Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@xchainjs/xchain-crypto
Advanced tools
The XCHAIN CRYPTO package is a crypto package used by all XCHAIN
clients.
XCHAIN-CRYPTO encrypts a master phrase to a keystore. This keystore can then be exported to other XCHAIN wallets or stored securely.
Users can export their phrase and import them into other wallets since it is a BIP39 compatible phrase.
Typically keystore files encrypt a seed
to a file, however this is not appropriate or UX friendly, since the phrase cannot be recovered after the fact.
Crypto design:
[entropy] -> [phrase] -> [seed] -> [privateKey] -> [publicKey] -> [address]
Instead, XCHAIN-CRYPTO stores the phrase in a keystore file, then decrypts and passes this phrase to other clients:
[keystore] -> XCHAIN-CRYPTO -> [phrase] -> ChainClient
The ChainClients can then convert this into their respective key-pairs and addresses. Users can also export their phrases after the fact, ensuring they have saved it securely. This could enhance UX onboarding since users aren't forced to write their phrases down immediately for empty or test wallets.
// Crypto Constants for xchain
const cipher = 'aes-128-ctr'
const kdf = 'pbkdf2'
const prf = 'hmac-sha256'
const dklen = 32
const c = 262144
const hashFunction = 'sha256'
const meta = 'xchain-keystore'
@xchainjs/xchain-crypto
from npm
yarn add @xchainjs/xchain-crypto
import { generatePhrase, validatePhrase, encryptToKeyStore, decryptFromKeystore } from '../src/crypto'
const phrase = generatePhrase()
const isCorrect = validatePhrase(phrase)
const password = 'thorchain'
const keystore = await encryptToKeyStore(phrase, password)
const phraseDecrypted = await decryptFromKeystore(keystore, password)
Keystore Type
export type Keystore = {
address: string
crypto: {
cipher: string
ciphertext: string
cipherparams: {
iv: string
}
kdf: string
kdfparams: {
prf: string
dklen: number
salt: string
c: number
}
mac: string
}
id: string
version: number
meta: string
}
yarn build
yarn test
FAQs
XChain Crypto is a crypto module needed by all XChain clients.
The npm package @xchainjs/xchain-crypto receives a total of 147 weekly downloads. As such, @xchainjs/xchain-crypto popularity was classified as not popular.
We found that @xchainjs/xchain-crypto demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.