Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@hearro/didcomm

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@hearro/didcomm

Cryptographic envelope layer of DIDComm written in Typescript

  • 0.6.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

DIDComm-crypto-js

Javascript (written in typescript) version of the cryptographic envelope of DIDComm. This library is built for any javascript environment that needs to . It is built on libsodium-js and follows the specs documented in the docs folder.

installation

This package is currently not available on NPM: It will be added to npm under the package name DIDComm-crypto-js when a CI/CD platform can be added to publish it.

Usage

NOTE THESE APIs are currently unstable at this point to account for new non-repudiable signing changes

There's currently 4 APIs of use in this library that will handle encryption and decryption to multiple recipients. Messages encrypted with this library support repudiable authentication and anonymous encryption. There's additional APIs to support non-repudiable signing and verification of messages.

Encrypt with repudiable authentication

pack_auth_msg_for_recipients(message, recipientKeyList, senderKeyPair, nonRepudiable = false) should be the default method used. This example shows how to use repudiable authentication to pack a message for the recipient.

    const didcomm = new DIDComm()
    await didcomm.Ready
    const alice = await didcomm.generateKeyPair()
    const bob = await didcomm.generateKeyPair()
    const message = 'I AM A PRIVATE MESSAGE'
    const packedMsg = await didcomm.pack_auth_msg_for_recipients(message, [bob.publicKey], alice)
    const unpackedMsg = await didcomm.unpackMessage(packedMsg, bob)

Encrypt with non-repudiable authentication

To Encrypt a message for a recipient and sign the message using a non-repudiable signature change the nonRepudiable variable should be set to true. To understand what non-repudiation is and when it should be used refer here.

    const didcomm = new DIDComm()
    await didcomm.Ready
    const alice = await didcomm.generateKeyPair()
    const bob = await didcomm.generateKeyPair()
    const message = 'I AM A PRIVATE MESSAGE'
    const packedMsg = await didcomm.pack_auth_msg_for_recipients(message, [bob.publicKey], alice, true)
    const unpackedMsg = await didcomm.unpackMessage(packedMsg, bob)

Encrypt with no authentication

For privacy reasons or to meet the principle of least information, it may be necessary to encrypt a message, but does not provide authentication guarantees.

    const didcomm = new DIDComm()
    await didcomm.Ready
    const bob = await didcomm.generateKeyPair()
    const message = JSON.stringify({
        "@type": "did:example:1234567890;spec/test",
        data: "I AM A SIGNED MESSAGE"
    })
    const packedMsg = await didcomm.pack_anon_msg_for_recipients(message, [bob.publicKey])
    const unpackedMsg = await didcomm.unpackMessage(packedMsg, bob)

Non-repudiable signature with no encryption

In very specific use cases like the invitation protocol or incredibly short lived connection (1 round trip only) it's necessary to provide data in a plaintext format to provide a key. In these cases we will sign the data, but leave it unencrypted.

    const didcomm = new DIDComm()
    await didcomm.Ready
    const bob = await didcomm.generateKeyPair()
    const message = "I AM A PUBLIC MESSAGE"
    const packedMsg = await didcomm.pack_nonrepudiable_msg_for_anyone(message, bob)
    const unpackedMsg = await didcomm.unpackMessage(packedMsg, bob)

Authentication notes

To perform authentication this library should be combined with resolution of a DID Document to ensure the key used by the sender is contained in a valid DID Document. This funcationality is considered out of scope for this library.

FAQs

Package last updated on 31 Jan 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc