Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
encrypted-stream
Advanced tools
[![Version npm](https://img.shields.io/npm/v/encrypted-stream.svg?logo=npm)](https://www.npmjs.com/package/encrypted-stream)
encrypted-stream
is a simple and safe encryption library that provides a simple API for implementing userspace encrypted networking protocols. Inspired on simplicity of NaCL aimed to provide similar API but for authenticated two-side protocols.
yarn add encrypted-stream
universal-secure-random
yarn add universal-secure-random
encrypted-stream
protocol expects both sides to have assigned unique endpointId and Ed25519 key. Both sides have to know public key and endpointId of another.
ServerEngine can not be reused between connections. Create a new one for each incoming connection.
To create server you need a Ed25519 key that is stored persistently in some safe place. Losing the key will lead to impossibility to connect to a server by clients. Signer for this public key - a function that accepts buffer and creates a digital signature for it. For simplicity we provide createSigner
function that creates this function from private key for you.
encrypted-stream
does not send public keys since it should have them already therefore to make everything work you need to provide a function (endpointLookup
in example bellow) that resolves an endpointId to a publicKey or a null if endpoint is unknown.
import { newEd25519Key, createSigner, ServerEngine } from 'encrypted-stream';
const ltsKey = newEd25519Key();
const ltsSigner = createSigner(ltsKey.secretKey);
const serverEndpointId = 'eego-RANDOM-ID';
const endpointLookup = (id: string) => resolveKeyByIdOrNull(id);
const server = new ServerEngine({
endpointId: serverEndpointId,
publicKey: ltsKey.publicKey,
signer: ltsSigner
}, endpointLookup);
Client Engine is similar to Server one: you need Ed255519 key, endpoint ids and server keys.
import { newEd25519Key, createSigner, ClientEngine } from 'encrypted-stream';
const clientLTSKey = newEd25519Key();
const clientLTSSigner = createSigner(clientLTSKey.secretKey);
const clientEndpointId = 'user1';
const serverEndpointId = 'eego-RANDOM-ID';
const serverPublicKey = ....;
const client = new ClientEngine({
endpointId: clientEndpointId,
publicKey: clientLTSKey.publicKey,
signer: clientLTSSigner
}, { endpointId: serverEndpointId, publicKey: serverPublicKey });
Before being able to exchange encrypted messages handshake protocol must be executed. If any of the methods return null or false you can't use engine anymore - all methods will throw an error.
// First create Client Hello message
let clientHello = client.getClientHello();
// Deliver to server and apply
if (!server.setClientHello(clientHello)) {
throw Error('Invalid Client Hello');
}
// Create Server Hello message
let serverHello = server.getServerHello();
// Deliver to client and apply
if (!client.setServerHello(serverHello)) {
throw Error('Invalid Server Hello');
}
// Create Peer Info message
let clientPeerInfo = client.getPeerInfo();
// Deliver Peer Info to server
if (!server.setPeerInfo(clientPeerInfo)) {
throw Error('Invalid Peer Info');
}
// Here you can find connected endpointId
const endpointId = server.endpointId;
After a successful handshake encrypt and decrypt functions became available. encrypted-stream
protocol requires strict order of decription of messages: they have to be decrypted in the same order as was encrypted. Incorrect order will lead to aborting engine. If decrypt method returns null then frame was invalid and engine is aborted.
const chipherText = server.encrypt(Buffer.from('Hello World!', 'utf-8'));
const plainText = client.decrypt(encrypted);
console.lof(plainText!.toString('utf-8')); // Ouput: Hello World!
FAQs
[![Version npm](https://img.shields.io/npm/v/encrypted-stream.svg?logo=npm)](https://www.npmjs.com/package/encrypted-stream)
The npm package encrypted-stream receives a total of 0 weekly downloads. As such, encrypted-stream popularity was classified as not popular.
We found that encrypted-stream demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.