Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@fluree/crypto-utils
Advanced tools
A collection of Javascript cryptography functions for Fluree
NOTE: This library has been deprecated. We recommend using the flureedb / flureenjs libraries directly instead. If there is something in here that you'd like to see in those libraries, please let us know by opening a GitHub issue here: https://github.com/fluree/db/issues.
npm install @fluree/crypto-utils
The db
parameter has been changed to ledger
as it should have been named in
the first place. This requires Fluree Ledger version 1.0.1 or higher.
The host
parameter has been dropped from the signQuery function since it is no longer used to create the signing string.
Returns a hex string of a public and private key pair.
import { generateKeyPair } from '@fluree/crypto-utils';
const { publicKey, privateKey } = generateKeyPair();
For Node.js, you will need to reference the Node.js crypto module. This is because the randomness for Node.js seed generation is determined differently than the browser.
const crypto = require("crypto");
const {generateKeyPair,getSinFromPublicKey} = require('@fluree/crypto-utils');
const { publicKey, privateKey } = generateKeyPair();
Returns the _auth/id
that accompanies a given public key.
import { generateKeyPair, getSinFromPublicKey } from '@fluree/crypto-utils';
const { publicKey } = generateKeyPair();
const authId = getSinFromPublicKey(publicKey);
signTransaction returns an object with the keys: sig, cmd, which should then be sent in the body of a request to the /command
endpoint.
import { generateKeyPair, getSinFromPublicKey, signTransaction } from '@fluree/crypto-utils';
const { publicKey, privateKey } = generateKeyPair();
const authId = getSinFromPublicKey(publicKey);
const ledger = "test/one";
const expire = Date.now() + 1000;
const fuel = 100000;
const nonce = 1;
// Deps is an optional parameter - it is a array of _tx/ids that must have succeeded
// for the current transaction to be accepted.
const deps = null;
const tx = JSON.stringifiy([{
"_id": "_tag",
"id": "tag/test" }])
let command = signTransaction(authId, ledger, expire, fuel, nonce, privateKey, tx, deps)
// If you want to receive the verbose results from the transaction,
// set the txid-only property to false. By default (true), only the
// transaction id will be returned.
Object.assign(command, {"txid-only": false});
const fetchOpts = {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(command)
};
const fullURI = `https://localhost:8090/fdb/${ledger}/command`;
fetch(fullURI, fetchOpts)
signQuery returns an object with the keys: header, method, body, which should then be sent to any of the query endpoints (/query
, /multi-query
, history
, block
).
import { generateKeyPair, getSinFromPublicKey, signQuery } from '@fluree/crypto-utils';
const { publicKey, privateKey } = generateKeyPair();
const authId = getSinFromPublicKey(publicKey);
const param = JSON.stringify({select: ["*"], from: "_collection"});
const ledger = "test/one";
const queryType = "query";
const fetchOpts = signQuery(privateKey, param, queryType, ledger)
const fullURI = `https://localhost:8090/fdb/${ledger}/query`;
fetch(fullURI, fetchOpts)
signRequest returns an object containing the keys: header, method and body. This object can be used to sign requests that are not related to transactions or queries.
The following example demonstrates how to sign a request to delete a ledger.
import { generateKeyPair, getSinFromPublicKey, signRequest } from '@fluree/crypto-utils';
const { publicKey, privateKey } = generateKeyPair();
const authId = getSinFromPublicKey(publicKey);
// The host portion of the URL is required as the signRequest
// function parses the entire url to build the signing string.
var endpoint = 'http://localhost:8090/fdb/delete-db';
var body = JSON.stringify({
"ledger/id": 'test/deleteme',
"auth": authId
});
var fetchOpts = signRequest("POST", endpoint, body, privateKey, authId);
fetch(endpoint, fetchOpts)
FAQs
Helper cryptography functions for Fluree
The npm package @fluree/crypto-utils receives a total of 26 weekly downloads. As such, @fluree/crypto-utils popularity was classified as not popular.
We found that @fluree/crypto-utils demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.