Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

envelope-js

Package Overview
Dependencies
Maintainers
18
Versions
14
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

envelope-js

new private message format for ssb

  • 1.1.1
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
48
decreased by-12.73%
Maintainers
18
Weekly downloads
 
Created
Source

envelope-js

A javascript tool for cryptographically "boxing" and "unboxing" messages following the envelope spec.

envelope supports encryption to individuals and groups

Example Usage

var { box, unbox, CloakedMsgId } = require('envelope-js')

...

API

box(plain_text, feed_id, prev_msg_id, msg_key, recp_keys) => ciphertext

where:

  • plain_text Buffer is the content to be "enveloped"
  • feed_id Buffer is a type-format-key (TFK) encoded value for the feed authoring a message
  • prev_msg_id Buffer is a TFK encoded value of the id of last message of this feeds chain
  • msg_key Buffer a randomised 32 Bytes which will be the unique key for this message
  • recps_keys Array is a collection of items of form { key, scheme }, where
    • key Buffer is the key the particular recipient
    • scheme String|Buffer is the type of key / the key management scheme for this recipient

unbox(ciphertext, feed_id, prev_msg_id, trial_keys, max_attempts) => plain_text | null

where:

  • ciphertext Buffer is envelope
  • feed_id Buffer is a type-format-key (TFK) encoded value for the feed authoring a message
  • prev_msg_id Buffer is a TFK encoded value of the id of last message of this feeds chain
  • trial_keys Array is a collection of items of form { key, scheme }, where
    • key Buffer is the key the particular recipient
    • scheme String|Buffer is the type of key / the key management scheme for this recipient
  • max_attempts Integer (default: 8) how many key_slots you want to assume the envelope has
  • plain_text Buffer the envelope contents

NOTE: we also expose unboxKey and unboxBody for convenience.

DeriveSecret(feed_id, prev_msg_id) => derive

Used for taking a msg_key (the one-time key for a particular envelope) and deriving other keys used in the envelope (e.g. read_key)

where:

  • feed_id Buffer is a TFK encoded id for the feed the envelope is part of
  • prev_msg_id Buffer is a TFK encoded id for the message prior to one where our envelope is
    • NOTE if this is the first message, then the K part of prev_msg_id's TFK is a zero-filled Buffer.
  • derive(key, labels) => new_key function where:
    • key Buffer is a seed key which we're going to derive from
    • labels Array is a an array of Strings which help define a derivation

new CloakedMsgId(public_msg_id, read_key) => cloakedMsgId

Determine a cloaked message id for a published message following the envelope-spec/cloaked_msg_id/README.md

where:

  • public_msg_id Buffer is the id of a enveloped message that's been published (it has an id as it's part of a feed / chain)
  • read_key Buffer is the read capability (NOT the msg_key) for this message envelope
  • cloakedMsgId is an instance with methods:
    • toBuffer() => Buffer which returns the cloaked id key as a Buffer
    • toString(encoding) => String which returns the cloaked id key as a Buffer (encoding defaults to 'base64')
    • mock() => cloakedMsgId a method for testing. populates the id with random content. if using this, instantiate with no args.

slp.encode(info) => Buffer

where info is an Array of Buffers.

This is "short length-prefixed encoding", see https://github.com/ssbc/envelope-spec/blob/master/encoding/slp.md

...

License

MIT

FAQs

Package last updated on 09 Aug 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc