@evo/vchasno-signer
Advanced tools
Library to work with private keys, sign data and verify signatures.
npm install -E @evo/vchasno-signer
import vchasnoSigner from '@evo/vchasno-signer';
// Minimal config for signer, more details you can find in config object section
const configObject = { proxyServiceUrl: '/internal-api/proxy' };
// Initialize signer
await vchasnoSigner.init(configObject);
// Read private key
const key = await vchasnoSigner.readKey(keyFile, password, caServerIdx, certificateFiles);
// Sign data
const eSign = vchasnoSigner.signData(data, key);
// Verify signature
const signInfo = vchasnoSigner.verifySign(data, eSign);
{
// Allow to use only power certificates, default is true
checkIsPowerCertificate: true,
// Download internal sign library from specific url. If not specified, library
// will be downloaded from Vchasno servers
downloadSignLibraryUrl: null,
// Max data size to work with in bytes, library will take 10x size in memory.
// *Implicit* default value is 5Mb for desktop and 2Mb for mobile
maxFileSize: undefined,
// By default path to library is `/js/lib/iit`, but you can specify your own path
pathToLibrary: '/path/to/library',
// To work library need proxy service in your backend.
// Library send a POST request to proxy service url with address in GET parameter
// and data string in body. Backend needs to make a request to this address with
// data string and return received data to the library
proxyServiceUrl: '/internal-api/proxy',
// By default library will use Web Workers if supported, but you can force it
// by setting useMainThread = true
useMainThread: false,
}
Read PK file to get key object with PK content, associated certificates, information about PK and actual certificate.
Parameters:
keyFile: PK file in Blob formatpassword: PK passwordcaServerIdx: PK vendor, you can get list of supported CA servers with getCAServers functioncertificateFiles: optional parameter, some CA use certificates from file, so we need to pass PK file and associated certificates file/files. You can use getCAServerSettings function to find out which certificates type are used.// List of supported CA servers
const caServers = vchasnoSigner.getCAServers();
// CA server settings
const caServerSettings = vchasnoSigner.getCAServerSettings(caServers[idx]);
caServerSettings.loadCertsFromFile; // true - need to pass associated certificates, false - certificates will be found in CA servers
// Read PK
const key = await vchasnoSigner.readKey(keyFile, password, caServerIdx, certificateFiles);
key.keyData //content of PK
key.password //PK password
key.certificates //PK associated certificates
key.keyInfo //information about PK owner
key.certificateInfo //information about actual associated certificate
Sign data with PK, verify signature and return signature object.
Parameters:
data: data to sign in Blob, ArrayBuffer, or Uint8Array formatkey: key object from readKey functionconst eSign = vchasnoSigner.signData(data, key);
Also data can be signed internaly in p7s container
const [eSign, p7s] = vchasnoSigner.signDataInternal(data, key);
Verify association between data and signature, return information about signature.
Parameters:
data: data to sign in Blob, ArrayBuffer or Uint8Array formateSign: signature string from signData functionconst signInfo = vchasnoSigner.verifySign(data, eSign);
For internal signatures need to pass only p7s container.
Parameters:
p7s: p7s container from signDataInternal functionconst signInfo = vchasnoSigner.verifySignInternal(p7s);
To deploy new version:
npm version <patch|minor|major>
git push origin --atomic HEAD v0.0.1
# buid container if needed
just docker-build-image
# update certificates
just docker-update-ca-servers
wget --output-document ./scripts/rawCAs.json https://iit.com.ua/download/productfiles/CAs.json
wget --output-document ./src/files/CACertificates.p7b https://iit.com.ua/download/productfiles/CACertificates.p7b
node scripts/generateCAServers.js
FAQs
Sign module for Vchasno project
The npm package @evo/vchasno-signer receives a total of 89 weekly downloads. As such, @evo/vchasno-signer popularity was classified as not popular.
We found that @evo/vchasno-signer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Ā It has 15 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A critical vm2 sandbox escape can allow untrusted JavaScript to break isolation and execute commands on the host Node.js process.
Research
Five malicious NuGet packages impersonate Chinese .NET libraries to deploy a stealer targeting browser credentials, crypto wallets, SSH keys, and local files.
Security News
pnpm 11 turns on a 1-day Minimum Release Age and blocks exotic subdeps by default, adding safeguards against fast-moving supply chain attacks.