Inverse of encryptBytes. Verifies the l2ps_uid matches this
instance and that the AES-GCM auth tag (covering nonce + ciphertext)
is intact; throws on either failure.
Decrypts an L2PS encrypted transaction and returns the original transaction.
Validates that the transaction is of type "l2psEncryptedTx", extracts the encrypted payload, verifies the L2PS UID matches, performs AES-GCM decryption with authentication, and validates the original transaction hash for integrity.
Transaction object containing encrypted data
Promise resolving to the original decrypted Transaction
AES-GCM-encrypt arbitrary bytes under the subnet key.
Mirrors the per-call-nonce + nonce-as-AAD pattern in encryptTx: a
fresh 12-byte nonce per call, bound into the auth tag via AAD so an
attacker cannot DoS specific ciphertexts by flipping the stored
nonce. Used by SR-4 WI-3 to encrypt channel transcripts to the
subnet member set; nothing in the payload shape is L2PS-transaction
specific.
Encrypts a transaction using AES-GCM and wraps it in a standard Transaction object.
The original transaction is serialized, encrypted with AES-GCM for authenticated encryption, and then wrapped in a new Transaction object with type "l2psEncryptedTx". This allows encrypted transactions to be processed through the standard transaction pipeline.
The original transaction to encrypt
OptionalsenderIdentity: anyOptional sender identity to use in the encrypted transaction wrapper
Promise resolving to a new Transaction object containing the encrypted data
Returns the current configuration for this L2PS instance.
The L2PS configuration if set, undefined otherwise
Sets the configuration for this L2PS instance.
The L2PS configuration to set
StaticcreateFactory method to create a new L2PS instance. Generates cryptographically secure random keys if not provided.
OptionalprivateKey: stringOptional AES private key as string. If not provided, generates 32 random bytes
Optionaliv: stringOptional initialization vector as string. If not provided, generates 12 random bytes
Promise resolving to a new L2PS instance
StaticgetStaticgetStatichasStaticremove
L2PS (Layer 2 Private Subnets) class for encrypted transaction processing.
This class implements a multi-singleton pattern to manage multiple L2PS networks. Each L2PS instance provides AES-GCM encrypted transaction capabilities while maintaining compatibility with the standard DEMOS transaction format.
Key features:
Example