crypto-ld - npm Package Compare versions

Comparing version 4.0.3 to 5.0.0

CHANGELOG.md

 # crypto-ld ChangeLog
 
+## 5.0.0 - 2021-03-16
+
+### Changed
+- **BREAKING**: Remove `LDVerifierKeyPair` subclass. Fold `signer()` and 
+  `verifier()` methods into parent `LDKeyPair` class.
+- **BREAKING**: Remove `keyPair.addPrivateKey()` and `keyPair.addPublicKey()`.
+  Subclasses will just need to override `export()` directly.
+
+### Upgrading from v4.x
+The breaking changes in v5 do not affect any application code, they only affect
+key pair plugins such as
+https://github.com/digitalbazaar/ed25519-verification-key-2020.
+No changes necessary in application code upgrading from `v5` from `v4`.
+
 ## 4.0.3 - 2020-11-25
@@ -4,0 +18,0 @@

lib/CryptoLD.js

@@ -45,3 +45,3 @@ /*!
 
-    return await this.suites.get(type).generate(options);
+    return this.suites.get(type).generate(options);
   }
@@ -48,0 +48,0 @@

lib/index.js

@@ -8,8 +8,6 @@ /*
 const {LDKeyPair} = require('./LDKeyPair');
-const {LDVerifierKeyPair} = require('./LDVerifierKeyPair');
 
 module.exports = {
   CryptoLD,
-  LDKeyPair,
-  LDVerifierKeyPair
+  LDKeyPair
 };

lib/LDKeyPair.js

@@ -69,2 +69,5 @@ /*!
    *
+   * NOTE: Subclasses MUST override this method (and add the exporting of
+   * their public and private key material).
+   *
    * @param {boolean} [publicKey] - Export public key material?
@@ -86,8 +89,3 @@ * @param {boolean} [privateKey] - Export private key material?
     };
-    if(publicKey) {
-      this.addPublicKey({key}); // Subclass-specific
-    }
-    if(privateKey) {
-      this.addPrivateKey({key}); // Subclass-specific
-    }
+
     return key;
@@ -97,23 +95,2 @@ }
   /**
-   * Adds the suite-specific public key material, serialized to string, to
-   * the exported public key node.
-   * @param {object} key - Public key object.
-   * @returns {object}
-   */
-  addPublicKey(/* {key} */) {
-    throw new Error('Abstract method, must be implemented in subclass.');
-  }
-
-  /**
-   * Adds the suite-specific private key material, serialized to string, to
-   * the exported public key node.
-   *
-   * @param {object} key - Private key object.
-   * @returns {object}
-   */
-  addPrivateKey(/* {key} */) {
-    throw new Error('Abstract method, must be implemented in subclass.');
-  }
-
-  /**
    * Returns the public key fingerprint, multibase+multicodec encoded. The
@@ -144,2 +121,48 @@ * specific fingerprint method is determined by the key suite, and is often
   }
+
+  /* eslint-disable max-len */
+  /**
+   * Returns a signer object for use with
+   * [jsonld-signatures]{@link https://github.com/digitalbazaar/jsonld-signatures}.
+   * NOTE: Applies only to verifier type keys (like ed25519).
+   *
+   * @example
+   * > const signer = keyPair.signer();
+   * > signer
+   * { sign: [AsyncFunction: sign] }
+   * > signer.sign({data});
+   *
+   * @returns {{sign: Function}} A signer for json-ld usage.
+   */
+  /* eslint-enable */
+  signer() {
+    return {
+      async sign({/* data */}) {
+        throw new Error('Abstract method, must be implemented in subclass.');
+      }
+    };
+  }
+
+  /* eslint-disable max-len */
+  /**
+   * Returns a verifier object for use with
+   * [jsonld-signatures]{@link https://github.com/digitalbazaar/jsonld-signatures}.
+   * NOTE: Applies only to verifier type keys (like ed25519).
+   *
+   * @example
+   * > const verifier = keyPair.verifier();
+   * > verifier
+   * { verify: [AsyncFunction: verify] }
+   * > verifier.verify(key);
+   *
+   * @returns {{verify: Function}} Used to verify jsonld-signatures.
+   */
+  /* eslint-enable */
+  verifier() {
+    return {
+      async verify({/* data, signature */}) {
+        throw new Error('Abstract method, must be implemented in subclass.');
+      }
+    };
+  }
 }
@@ -146,0 +169,0 @@

package.json

 {
   "name": "crypto-ld",
-  "version": "4.0.3",
+  "version": "5.0.0",
   "description": "A Javascript library for generating and performing common operations on Linked Data cryptographic key pairs.",
@@ -5,0 +5,0 @@ "homepage": "https://github.com/digitalbazaar/crypto-ld",

README.md

 # Cryptographic Key Pair Library for Linked Data _(crypto-ld)_
 
 [![Node.js CI](https://github.com/digitalbazaar/crypto-ld/workflows/Node.js%20CI/badge.svg)](https://github.com/digitalbazaar/crypto-ld/actions?query=workflow%3A%22Node.js+CI%22)
+[![NPM Version](https://img.shields.io/npm/v/crypto-ld.svg?style=flat-square)](https://npm.im/crypto-ld)
 
+
 > A Javascript library for generating and performing common operations on Linked Data cryptographic key pairs.
@@ -19,4 +21,9 @@
 
-### Supported Key Types
+See also (related specs):
 
+* [Linked Data Cryptographic Suite Registry](https://w3c-ccg.github.io/ld-cryptosuite-registry/)
+* [Linked Data Proofs 1.0](https://w3c-ccg.github.io/ld-proofs/)
+
+### Supported Key Types (`crypto-ld` versions `4+`)
+
 This library provides general Linked Data cryptographic key generation 
@@ -30,13 +37,15 @@ functionality, but does not support any individual key type by default.
 |-------------|--------------|---------|-------|
-| `Ed25519`   | [Ed25519VerificationKey2018](https://w3c-ccg.github.io/ld-cryptosuite-registry/#ed25519) | [`ed25519-verification-key-2018`](https://github.com/digitalbazaar/ed25519-verification-key-2018) | Signatures, VCs, zCaps, DIDAuth |
+| `Ed25519`   | **[Ed25519VerificationKey2020](https://w3c-ccg.github.io/lds-ed25519-2020/#ed25519verificationkey2020)** (recommended), [Ed25519VerificationKey2018](https://w3c-ccg.github.io/lds-ed25519-2018/#the-ed25519-key-format) (legacy) | **[`ed25519-verification-key-2020 >=1.0`](https://github.com/digitalbazaar/ed25519-verification-key-2020)** (recommended),  [`ed25519-verification-key-2018 >=2.0`](https://github.com/digitalbazaar/ed25519-verification-key-2018) (legacy) | Signatures, VCs, zCaps, DIDAuth |
+| `X25519/Curve25519`    | X25519KeyAgreementKey2019 | [`x25519-key-agreement-key-2019 >=4.0`](https://github.com/digitalbazaar/x25519-key-agreement-key-2019) | [ECDH](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) key agreement, JWE/CWE encryption with [`minimal-cipher`](https://github.com/digitalbazaar/minimal-cipher) |  
 | `Secp256k1` | [EcdsaSecp256k1VerificationKey2019](https://w3c-ccg.github.io/ld-cryptosuite-registry/#secp256k1) | [`ecdsa-secp256k1-verification-key-2019`](https://github.com/digitalbazaar/ecdsa-secp256k1-verification-key-2019) | Signatures, VCs, zCaps, DIDAuth, HD Wallets |
-| `RSA`       | [RsaVerificationKey2018](https://w3c-ccg.github.io/ld-cryptosuite-registry/#rsasignature2018) | [`rsa-verification-key-2018`](https://github.com/digitalbazaar/rsa-verification-key-2018) | Signatures, VCs |
-| `X25519/Curve25519`    | X25519KeyAgreementKey2019 | [`x25519-key-agreement-key-2019`](https://github.com/digitalbazaar/x25519-key-agreement-key-2019) | [ECDH](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) key agreement, JWE/CWE encryption with [`minimal-cipher`](https://github.com/digitalbazaar/minimal-cipher) |  
 
-See also (related specs):
+### Legacy Supported Key Types (`crypto-ld` versions `<=3`)
 
-* [Linked Data Cryptographic Suite Registry](https://w3c-ccg.github.io/ld-cryptosuite-registry/)
-* [Linked Data Proofs 1.0](https://w3c-ccg.github.io/ld-proofs/)
+In the previous version (v3.x) of `crypto-ld`, the RSA and Ed25519 suites were
+bundled with `crypto-ld` (as opposed to residing in standalone packages).
+For previous usage instructions of bundled RSA, Ed25519 and standalone
+Curve25519/[`x25519-key-pair`](https://github.com/digitalbazaar/x25519-key-agreement-key-2019/tree/v3.1.0)
+type keys, see the [README for `crypto-ld` v3.9](https://github.com/digitalbazaar/crypto-ld/tree/v3.9.0).
 
-#### Choosing a Key Type
+### Choosing a Key Type
 
@@ -48,7 +57,6 @@ For digital signatures using the
 
-* Prefer **Ed25519VerificationKey2018** type keys, by default.
+* Prefer **Ed25519VerificationKey2020** type keys, by default.
 * Use **EcdsaSepc256k1** keys if your use case requires it (for example, if 
   you're developing for a Bitcoin-based or Ethereum-based ledger), or if you
   require Hierarchical Deterministic (HD) wallet functionality. 
-* Only use RSA keys when interfacing with systems that require them.
   
@@ -67,3 +75,3 @@ For key agreement protocols for encryption operations:
 
-- Node.js 10.12.0+ is required.
+- Node.js 12.0+ is required.
 
@@ -88,6 +96,4 @@ To install locally (for development):
 ```js
-import {Ed25519VerificationKey2018} from '@digitalbazaar/ed25519-verification-key-2018';
-import {RsaVerificationKey2018} from 'rsa-verification-key-2018';
-import {EcdsaSecp256k1VerificationKey2019} from 'ecdsa-secp256k1-verification-key-2019';
-import {X25519KeyAgreementKey2019} from 'x25519-key-agreement-key-2019';
+import {Ed25519VerificationKey2020} from '@digitalbazaar/ed25519-verification-key-2020';
+import {X25519KeyAgreementKey2019} from '@digitalbazaar/x25519-key-agreement-key-2019';
 
@@ -97,9 +103,6 @@ import {CryptoLD} from 'crypto-ld';
 
-cryptoLd.use(Ed25519VerificationKey2018);
-cryptoLd.use(RsaVerificationKey2018);
-cryptoLd.use(EcdsaSecp256k1VerificationKey2019);
+cryptoLd.use(Ed25519VerificationKey2020);
 cryptoLd.use(X25519KeyAgreementKey2019);
 
-const edKeyPair = await cryptoLd.generate({type: 'Ed25519VerificationKey2018'});
-const rsaKeyPair = await cryptoLd.generate({type: 'RsaVerificationKey2018'});
+const edKeyPair = await cryptoLd.generate({type: 'Ed25519VerificationKey2020'});
 ```
@@ -143,7 +146,7 @@
 // ->
-{ 
-  id: 'did:ex:123#z6MkumafR1duPR5FZgbVu8nzX3VyhULoXNpq9rpjhfaiMQmx',
-  controller: 'did:ex:123',
-  type: 'Ed25519VerificationKey2018',
-  publicKeyBase58: 'GKKcpmPU3sanTBkoDZq9fwwysu4x7VaUTquosPchSBza'
+{
+  type: 'Ed25519VerificationKey2020',
+  id: 'did:example:1234#z6MkszZtxCmA2Ce4vUV132PCuLQmwnaDD5mw2L23fGNnsiX3',
+  controller: 'did:example:1234',
+  publicKeyMultibase: 'zEYJrMxWigf9boyeJMTRN4Ern8DJMoCXaLK77pzQmxVjf'
 }
@@ -161,7 +164,7 @@ ```
 {
-  id: 'did:ex:123#z6Mks8wJbzhWdmkQZgw7z2qHwaxPVnFsFmEZSXzGkLkvhMvL',
-  controller: 'did:ex:123',
-  type: 'Ed25519VerificationKey2018',
-  publicKeyBase58: 'DggG1kT5JEFwTC6RJTsT6VQPgCz1qszCkX5Lv4nun98x',
-  privateKeyBase58: 'sSicNq6YBSzafzYDAcuduRmdHtnrZRJ7CbvjzdQhC45ewwvQeuqbM2dNwS9RCf6buUJGu6N3rBy6oLSpMwha8tc'
+  type: 'Ed25519VerificationKey2020',
+  id: 'did:example:1234#z6MkszZtxCmA2Ce4vUV132PCuLQmwnaDD5mw2L23fGNnsiX3',
+  controller: 'did:example:1234',
+  publicKeyMultibase: 'zEYJrMxWigf9boyeJMTRN4Ern8DJMoCXaLK77pzQmxVjf',
+  privateKeyMultibase: 'z4E7Q4neNHwv3pXUNzUjzc6TTYspqn9Aw6vakpRKpbVrCzwKWD4hQDHnxuhfrTaMjnR8BTp9NeUvJiwJoSUM6xHAZ'
 }
@@ -177,3 +180,3 @@ ```
 // ->
-'z6Mks8wJbzhWdmkQZgw7z2qHwaxPVnFsFmEZSXzGkLkvhMvL'
+'z6MkszZtxCmA2Ce4vUV132PCuLQmwnaDD5mw2L23fGNnsiX3'
 ```
@@ -185,3 +188,3 @@
 keyPair.verifyFingerprint({
-  fingerprint: 'z6Mks8wJbzhWdmkQZgw7z2qHwaxPVnFsFmEZSXzGkLkvhMvL'
+  fingerprint: 'z6MkszZtxCmA2Ce4vUV132PCuLQmwnaDD5mw2L23fGNnsiX3'
 });
@@ -203,3 +206,3 @@ // ->
 ```js
-const keyPair = cryptoLd.generate({type: 'Ed25519VerificationKey2018'});
+const keyPair = cryptoLd.generate({type: 'Ed25519VerificationKey2020'});
 
@@ -218,3 +221,3 @@ const {sign} = keyPair.signer();
 ```js
-const keyPair = cryptoLd.generate({type: 'Ed25519VerificationKey2018'});
+const keyPair = cryptoLd.generate({type: 'Ed25519VerificationKey2020'});
 
@@ -221,0 +224,0 @@ const {verify} = keyPair.verifier();

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

26819

increased by0.39%

Number of lines in readme file

234

increased by1.3%

Worsened metrics

Number of package files

7

decreased by-12.5%

Lines of code

242

decreased by-11.03%

No dependency changes