New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →

@interledger/http-signature-utils

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@interledger/http-signature-utils

Provides utilities for working with HTTP signatures

1.0.0
Source
npm

Version published: 2 years ago

Maintainers: 1

Created: 2 years ago

Source

HTTP Signature Utils Library

The Library includes

loading Ed25519 keys from file or creating them
generating JWKs from Ed25519 keys
creating HTTP signature headers
validate and verify HTTP signature headers

Local Development

Building

From the monorepo root directory:

pnpm --filter http-signature-utils build

Testing

From the monorepo root directory:

pnpm --filter http-signature-utils test

Usage

Load or generate a private key

const key = parseOrProvisionKey('/PATH/TO/private-key.pem')

Create JWK from private key

const jwk = generateJwk({
  privateKey: key,
  keyId: '5cd52c55-05f1-41be-9474-a5c432cd4375'
})

Create Signature Headers

const signatureHeaders = await createSignatureHeaders({
  request: {
    method: 'POST',
    url: 'https://example.com',
    headers: {
      authorization: 'GNAP 123454321'
    },
    body: JSON.stringify(body)
  }
  privateKey: key,
  keyId: '5cd52c55-05f1-41be-9474-a5c432cd4375'
})

Create Signature and Content Headers

const headers = await createHeaders({
  request: {
    method: 'POST',
    url: 'https://example.com',
    headers: {
      authorization: 'GNAP 123454321'
    },
    body: JSON.stringify(body)
  }
  privateKey: key,
  keyId: '5cd52c55-05f1-41be-9474-a5c432cd4375'
})

Validate Signature and Content Headers

const isValidHeader = validateSignatureHeaders(request: {
    method: 'POST',
    url: 'https://example.com',
    headers: {
      'content-type': 'application/json',
      'content-length': '1234',
      'content-digest': "sha-512=:vMVGexd7h7oBvi9aTwj05YvuCBTJaAYFPTwaxzu41/TyjXTueuKjxLlnTOhQfxE+YdA/QTiSXEkWh4gZ5zDZLg==:",
    signature: "sig1=:Tk6ZvOqKxPysDpLPyjDRah76Uskr8OYxcuJasg4tSrD8qRaGBTji+WdMHxkkTqUX1cASaoqAdE3s7YDUFmlnCw==:",
    'signature-input': 'sig1=("@method" "@target-uri" "authorization" "content-digest" "content-length" "content-type");created=1670837620;keyid="keyid-97a3a431-8ee1-48fc-ac85-70e2f5eba8e5";alg="ed25519"',
      authorization: 'GNAP 123454321'
    },
    body: JSON.stringify(body)
  })

Verify signature

const isValidSig = await validateSignature(
  clientKey: jwk,
  request: {
    method: 'POST',
    url: 'https://example.com',
    headers: {
      'content-type': 'application/json',
      'content-length': '1234',
      'content-digest': "sha-512=:vMVGexd7h7oBvi9aTwj05YvuCBTJaAYFPTwaxzu41/TyjXTueuKjxLlnTOhQfxE+YdA/QTiSXEkWh4gZ5zDZLg==:",
    signature: "sig1=:Tk6ZvOqKxPysDpLPyjDRah76Uskr8OYxcuJasg4tSrD8qRaGBTji+WdMHxkkTqUX1cASaoqAdE3s7YDUFmlnCw==:",
    'signature-input': 'sig1=("@method" "@target-uri" "authorization" "content-digest" "content-length" "content-type");created=1670837620;keyid="keyid-97a3a431-8ee1-48fc-ac85-70e2f5eba8e5";alg="ed25519"',
      authorization: 'GNAP 123454321'
    },
    body: JSON.stringify(body)
  }
):

FAQs

What is @interledger/http-signature-utils?

Is @interledger/http-signature-utils well maintained?

Package last updated on 22 Mar 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@interledger/http-signature-utils

HTTP Signature Utils Library

Local Development

Building

Testing

Usage

Related posts

require(esm) Backported to Node.js 20, Paving the Way for ESM-Only Packages

PyPI Now Supports iOS and Android Wheels for Mobile Python Development