connect-pgp
Advanced tools
Comparing version 0.1.15 to 0.2.0
21
index.js
@@ -5,6 +5,21 @@ var SigningStream = require('./signingstream').SigningStream; | ||
module.exports = function sign(pgpArmoredPrivateKey, password, gpgKeyRingName) { | ||
/** | ||
signFuction should be the following: | ||
function (cleartext, callback); | ||
var jspgp = require('./jspgp')(pgpArmoredPrivateKey, password, gpgKeyRingName); | ||
- `cleartext`: a `String` var to be signed | ||
- `callback`: a function(err, ciphertext) width: | ||
* `err`: a string containing error if one occured | ||
* `signature`: a string containing ASCII armored signature | ||
Note: a valid PGP signatures matches this format: | ||
> -----BEGIN PGP SIGNATURE----- | ||
> ... | ||
> -----END PGP SIGNATURE----- | ||
**/ | ||
module.exports = function sign(signFunction) { | ||
return function sign(req, res, next){ | ||
@@ -57,3 +72,3 @@ var write = res.write | ||
// signature stream | ||
stream = new SigningStream(jspgp, boundary); | ||
stream = new SigningStream(signFunction, boundary); | ||
@@ -60,0 +75,0 @@ // header fields |
{ | ||
"name": "connect-pgp", | ||
"version": "0.1.15", | ||
"version": "0.2.0", | ||
"description": "Connect middleware to cryptographically sign HTTP responses.", | ||
@@ -5,0 +5,0 @@ "directories": { |
@@ -11,9 +11,13 @@ # Connect-pgp | ||
var armoredPrivateKey = fs.readFileSync('somePGPKey.private', 'utf8'); | ||
// This is your super signing own function! | ||
function doSign(msg, callback) { | ||
// Do signing stuff... | ||
callback(err, pgpSignedMessage); | ||
} | ||
// New connect app | ||
var app = connect(); | ||
app.use(pgpsign(armoredPrivateKey, 'password for unlocking')); | ||
// Or, to use gpg system command as underlying PGP signature layer | ||
app.use(pgpsign(armoredPrivateKey, 'password for unlocking', 'keyringName')); | ||
// Now signing HTTP requests! | ||
app.use(pgpsign(doSign)); | ||
``` | ||
@@ -20,0 +24,0 @@ |
var stream = require('stream'); | ||
var util = require('util'); | ||
function SigningStream(jspgp, boundary) { | ||
function SigningStream(sign, boundary) { | ||
stream.Stream.call(this); | ||
this.writable = true; | ||
this.buffer = ""; | ||
this.jspgp = jspgp; | ||
this.sign = sign; | ||
this.boundary = boundary; | ||
@@ -27,4 +27,5 @@ }; | ||
var body = that.buffer.replace(/\r\n/g, '\n').replace(/\n/g, '\r\n'); | ||
var text = body; | ||
// var start = Date.now(); | ||
that.jspgp.sign(body, function (err, text, ciphertext) { | ||
that.sign(body, function (err, ciphertext) { | ||
// var end = Date.now(); | ||
@@ -48,3 +49,2 @@ // console.log("Duration: %sms", (end-start)); | ||
module.exports.SigningStream = SigningStream; | ||
module.exports.SigningStream = SigningStream; |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Copyleft License
License(Experimental) Copyleft license information was found.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Mixed license
License(Experimental) Package contains multiple licenses.
Found 1 instance in 1 package
Non-permissive License
License(Experimental) A license not known to be considered permissive was found.
Found 1 instance in 1 package
0
100
65
0
1
7458
8
128