wireapp · coriolinus · Mar 23, 2026 · Mar 23, 2026 · Mar 20, 2026 · Mar 20, 2026
@@ -13,18 +13,21 @@
 
 - added PKI Environment API
 
-  - added `PkiEnvironment` constructed via `createPkiEnvironment(database: Database, hooks: PkiEnvironmentHooks)`
+  - added `PkiEnvironment` struct/class with language-specific constructor
   - added `PkiEnvironmentHooks` interface which has to be implemented by a client and will be used by CoreCrypto during
     e2ei flow
   - added `CoreCrypto.setPkiEnvironment()` to set a PkiEnvironment on a `CoreCrypto` instance
   - added `CoreCrypto.getPkiEnvironment()` to get the PkiEnvironment of a `CoreCrypto` instance
 
-- added `Database.open(location: String, key: DatabaseKey)` as static methods to construct a persistent database
-  instance and `Database.open(key: DatabaseKey)` to construct an in-memory database instance.
+  Affected platforms: android, ios, web
+
+- added `Database.open(location: String, key: DatabaseKey)` as a static method to construct a persistent database
+  instance, and `Database.open(key: DatabaseKey)` / `Database.inMemory(key: DatabaseKey)` to construct an in-memory
+  database instance.
 
   Removed default Constructor from swift to align with other language bindings.
 
-  Affected platforms: android, ios
+  Affected platforms: android, ios, web
 
 - `CoreCrypto.e2ei_is_env_setup()` can't throw anymore and will always return a boolean.
 
@@ -116,8 +119,8 @@
 
 - Decode: support decoding and displaying mls key packages
 
-- Allow in-memory database instantiation and usage with core crypto. Just call `inMemoryDatabase()` (Android, Web) or
-  the `Database` constructor without a path (iOS).
+- Allow in-memory database instantiation and usage with core crypto. Just call `Database.inMemory()` (Web),
+  `Database.open` without a path (Android, iOS)
 
 ### Bug Fixes
 
@@ -134,6 +137,16 @@
 
   Affected platforms: web
 
+- TypeScript: The free functions `openDatabase()` and `inMemoryDatabase()` are no longer exported. Use the static
+  methods `Database.open()` and `Database.inMemory()` instead.
+
+  Affected platforms: web
+
+- TypeScript: The free function `createPkiEnvironment()` is no longer exported. Use the static method
+  `PkiEnvironment.new()` instead.
+
+  Affected platforms: web
+
 - added `.close()` to `Database` and removed `.close()` from `CoreCrypto`.
 
   A database should be closed if it is not used anymore. Closing a database makes any `PkiEnvironment` or `CoreCrypto`

@@ -94,7 +94,7 @@ export async function setup() {
                 const key = new Uint8Array(32);
                 crypto.getRandomValues(key);
 
-                const db = await window.ccModule.openDatabase(
+                const db = await window.ccModule.Database.open(
                     clientIdStr,
                     new window.ccModule.DatabaseKey(key.buffer)
                 );

@@ -48,7 +48,6 @@ export {
     ciphersuiteFromU16,
     ciphersuiteDefault,
     ClientId,
-    openDatabase,
     Database,
     DatabaseKey,
     type MlsTransportData,
@@ -77,7 +76,6 @@ export {
     KeypackageRef,
     SignatureScheme,
     PkiEnvironment,
-    createPkiEnvironment,
     type PkiEnvironmentHooks,
     PkiEnvironmentHooksError,
     HttpHeader,

@@ -16,7 +16,6 @@
 
 import * as CoreCryptoFfiTypes from "../browser/autogenerated/core_crypto_ffi";
 import {
-    openDatabase as _openDatabase,
     CoreCryptoFfi,
     coreCryptoHistoryClient,
     coreCryptoNew,

@@ -48,7 +48,6 @@ export {
     ciphersuiteFromU16,
     ciphersuiteDefault,
     ClientId,
-    openDatabase,
     Database,
     DatabaseKey,
     type MlsTransportData,
@@ -77,7 +76,6 @@ export {
     KeypackageRef,
     SignatureScheme,
     PkiEnvironment,
-    createPkiEnvironment,
     type PkiEnvironmentHooks,
     PkiEnvironmentHooksError,
     HttpHeader,

@@ -16,7 +16,6 @@
 
 import * as CoreCryptoFfiTypes from "./autogenerated/core_crypto_ffi";
 import {
-    openDatabase as _openDatabase,
     CoreCryptoFfi,
     coreCryptoHistoryClient,
     coreCryptoNew,

@@ -17,8 +17,8 @@ import {
     setMaxLogLevel,
     ClientId,
     Credential,
-    openDatabase,
 } from "@wireapp/core-crypto/native";
+import { Database } from "@wireapp/core-crypto/native";
 
 // Logging can be adjusted via the CC_TEST_LOG_LEVEL variable:
 // 0 = no logs
@@ -83,7 +83,7 @@ async function openTestDatabase(databaseName?: string) {
     const key = new DatabaseKey(keyBytes.buffer);
     const location = databaseName ?? `bun-test-db-${crypto.randomUUID()}`;
 
-    const database = await openDatabase(location, key);
+    const database = await Database.open(location, key);
 
     const resolvedLocation = await database.getLocation();
     assert(resolvedLocation !== undefined);

@@ -1,4 +1,3 @@
-import { inMemoryDatabase } from "../../../src/browser/autogenerated/core_crypto_ffi";
 import {
     Ciphersuite,
     type CommitBundle,
@@ -7,6 +6,7 @@ import {
     CoreCryptoLogLevel,
     Credential,
     CredentialType,
+    Database,
     DatabaseKey,
     MlsTransportResponse,
     type HistorySecret,
@@ -17,7 +17,6 @@ import {
     setMaxLogLevel,
     initWasmModule,
     ClientId,
-    openDatabase,
 } from "../../../src/browser/CoreCrypto";
 
 // Logging can be adjusted via the CC_TEST_LOG_LEVEL variable:
@@ -83,7 +82,7 @@ export async function ccInit(clientId?: ClientId): Promise<CoreCrypto> {
     const keyBytes = new Uint8Array(32);
     crypto.getRandomValues(keyBytes);
     const key = new DatabaseKey(keyBytes.buffer);
-    const db = await inMemoryDatabase(key);
+    const db = await Database.inMemory(key);
 
     const cc = CoreCrypto.new(db);
 
@@ -228,7 +227,7 @@ export async function proteusInit(clientName: string): Promise<CoreCrypto> {
     const key = new Uint8Array(32);
     crypto.getRandomValues(key);
 
-    const database = await openDatabase(
+    const database = await Database.open(
         clientName,
         new DatabaseKey(key.buffer)
     );

@@ -18,12 +18,12 @@ describe("database", () => {
                 const key = new Uint8Array(32);
                 window.crypto.getRandomValues(key);
 
-                await window.ccModule.openDatabase(
+                await window.ccModule.Database.open(
                     databaseName,
                     new window.ccModule.DatabaseKey(key.buffer)
                 );
 
-                const db = await window.ccModule.openDatabase(
+                const db = await window.ccModule.Database.open(
                     databaseName,
                     new window.ccModule.DatabaseKey(key.buffer)
                 );
@@ -40,7 +40,7 @@ describe("database", () => {
                 const key = new Uint8Array(32);
                 window.crypto.getRandomValues(key);
 
-                const db = await window.ccModule.openDatabase(
+                const db = await window.ccModule.Database.open(
                     databaseName,
                     new window.ccModule.DatabaseKey(key.buffer)
                 );
@@ -66,7 +66,7 @@ describe("database", () => {
                 const databaseName = crypto.randomUUID();
                 const key = new Uint8Array(32);
 
-                const database = await window.ccModule.openDatabase(
+                const database = await window.ccModule.Database.open(
                     databaseName,
                     new window.ccModule.DatabaseKey(key.buffer)
                 );
@@ -96,7 +96,7 @@ describe("database", () => {
             window.crypto.getRandomValues(keyBytes);
             const key = new window.ccModule.DatabaseKey(keyBytes.buffer);
 
-            const database = await window.ccModule.openDatabase(
+            const database = await window.ccModule.Database.open(
                 databaseName,
                 key
             );
@@ -204,7 +204,7 @@ describe("database", () => {
 
             // Reconstruct the client based on the migrated database and fetch the epoch.
             const encoder = new TextEncoder();
-            const database = await window.ccModule.openDatabase(
+            const database = await window.ccModule.Database.open(
                 clientName,
                 new_key
             );

@@ -29,11 +29,11 @@ describe("PKI environment", () => {
             const cc = window.ensureCcDefined(alice);
             const key = new Uint8Array(32);
             window.crypto.getRandomValues(key);
-            const database = await window.ccModule.openDatabase(
+            const database = await window.ccModule.Database.open(
                 crypto.randomUUID(),
                 new window.ccModule.DatabaseKey(key.buffer)
             );
-            const pki_env = await window.ccModule.createPkiEnvironment(
+            const pki_env = await window.ccModule.PkiEnvironment.create(
                 window.pkiEnvironmentHooks,
                 database
             );
@@ -55,7 +55,7 @@ describe("PKI environment", () => {
         const pki_env = await browser.execute(async (alice) => {
             const key = new Uint8Array(32);
             window.crypto.getRandomValues(key);
-            const database = await window.ccModule.openDatabase(
+            const database = await window.ccModule.Database.open(
                 alice,
                 new window.ccModule.DatabaseKey(key.buffer)
             );
@@ -72,13 +72,13 @@ describe("PKI environment", () => {
         const success = await browser.execute(async (alice) => {
             const key = new Uint8Array(32);
             window.crypto.getRandomValues(key);
-            const database = await window.ccModule.openDatabase(
+            const database = await window.ccModule.Database.open(
                 alice,
                 new window.ccModule.DatabaseKey(key.buffer)
             );
 
             const cc = window.ensureCcDefined(alice);
-            const pki_env = await window.ccModule.createPkiEnvironment(
+            const pki_env = await window.ccModule.PkiEnvironment.create(
                 window.pkiEnvironmentHooks,
                 database
             );

@@ -194,7 +194,7 @@ export async function ccInit(
             const key = new Uint8Array(32);
             window.crypto.getRandomValues(key);
 
-            const database = await window.ccModule.openDatabase(
+            const database = await window.ccModule.Database.open(
                 clientName,
                 new window.ccModule.DatabaseKey(key.buffer)
             );
@@ -508,7 +508,7 @@ export async function proteusInit(clientName: string): Promise<void> {
         const key = new Uint8Array(32);
         window.crypto.getRandomValues(key);
 
-        const database = await window.ccModule.openDatabase(
+        const database = await window.ccModule.Database.open(
             clientName,
             new window.ccModule.DatabaseKey(key.buffer)
         );

@@ -37,3 +37,6 @@ suspend fun Database.Companion.open(
 suspend fun Database.Companion.open(
     key: DatabaseKey
 ) = inMemoryDatabase(key)
+
+/** Create a new PKI environment */
+suspend fun PkiEnvironment.Companion.new(hooks: PkiEnvironmentHooks, database: Database) = createPkiEnvironment(hooks, database)
@@ -27,8 +27,8 @@ internal class E2EITest : HasMockDeliveryService() {
         val path = root.resolve("pki-$aliceId")
         val key = genDatabaseKey()
         val hooks = MockPkiEnvironmentHooks()
-        val db = openDatabase(path.absolutePath, key)
-        val pkiEnv = createPkiEnvironment(hooks, db)
+        val db = Database.open(path.absolutePath, key)
+        val pkiEnv = PkiEnvironment.new(hooks, db)
 
         val cc = CoreCrypto(db)
         cc.setPkiEnvironment(pkiEnv)

@@ -203,6 +203,17 @@ final actor TransactionExecutor<Result>: WireCoreCryptoUniffi.CoreCryptoCommand
 
 }
 
+extension PkiEnvironment {
+    /// Create a new PKI environment.
+    ///
+    /// - Parameter hooks: implementation of the PKI environment hooks
+    /// - Parameter database: the database to use for this environment
+    public convenience init(hooks: PkiEnvironmentHooks, database: Database) async throws {
+        let instance = try await createPkiEnvironment(hooks: hooks, database: database)
+        self.init(unsafeFromRawPointer: instance.uniffiClonePointer())
+    }
+}
+
 extension Database {
     /// Initialise or open a Database.
     ///

@@ -850,7 +850,7 @@ final class WireCoreCryptoTests: XCTestCase {
         try FileManager.default.createDirectory(at: root, withIntermediateDirectories: true)
         let database = try await Database.open(location: keystore.path, key: genDatabaseKey())
 
-        let pkiEnvironment: PkiEnvironment = try await createPkiEnvironment(
+        let pkiEnvironment = try await PkiEnvironment(
             hooks: MockPkiEnvironmentHooks(), database: database)
         let coreCrypto = try CoreCrypto(database: database)
         try await coreCrypto.setPkiEnvironment(pkiEnvironment: pkiEnvironment)

@@ -12,6 +12,30 @@ use crate::{CoreCryptoError, CoreCryptoResult};
 #[derive(Debug, derive_more::From, derive_more::Into, Clone, derive_more::Deref, uniffi::Object)]
 pub struct Database(core_crypto_keystore::Database);
 
+#[cfg(any(feature = "wasm", feature = "napi"))]
+#[cfg_attr(any(feature = "wasm", feature = "napi"), uniffi::export)]
+impl Database {
+    /// Open or create a [Database].
+    #[uniffi::constructor(name = "open")]
+    pub async fn open(location: &str, key: Arc<DatabaseKey>) -> CoreCryptoResult<Self> {
+        core_crypto_keystore::Database::open(core_crypto_keystore::ConnectionType::Persistent(location), key.as_ref())
+            .await
+            .map(Database)
+            .map_err(CoreCryptoError::generic())
+    }
+
+    /// Create an in-memory [Database] whose data will be lost when the instance is dropped.
+    #[uniffi::constructor(name = "inMemory")]
+    pub async fn in_memory(key: Arc<DatabaseKey>) -> CoreCryptoResult<Self> {
+        core_crypto_keystore::Database::open(core_crypto_keystore::ConnectionType::InMemory, key.as_ref())
+            .await
+            .map(Database)
+            .map_err(CoreCryptoError::generic())
+    }
+}
+
+// Note: no uniffi::export, because static functions are not supported yet by uniffi version 0.29.
+#[cfg(not(any(feature = "wasm", feature = "napi")))]
 impl Database {
     /// Open or create a [Database].
     pub async fn open(location: &str, key: Arc<DatabaseKey>) -> CoreCryptoResult<Self> {
@@ -57,12 +81,14 @@ impl Database {
 }
 
 /// Open or create a [Database].
+#[cfg(not(any(feature = "wasm", target_os = "unknown")))]
 #[uniffi::export]
 pub async fn open_database(location: &str, key: Arc<DatabaseKey>) -> CoreCryptoResult<Database> {
     Database::open(location, key).await
 }
 
 /// Create an in-memory [Database] whose data will be lost when the instance is dropped.
+#[cfg(not(any(feature = "wasm", target_os = "unknown")))]
 #[uniffi::export]
 pub async fn in_memory_database(key: Arc<DatabaseKey>) -> CoreCryptoResult<Database> {
     Database::in_memory(key).await

@@ -55,9 +55,9 @@ pub use core_crypto_context::CoreCryptoContext;
 pub use credential::Credential;
 pub use credential_ref::CredentialRef;
 pub use credential_type::CredentialType;
+pub use database::{Database, DatabaseKey, migrate_database_key_type_to_bytes};
 #[cfg(not(any(feature = "wasm", target_os = "unknown")))]
-pub use database::export_database_copy;
-pub use database::{Database, DatabaseKey, in_memory_database, migrate_database_key_type_to_bytes, open_database};
+pub use database::{export_database_copy, in_memory_database, open_database};
 pub use decrypted_message::{BufferedDecryptedMessage, DecryptedMessage};
 pub use e2ei::E2eiConversationState;
 pub use ephemeral::{HistorySecret, core_crypto_history_client};
@@ -70,6 +70,8 @@ pub use identity::{
 };
 pub use key_package::{Keypackage, KeypackageRef};
 pub use metadata::{BuildMetadata, build_metadata, version};
-pub use pki_env::{HttpHeader, HttpMethod, HttpResponse, PkiEnvironment, PkiEnvironmentHooks, create_pki_environment};
+#[cfg(not(any(feature = "wasm", target_os = "unknown")))]
+pub use pki_env::create_pki_environment;
+pub use pki_env::{HttpHeader, HttpMethod, HttpResponse, PkiEnvironment, PkiEnvironmentHooks};
 pub use signature_scheme::SignatureScheme;
 pub use timestamp::Timestamp;