@jitsi/megolm
Advanced tools
Megolm.js is an implementation of the megolm cryptographic ratchet in JavaScript.
Megolm is the current cryptographic ratchet used by libolm for group chat sessions.
Its security features and limitations can be found here.
This library exists because we wanted to use a ratchet with the same properties as megolm, but libolm currently ties its use to group chat messages. There are other use cases, however.
This implementation is a port of the C implementation without too many bells and whistles in order to make checking its correctness easier.
declare type RatchetData = Array<Uint8Array>;
interface RatchetState {
counter: number;
data: RatchetData;
}
/**
* Megolm.js is a JavaScript implementation of the Megolm cryptographic ratchet.
* It is intended to be used standalone, but it's interoperable with libolm's
* implementation.
*/
export declare class Megolm {
/**
* Builds a Megolm object from the shared session format used by libolm's
* OutgoingSession.session_key() method.
*/
static fromSharedSession(sessionKey: string): Megolm;
/**
* Builds a new Megolm instance. The given initial state can be used to restore
* a previously saved ratchet state.
*/
constructor(initialState?: RatchetState);
/**
* Advances the ratched by one step.
*/
advance(): Promise<void>;
/**
* Advances the ratchet the given number of steps.
*/
advanceTo(idx: number): Promise<void>;
/**
* Encrypts the given data using the current key.
* The encryption performed is AES-CBC, as specified by megolm.
*/
encrypt(data: Uint8Array): Promise<ArrayBuffer>;
/**
* Decrypts the given data using the current key.
*/
decrypt(data: Uint8Array): Promise<ArrayBuffer>;
/**
* Computes the signature of the given data using HMAC SHA-256.
*/
sign(data: Uint8Array): Promise<ArrayBuffer>;
/**
* Verfifies the given signature for the given data.
*/
verify(signature: Uint8Array, data: Uint8Array): Promise<boolean>;
/**
* Returns the current ratchet state. This can be used to serialize and restore
* it later.
*/
getState(): RatchetState;
}
The Matrix team, for writing libolm and megolm in the first place.
FAQs
Megolm single ratchet implementation in pure JavaScript
The npm package @jitsi/megolm receives a total of 1 weekly downloads. As such, @jitsi/megolm popularity was classified as not popular.
We found that @jitsi/megolm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.