@hearro/didcomm

DIDComm-crypto-js

Javascript (written in typescript) version of the cryptographic envelope of DIDComm. This library is built for any javascript environment that needs to . It is built on libsodium-js and follows the specs documented in the docs folder.

installation

This package is currently not available on NPM: It will be added to npm under the package name DIDComm-crypto-js when a CI/CD platform can be added to publish it.

Usage

NOTE THESE APIs are currently unstable at this point to account for new non-repudiable signing changes

There's currently 4 APIs of use in this library that will handle encryption and decryption to multiple recipients. Messages encrypted with this library support repudiable authentication and anonymous encryption. There's additional APIs to support non-repudiable signing and verification of messages.

Encrypt with repudiable authentication

pack_auth_msg_for_recipients(message, recipientKeyList, senderKeyPair, nonRepudiable = false) should be the default method used. This example shows how to use repudiable authentication to pack a message for the recipient.

    const didcomm = new DIDComm()
    await didcomm.Ready
    const alice = await didcomm.generateKeyPair()
    const bob = await didcomm.generateKeyPair()
    const message = 'I AM A PRIVATE MESSAGE'
    const packedMsg = await didcomm.pack_auth_msg_for_recipients(message, [bob.publicKey], alice)
    const unpackedMsg = await didcomm.unpackMessage(packedMsg, bob)

Encrypt with non-repudiable authentication

To Encrypt a message for a recipient and sign the message using a non-repudiable signature change the nonRepudiable variable should be set to true. To understand what non-repudiation is and when it should be used refer here.

    const didcomm = new DIDComm()
    await didcomm.Ready
    const alice = await didcomm.generateKeyPair()
    const bob = await didcomm.generateKeyPair()
    const message = 'I AM A PRIVATE MESSAGE'
    const packedMsg = await didcomm.pack_auth_msg_for_recipients(message, [bob.publicKey], alice, true)
    const unpackedMsg = await didcomm.unpackMessage(packedMsg, bob)

Encrypt with no authentication

For privacy reasons or to meet the principle of least information, it may be necessary to encrypt a message, but does not provide authentication guarantees.

    const didcomm = new DIDComm()
    await didcomm.Ready
    const bob = await didcomm.generateKeyPair()
    const message = JSON.stringify({
        "@type": "did:example:1234567890;spec/test",
        data: "I AM A SIGNED MESSAGE"
    })
    const packedMsg = await didcomm.pack_anon_msg_for_recipients(message, [bob.publicKey])
    const unpackedMsg = await didcomm.unpackMessage(packedMsg, bob)

Non-repudiable signature with no encryption

In very specific use cases like the invitation protocol or incredibly short lived connection (1 round trip only) it's necessary to provide data in a plaintext format to provide a key. In these cases we will sign the data, but leave it unencrypted.

    const didcomm = new DIDComm()
    await didcomm.Ready
    const bob = await didcomm.generateKeyPair()
    const message = "I AM A PUBLIC MESSAGE"
    const packedMsg = await didcomm.pack_nonrepudiable_msg_for_anyone(message, bob)
    const unpackedMsg = await didcomm.unpackMessage(packedMsg, bob)

Authentication notes

To perform authentication this library should be combined with resolution of a DID Document to ensure the key used by the sender is contained in a valid DID Document. This funcationality is considered out of scope for this library.