+ create user with public/private key

+ sign and verify votes and prevent unverified updates

app/utils/crypto.ts

@@ -39,4 +39,149 @@ export const verifyVote = async (data: any, signatureStr: string, publicKey: Cry
     signature,
     encodedData
   );
+};
+
+/**
+ * Verifies a specific vote within an array of votes by 
+ * reconstructing the "signed state" at that point in time.
+ */
+export const verifyChainedVote = async (
+    voteData: SignedData<VoteData>[], 
+    index: number
+) => {
+    const voteToVerify = voteData[index];
+    console.log("Verifying vote: " + voteToVerify)
+    if(voteToVerify) {
+        // 1. Reconstruct the exact data state the user signed
+        // We need the array exactly as it was when they pushed their vote
+        const historicalState = voteData.slice(0, index + 1).map((v, i) => {
+            if (i === index) {
+                // For the current vote, the signature must be empty string
+                // because it wasn't signed yet when passed to signVote
+                return { ...v, signature: "" };
+            }
+            return v;
+        });
+
+        try {
+            // 2. Fetch public key
+            const response = await $fetch<{ public_key: string }>(`/api/users/${voteToVerify.data.userid}`);
+            console.log("Got key: ",response)
+            const pubKey = await stringToCryptoKey(response.public_key, 'public');
+
+            console.log("Using pubKey to verify Vote.")
+            // 3. Verify: Does this historicalState match the signature?
+            return await verifyVote(historicalState, voteToVerify.signature, pubKey);
+        } catch (err) {
+            console.error("Verification failed")
+            console.error(err);
+            return false;
+        }
+    }
+    console.error("Vote is undefined or null");
+    return false;
+};
+
+export const verifyAllVotesForOption = async (votes: SignedData<VoteData>[]) => {
+    console.log("verifying votes for option ",votes);
+    for (let i = votes.length-1; i >= 0 ; i--) {
+        const isValid = await verifyChainedVote(votes, i);
+        if(!isValid){
+            console.error("Error! Invalid Vote at: " + i,votes)
+            return false;
+        }
+    }
+    return true;
+};
+
+// Helper to convert ArrayBuffer to Base64 string
+const bufferToBase64 = (buf: ArrayBuffer) => 
+  window.btoa(String.fromCharCode(...new Uint8Array(buf)));
+
+export const exportPublicKey = async (key: CryptoKey) => {
+  // Export Public Key
+  const exportedPublic = await window.crypto.subtle.exportKey("spki", key);
+  const publicKeyString = bufferToBase64(exportedPublic);
+
+  return publicKeyString;
+};
+export const exportPrivateKey = async (key: CryptoKey) => {
+  // Export Private Key
+  const exportedPrivate = await window.crypto.subtle.exportKey("pkcs8", key);
+  const privateKeyString = bufferToBase64(exportedPrivate);
+
+  return privateKeyString;
+};
+
+/**
+ * Converts a Base64 string back into a usable CryptoKey object
+ * @param keyStr The Base64 string (without PEM headers)
+ * @param type 'public' or 'private'
+ */
+export const stringToCryptoKey = async (keyStr: string, type: 'public' | 'private'): Promise<CryptoKey> => {
+  // 1. Convert Base64 string to a Uint8Array (binary)
+  const binaryString = window.atob(keyStr);
+  const bytes = new Uint8Array(binaryString.length);
+  for (let i = 0; i < binaryString.length; i++) {
+    bytes[i] = binaryString.charCodeAt(i);
+  }
+
+  // 2. Identify the format based on the key type
+  // Public keys usually use 'spki', Private keys use 'pkcs8'
+  const format = type === 'public' ? 'spki' : 'pkcs8';
+  const usages: KeyUsage[] = type === 'public' ? ['verify'] : ['sign'];
+
+  // 3. Import the key
+  return await window.crypto.subtle.importKey(
+    format,
+    bytes.buffer,
+    {
+      name: "RSASSA-PKCS1-v1_5",
+      hash: "SHA-256",
+    },
+    true, // extractable (set to false if you want to lock it in memory)
+    usages
+  );
+};
+
+export const savePrivateKeyToFile = (privateKeyStr: string, filename: string) => {
+  // Optional: Wrap in PEM headers for standard formatting
+  const pemHeader = "-----BEGIN PRIVATE KEY-----\n";
+  const pemFooter = "\n-----END PRIVATE KEY-----";
+  const fileContent = pemHeader + privateKeyStr + pemFooter;
+
+  const blob = new Blob([fileContent], { type: "text/plain" });
+  const url = URL.createObjectURL(blob);
+  
+  const link = document.createElement("a");
+  link.href = url;
+  link.download = filename;
+  
+  document.body.appendChild(link);
+  link.click();
+  
+  // Cleanup
+  document.body.removeChild(link);
+  URL.revokeObjectURL(url);
+};
+
+export const loadPrivateKeyFromFile = async (file: File): Promise<string> => {
+  return new Promise((resolve, reject) => {
+    const reader = new FileReader();
+
+    reader.onload = (e) => {
+      const content = e.target?.result as string;
+      
+      // Clean up the string by removing PEM headers and newlines
+      const cleanKey = content
+        .replace("-----BEGIN PRIVATE KEY-----", "")
+        .replace("-----END PRIVATE KEY-----", "")
+        .replace(/\s+/g, ""); // Removes all whitespace/newlines
+        
+      resolve(cleanKey);
+    };
+
+    reader.onerror = () => reject("Error reading file");
+    reader.readAsText(file);
+  });
 };

app/utils/types.ts

@@ -1,8 +1,13 @@
 export interface PollProps {
+    userid: string | undefined,
     activePollId: string,
     pollData: PollData,
     addOption: (name: string) => void,
-    vote: (optionName: string,uuid: string) => void
+    vote: (optionName: string) => void
+}
+
+export interface PollListProps {
+    userid: string | undefined,
 }
 
 export interface PollData extends Record<string, SignedData<VoteData>[]> {
@@ -22,4 +27,10 @@ export interface OptionData {
     userid: string,
     timestamp: string,
     optionName: string
+}
+
+export interface UserData {
+    userid: string,
+    private_key: CryptoKey | undefined,
+    public_key: CryptoKey | undefined
 }