Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

jose-chacha

Package Overview
Dependencies
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jose-chacha

ChaCha derived AEAD algorithms extension for the jose module

  • 1.2.0
  • unpublished
  • latest
  • Source
  • npm
  • Socket score
Version published
Maintainers
1
Created
Source

jose-chacha

This is a plugin for the jose package that implements the following Individual Draft

ChaCha derived AEAD algorithms in JSON Object Signing and Encryption (JOSE)
source: https://tools.ietf.org/html/draft-amringer-jose-chacha-01

The following new algorithms are available

  • C20P content encryption algorithm
  • XC20P content encryption algorithm
  • C20PKW content encryption key wrapping algorithm
  • XC20PKW content encryption key wrapping algorithm
  • ECDH-ES+C20PKW Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static
  • ECDH-ES+XC20PKW Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static

Why a plugin?

  1. The draft is an individual draft, breaking changes or lacking adoption may occur, hence its not something desired to be part of jose core package.
  2. AEAD_XCHACHA20_POLY1305 is not available in OpenSSL bundled with Node.js yet, in the plugin this cipher is handled via libsodium.

Usage

Installing

npm install jose // jose ^1.16.0 || ^2.0.1 declared as a peer dependency
npm install jose-chacha

const jose = require('jose')
const chacha = require('jose-chacha')

;(async () => {
  await chacha // wait for libsodium to be ready!

  {
    const key = jose.JWK.generateSync('oct', 256)
    console.log(key.algorithms())
    console.log(jose.JWE.encrypt('foobar', key, { alg: 'dir', enc: 'XC20P' }))
  }

  {
    const key = jose.JWK.generateSync('EC', 'P-256')
    console.log(key.algorithms())
    console.log(jose.JWE.encrypt('foobar', key, { alg: 'ECDH-ES+XC20PKW', enc: 'XC20P' }))
  }
})()

Note: This plugin only supports Node.js runtime >= 12.0.0 and Electron >= 6.0.0

Have a question about using jose? - ask.
Found a bug? - report it.
Missing a feature? - If it wasn't already discussed before, ask for it.
Found a vulnerability? - Reach out to us via email first, see security vulnerability disclosure.

Support

If you or your business use jose, please consider becoming a sponsor so I can continue maintaining it and adding new features carefree.

Keywords

FAQs

Package last updated on 10 Sep 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts

Research

Security News

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts

Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.

By Kirill Boychenko  -  Dec 20, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc