Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@solana/keys

Package Overview
Dependencies
Maintainers
15
Versions
1497
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@solana/keys

Helpers for generating and transforming key material

  • 2.0.0-experimental.4f33613
  • Source
  • npm
  • Socket score

Version published
Maintainers
15
Created
Source

npm npm-downloads semantic-release
code-style-prettier

@solana/keys

This package contains utilities for validating, generating, and manipulating addresses and key material. It can be used standalone, but it is also exported as part of the Solana JavaScript SDK @solana/web3.js@experimental.

Types

Signature

This type represents a 64-byte Ed25519 signature of some data with a private key, as a base58-encoded string.

SignatureBytes

This type represents a 64-byte Ed25519 signature of some data with a private key.

Whenever you need to verify that a particular signature is, in fact, the one that would have been produced by signing some known bytes using the private key associated with some known public key, use the verifySignature() function in this package.

Functions

assertIsSignature()

From time to time you might acquire a string that you expect to be a base58-encoded signature (eg. of a transaction) from an untrusted network API or user input. To assert that such an arbitrary string is in fact an Ed25519 signature, use the assertIsSignature function.

import { assertIsSignature } from '@solana/keys';

// Imagine a function that asserts whether a user-supplied signature is valid or not.
function handleSubmit() {
    // We know only that what the user typed conforms to the `string` type.
    const signature: string = signatureInput.value;
    try {
        // If this type assertion function doesn't throw, then
        // Typescript will upcast `signature` to `Signature`.
        assertIsSignature(signature);
        // At this point, `signature` is a `Signature` that can be used with the RPC.
        const {
            value: [status],
        } = await rpc.getSignatureStatuses([signature]).send();
    } catch (e) {
        // `signature` turned out not to be a base58-encoded signature
    }
}

generateKeyPair()

Generates an Ed25519 public/private key pair for use with other methods in this package that accept CryptoKey objects.

import { generateKeyPair } from '@solana/keys';

const { privateKey, publicKey } = await generateKeyPair();

isSignature()

This is a type guard that accepts a string as input. It will both return true if the string conforms to the Signature type and will refine the type for use in your program.

import { isSignature } from '@solana/keys';

if (isSignature(signature)) {
    // At this point, `signature` has been refined to a
    // `Signature` that can be used with the RPC.
    const {
        value: [status],
    } = await rpc.getSignatureStatuses([signature]).send();
    setSignatureStatus(status);
} else {
    setError(`${signature} is not a transaction signature`);
}

signBytes()

Given a private CryptoKey and a Uint8Array of bytes, this method will return the 64-byte Ed25519 signature of that data as a Uint8Array.

import { signBytes } from '@solana/keys';

const data = new Uint8Array([1, 2, 3]);
const signature = await signBytes(privateKey, data);

signature()

This helper combines asserting that a string is an Ed25519 signature with coercing it to the Signature type. It's best used with untrusted input.

import { signature } from '@solana/keys';

const signature = signature(userSuppliedSignature);
const {
    value: [status],
} = await rpc.getSignatureStatuses([signature]).send();

verifySignature()

Given a public CryptoKey, some SignatureBytes, and a Uint8Array of data, this method will return true if the signature was produced by signing the data using the private key associated with the public key, and false otherwise.

import { verifySignature } from '@solana/keys';

const data = new Uint8Array([1, 2, 3]);
if (!(await verifySignature(publicKey, signature, data))) {
    throw new Error('The data were *not* signed by the private key associated with `publicKey`');
}

Keywords

FAQs

Package last updated on 24 Jan 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc