Use IndexedDB as default persistent storage for LTID keys

Default to IndexedDB for LTID key persistence

Moves Long-Term Identity (LTID) key storage from volatile memory to the asynchronous, persistent IndexedDBProvider.

This ensures LTID keys (ECDSA signing keys) survive browser sessions and hard refreshes, preventing users from having to re-authenticate on every page load. The system now uses the IKeyStorageProvider pattern, with IndexedDB as the new default.

The Long-Term Identity (LTID) keys are now persistent by default in window.localStorage

[0.4.0] - 2025-10-10

Added

• Key Persistence (Default): The Long-Term Identity (LTID) keys are now persistent by default, surviving page refreshes and browser restarts.

• LocalStorageProvider: Introduced LocalStorageProvider which saves LTID keys to window.localStorage. This is now the default storage provider.

• Swappable Storage Providers: Implemented the setCurrentStorageProvider(provider) function and the IKeyStorageProvider interface, allowing users to easily swap the default storage mechanism (e.g., switching back to in-memory, or implementing custom database storage).

(v0.3.1): Implement ECDSA signing/verification and high-level API wrappers.

Added

• High-Level API Wrappers (Unified Workflow): Introduced a simplified API layer to manage the entire authenticated key exchange and messaging process, wrapping the low-level crypto functions.
  • generateLocalAuthPayload(): Generates all local ECDH/ECDSA keys and the authenticated public payload for sharing.
  • deriveSecretFromRemotePayload(): Handles importing remote keys, performing the essential MITM signature verification check, and deriving the shared secret.
  • encryptMessage(): High-level function to securely encrypt a plaintext message using the shared secret.
  • decryptMessage(): High-level function to decrypt a received encrypted payload.

Implemented Elliptic Curve Digital Signature Algorithm (ECDSA) for signing and verifying the ECDH public key.

[0.3.0] - 2025-10-09

Added

• Authenticated Key Exchange (MITM Protection): Implemented Elliptic Curve Digital Signature Algorithm (ECDSA) for signing and verifying the ECDH public key.
• New Functions:
  • generateSigningKeys(): Generates ECDSA key pair for authentication.
  • signPublicKey(): Creates an ECDSA signature over the ECDH public key.
  • verifySignature(): Validates the remote party's signature to prevent MITM attacks.
• CHANGELOG.md: Added a change log file to track release history.

Changed

• Updated Key Exchange Workflow: The standard key exchange process is now a 6-step workflow that requires key signature and verification prior to shared secret derivation.
• Documentation: Updated README.md to reflect the authenticated workflow, new functions, and defined payload structures (KeyAuthPayload, EncryptedPayload).

Security

• Mitigation of MITM Attacks: Public keys are now cryptographically authenticated using ECDSA (P-256), protecting against malicious intermediate parties from swapping public keys.

v0.2.0 - Authenticated Publishing Setup

Release v0.2.0 with secure publishing workflow fix.