Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@1auth/crypto
Advanced tools
@1auth/crypto - npm Package Compare versions
Comparing version 0.0.0-alpha.40 to 0.0.0-alpha.41
48
index.js
@@ -7,2 +7,4 @@ import { promisify } from 'node:util' | ||
| createDecipheriv, | ||
| createHmac, | ||
| timingSafeEqual, | ||
| generateKeyPair as generateKeyPairCallback, | ||
@@ -26,2 +28,3 @@ sign as signCallback, | ||
| digestAlgorithm: 'sha3-384', | ||
| hmacAlgorithm: 'sha256', | ||
| signatureEncoding: 'base64' | ||
@@ -384,3 +387,7 @@ } | ||
| export const makeSignature = async (data, privateKey, { algorithm } = {}) => { | ||
| export const makeAsymmetricSignature = async ( | ||
| data, | ||
| privateKey, | ||
| { algorithm } = {} | ||
| ) => { | ||
| algorithm ??= options.digestAlgorithm | ||
@@ -391,3 +398,3 @@ return (await sign(algorithm, Buffer.from(data), privateKey)).toString( | ||
| } | ||
| export const verifySignature = async ( | ||
| export const verifyAsymmetricSignature = async ( | ||
| data, | ||
@@ -406,1 +413,38 @@ publicKey, | ||
| } | ||
| export const makeSymmetricSignature = ( | ||
| data, | ||
| encryptionKey, | ||
| { algorithm } = {} | ||
| ) => { | ||
| encryptionKey ??= options.symetricEncryptionKey | ||
| algorithm ??= options.hmacAlgorithm | ||
| const signature = createHmac('sha256', encryptionKey) | ||
| .update(data) | ||
| .digest('base64') | ||
| .replace(/=+$/, '') | ||
| const signedData = data + '.' + signature | ||
| return signedData | ||
| } | ||
| export const verifySymmetricSignature = ( | ||
| signedData, | ||
| encryptionKey, | ||
| { algorithm } = {} | ||
| ) => { | ||
| const data = signedData.slice(0, signedData.lastIndexOf('.')) | ||
| const signedDataExpected = makeSymmetricSignature(data, encryptionKey, { | ||
| algorithm | ||
| }) | ||
| return safeEqual(signedData, signedDataExpected) && data | ||
| } | ||
| export const safeEqual = (input, expected) => { | ||
| const bufferInput = Buffer.from(input) | ||
| const bufferExpected = Buffer.from(expected) | ||
| return ( | ||
| bufferInput.length === bufferExpected.length && | ||
| timingSafeEqual(bufferInput, bufferExpected) | ||
| ) | ||
| } |
| { | ||
| "name": "@1auth/crypto", | ||
| "version": "0.0.0-alpha.40", | ||
| "version": "0.0.0-alpha.41", | ||
| "description": "", | ||
@@ -5,0 +5,0 @@ "type": "module", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by8.14%
13719
- Lines of code
- increased by10.99%
404
No dependency changes