ethereum-cryptography
Advanced tools
The ethereum-cryptography package provides a set of cryptographic functions that are commonly used in Ethereum-related projects. It includes functionalities such as hashing, key derivation, and signature verification, which are essential for creating and managing Ethereum wallets, signing transactions, and ensuring secure communication within the Ethereum network.
Keccak-256 Hashing
This feature allows you to compute the Keccak-256 hash of an input, which is a common cryptographic hash function used in Ethereum for various purposes, including hashing transaction data.
const { keccak256 } = require('ethereum-cryptography/keccak');
const hash = keccak256(Buffer.from('hello'));Public Key Recovery
This feature enables the recovery of a public key from a signature, which is useful for verifying the signer of a message or transaction in Ethereum.
const { ecdsaRecover } = require('ethereum-cryptography/secp256k1');
const publicKey = ecdsaRecover(signature, recovery, hash, compressed);BIP39 Mnemonic Generation
This feature is used to generate a BIP39 mnemonic phrase, which can be used to derive a wallet's private keys in a human-readable form.
const { generateMnemonic } = require('ethereum-cryptography/bip39');
const mnemonic = generateMnemonic();The web3 package is a collection of libraries that allow you to interact with a local or remote Ethereum node using HTTP, IPC, or WebSocket. It includes similar cryptographic functionalities for signing transactions, generating accounts, and handling smart contract interactions.
Ethers is a lightweight JavaScript library that aims to be a complete and compact library for interacting with the Ethereum Blockchain and its ecosystem. It provides utilities for wallet creation, signing, and transaction building, similar to ethereum-cryptography but with a broader scope including full Ethereum node interaction.
Crypto-browserify is a port of Node.js' crypto module to the browser. It offers a range of cryptographic functions, including hashing and encryption, which can be used in Ethereum-related applications, although it is not specifically tailored to Ethereum's cryptography needs.
This npm package contains all the cryptographic primitives normally used when developing Javascript/TypeScript applications and tools for Ethereum.
Pure Javascript implementations of all the primitives are included, so it can be used out of the box for web applications and libraries.
In Node, it takes advantage of the built-in and N-API based implementations whenever possible.
The cryptographic primitives included are:
Via npm:
$ npm install ethereum-cryptography
Via yarn:
$ yarn add ethereum-cryptography
This package has no single entry-point, but submodule for each cryptographic primitive. Read each primitive's section of this document to learn how to use them.
The reason for this is that importing everything from a single file will lead to huge bundles when using this package for the web. This could be avoided through tree-shaking, but the possibility of it not working properly on one of the supported bundlers is too high.
The random submodule has functions to generate cryptographically strong
pseudo-random data in synchronous and asynchronous ways.
In Node, this functions are backed by crypto.randomBytes.
In the browser, crypto.getRandomValues
is used. If not available, this module won't work, as that would be insecure.
function getRandomBytes(bytes: number): Promise<Buffer>;
function getRandomBytesSync(bytes: number): Buffer;
const { getRandomBytesSync } = require("ethereum-cryptography/random");
console.log(getRandomBytesSync(32).toString("hex"));
The keccak submodule has four functions that implement different variations of
the Keccak hashing algorithm. These are keccak224, keccak256, keccak384,
and keccak512.
function keccak224(msg: Buffer): Buffer;
function keccak256(msg: Buffer): Buffer;
function keccak384(msg: Buffer): Buffer;
function keccak512(msg: Buffer): Buffer;
const { keccak256 } = require("ethereum-cryptography/keccak");
console.log(keccak256(Buffer.from("Hello, world!", "ascii")).toString("hex"));
The scrypt submodule has two functions implementing the Scrypt key
derivation algorithm in synchronous and asynchronous ways. This algorithm is
very slow, and using the synchronous version in the browser is not recommended,
as it will block its main thread and hang your UI.
Encoding passwords is a frequent source of errors. Please read these notes before using this submodule.
function scrypt(password: Buffer, salt: Buffer, n: number, p: number, r: number, dklen: number): Promise<Buffer>;
function scryptSync(password: Buffer, salt: Buffer, n: number, p: number, r: number, dklen: number): Buffer;
const { scryptSync } = require("ethereum-cryptography/scrypt");
console.log(
scryptSync(
Buffer.from("ascii password", "ascii"),
Buffer.from("salt", "hex"),
16,
1,
1,
64
).toString("hex")
);
The pbkdf2 submodule has two functions implementing the PBKDF2 key
derivation algorithm in synchronous and asynchronous ways. This algorithm is
very slow, and using the synchronous version in the browser is not recommended,
as it will block its main thread and hang your UI.
Encoding passwords is a frequent source of errors. Please read these notes before using this submodule.
In Node this submodule uses the built-in implementation and supports any digest
returned by crypto.getHashes.
In the browser, it is tested to support at least sha256, the only digest
normally used with pbkdf2 in Ethereum. It may support more.
function pbkdf2(password: Buffer, salt: Buffer, iterations: number, keylen: number, digest: string): Promise<Buffer>;
function pbkdf2Sync(password: Buffer, salt: Buffer, iterations: number, keylen: number, digest: string): Buffer;
const { pbkdf2Sync } = require("ethereum-cryptography/pbkdf2");
console.log(
pbkdf2Sync(
Buffer.from("ascii password", "ascii"),
Buffer.from("salt", "hex"),
4096,
32,
'sha256'
).toString("hex")
);
The sha256 submodule contains a single function implementing the SHA-256
hashing algorithm.
function sha256(msg: Buffer): Buffer;
const { sha256 } = require("ethereum-cryptography/sha256");
console.log(sha256(Buffer.from("message", "ascii")).toString("hex"));
The ripemd160 submodule contains a single function implementing the
RIPEMD-160 hashing algorithm.
function ripemd160(msg: Buffer): Buffer;
const { ripemd160 } = require("ethereum-cryptography/ripemd160");
console.log(ripemd160(Buffer.from("message", "ascii")).toString("hex"));
The blake2b submodule contains a single function implementing the
BLAKE2b non-keyed hashing algorithm.
function blake2b(input: Buffer, outputLength = 64): Buffer;
const { blake2b } = require("ethereum-cryptography/blake2b");
console.log(blake2b(Buffer.from("message", "ascii")).toString("hex"));
The aes submodule contains encryption and decryption functions implementing
the Advanced Encryption Standard
algorithm.
AES is not supposed to be used directly with a password. Doing that will compromise your users' security.
The key parameters in this submodule are meant to be strong cryptographic
keys. If you want to obtain such a key from a password, please use a
key derivation function
like pbkdf2 or scrypt.
This submodule works with different block cipher modes of operation. If you are using this module in a new application, we recommend using the default.
While this module may work with any mode supported by OpenSSL, we only test it
with aes-128-ctr, aes-128-cbc, and aes-256-cbc. If you use another module
a warning will be printed in the console.
We only recommend using aes-128-cbc and aes-256-cbc to decrypt already
encrypted data.
Some operation modes require the plaintext message to be a multiple of 16. If
that isn't the case, your message has to be padded.
By default, this module automatically pads your messages according to PKCS#7. Note that this padding scheme always adds at least 1 byte of padding. If you are unsure what anything of this means, we strongly recommend you to use the defaults.
If you need to encrypt without padding or want to use another padding scheme,
you can disable PKCS#7 padding by passing false as the last argument and
handling padding yourself. Note that if you do this and your operation mode
requires padding, encrypt will throw if your plaintext message isn't a
multiple of 16.
This option is only present to enable the decryption of already encrypted data. To encrypt new data, we recommend using the default.
The iv parameter of the encrypt function must be unique, or the security
of the encryption algorithm can be compromissed.
You can generate a new iv using the random module.
Note that to decrypt a value, you have to provide the same iv used to encrypt
it.
Sensitive information can be leaked via error messages when using this module. To avoid this, you should make sure that the errors you return don't contain the exact reason for the error. Instead, errors must report general encryption/decryption failures.
Note that implementing this can mean catching all errors that can be thrown when calling on of this module's functions, and just throwing a new generic exception.
function encrypt(msg: Buffer, key: Buffer, iv: Buffer, mode = "aes-128-ctr", pkcs7PaddingEnabled = true): Buffer;
function decrypt(cypherText: Buffer, key: Buffer, iv: Buffer, mode = "aes-128-ctr", pkcs7PaddingEnabled = true): Buffer
const { encrypt } = require("ethereum-cryptography/aes");
console.log(
encrypt(
Buffer.from("message", "ascii"),
Buffer.from("2b7e151628aed2a6abf7158809cf4f3c", "hex"),
Buffer.from("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "hex")
).toString("hex")
);
The secp256k1 submodule provides a library for elliptic curve operations on
the curve Secp256k1.
It has the exact same API than the version 4.x of the secp256k1
module from cryptocoinjs, with two added function to create private keys.
Secp256k1 private keys need to be cryptographycally secure random numbers with certain caracteristics. If this is not the case, the security of Secp256k1 is compromissed.
We strongly recommend to use this module to create new private keys.
Functions to create private keys:
function createPrivateKey(): Promise<Uint8Array>;
function function createPrivateKeySync(): Uint8Array;
For the rest of the functions, pleasse read secp256k1's documentation.
const { createPrivateKeySync, ecdsaSign } = require("ethereum-cryptography/secp256k1");
const msgHash = Buffer.from(
"82ff40c0a986c6a5cfad4ddf4c3aa6996f1a7837f9c398e17e5de5cbd5a12b28",
"hex"
);
const privateKey = createPrivateKeySync();
console.log(Buffer.from(ecdsaSign(msgHash, privateKey).signature).toString("hex"));
The hdkey submodule provides a library for keys derivation according to
BIP32.
It has almost the exact same API than the version 1.x of
hdkey from cryptocoinjs,
but it's backed by this package's primitives, and has built-in TypeScript types.
Its only difference is that it has to be be used with a named import.
This module exports a single class whose type is
class HDKey {
public static HARDENED_OFFSET: number;
public static fromMasterSeed(seed: Buffer, versions: Versions): HDKey;
public static fromExtendedKey(base58key: string, versions: Versions): HDKey;
public static fromJSON(json: { xpriv: string }): HDKey;
public versions: Versions;
public depth: number;
public index: number;
public chainCode: Buffer | null;
public privateKey: Buffer | null;
public publicKey: Buffer | null;
public fingerprint: number;
public parentFingerprint: number;
public pubKeyHash: Buffer | undefined;
public identifier: Buffer | undefined;
public privateExtendedKey: string;
public publicExtendedKey: string;
private constructor(versios: Versions);
public derive(path: string): HDKey;
public deriveChild(index: number): HDKey;
public sign(hash: Buffer): Buffer;
public verify(hash: Buffer, signature: Buffer): boolean;
public wipePrivateData(): this;
public toJSON(): { xpriv: string; xpub: string };
}
interface Versions {
private: number;
public: number;
}
const { HDKey } = require("ethereum-cryptography/hdkey");
const seed = "fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542";
const hdkey = HDKey.fromMasterSeed(Buffer.from(seed, "hex"));
const childkey = hdkey.derive("m/0/2147483647'/1");
console.log(childkey.privateExtendedKey);
The bip39 submodule provides functions to generate, validate and use seed
recovery phrases according to BIP39.
function generateMnemonic(wordlist: string[], strength: number = 128): string;
function mnemonicToEntropy(mnemonic: string, wordlist: string[]): Buffer;
function entropyToMnemonic(entropy: Buffer, wordlist: string[]): string;
function validateMnemonic(mnemonic: string, wordlist: string[]): boolean;
async function mnemonicToSeed(mnemonic: string, passphrase: string = ""): Promise<Buffer>;
function mnemonicToSeedSync(mnemonic: string, passphrase: string = ""): Buffer;
This submodule also contains the word lists defined by BIP39 for Czech, English, French, Italian, Japanese, Korean, Simplified and Traditional Chinese, and Spanish. These are not imported by default, as that would increase bundle sizes too much. Instead, you should import and use them explicitly.
The word lists are exported as a wordlist variable in each of these submodules:
ethereum-cryptography/bip39/wordlists/czech.js
ethereum-cryptography/bip39/wordlists/english.js
ethereum-cryptography/bip39/wordlists/french.js
ethereum-cryptography/bip39/wordlists/italian.js
ethereum-cryptography/bip39/wordlists/japanese.js
ethereum-cryptography/bip39/wordlists/korean.js
ethereum-cryptography/bip39/wordlists/simplified-chinese.js
ethereum-cryptography/bip39/wordlists/spanish.js
ethereum-cryptography/bip39/wordlists/traditional-chinese.js
const { generateMnemonic } = require("ethereum-cryptography/bip39");
const { wordlist } = require("ethereum-cryptography/bip39/wordlists/english");
console.log(generateMnemonic(wordlist));
This package works with all the major Javascript bundlers. It is
tested with webpack, Rollup, Parcel, and Browserify.
Using this library with Rollup requires the following plugins:
@rollup/plugin-commonjs
@rollup/plugin-json
@rollup/plugin-node-resolve
rollup-plugin-node-builtins
rollup-plugin-node-globals
These can be used by setting your plugins array like this:
plugins: [
commonjs(),
json(),
nodeGlobals(),
nodeBuiltins(),
resolve({
browser: true,
preferBuiltins: false,
}),
]
This package intentionally excludes the the cryptographic primitives necessary to implement the following EIPs:
F precompileFeel free to open an issue if you want this decision to be reconsidered, or if you found another primitive that is missing.
This library has been audited by Trail of Bits.
You can see the results of the audit and the changes implemented as a result of
it in audit/.
ethereum-cryptography is released under the MIT License.
FAQs
All the cryptographic primitives used in Ethereum
The npm package ethereum-cryptography receives a total of 1,480,118 weekly downloads. As such, ethereum-cryptography popularity was classified as popular.
We found that ethereum-cryptography demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.
Security News
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.