Security News
npm Updates Search Experience with New Objective Sorting Options
npm has a revamped search experience with new, more transparent sorting options—Relevance, Downloads, Dependents, and Publish Date.
@interledger/http-signature-utils
Advanced tools
This library provides tools for working with HTTP Message Signatures:
HTTP Message Signatures are used for protecting the integrity of Open Payments API requests.
You can install the package using:
npm install @interledger/http-signature-utils
Load a private Ed25519 key:
const key = loadKey('/PATH/TO/private-key.pem')
Generate a private Ed25519 key:
const key = generateKey('/PATH_TO_SAVE_KEY_IN')
Load or generate a private Ed25519 key:
const key = loadOrGenerateKey('/PATH/TO/private-key.pem')
Load a base64 encoded Ed25519 private key:
const key = loadBase64Key(
'LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1DNENBUUF3QlFZREsyVndCQ0lFSUkvWHBwdkZPOWltNE9odWkxNytVMnpWNUNuMDJBWXBZWFpwcUlSQ1M0UFkKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo='
)
Create JWK from private Ed25519 key:
const jwk = generateJwk({
privateKey: key,
keyId: '5cd52c55-05f1-41be-9474-a5c432cd4375'
})
Create signature headers:
const signatureHeaders = await createSignatureHeaders({
request: {
method: 'POST',
url: 'https://example.com',
headers: {
authorization: 'GNAP 123454321'
},
body: JSON.stringify(body)
}
privateKey: key,
keyId: '5cd52c55-05f1-41be-9474-a5c432cd4375'
})
Create signature and content headers:
const headers = await createHeaders({
request: {
method: 'POST',
url: 'https://example.com',
headers: {
authorization: 'GNAP 123454321'
},
body: JSON.stringify(body)
}
privateKey: key,
keyId: '5cd52c55-05f1-41be-9474-a5c432cd4375'
})
Validate signature and content headers:
const isValidHeader = validateSignatureHeaders(request: {
method: 'POST',
url: 'https://example.com',
headers: {
'content-type': 'application/json',
'content-length': '1234',
'content-digest': "sha-512=:vMVGexd7h7oBvi9aTwj05YvuCBTJaAYFPTwaxzu41/TyjXTueuKjxLlnTOhQfxE+YdA/QTiSXEkWh4gZ5zDZLg==:",
signature: "sig1=:Tk6ZvOqKxPysDpLPyjDRah76Uskr8OYxcuJasg4tSrD8qRaGBTji+WdMHxkkTqUX1cASaoqAdE3s7YDUFmlnCw==:",
'signature-input': 'sig1=("@method" "@target-uri" "authorization" "content-digest" "content-length" "content-type");created=1670837620;keyid="keyid-97a3a431-8ee1-48fc-ac85-70e2f5eba8e5";alg="ed25519"',
authorization: 'GNAP 123454321'
},
body: JSON.stringify(body)
})
Verify signature:
const isValidSig = await validateSignature(
clientKey: jwk,
request: {
method: 'POST',
url: 'https://example.com',
headers: {
'content-type': 'application/json',
'content-length': '1234',
'content-digest': "sha-512=:vMVGexd7h7oBvi9aTwj05YvuCBTJaAYFPTwaxzu41/TyjXTueuKjxLlnTOhQfxE+YdA/QTiSXEkWh4gZ5zDZLg==:",
signature: "sig1=:Tk6ZvOqKxPysDpLPyjDRah76Uskr8OYxcuJasg4tSrD8qRaGBTji+WdMHxkkTqUX1cASaoqAdE3s7YDUFmlnCw==:",
'signature-input': 'sig1=("@method" "@target-uri" "authorization" "content-digest" "content-length" "content-type");created=1670837620;keyid="keyid-97a3a431-8ee1-48fc-ac85-70e2f5eba8e5";alg="ed25519"',
authorization: 'GNAP 123454321'
},
body: JSON.stringify(body)
}
):
FAQs
Provides utilities for working with HTTP signatures
The npm package @interledger/http-signature-utils receives a total of 367 weekly downloads. As such, @interledger/http-signature-utils popularity was classified as not popular.
We found that @interledger/http-signature-utils demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
npm has a revamped search experience with new, more transparent sorting options—Relevance, Downloads, Dependents, and Publish Date.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.