Product
Introducing Enhanced Alert Actions and Triage Functionality
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
isomorphic-webcrypto
Advanced tools
Readme
webcrypto library for Node, React Native and IE11+
There's a great Node polyfill for the Web Crypto API, but it's not isomorphic.
IE11 and versions of Safari < 11 use an older version of the spec, so the browser implementation includes a webcrypto-shim to iron out the differences. You'll still need to provide your own Promise polyfill.
There's currently no native crypto support in React Native, so the Microsoft Research library is exposed.
npm install isomorphic-webcrypto
There's a simple hashing example below, but there are many more WebCrypto examples here. This example requires you to npm install hex-lite
.
const crypto = require('isomorphic-webcrypto')
const hex = require('hex-lite')
// or
import crypto from 'isomorphic-webcrypto'
import hex from 'hex-lite'
crypto.subtle.digest(
{ name: 'SHA-256' },
new Uint8Array([1,2,3]).buffer
)
.then(hash => {
// hashes are usually represented as hex strings
// hex-lite makes this easier
const hashString = hex.fromBuffer(hash);
})
React Native support is implemented using the Microsoft Research library. The React Native environment only supports Math.random()
, so react-native-securerandom is used to provide proper entropy. This is handled automatically, except for crypto.getRandomValues()
, which requires you wait:
const crypto = require('isomorphic-webcrypto')
(async () => {
// Only needed for crypto.getRandomValues
// but only wait once, future calls are secure
await crypto.ensureSecure();
const array = new Uint8Array(1);
crypto.getRandomValues(array);
const safeValue = array[0];
})()
Working React Native examples:
You should use the webcrypto-shim library directly:
<!-- Any Promise polyfill will do -->
<script src="https://unpkg.com/bluebird"></script>
<script src="https://unpkg.com/webcrypto-shim"></script>
Although the library runs on IE11+, the level of functionality varies between implementations. They're organized using the JWA alg abbreviations:
Key | Signature, MAC or Key Management Algorithm |
---|---|
HS256 | HMAC using SHA-256 |
HS384 | HMAC using SHA-384 |
HS512 | HMAC using SHA-512 |
RS256 | RSASSA-PKCS1-v1_5 using SHA-256 |
RS384 | RSASSA-PKCS1-v1_5 using SHA-384 |
RS512 | RSASSA-PKCS1-v1_5 using SHA-512 |
ES256 | ECDSA using P-256 and SHA-256 |
ES384 | ECDSA using P-384 and SHA-384 |
ES512 | ECDSA using P-521 and SHA-512 |
PS256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |
PS384 | RSASSA-PSS using SHA-384 and MGF1 with SHA-384 |
PS512 | RSASSA-PSS using SHA-512 and MGF1 with SHA-512 |
RSA1_5 | RSAES-PKCS1-v1_5 |
RSA-OAEP | RSAES OAEP using default parameters |
RSA-OAEP-256 | RSAES OAEP using SHA-256 and MGF1 with SHA-256 |
A128KW | AES Key Wrap with default initial value using 128-bit key |
A192KW | AES Key Wrap with default initial value using 192-bit key |
A256KW | AES Key Wrap with default initial value using 256-bit key |
dir | Direct use of a shared symmetric key as the CEK |
ECDH-ES | Elliptic Curve Diffie-Hellman Ephemeral Static key agreement using Concat KDF |
ECDH-ES+A128KW | ECDH-ES using Concat KDF and CEK wrapped with "A128KW" |
ECDH-ES+A192KW | ECDH-ES using Concat KDF and CEK wrapped with "A192KW" |
ECDH-ES+A256KW | ECDH-ES using Concat KDF and CEK wrapped with "A256KW" |
A128GCMKW | Key wrapping with AES GCM using 128-bit key |
A192GCMKW | Key wrapping with AES GCM using 192-bit key |
A256GCMKW | Key wrapping with AES GCM using 256-bit key |
PBES2-HS256+A128KW | PBES2 with HMAC SHA-256 and "A128KW" wrapping |
PBES2-HS384+A192KW | PBES2 with HMAC SHA-384 and "A192KW" wrapping |
PBES2-HS512+A256KW | PBES2 with HMAC SHA-512 and "A256KW" wrapping |
Legend
- ~ works with some caveats - see the __tests__ directory for the caveats
- ? untested
- x unsupported algorithm
- strikethrough broken method
Key | Node | React Native | Chrome/Firefox | Safari | Edge | IE11 |
---|---|---|---|---|---|---|
HS256 | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify |
HS384 | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify |
HS512 | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | x |
RS256 | importKey exportKey generateKey sign verify | importKey exportKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | ~importKey exportKey ~generateKey verify | ~importKey ~exportKey generateKey verify |
RS384 | importKey exportKey generateKey sign verify | importKey exportKey sign verify | importKey exportKey generateKey sign verify | importKey generateKey sign verify | ~importKey exportKey ~generateKey sign verify | importKey exportKey generateKey sign verify |
RS512 | importKey exportKey generateKey sign verify | importKey exportKey sign verify | importKey exportKey generateKey sign verify | importKey generateKey sign verify | ~importKey exportKey ~generateKey sign verify | importKey exportKey generateKey |
PS256 | importKey exportKey generateKey sign verify | importKey exportKey sign verify | importKey exportKey generateKey sign verify | importKey generateKey sign verify | ? | ? |
PS384 | importKey exportKey generateKey sign verify | importKey exportKey sign verify | importKey exportKey generateKey sign verify | importKey generateKey sign verify | ? | ? |
PS512 | importKey exportKey generateKey sign verify | importKey exportKey sign verify | importKey exportKey generateKey sign verify | importKey generateKey sign verify | ? | ? |
ES256 | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | x | x |
ES384 | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | x | x |
ES512 | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | importKey exportKey generateKey sign verify | x | x | x |
RSA1_5 | ? | ? | ? | ? | ? | ? |
RSA-OAEP | ? | ? | ? | ? | ? | ? |
RSA-OAEP-256 | ? | ? | ? | ? | ? | ? |
A128KW | ? | ? | ? | ? | ? | ? |
A192KW | ? | ? | ? | ? | ? | ? |
A256KW | ? | ? | ? | ? | ? | ? |
dir | ? | ? | ? | ? | ? | ? |
ECDH-ES | ? | ? | ? | ? | ? | ? |
ECDH-ES+A128KW | ? | ? | ? | ? | ? | ? |
ECDH-ES+A192KW | ? | ? | ? | ? | ? | ? |
ECDH-ES+A256KW | ? | ? | ? | ? | ? | ? |
A128GCMKW | ? | ? | ? | ? | ? | ? |
A192GCMKW | ? | ? | ? | ? | ? | ? |
A256GCMKW | ? | ? | ? | ? | ? | ? |
PBES2-HS256+A128KW | ? | ? | ? | ? | ? | ? |
PBES2-HS384+A192KW | ? | ? | ? | ? | ? | ? |
PBES2-HS512+A256KW | ? | ? | ? | ? | ? | ? |
MIT
FAQs
webcrypto library for Node, React Native and IE11+
The npm package isomorphic-webcrypto receives a total of 68,545 weekly downloads. As such, isomorphic-webcrypto popularity was classified as popular.
We found that isomorphic-webcrypto demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.