nkeys.js
A public-key signature system based on Ed25519 for the
NATS ecosystem system for JavaScript.
[!IMPORTANT]
With the 2.0.0 release, the library changed module name from nkeys.js
to
@nats-io/nkeys
.
The nkeys.js library works in Deno, Node.js, Bun, and the browser!
Installation
The nkeys library is available on both
npm and
jsr.io
deno add jsr:@nats-io/nkeys
import { createUser, fromPublic, fromSeed } from "@nats-io/nkeys";
In Node:
npm install @nats-io/nkeys
const { createUser, fromSeed, fromPublic } = require("nkeys.js");
import { createUser, fromPublic, fromSeed } from "nkeys.js";
Basic Usage
The documentation is here
const user = createUser();
const seed: Uint8Array = user.getSeed();
console.log(`seeds start with s: ${seed[0] === "S".charCodeAt(0)}`);
console.log(`nkey is for a user? ${seed[1] === "U".charCodeAt(0)}`);
console.log(new TextDecoder().decode(seed));
const priv = fromSeed(seed);
const data = new TextEncoder().encode("Hello World!");
const sig = priv.sign(data);
const valid = user.verify(data, sig);
if (!valid) {
console.error("couldn't validate the data/signature against my key");
} else {
console.error("data was verified by my key");
}
const publicKey = user.getPublicKey();
const pub = fromPublic(publicKey);
if (!pub.verify(data, sig)) {
console.error(`couldn't validate the data/signature with ${publicKey}`);
} else {
console.info(`data was verified by ${publicKey}`);
}
seed.fill(0);
user.clear();
priv.clear();
Curve Keys
Curve keys seal/open (encrypt/decrypt) payloads only, but look like regular
nkeys. The getSeed()
, getPrivate()
, getPublic()
, clear()
work have the
same functionality as the normal nkeys. The APIs to sign()
, verify()
however
will throw an error (regular nkeys will throw an error for seal()
and
open()
)
const a = createCurve();
const b = createCurve();
const c = createCurve();
const payload = new TextEncoder().encode("hello!");
const encrypted = a.seal(payload, b.getPublicKey());
let decrypted = b.open(encrypted, a.getPublicKey());
if (decrypted === null) {
throw new Error("failed to decrypt");
}
console.log(new TextDecoder().decode(decrypted));
decrypted = c.open(encrypted, a.getPublicKey());
if (decrypted !== null) {
throw new Error("this should have been null");
}
decrypted = b.open(encrypted, c.getPublicKey());
if (decrypted !== null) {
throw new Error("shouldn't have decrypted");
}
const nonce = new Uint8Array(24);
const encrypted2 = a.seal(payload, b.getPublicKey(), nonce);
console.log(encrypted, encrypted2);
console.log("---------");
const encrypted3 = a.seal(payload, b.getPublicKey(), nonce);
console.log(encrypted2, encrypted3);
Supported Node Versions
Our support policy for Nodejs versions follows
Nodejs release support. We will support and
build nkeys.js on even-numbered Nodejs versions that are current or in LTS.
Note that this library no longer shims atob
, btoa
, TextEncoder
, nor
TextDecoder
. These should be available in fairly old node builds going as far
back as Node 16. If you need to run on an older environment, use one of the
older versions on npm.
License
Unless otherwise noted, the NATS source files are distributed under the Apache
Version 2.0 license found in the LICENSE file.