crypto-ld - npm Package Compare versions

Comparing version 5.0.0 to 5.1.0

CHANGELOG.md

		# crypto-ld ChangeLog

		## 5.1.0 - 2021-04-01

		### Added
		- Implement `CryptoLD.fromKeyId` API.
		- Implement `LDKeyPair.fromKeyDocument` API.
		- Add support for revoked keys.

		## 5.0.0 - 2021-03-16

		### Changed
		- BREAKING: Remove `LDVerifierKeyPair` subclass. Fold `signer()` and
		- BREAKING: Remove `LDVerifierKeyPair` subclass. Fold `signer()` and
		`verifier()` methods into parent `LDKeyPair` class.
		- BREAKING: `export()` is now a sync function (no reason for it to be
		async).
		- BREAKING: Remove `keyPair.addPrivateKey()` and `keyPair.addPublicKey()`.
		@@ -35,3 +44,3 @@ Subclasses will just need to override `export()` directly.
		### Changed
		- Implement chai-like `.use()` API for installing and specifying individual key
		- Implement chai-like `.use()` API for installing and specifying individual key
		types.
		@@ -41,10 +50,12 @@ - BREAKING: Extracted bundled Ed25519 and RSA key suites to their own
		- BREAKING: Remove deprecated `.owner` instance property
		- BREAKING: Remove deprecated `.passphrase` instance property, and the `encrypt()` and
		`decrypt()` methods (these are no longer used).
		- BREAKING: Remove deprecated/unused `publicKey` and `privateKey` properties.
		- BREAKING: Remove deprecated `.passphrase` instance property, and the
		`encrypt()` and `decrypt()` methods (these are no longer used).
		- BREAKING: Remove deprecated/unused `publicKey` and `privateKey`
		properties.
		- BREAKING: Rename `.publicNode()` to `.export({publicKey: true})`.
		- BREAKING: `.export()` now requires explicitly stating whether you're
		- BREAKING: `.export()` now requires explicitly stating whether you're
		exporting public or private key material.
		- BREAKING: Changed `verifyFingerprint()` to used named params.
		- BREAKING: Changed `addPublicKey()` and `addPrivateKey()` to used named params.
		- BREAKING: Changed `addPublicKey()` and `addPrivateKey()` to used named
		params.

		@@ -60,6 +71,6 @@ ### 4.0.0 - Purpose

		Since this was a comprehensive breaking change in usage, this also gave an
		Since this was a comprehensive breaking change in usage, this also gave an
		opportunity to clean up and streamline the existing API, change function
		signatures to be consistent (for example, to consistently used named parameters),
		and to remove deprecated and unused APIs and properties.
		signatures to be consistent (for example, to consistently used named
		parameters), and to remove deprecated and unused APIs and properties.

		@@ -77,3 +88,4 @@ ### Upgrading from v3.7.0
		without `crypto-ld`.
		* Most function param signatures have been changed to use `{}` style named params.
		* Most function param signatures have been changed to use `{}` style named
		params.

		@@ -80,0 +92,0 @@ ## 3.7.0 - 2019-09-06

lib/CryptoLD.js

		@@ -29,3 +29,3 @@ /*!
		*
		* @param {string} type - Key suite id ('Ed25519VerificationKey2018').
		* @param {string} type - Key suite id ('Ed25519VerificationKey2020').
		*
		@@ -72,5 +72,56 @@ * @param {object} [options] - Optional suite-specific key options.
		/**
		* Imports a key pair instance via the provided `documentLoader` function,
		* optionally checking it for revocation and required context.
		*
		* @param {object} options - Options hashmap.
		* @param {string} options.id - Key ID or URI.
		* @param {Function} options.documentLoader - JSON-LD Document Loader.
		* @param {boolean} [options.checkContext=true] - Whether to check that the
		* fetched key document contains the context required by the key's crypto
		* suite.
		* @param {boolean} [options.checkRevoked=true] - Whether to check the key
		* object for the presence of the `revoked` timestamp.
		*
		* @returns {Promise<LDKeyPair>} Resolves with the appropriate key pair
		* instance.
		*/
		async fromKeyId({
		id, documentLoader, checkContext = true, checkRevoked = true
		} = {}) {
		if(!id) {
		throw new TypeError('The "id" parameter is required.');
		}
		if(!documentLoader) {
		throw new TypeError('The "documentLoader" parameter is required.');
		}
		let keyDocument;
		try {
		({document: keyDocument} = await documentLoader(id));
		// the supplied documentLoader may not be properly implemented
		if(!keyDocument) {
		throw new Error(
		'The "documentLoader" function must return a "document" object.');
		}
		} catch(e) {
		const error = new Error('Error fetching document: ' + e.message);
		error.cause = e;
		throw error;
		}
		const fetchedType = keyDocument.type;
		if(!fetchedType) {
		throw new Error('Key suite type not found in fetched document.');
		}
		const keySuite = this.suites.get(fetchedType);
		if(!keySuite) {
		throw new Error(`Support for suite "${fetchedType}" is not installed.`);
		}

		return keySuite.fromKeyDocument({document: keyDocument, checkContext,
		checkRevoked});
		}

		/**
		* Tests if a given key type is currently installed.
		*
		* @param {string} [type] - Key suite id ('Ed25519VerificationKey2018').
		* @param {string} [type] - Key suite id ('Ed25519VerificationKey2020').
		* @private
		@@ -77,0 +128,0 @@ */

lib/LDKeyPair.js

		/*!
		* Copyright (c) 2018-2020 Digital Bazaar, Inc. All rights reserved.
		* Copyright (c) 2018-2021 Digital Bazaar, Inc. All rights reserved.
		*/
		@@ -11,5 +11,5 @@ 'use strict';
		* 1. Create their own npm package / github repo, such as `example-key-pair`.
		* 2. Subclass either LDVerifierKeyPair (for signature-related suites), or
		* LDKeyPair (for all other types, such as key-agreement-related).
		* 3. Add to the key type table in the `crypto-ld` README.md (that's this repo).
		* 2. Subclass LDKeyPair.
		* 3. Override relevant methods (such as `export()` and `fingerprint()`).
		* 4. Add to the key type table in the `crypto-ld` README.md (that's this repo).
		*/
		@@ -24,10 +24,16 @@ class LDKeyPair {
		*
		* @param {string} id - The Key id, typically composed of controller
		* @param {string} id - The key id, typically composed of controller
		* URL and key fingerprint as hash fragment.
		* @param {string} controller - DID/URL of the person/entity
		* controlling this key.
		* @param {string} [revoked] - Timestamp of when the key has been revoked,
		* in RFC3339 format. If not present, the key itself is considered not
		* revoked. (Note that this mechanism is slightly different than DID
		* Document key revocation, where a DID controller can revoke a key from
		* that DID by removing it from the DID Document.)
		*/
		constructor({id, controller} = {}) {
		constructor({id, controller, revoked} = {}) {
		this.id = id;
		this.controller = controller;
		this.revoked = revoked;
		// this.type is set in subclass constructor
		@@ -51,2 +57,39 @@ }
		/**
		* Imports a key pair instance from a provided externally fetched key
		* document (fetched via a secure JSON-LD `documentLoader` or via
		* `cryptoLd.fromKeyId()`), optionally checking it for revocation and required
		* context.
		*
		* @param {object} options - Options hashmap.
		* @param {string} options.document - Externally fetched key document.
		* @param {boolean} [options.checkContext=true] - Whether to check that the
		* fetched key document contains the context required by the key's crypto
		* suite.
		* @param {boolean} [options.checkRevoked=true] - Whether to check the key
		* object for the presence of the `revoked` timestamp.
		*
		* @returns {Promise<LDKeyPair>} Resolves with the resulting key pair
		* instance.
		*/
		static async fromKeyDocument({
		document, checkContext = true, checkRevoked = true
		} = {}) {
		if(!document) {
		throw new TypeError('The "document" parameter is required.');
		}

		if(checkContext) {
		const fetchedDocContexts = [].concat(document['@context']);
		if(!fetchedDocContexts.includes(this.SUITE_CONTEXT)) {
		throw new Error('Key document does not contain required context "' +
		this.SUITE_CONTEXT + '".');
		}
		}
		if(checkRevoked && document.revoked) {
		throw new Error(`Key has been revoked since: "${document.revoked}".`);
		}
		return this.from(document);
		}

		/**
		* Generates a KeyPair from some options.
		@@ -57,3 +100,3 @@ * @param {object} options - Will generate a key pair
		* > const options = {
		* type: 'Ed25519VerificationKey2018'
		* type: 'Ed25519VerificationKey2020'
		* };
		@@ -66,3 +109,3 @@ * > const edKeyPair = await LDKeyPair.from(options);
		static async from(/* options */) {
		throw new Error('Abstract method, must be implemented in subclass.');
		throw new Error('Abstract method from() must be implemented in subclass.');
		}
		@@ -77,4 +120,5 @@
		*
		* @param {boolean} [publicKey] - Export public key material?
		* @param {boolean} [privateKey] - Export private key material?
		* @param {object} [options={}] - Options hashmap.
		* @param {boolean} [options.publicKey] - Export public key material?
		* @param {boolean} [options.privateKey] - Export private key material?
		*
		@@ -94,2 +138,5 @@ * @returns {object} A public key object
		};
		if(this.revoked) {
		key.revoked = this.revoked;
		}

		@@ -173,4 +220,7 @@ return key;

		// Implementers must override this in subclasses
		LDKeyPair.SUITE_CONTEXT = 'INVALID LDKeyPair CONTEXT';

		module.exports = {
		LDKeyPair
		};

package.json

		{
		"name": "crypto-ld",
		"version": "5.0.0",
		"version": "5.1.0",
		"description": "A Javascript library for generating and performing common operations on Linked Data cryptographic key pairs.",
		@@ -5,0 +5,0 @@ "homepage": "https://github.com/digitalbazaar/crypto-ld",

README.md

		@@ -138,3 +138,3 @@ # Cryptographic Key Pair Library for Linked Data _(crypto-ld)_
		```js
		await keyPair.export({publicKey: true});
		keyPair.export({publicKey: true});
		// ->
		@@ -155,3 +155,3 @@ {
		```js
		await keyPair.export({publicKey: true, privateKey: true});
		keyPair.export({publicKey: true, privateKey: true});
		// ->
		@@ -198,3 +198,3 @@ {
		```js
		const keyPair = cryptoLd.generate({type: 'Ed25519VerificationKey2020'});
		const keyPair = await cryptoLd.generate({type: 'Ed25519VerificationKey2020'});

		@@ -213,3 +213,3 @@ const {sign} = keyPair.signer();
		```js
		const keyPair = cryptoLd.generate({type: 'Ed25519VerificationKey2020'});
		const keyPair = await cryptoLd.generate({type: 'Ed25519VerificationKey2020'});

		@@ -216,0 +216,0 @@ const {verify} = keyPair.verifier();

crypto-ld - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics