From 29cdf978c45a1a9e3b7fb938573168e2d018bbc1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 22 Jul 2025 00:23:16 +0000
Subject: [PATCH 1/2] Build(deps-dev): bump @noble/curves from 1.9.2 to 1.9.5

Bumps the noble group with 1 update: [@noble/curves](https://github.com/paulmillr/noble-curves).

Updates `@noble/curves` from 1.9.2 to 1.9.5
- [Release notes](https://github.com/paulmillr/noble-curves/releases)
- [Commits](https://github.com/paulmillr/noble-curves/compare/1.9.2...1.9.5)

---
updated-dependencies:
- dependency-name: "@noble/curves"
  dependency-version: 1.9.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: noble
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 084e0000..b655d9e4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
       "license": "LGPL-3.0+",
       "devDependencies": {
         "@noble/ciphers": "^1.3.0",
-        "@noble/curves": "^1.9.2",
+        "@noble/curves": "^1.9.5",
         "@noble/hashes": "^1.8.0",
         "@openpgp/jsdoc": "^3.6.11",
         "@openpgp/seek-bzip": "^1.0.5-git",
@@ -971,9 +971,9 @@
       }
     },
     "node_modules/@noble/curves": {
-      "version": "1.9.2",
-      "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.9.2.tgz",
-      "integrity": "sha512-HxngEd2XUcg9xi20JkwlLCtYwfoFw4JGkuZpT+WlsPD4gB/cxkvTD8fSsoAnphGZhFdZYKeQIPCuFlWPm1uE0g==",
+      "version": "1.9.5",
+      "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.9.5.tgz",
+      "integrity": "sha512-IHiC8xU74NLKg7gNmwMbUVtqqZy9OWKphTAChESCgsXI5NTK6n3ewOFXrj4Dxal/Ml8D3msbPIHfpHLwv50Q2w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index e8130727..92dddf8e 100644
--- a/package.json
+++ b/package.json
@@ -64,7 +64,7 @@
   },
   "devDependencies": {
     "@noble/ciphers": "^1.3.0",
-    "@noble/curves": "^1.9.2",
+    "@noble/curves": "^1.9.5",
     "@noble/hashes": "^1.8.0",
     "@openpgp/jsdoc": "^3.6.11",
     "@openpgp/seek-bzip": "^1.0.5-git",

From e05ca9e2d256c4f5acdce8a5d231cda5a65bd4be Mon Sep 17 00:00:00 2001
From: larabr <7375870+larabr@users.noreply.github.com>
Date: Thu, 24 Jul 2025 16:42:02 +0200
Subject: [PATCH 2/2] Internal: switch away from deprecated noble-curve
 `util.randomPrivateKey`

---
 src/crypto/public_key/elliptic/ecdh_x.js     | 6 ++----
 src/crypto/public_key/elliptic/eddsa.js      | 3 +--
 src/crypto/public_key/elliptic/oid_curves.js | 2 +-
 3 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/crypto/public_key/elliptic/ecdh_x.js b/src/crypto/public_key/elliptic/ecdh_x.js
index ba959380..2cd899e6 100644
--- a/src/crypto/public_key/elliptic/ecdh_x.js
+++ b/src/crypto/public_key/elliptic/ecdh_x.js
@@ -61,8 +61,7 @@ export async function generate(algo) {
 
     case enums.publicKey.x448: {
       const x448 = await util.getNobleCurve(enums.publicKey.x448);
-      const k = x448.utils.randomPrivateKey();
-      const A = x448.getPublicKey(k);
+      const { secretKey: k, publicKey: A } = x448.keygen();
       return { A, k };
     }
     default:
@@ -246,10 +245,9 @@ export async function generateEphemeralEncryptionMaterial(algo, recipientA) {
       }
     case enums.publicKey.x448: {
       const x448 = await util.getNobleCurve(enums.publicKey.x448);
-      const ephemeralSecretKey = x448.utils.randomPrivateKey();
+      const { secretKey: ephemeralSecretKey, publicKey: ephemeralPublicKey } = x448.keygen();
       const sharedSecret = x448.getSharedSecret(ephemeralSecretKey, recipientA);
       assertNonZeroArray(sharedSecret);
-      const ephemeralPublicKey = x448.getPublicKey(ephemeralSecretKey);
       return { ephemeralPublicKey, sharedSecret };
     }
     default:
diff --git a/src/crypto/public_key/elliptic/eddsa.js b/src/crypto/public_key/elliptic/eddsa.js
index d94924b8..e5c0da1f 100644
--- a/src/crypto/public_key/elliptic/eddsa.js
+++ b/src/crypto/public_key/elliptic/eddsa.js
@@ -67,8 +67,7 @@ export async function generate(algo) {
 
     case enums.publicKey.ed448: {
       const ed448 = await util.getNobleCurve(enums.publicKey.ed448);
-      const seed = ed448.utils.randomPrivateKey();
-      const A = ed448.getPublicKey(seed);
+      const { secretKey: seed, publicKey: A } = ed448.keygen();
       return { A, seed };
     }
     default:
diff --git a/src/crypto/public_key/elliptic/oid_curves.js b/src/crypto/public_key/elliptic/oid_curves.js
index 38edb609..c1f689e2 100644
--- a/src/crypto/public_key/elliptic/oid_curves.js
+++ b/src/crypto/public_key/elliptic/oid_curves.js
@@ -297,7 +297,7 @@ export {
 //////////////////////////
 async function jsGenKeyPair(name) {
   const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, name); // excluding curve25519Legacy, ecdh and ecdsa use the same curves
-  const privateKey = nobleCurve.utils.randomPrivateKey();
+  const { secretKey: privateKey } = nobleCurve.keygen();
   const publicKey = nobleCurve.getPublicKey(privateKey, false);
   return { publicKey, privateKey };
 }