Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

ed2curve

Package Overview
Dependencies
Maintainers
1
Versions
7
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

ed2curve

Convert Ed25519 signing keys into Curve25519 Diffie-Hellman keys.

  • 0.3.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
37K
decreased by-16.5%
Maintainers
1
Weekly downloads
 
Created
Source

ed2curve.js

Convert Ed25519 signing key pair into Curve25519 key pair suitable for Diffie-Hellman key exchange. This means that by exchanging only 32-byte Ed25519 public keys users can both sign and encrypt with NaCl.

Note that there's currently no proof that this is safe to do. It is safer to share both Ed25519 and Curve25519 public keys (their concatenation is 64 bytes long).

Written by Dmitry Chestnykh in 2014-2016, using public domain code from TweetNaCl.js. Public domain. No warranty.

Thanks to @CodesInChaos and @nightcracker for showing how to convert Edwards coordinates to Montgomery coordinates.

Build Status

Installation

Via NPM:

$ npm install ed2curve

or just download ed2curve.js or ed2curve.min.js and include it after TweetNaCl.js:

<script src="nacl.min.js"></script>
<script src="ed2curve.min.js"></script>

Usage

ed2curve.convertKeyPair(keyPair) -> convertedKeyPair | null

Converts the given key pair as generated by TweetNaCl.js's nacl.sign.keyPair into a key pair suitable for operations which accept key pairs generated by nacl.box.keyPair. This function is a combination of convertPublicKey and convertSecretKey.

Returns null if the public key in the given key pair is not a valid Ed25519 public key.

ed2curve.convertPublicKey(edPublicKey) -> curvePublicKey | null

Converts a 32-byte Ed25519 public key into a 32-byte Curve25519 public key and returns it.

Returns null if the given public key in not a valid Ed25519 public key.

ed2curve.convertSecretKey(edSecretKey) -> curveSecretKey

Converts a 64-byte Ed25519 secret key (or just the first 32-byte part of it, which is the secret value) into a 32-byte Curve25519 secret key and returns it.

Example

(Note: example uses tweetnacl-util to convert bytes)

// Generate new sign key pair.
var myKeyPair = nacl.sign.keyPair();

// Share public key with a peer.
console.log(myKeyPair.publicKey);

// Receive peer's public key.
var theirPublicKey = // ... receive

// Sign a message.
var message = nacl.util.decodeUTF8('Hello!');
var signedMessage = nacl.sign(message, myKeyPair.secretKey);

// Send message to peer. They can now verify it using
// the previously shared public key (myKeyPair.publicKey).
// ...

// Receive a signed message from peer and verify it using their public key.
var theirSignedMessage = // ... receive
var theirMessage = nacl.sign.open(theirSignedMessage, theirPublicKey);
if (theirMessage) {
  // ... we got the message ...
}

// Encrypt a message to their public key.
// But first, we need to convert our secret key and their public key
// from Ed25519 into the format accepted by Curve25519.
//
// Note that peers are not involved in this conversion -- all they need
// to know is the signing public key that we already shared with them.

var theirDHPublicKey = ed2curve.convertPublicKey(theirPublicKey);
var myDHSecretKey = ed2curve.convertSecretKey(myKeyPair.secretKey);

var anotherMessage = nacl.util.decodeUTF8('Keep silence');
var encryptedMessage = nacl.box(anotherMessage, nonce, theirDHPublicKey, myDHSecretKey);

// When we receive encrypted messages from peers,
// we need to use converted keys to open them.

var theirEncryptedMessage = // ... receive
var decryptedMessage = nacl.box.open(theirEncryptedMessage, nonce, theirDHPublicKey, myDHSecretKey);

Requirements

  • Requires TweetNaCl.js
  • Works in the same enviroments as it.

Other libraries

Some other libraries that can use a single Ed/Curve25519 key:

Keywords

FAQs

Package last updated on 16 Jan 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc