crypto-ld - npm Package Compare versions

Comparing version 3.7.0 to 3.8.0

CHANGELOG.md

 # crypto-ld ChangeLog
 
-## 3.7.0 - TBD
+## 3.8.0 - 2020-06-23
 
 ### Added
+- Setup CI and coverage workflow.
+- Add node 14 to CI.
+- Use sodium-native@3.2.0.
+
+## 3.7.0 - 2019-09-06
+
+### Added
 - Add support for Node 12 Ed25519 generate, sign, and verify.
@@ -7,0 +14,0 @@ - Make `sodium-native` an optional dependency.

lib/Ed25519KeyPair.js

@@ -14,2 +14,3 @@ /*!
 class Ed25519KeyPair extends LDKeyPair {
+  /* eslint-disable max-len */
   /**
@@ -39,2 +40,3 @@ * An implementation of
    */
+  /* eslint-enable */
   constructor(options = {}) {
@@ -201,2 +203,3 @@ super(options);
 
+  /* eslint-disable max-len */
   /**
@@ -213,2 +216,3 @@ * Returns a signer object for use with
    */
+  /* eslint-enable */
   signer() {
@@ -218,2 +222,3 @@ return ed25519SignerFactory(this);
 
+  /* eslint-disable max-len */
   /**
@@ -230,2 +235,3 @@ * Returns a verifier object for use with
    */
+  /* eslint-enable */
   verifier() {
@@ -235,2 +241,3 @@ return ed25519VerifierFactory(this);
 
+  /* eslint-disable max-len */
   /**
@@ -247,2 +254,3 @@ * Adds a public key base to a public key node.
    */
+  /* eslint-enable */
   addEncodedPublicKey(publicKeyNode) {
@@ -249,0 +257,0 @@ publicKeyNode.publicKeyBase58 = this.publicKeyBase58;

package.json

 {
   "name": "crypto-ld",
-  "version": "3.7.0",
+  "version": "3.8.0",
   "description": "A library for managing cryptographic keys using Linked Data.",
@@ -31,3 +31,3 @@ "homepage": "https://github.com/digitalbazaar/crypto-ld",
   "optionalDependencies": {
-    "sodium-native": "^2.3.0"
+    "sodium-native": "^3.2.0"
   },
@@ -46,6 +46,6 @@ "devDependencies": {
     "cross-env": "^5.1.3",
-    "eslint": "^5.14.1",
-    "eslint-config-digitalbazaar": "^1.5.0",
+    "eslint": "^6.8.0",
+    "eslint-config-digitalbazaar": "^2.0.0",
     "jsdoc-to-markdown": "^4.0.1",
-    "karma": "^3.1.1",
+    "karma": "^4.0.1",
     "karma-babel-preprocessor": "^8.0.0",
@@ -62,3 +62,3 @@ "karma-chrome-launcher": "^2.2.0",
     "karma-webpack": "^3.0.5",
-    "mocha": "^5.0.5",
+    "mocha": "^6.0.0",
     "mocha-lcov-reporter": "^1.3.0",
@@ -68,3 +68,3 @@ "multibase": "^0.6.0",
     "multihashes": "^0.4.14",
-    "nyc": "^13.1.0",
+    "nyc": "^15.0.0",
     "webpack": "^4.29.0"
@@ -106,2 +106,3 @@ },
     "coverage": "cross-env NODE_ENV=test nyc --reporter=lcov --reporter=text-summary npm run test-node",
+    "coverage-ci": "cross-env NODE_ENV=test nyc --reporter=text-lcov npm run test-node > coverage.lcov",
     "coverage-report": "nyc report",
@@ -108,0 +109,0 @@ "lint": "eslint lib tests",

README.md

@@ -9,6 +9,7 @@ # Crypto LD (Linked Data) _(crypto-ld)_
 
+- [Background](#background)
 - [Security](#security)
-- [Background](#background)
 - [Install](#install)
 - [Usage](#usage)
+- [API](#api-documentation)
 - [Contribute](#contribute)
@@ -18,6 +19,65 @@ - [Commercial Support](#commercial-support)
 
+## Background
+
 See also (related specs):
 
+* [Linked Data Proofs 1.0](https://w3c-dvcg.github.io/ld-proofs/)
 * [Linked Data Cryptographic Suite Registry](https://w3c-ccg.github.io/ld-cryptosuite-registry/)
 
+As a developer, in order to use this library, you will need to make the 
+following decisions, constrained by your use case:
+
+1. [Which key type](#choosing-key-type) and suite to use?
+2. What IDs will you give your keys? We recommend the following pattern:
+    `<did or url>#<key fingerprint>`. (See Exporting Key Pair section below
+    for an example of this.)
+3. (Not required, but highly recommended) What is your [Private Key Storage](#private-key-storage) 
+    strategy? (KMS, file system, secure wallet)
+
+### Supported Key Types
+
+This library supports the following key types (used primarily for the purpose
+of digital signatures):
+
+* [Ed25519](https://w3c-ccg.github.io/ld-cryptosuite-registry/#ed25519)
+* [RSA](https://w3c-ccg.github.io/ld-cryptosuite-registry/#rsa)
+
+These key pairs can be used for general purpose digital signatures using the 
+[`jsonld-signatures`](https://github.com/digitalbazaar/jsonld-signatures), 
+signing of Verifiable Credentials using [`vc-js`](https://github.com/digitalbazaar/vc-js),
+and other purposes.
+
+Additional key types are available (using the same API as this library) at the
+following repos:
+
+* [EcdsaSecp256k1](https://w3c-dvcg.github.io/lds-ecdsa-secp256k1-2019/) at 
+    [`secp256k1-key-pair`](https://github.com/digitalbazaar/secp256k1-key-pair/)
+* Curve25519 at [`x25519-key-pair`](https://github.com/digitalbazaar/x25519-key-pair)
+  (for use with [`minimal-cipher`](https://github.com/digitalbazaar/minimal-cipher))
+
+#### Choosing Key Type
+
+TODO: Add design considerations for choosing key types / cryptographic 
+algorithms for various purposes. For now:
+
+* Use **Ed25519** keys if you can
+* Use **EcdsaSepc256k1** keys if you must (for example, if you're developing for 
+  a Bitcoin-based or Ethereum-based ledger) 
+* You _can_ use RSA keys to sign, if your use case requires it.
+* Use **Curve25519** for key agreement protocols.
+
+#### Private Key Storage
+
+Where to store the private keys?
+
+TODO: Add a brief discussion of where to store the private keys. Point to
+several recommended Wallet or KMS libraries.
+
+Use `await keyPair.export()`
+
+## Security
+
+As with most security- and cryptography-related tools, the overall security of
+your system will largely depend on your design decisions.
+
 ## Install
@@ -36,2 +96,61 @@
 
+## Usage
+
+### Generating a new key pair
+
+Ed25519:
+
+```js
+const {Ed25519KeyPair} = require('crypto-ld');
+
+const keyPair = await Ed25519KeyPair.generate();
+```
+
+RSA:
+
+```js
+const {RSAKeyPair} = require('crypto-ld');
+
+const keyPair = await RSAKeyPair.generate();
+```
+
+### Exporting a public/private key pair
+
+```js
+const edKeyPair = await Ed25519KeyPair.generate();
+edKeyPair.id = 'did:ex:123#' + edKeyPair.fingerprint();
+
+console.log(await edKeyPair.export())
+/* ->
+{ 
+  id: 'did:ex:123#z6MkumafR1duPR5FZgbVu8nzX3VyhULoXNpq9rpjhfaiMQmx',
+  type: 'Ed25519VerificationKey2018',
+  publicKeyBase58: 'GKKcpmPU3sanTBkoDZq9fwwysu4x7VaUTquosPchSBza',
+  privateKeyBase58:
+   '3cEzNVGdLoujfhWXqrbo1FgYy9GHA5GXYvB4KixHVuQoRbWbHTJP7XTkj6LqXeiFhw79v85E4wjPQc8WcdyzntcA' 
+}
+*/
+
+```
+
+### Importing a key pair from storage
+
+If you know what type of key you're expecting, use its appropriate class:
+
+```js
+const serializedKeyPair = JSON.stringify(await keyPair.export());
+// later
+const keyPair = await Ed25519KeyPair.from(JSON.parse(serializedKeyPair));
+```
+
+If you do not know which key type to expect, `LDKeyPair.from()` will route
+based on type:
+
+```js
+const {LDKeyPair} = require('crypto-ld');
+
+// serializedKeyPair contains a serialized Ed25519KeyPair
+const keyPair = await LDKeyPair.from(JSON.parse(serializedKeyPair));
+```
+
 ## API Documentation
@@ -53,3 +172,3 @@
 
-Small note: If editing the Readme, please conform to the
+If editing the Readme, please conform to the
 [standard-readme](https://github.com/RichardLitt/standard-readme) specification.
@@ -56,0 +175,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

59023

increased by7.45%

Lines of code

1354

increased by0.59%

Number of lines in readme file

180

increased by195.08%

No dependency changes