​
new Eip1193SignerAdapter(
provider):Eip1193SignerAdapter
Defined in: internal/adapters/eip1193-signer.ts:46
Create a new EIP-1193 signer adapter
Parameters​
provider​
An EIP-1193 compatible provider
Returns​
Methods​
getAddress()​
getAddress():
Promise<`0x${string}`>
Defined in: internal/adapters/eip1193-signer.ts:59
Get the address of the connected account
Uses eth_accounts to get the currently connected account. Caches the result for subsequent calls.
Returns​
Promise<`0x${string}`>
The checksummed address
Throws​
AuthError if no account is connected
Implementation of​
signMessage()​
signMessage(
message):Promise<`0x${string}`>
Defined in: internal/adapters/eip1193-signer.ts:106
Sign a message using personal_sign (EIP-191)
This is the signing method expected by the blackbox for authentication.
Parameters​
message​
string
The message to sign (raw string, not hashed)
Returns​
Promise<`0x${string}`>
The signature as a hex string
Implementation of​
sendTransaction()​
sendTransaction(
txRequest):Promise<TxExecutionResult>
Defined in: internal/adapters/eip1193-signer.ts:137
Optional: Send a transaction via the provider
This is an opt-in convenience method. Apps can use this to execute TxIntent objects directly, or they can handle transaction submission themselves using their preferred method.
Parameters​
txRequest​
The transaction intent to send
Returns​
Promise<TxExecutionResult>
Transaction hash and wait function
Implementation of​
clearCache()​
clearCache():
void
Defined in: internal/adapters/eip1193-signer.ts:235
Clear the cached address
Call this when the user disconnects or switches accounts.
Returns​
void
PrivateKeySignerAdapter​
Defined in: internal/adapters/private-key-signer.ts:44
Signer adapter backed by a raw secp256k1 private key.
This adapter performs EIP-191 personal_sign using the provided key,
making it ideal for Web2 session signing where there is no browser
wallet. It can also be used for server-side / backend signing.
Remarks​
The private key is stored in memory. Users are responsible for securing it (e.g. never persisting to disk unencrypted).
This adapter uses the @noble/secp256k1 and @noble/hashes
libraries for cryptographic operations.
Example​
import { PrivateKeySignerAdapter } from 'cifer-sdk';
// From an existing hex private key
const signer = new PrivateKeySignerAdapter('0xabc123...');
// Generate a fresh random keypair
const signer = PrivateKeySignerAdapter.generate();
const address = await signer.getAddress();
const signature = await signer.signMessage('Hello');
Implements​
Constructors​
Constructor​
new PrivateKeySignerAdapter(
privateKeyHex):PrivateKeySignerAdapter
Defined in: internal/adapters/private-key-signer.ts:53
Create a new private-key signer from a hex-encoded private key.
Parameters​
privateKeyHex​
string
The private key as a hex string (with or without 0x prefix)
Returns​
Methods​
generate()​
staticgenerate():PrivateKeySignerAdapter
Defined in: internal/adapters/private-key-signer.ts:74
Generate a fresh random private-key signer.
Uses crypto.getRandomValues for secure key generation.
Returns​
A new PrivateKeySignerAdapter with a random private key
getPrivateKeyHex()​
getPrivateKeyHex():
string
Defined in: internal/adapters/private-key-signer.ts:88
Get the hex-encoded private key (without 0x prefix).
Returns​
string
The private key as a hex string (no 0x prefix)
Remarks​
Use with caution. This exposes the raw private key.
getAddress()​
getAddress():
Promise<`0x${string}`>
Defined in: internal/adapters/private-key-signer.ts:97
Get the Ethereum address derived from this private key.
Returns​
Promise<`0x${string}`>
The checksummed Ethereum address
Implementation of​
signMessage()​
signMessage(
message):Promise<`0x${string}`>
Defined in: internal/adapters/private-key-signer.ts:124
Sign a message using EIP-191 personal_sign semantics.
Parameters​
message​
string
The raw message string to sign (NOT hashed or prefixed)
Returns​
Promise<`0x${string}`>
The signature as a hex string
Implementation of​
RpcReadClient​
Defined in: internal/adapters/rpc-read-client.ts:62
RPC read client for making blockchain queries
This client makes standard JSON-RPC calls to Ethereum-compatible nodes. It supports multiple chains by mapping chain IDs to RPC URLs.
Example​
const readClient = new RpcReadClient({
rpcUrlByChainId: {
752025: 'https://mainnet.ternoa.network',
11155111: 'https://eth-sepolia.g.alchemy.com/v2/YOUR_KEY',
},
});
const blockNumber = await readClient.getBlockNumber(752025);
const logs = await readClient.getLogs(752025, {
address: '0x...',
fromBlock: 1000,
toBlock: 'latest',
});
Implements​
Constructors​
Constructor​
new RpcReadClient(
config):RpcReadClient
Defined in: internal/adapters/rpc-read-client.ts:72
Create a new RPC read client
Parameters​
config​
Configuration with RPC URLs per chain
Returns​
Methods​
setRpcUrl()​
setRpcUrl(
chainId,rpcUrl):void
Defined in: internal/adapters/rpc-read-client.ts:83
Add or update an RPC URL for a chain
Parameters​
chainId​
number
The chain ID
rpcUrl​
string
The RPC URL
Returns​
void
getBlockNumber()​
getBlockNumber(
chainId):Promise<number>
Defined in: internal/adapters/rpc-read-client.ts:97
Get the current block number for a chain.
For Web2 mode (chainId === WEB2_CHAIN_ID), returns Date.now()
(unix milliseconds) instead of making an RPC call — this is the
timestamp-based freshness value the blackbox expects.
Parameters​
chainId​
number
The chain ID
Returns​
Promise<number>
The current block number (or timestamp for Web2)
Implementation of​
getLogs()​
getLogs(
chainId,filter):Promise<Log[]>
Defined in: internal/adapters/rpc-read-client.ts:112
Get logs matching a filter
Parameters​
chainId​
number
The chain ID
filter​
The log filter
Returns​
Promise<Log[]>
Array of matching logs
Implementation of​
call()​
call(
chainId,callRequest):Promise<`0x${string}`>
Defined in: internal/adapters/rpc-read-client.ts:159
Make an eth_call to read contract state
Parameters​
chainId​
number
The chain ID
callRequest​
The call request
Returns​
Promise<`0x${string}`>
The return data as a hex string
Implementation of​
CiferError​
Defined in: internal/errors/index.ts:44
Base error class for all CIFER SDK errors.
Remarks​
All SDK errors extend this class. Use isCiferError to check if an unknown error is a CIFER SDK error.
Extends​
Error
Extended by​
Constructors​
Constructor​
new CiferError(
message,code,cause?):CiferError
Defined in: internal/errors/index.ts:69
Create a new CIFER error.
Parameters​
message​
string
Human-readable error message
code​
string
Error code for programmatic handling
cause?​
Error
Original error that caused this error
Returns​
Overrides​
Error.constructor
Properties​
code​
readonlycode:string
Defined in: internal/errors/index.ts:57
Error code for programmatic handling.
Remarks​
Possible codes:
CONFIG_ERROR- Configuration or discovery errorsAUTH_ERROR- Authentication and signing errorsBLACKBOX_ERROR- Blackbox API errorsKEY_MANAGEMENT_ERROR- SecretsController errorsCOMMITMENTS_ERROR- On-chain commitment errorsFLOW_ERROR- Flow execution errors
cause?​
readonlyoptionalcause:Error
Defined in: internal/errors/index.ts:60
Original error that caused this error (for error chaining)
ConfigError​
Defined in: internal/errors/index.ts:94
Error thrown when SDK configuration is invalid or missing.
Extends​
Extended by​
Constructors​
Constructor​
new ConfigError(
message,cause?):ConfigError
Defined in: internal/errors/index.ts:99
Parameters​
message​
string
Description of the configuration problem
cause?​
Error
Original error if this wraps another error
Returns​
Overrides​
Properties​
code​
readonlycode:string
Defined in: internal/errors/index.ts:57
Error code for programmatic handling.
Remarks​
Possible codes:
CONFIG_ERROR- Configuration or discovery errorsAUTH_ERROR- Authentication and signing errorsBLACKBOX_ERROR- Blackbox API errorsKEY_MANAGEMENT_ERROR- SecretsController errorsCOMMITMENTS_ERROR- On-chain commitment errorsFLOW_ERROR- Flow execution errors
Inherited from​
cause?​
readonlyoptionalcause:Error
Defined in: internal/errors/index.ts:60
Original error that caused this error (for error chaining)
Inherited from​
DiscoveryError​
Defined in: internal/errors/index.ts:114
Error thrown when discovery fails.
Remarks​
This error is thrown when the SDK cannot fetch configuration from
the blackbox /healthz endpoint.
Extends​
Constructors​
Constructor​
new DiscoveryError(
message,blackboxUrl,cause?):DiscoveryError
Defined in: internal/errors/index.ts:123
Parameters​
message​
string
Description of the discovery failure
blackboxUrl​
string
The URL that was attempted
cause?​
Error
Original network or parsing error
Returns​
Overrides​
Properties​
code​
readonlycode:string
Defined in: internal/errors/index.ts:57
Error code for programmatic handling.
Remarks​
Possible codes:
CONFIG_ERROR- Configuration or discovery errorsAUTH_ERROR- Authentication and signing errorsBLACKBOX_ERROR- Blackbox API errorsKEY_MANAGEMENT_ERROR- SecretsController errorsCOMMITMENTS_ERROR- On-chain commitment errorsFLOW_ERROR- Flow execution errors
Inherited from​
cause?​
readonlyoptionalcause:Error
Defined in: internal/errors/index.ts:60
Original error that caused this error (for error chaining)
Inherited from​
blackboxUrl​
readonlyblackboxUrl:string
Defined in: internal/errors/index.ts:116
The blackbox URL that failed
ChainNotSupportedError​
Defined in: internal/errors/index.ts:135
Error thrown when a chain is not supported or not configured.
Extends​
Constructors​
Constructor​
new ChainNotSupportedError(
chainId,cause?):ChainNotSupportedError
Defined in: internal/errors/index.ts:143