Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

keygrip

Package Overview
Dependencies
Maintainers
4
Versions
16
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

keygrip

Key signing and verification for rotated credentials

  • 1.1.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
3.4M
increased by8.32%
Maintainers
4
Weekly downloads
 
Created

What is keygrip?

The keygrip npm package is used to manage and rotate keys used in signing and verifying data, such as cookies. It provides a robust way to handle key rotation without needing to re-sign existing data with new keys. This is particularly useful for applications that need to maintain integrity and authenticity of data over time, even as security requirements evolve.

What are keygrip's main functionalities?

Signing data

This feature allows you to sign data using a list of keys. The most recent key is used for signing. This is useful for creating verifiable tokens or cookies that can be validated later.

const Keygrip = require('keygrip');
const keys = ['SEKRIT1', 'SEKRIT2'];
const keygrip = new Keygrip(keys);
const data = 'some data to sign';
const hash = keygrip.sign(data);

Verifying signed data

This feature checks if a given hash matches the signed data using any of the keys in the key list. It's useful for authentication processes where you need to ensure data integrity and authenticity.

const Keygrip = require('keygrip');
const keys = ['SEKRIT1', 'SEKRIT2'];
const keygrip = new Keygrip(keys);
const data = 'some data to sign';
const hash = keygrip.sign(data);
const isValid = keygrip.verify(data, hash);

Index of used key

This feature returns the index of the key that was used to sign the data. This is particularly useful for determining which of the keys in the current list was used, aiding in decisions about key rotation and management.

const Keygrip = require('keygrip');
const keys = ['SEKRIT1', 'SEKRIT2'];
const keygrip = new Keygrip(keys);
const data = 'some data to sign';
const hash = keygrip.sign(data);
const keyIndex = keygrip.index(data, hash);

Other packages similar to keygrip

FAQs

Package last updated on 08 May 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc