Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
By Sarah Gooding - Dec 03, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
ecies-25519
Advanced tools
ecies-25519 
Isomorphic Cryptography Library for X25519 ECIES
Description
This library supports ECIES encryption using Curve25519 Diffie–Hellman key exchange (aka X25519).
AES, HMAC and SHA methods are supported through native NodeJS and Browser APIs when available and fallbacks to vanilla javascript are already provided.
Usage
ECIES
import * as ecies25519 from 'ecies-25519';
import * as encUtils from 'enc-utils';
const keyPair = ecies25519.generateKeyPair();
const str = 'test message to encrypt';
const msg = encUtils.utf8ToArray(str);
const encrypted = await ecies25519.encrypt(msg, keyPairB.publicKey);
const decrypted = await ecies25519.decrypt(encrypted, keyPairB.privateKey);
// decrypted === msg
ECDH
import * as ecies25519 from 'ecies-25519';
const keyPairA = ecies25519.generateKeyPair();
const keyPairB = ecies25519.generateKeyPair();
const sharedKey1 = await ecies25519.derive(
keyPairA.privateKey,
keyPairB.publicKey
);
const sharedKey2 = await ecies25519.derive(
keyPairB.privateKey,
keyPairA.publicKey
);
// sharedKey1 === sharedKey2
RandomBytes
import * as ecies25519 from 'ecies-25519';
const length = 32;
const key = ecies25519.randomBytes(length);
// key.length === length
AES
import * as ecies25519 from 'ecies-25519';
import * as encUtils from 'enc-utils';
const key = ecies25519.randomBytes(32);
const iv = ecies25519.randomBytes(16);
const str = 'test message to encrypt';
const msg = encUtils.utf8ToArray(str);
const ciphertext = await ecies25519.aesCbcEncrypt(iv, key, msg);
const decrypted = await ecies25519.aesCbcDecrypt(iv, key, ciphertext);
// decrypted === str
HMAC
import * as ecies25519 from 'ecies-25519';
import * as encUtils from 'enc-utils';
const key = ecies25519.randomBytes(32);
const iv = ecies25519.randomBytes(16);
const macKey = encUtils.concatArrays(iv, key);
const dataToMac = encUtils.concatArrays(iv, key, msg);
const mac = await ecies25519.hmacSha256Sign(macKey, dataToMac);
const result = await ecies25519.hmacSha256Verify(macKey, dataToMac, mac);
// result will return true if match
SHA2
import * as ecies25519 from 'ecies-25519';
import * as encUtils from 'enc-utils';
// SHA256
const str = 'test message to hash';
const msg = encUtils.utf8ToArray(str);
const hash = await ecies25519.sha256(str);
// SHA512
const str = 'test message to hash';
const msg = encUtils.utf8ToArray(str);
const hash = await ecies25519.sha512(str);
React-Native Support
This library is intended for use in a Browser or NodeJS environment, however it is possible to use in a React-Native environment if NodeJS modules are polyfilled with react-native-crypto, read more here.
License
FAQs
Isomorphic Cryptography Library for X25519 ECIES
The npm package ecies-25519 receives a total of 277 weekly downloads. As such, ecies-25519 popularity was classified as not popular.
We found that ecies-25519 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 02 Mar 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024