feat(core): use @noble/ciphers/aes for mobile compat

[andrascodes]

This PR is part of a stack created with Aviator. feat(expo-example): configure and add magic link login #142 fix(expo-example): add EAS local build config and fix HMR bug with secureStoreStamper #141 feat(expo-example): migrate to expo-router #131 feat(react): enable OAuth in React Native #80 feat(expo-example): add Passkey auth and test on Android #124 feat: add expo-example app #76 fix(react): race condition between initialize and isAuthorized in RN #75 feat: add fetchOptions to core and react so Origin header can be sent on RN #74 feat(react): expose stamper, storage and shouldInit params #73 refactor(core): use atob and btoa instead of Buffer #72 feat(core): rename stampers and expose them on createZeroDevWallet #71 ➡️ feat(core): use @noble/ciphers/aes for mobile compat #152 main

Make HPKE seal work in non-WebCrypto runtimes (React Native)

Summary

The OTP_V3 HPKE seal in packages/core/src/utils/hpke.ts used crypto.subtle.importKey / crypto.subtle.encrypt for AES-256-GCM. React
Native's Hermes runtime has no Web Crypto, so any RN consumer hits Cannot read property 'importKey' of undefined during auth({ type: 'otp', mode: 'verifyOtp' }).

This swaps the AES-GCM step for the pure-JS gcm from @noble/ciphers, matching the rest of the file (already on @noble/curves +
@noble/hashes).

Changes

• packages/core/package.json — add @noble/ciphers: ^2.2.0 (aligned with the existing @noble/curves / @noble/hashes v2.2.0).
• packages/core/src/utils/hpke.ts
  • Import gcm from @noble/ciphers/aes.js.
  • Replace aesGcmSeal (Web Crypto, async) with a one-liner over gcm(key, nonce, aad).encrypt(plaintext).
  • Drop the toArrayBuffer helper (only existed to satisfy BufferSource typing for crypto.subtle).
  • hpkeSealP256 keeps its Promise return type for callsite stability, even though seal is now synchronous.

Wire-format compatibility

@noble/ciphers's gcm returns ciphertext || tag (16-byte tag appended) — identical to crypto.subtle.encrypt with tagLength: 128 and to
Turnkey's Go Sealer.Seal. AAD shape (enc || pkR) and HPKE info ("turnkey_hpke") are unchanged, so the sealed bundle is bit-identical to
the previous implementation.

Tests

All existing HPKE / encryptOtpAttempt tests pass unchanged (10 tests across hpke.test.ts and encryptOtpAttempt.test.ts), including
round-trip decryption via the reference impl — confirming byte-level compatibility with the prior Web Crypto path.

Compatibility

• Browsers / Node: behavior unchanged.
• React Native (Hermes): now works without polyfills.
• No public API changes; no consumer code changes required.

[SahilVasava]

LGTM!