js-crypto
Crypto library - works both in node and in the browsers.
DISCLAIMER: THIS LIBRARY IS FAR FROM BEING PROD READY, USE IT AT YOUR OWN RISK.
This library contains all we need for cryptography in javascript in a browser-compatible way.
All keys and signatures should also be compatible with go-crypto.
Signatures
The signatures module is in js-crypto/sig
The currently supported algos are:
Signatures are object containing:
- signature: the base64 encoding of the PEM encoded signature
- public_key: the base64 encoding of the PEM encoded public key
- message: the base64 encoded message
Private key
Private keys are PKCE#8 embedded and PEM encoded. They can be encrypted using PKCS#5.
One can either generate a new key with:
import {
sig,
SIGNING_ALGO_RSA,
SIGNING_ALGO_ED25519
} from '@stratumn/js-cryto';
const key = new sig.SigningPrivateKey({ algo: SIGNING_ALGO_RSA.name });
const key = new sig.SigningPrivateKey({ algo: SIGNING_ALGO_ED25519.name });
or import an existing one with:
import { sig } from '@stratumn/js-cryto';
const pemKey =
'-----BEGIN RSA PRIVATE KEY-----......-----END RSA PRIVATE KEY-----';
const key = new sig.SigningPrivateKey({ pemPrivateKey: pemKey });
const pemKey =
'-----BEGIN ENCRYPTED PRIVATE KEY-----......-----END ENCRYPTED PRIVATE KEY-----';
const key = new sig.SigningPrivateKey({
pemPrivateKey: pemKey,
password: 'some password'
});
and then use that key to sign a message:
const signature = key.sign('some message');
The private key can be exported by doing
const pemKey = key.export();
const pemKey = key.export('some password');
The public key is obtained by doing
const publicKey = key.publicKey();
Public key
Public keys can be loaded either from a PEM encoded key.
import { sig } from '@stratumn/js-crypto';
const pemKey =
'-----BEGIN RSA PUBLIC KEY-----......-----END RSA PUBLIC KEY-----';
const key = new sig.SigningPublicKey({ pemPublicKey: pemKey });
The public key is used to verify a signature:
const sig = '-----BEGIN MESSAGE-----...';
const ok = key.verify({ message: 'some message', signature: sig });
Public Key Encryption
The currently supported algos are:
Private key
Private keys are PKCE#8 embedded and PEM encoded. They can be encrypted using PKCS#5.
One can either generate a new key with:
import { pke, PKE_ALGO_RSA } from '@stratumn/js-cryto';
const key = new pke.EncryptionPrivateKey({ algo: PKE_ALGO_RSA.name });
or import an existing one with:
import { pke } from '@stratumn/js-cryto';
const pemKey =
'-----BEGIN RSA PRIVATE KEY-----......-----END RSA PRIVATE KEY-----';
const key = new pke.EncryptionPrivateKey({ pemPrivateKey: pemKey });
const pemKey =
'-----BEGIN ENCRYPTED PRIVATE KEY-----......-----END ENCRYPTED PRIVATE KEY-----';
const key = new pke.EncryptionPrivateKey({
pemPrivateKey: pemKey,
password: 'some password'
});
and then use that key to decrypt a message:
const message = key.decrypt('ciphertext', opts);
where opts is an object containing the decryption options. For example, in the case of RSA + AES-GCM, opts contain:
- encryptedAESKey: the encryption of the symmetric key
- iv: the initialization vector
- tag: the authentication tag
The decryption opptions are supposed to be returned by the encryption (see below).
The private key can be exported by doing
const pemKey = key.export();
const pemKey = key.export('some password');
The public key is obtained by doing
const publicKey = key.publicKey();
Public key
Public keys can be loaded either from a PEM encoded key.
import { pke } from '@stratumn/js-crypto';
const pemKey =
'-----BEGIN RSA PUBLIC KEY-----......-----END RSA PUBLIC KEY-----';
const key = new pke.EncryptionPublicKey({ pemPublicKey: pemKey });
The public key is used to encrypt a message:
const { ciphertext, opts...} = key.encrypt('some text message');