Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@dyne/keypairoom
Advanced tools
Readme
Component to generate and regenerate a keypair, in a deterministic and private way. The cryptographic part consists of two Zenroom smart contracts, the first executed server-side to generate a seed (based on public data such as user name), the second generate client side, based on the output of the first smart contract and on private information, namely "The challenges".
{
"theBackend":{
"keypair":{
"private_key":"Aku7vkJ7K01gQehKELav3qaQfTeTMZKgK+5VhaR3Ui0=",
"public_key":"BBCQg21VcjsmfTmNsg+I+8m1Cm0neaYONTqRnXUjsJLPa8075IYH+a9w2wRO7rFM1cKmv19Igd7ntDZcUvLq3xI="
}
},
"theBackendPassword":"myVerySecretPassword",
"userData":{
"username":"JohnDoe",
"email":"john@doe.com",
"phone":"12345678"
}
}
{
"userChallenges": {
"whereMyParentsMet": "Paris",
"myFirstPet": "ScoobyDoo",
"myHomeTown": "Amsterdam",
"nameOfFirstTeacher": "null",
"surnameOfMotherBeforeWedding": "null"
},
"username": "JohnDoe",
"key_derivation": "qf3skXnPGFMrE28UJS7S8BdT8g=="
}
See here what the scripts will return:
Client side: generation of keypair and optional hashing of challenges
And here the Swagger for both scripts (search for the names of the APIs on the page)
The deployment is done via restroom-mw and can be installed using the script deployAPI.sh or the Dockerfile, info about Dockerfile deployment here.
To configure backend environment variables please put an .env file at the top of your project like this or rename .env.sample to .env:
#BACKEND CREDENTIALS
BACKEND_PRIVATE_KEY=Aku7vkJ7K01gQehKELav3qaQfTeTMZKgK+5VhaR3Ui0=
BACKEND_PUBLIC_KEY=BBCQg21VcjsmfTmNsg+I+8m1Cm0neaYONTqRnXUjsJLPa8075IYH+a9w2wRO7rFM1cKmv19Igd7ntDZcUvLq3xI=
BACKEND_PASSWORD=myVerySecretPassword
#UNCOMMENT HERE IF YOU WANT TO OVERRIDE DEFAULT WITH A DIFFERENT CONTRACT
#SERVER_SIDE_CONTRACT=zencode/Keypair-Creation-Server-Side.zen
#CLIENT_SIDE_CONTRACT=zencode/Keypair-Creation-Client-Side.zen
#UNCOMMENT HERE IF YOU WANT TO OVERRIDE FOLDER OR FILENAME default: prop/questions-en_GB.json
#QUESTION_FOLDER=props/
#QUESTION_FILE_PREPEND=questions-
FAQs
Keypair library
The npm package @dyne/keypairoom receives a total of 2 weekly downloads. As such, @dyne/keypairoom popularity was classified as not popular.
We found that @dyne/keypairoom demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.