Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@decentralized-identity/did-crypto-typescript
Advanced tools
Common TypeScript library for decentralized identity.
This library provides core crypto functions.
A core capability of this library is the generation of deterministic pairwise keys.
A pairwise key is a unique key for a relationship between a persona (user's DID) and a peer such as a relying party or another DID user.
Deterministic means that all pairwise keys can be recalculated.
Different environments such as a browser or Node.js support different crypto libraries.
This library expects a crypto object which is the cryptography layer for the environment.
window.crypto
import WebCrypto from 'node-webcrypto-ossl';
const crypto = new WebCrypto();
The library supports RSA and elliptic curve secp256k1 keys.
The library also supports secrets used for HMAC.
The algorithm specification are conform with the Web Cryptography API.
This repo has a collection of examples how to use the Web Cryptography API.
const didKey = new DidKey(crypto, algorithm, null, true);
crypto: see cryptography section
algorithm: The generatekey algorithm as specified in Web Cryptography API
key: null means that Didkey has to generate the key
exportable: True if the key can be exported
Examples of supported algorithms
const didKey = new DidKey(crypto, algorithm, null, true);
const pairwiseKey: DidKey = await didKey.generatePairwise(seed, personaId, peerId);
seed: Buffer representing at least 32 bytes of random data
personaId: String representing an identifier for a persona (user's DID)
peerId: String representing an identifier for the peer
Remark: To generate a deterministic key for a persona, use the same value for personaId and peerId.
const jwkKey = await didKey.getJwkKey(KeyExport.Private);
const jwkKey = await didKey.getJwkKey(KeyExport.Public);
Install the library into your project with npm:
npm install @decentralized-identity/did-crypto-typescript
This library uses @peculiar/webcrypto as base crypto library for nodejs. This library is still in an experimental stage and should for now not be used in production code. In the browser one can use the native window.crypto object supported in all modern browsers.
The library supports the following algorithms for generating pairwise keys: RSA secp256k1
FAQs
Common TypeScript library for decentralized identity.
We found that @decentralized-identity/did-crypto-typescript demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.