Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@ndn/keychain
Advanced tools
This package is part of NDNts, Named Data Networking libraries for the modern web.
This package provides signing algorithms, encryption algorithms, and certificate management features.
The implementation uses Web Crypto API that is natively supported in Node.js and modern browsers.
Most browsers restrict WebCrypto to secure contexts only, so that this implementation will not work on a webpage that is not delivered securely.
During development, you may use http://localhost
or ngrok to serve the webpage from a secure context.
This package implements signature types defined in NDN Packet Format 0.3:
@ndn/packet
package)
Both Interest and Data are signable.
Several functions accept an algoList
argument that contains the crypto algorithms it can recognize.
Typically, the default value of this argument is SigningAlgorithmListSlim
, EncryptionAlgorithmListSlim
, or CryptoAlgorithmListSlim
.
These slim lists include only ECDSA algorithm, which is the most commonly used in NDN applications.
If you need to use other algorithms or communicate with applications that use other algorithms, you should pass SigningAlgorithmListFull
, EncryptionAlgorithmListFull
, or CryptoAlgorithmListFull
to these functions.
These full lists include all algorithms implemented in NDNts.
If you know which algorithms are needed, you can import individual algorithms and pass an array of desired algorithms.
This design is a trade-off for reducing browser bundle size.
Certificate
class provides basic operations with NDN Certificate Format.
PublicKey
for RSASSA-PKCS1-v1_5, ECDSA, Ed25519KeyChain
class provides storage of PrivateKey
and Certificate
.
It could be ephemeral or persistent.
KeyChain.createTemp()
creates an in-memory ephemeral keychain.
KeyChain.open(locator)
opens a persistent keychain.
Persistent keychain in Node.js uses JSON files as underlying storage.
The locator argument should be a filesystem directory where these files are stored.
Private keys are saved as JSON Web Key (JWK) format, so that it's important to protect the storage directory.
It is unsafe to simultaneously construct multiple KeyChain
instances on the same storage directory or access the same keychain from multiple Node.js processes.
Persistent keychain in browser uses IndexedDB API.
The locator argument determines the database name(s).
Private keys are saved as non-extractable CryptoKey
objects.
FAQs
NDNts: Key Chain
We found that @ndn/keychain demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.