cryptbox
Data encryption and signing library used by the TubitID to sign and encrypt badges. Aims to create the lowest size output with the given data and encryption/signature methods. Can encrypt(aes/3des) and box the data with a variable sized hmac signature(truncated) or a fixed size ECDSA signature.
For symmetric key signatures, HMAC-SHA512 is used. For asymmetric(prrivate/public key) signatures, ECDSA with different curve options is used. The encryption can be done by either using AES or 3DES. Libraries used are meant to be cross-platform and this package is aimed to be used on react-native, web and node platforms.
This package can be used with any kind of arbitrary data, since it works with Buffers/Uint8Arrays. For TubitID, it is used to add protection and signature capabilities to our qr code badges.
Libraries used
For signing, encryption and cross platform buffer support, below libraries are used.
Installattion
Run npm install --save @tubitid/cryptbox
to install this package.
Usage
The package follows the es module exports convention.
const assert = require('assert');
const { Cryptbox, EncryptionAlgorithm, ECDSACurve } = require('@tubitid/cryptbox');
const cryptbox = Cryptbox.builder()
.withECDSASignature(ECDSACurve.p192, 'base64 or uint8 arr pub key', 'optional priv key')
.withEncryption('encryption key as string', EncryptionAlgorithm.AES)
.withHMACSignature('hmac signature key', 8)
.build();
async function example(){
const data = Uint8Array.from([1, 2, 3]);
const resultBase64 = await cryptbox.protect(data);
const resultBytes = await cryptbox.protectBinary(data);
const unprotected = await cryptbox.unprotect(resultBase64);
const unprotected2 = await cryptbox.unprotectBinary(resultBytes);
assert(data.toString() === unprotected.toString() && data.toString() === unprotected2.toString());
}
example().then(console.log, console.log);