Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@functionland/fula-sec

Package Overview
Dependencies
Maintainers
5
Versions
9
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@functionland/fula-sec

This library provides security features of Fula Protocol

  • 1.0.2
  • npm
  • Socket score

Version published
Weekly downloads
7
increased by250%
Maintainers
5
Weekly downloads
 
Created
Source

Fula Security Layer (FSL)

Fula Security Layer Includes Decentralized Identity and Encryption.

The Fula-sec library allows you to create DID (Decentrlized-ID) and Encript/Decypt by using Ed25519 and EDHD algorithms.

Ed25519 KeyPairs are used for creating DID, PID (Peer-Id), JWE/JWET/JWT signing identity of token which is passed as iss: attribyte of the payload. In same way opposite side user can verify or/and decrypt by passing their own KeyPair.

Installation

Install NPM package

npm install @functionland/fula-sec --save

(back to top)

Decentralized Identity (DID)

 import {HDKEY, DID} from '@functionland/fula-sec'


 /* Prefix moc keys */
 let password = '123456789'  //User`s password
 let signedKey = '9d7020006cf....f33a32adb81ae'; 
 /* signedKey is the signature coming from the locally-running 
 service of a 3rd party signing authority like Meta Mask Wallet 
 by signing part of the password (not the full password is being 
 sent to the 3rd party signing authority)
 */

 
 /* 1 - Add user`s password */
 const ed = new HDKEY(password);
 
 // A. Sign with chaincode   |chainCode| --->  |Metamask|      
 // B. Get signedKey         |signedKey| <---  |Metamask| 

 /* 2 - Get chainCode to get signedKey from Metamask*/
 const chainCode = ed.chainCode; 
 /*
   chainCode is created from part of the password to be sent 
   to the signing authority like MetaMask wallet to get a unique signature back
 */
 `type:base64pad APSWnk8ULP/v//oseMeSEDadMBSSeX/SOxOREYhjQ7g=`
 /* Send request to metamask*/

 /* 3 - Get KeyPair: Publick and Privete Key */
 const keyPair = ed.createEDKeyPair(signedKey);
 `secretkey:  Uint8Array(64) [
      98,  47,  78, 171, 169, 201, 236, 231, 196,  23, 134,
      135,  78, 180, 195,  93,  22,  57,  41, 213,  53,  86,
      248,  34,  83, 162, 233, 128,  89, 128, 207, 173, 247,
      94, 235,  66, 181, 212, 204, 168, 133, 182,  87, 227,
      217, 233, 122, 169, 145,  20,  42, 110, 229, 233, 239,
      112,  55, 203,  18, 112,  50, 251, 239, 219
   ],
   pubkey:  Uint8Array(32) [
      247,  94, 235,  66, 181, 212, 204,
      168, 133, 182,  87, 227, 217, 233,
      122, 169, 145,  20,  42, 110, 229,
      233, 239, 112,  55, 203,  18, 112,
      50, 251, 239, 219
   ]`
 
 /* keyPair: {
      publicKey,
      secretKey    
 } for creating DID and Encrypt/Decrypt */
 
 

 /* 4 - Add KeyPair in order to generate DID*/
 const did = new DID(keyPair.secretKey);
 
 /* Get DID */
 did.did();
`did:key:z6MknwZL7aFNFGoq7ZaZv47LF7tiqtwV3ZrYRbAJEmUWRRkh`

(back to top)

Json Web Encrypted Token / Time Based Encryption

 import { EncryptJWT, DecryptJWT } from '@functionland/fula-sec'
  
  /* Securly export your wrapped wnfs key */
  const jwet = await new EncryptJWT({ any: 'your sensitive data to encrypt'})
     .setIssuedAt()
     .setNotBefore(Math.floor(Date.now() / 1000))
     .setIssuer(did.did())
     .setAudience(did.did())
     .setExpirationTime('3s')
     .encrypt(keyPair.secretKey);

 /* Verify and decrypt to get your wnfs key within 3 second as declared above */
  const payload = await new DecryptJWT(keyPair.secretKey).verify(jwet)    
   `payload:  {
      aud: 'did:key:z6MknwZL7aFNFGoq7ZaZv47LF7tiqtwV3ZrYRbAJEmUWRRkh',
      exp: 1669043742,
      iat: 1669043738,
      iss: 'did:key:z6MknwZL7aFNFGoq7ZaZv47LF7tiqtwV3ZrYRbAJEmUWRRkh',
      nbf: 1669043738,
      any: 'your sensitive data to encrypt'
   }
   `

(back to top)

Content

  • HDKEY Drive
  • Identity (DID)
  • PeerId (PID)
  • JWE
  • JWET

See the open issues for a full list of proposed features (and known issues).

(back to top)

Development

Community

Maintainers

License

See LICENSE for more information.

(back to top)

Keywords

FAQs

Package last updated on 22 Nov 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc