Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

epolite

Package Overview
Dependencies
Maintainers
0
Versions
11
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

epolite

A public-private key library for post-quantum cryptography (early stage, use with caution)

  • 0.4.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
62
increased by63.16%
Maintainers
0
Weekly downloads
 
Created
Source

EPOLITE Privacy Guard

Efficient Post-Quantum Optimized Lattice-based Implementation of Trusted Encryption

GPG-Like Post Quantum Encryption

This library contains a public/private keypair system which can be used for post-quantum encryption between users.

Standards used

  1. FALCON-512 is used for signing messages, to be used prior to encryption.
  2. Kyber-512 is used for encrypting messages (was Kyber-1024), to be used to encrypt messages using AES.

Kyber 1024 was used; however, it was changed to 512 due to the unreasonable size of messages, upwards of 200 KB for a single byte message, scaling at O(n).

In the future, this may be updated to include other PQ encryption standards; however, these are the ones I chose for now.

Disclaimers

  1. This library, while functional, has not been audited, either by me or anyone else.
  2. The returned encrypted messages are MASSIVE. You can expect a 4 KB encrypted message from a 10 byte input, and at least 5x when the input is signed.
  3. I cannot guarantee any encryption standards used in this library to be vulnerability or exploit free. While they are approved by the NIST, I personally do not fully endorse them due to how new these standards are.
  4. This library uses crypto subtle, and was designed specifically for browser use.

Using this library

This library is specifically built for the Bun Runtime. Please install that and replace NodeJS with this runtime, as it is much faster.

Afterwards, run bun add epolite to install this package, and then use the documentation below.

Examples

Create Keypair
import {createKeyPair, type KeyPair} from "epolite";

//returns an object containing {publicKey: string, privateKey: string}
const kp: KeyPair = await createKeyPair();

console.log(kp.publicKey, kp.privateKey);
Encrypt
import {encrypt} from "epolite";

//publicKey is a string, starting with "----------BEGIN EPOLITE PUBLIC KEY----------"
//returns a base64 encoded string of the encrypted message
const encryptedString: string = await encrypt("deadbeef", publicKey);

console.log("Very, very long encrypted string:", encryptedString);
Decrypt
import {decrypt} from "epolite";

//returns the decrypted message as a string
const decryptedString: string = await decrypt(encryptedString, privateKey);

console.log("Decrypted message:", decryptedString);
Signing
import {sign} from "epolite";

//returns a base64 encoded string (signatures aren't too big, but they do include the original message).
const signedMessage: string = await sign("I do not like pineapple pizza", privateKey);

console.log("Signed message:", signedMessage);
Verifying
import {verify} from "epolite";

//fill these in with the signed message, starting with:
// ----------BEGIN EPOLITE SIGNED MESSAGE----------
const realSignature: string;
const fakeSignature: string;

await verify(realSignature, publicKey); //true
await verify(fakeSignature, publicKey); //false

More examples

You can find an example in src/test.ts.

Contributing

Since this is for my own project, I probably will not merge or review pull requests.

FAQs

Package last updated on 06 Nov 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc