Networking and Cryptography library bindings - high-speed, high-security, easy-to-use crypto library
Bindings for the Networking and Cryptography library (NaCl). This gives you a fast and easy-to-use crypto box: Put stuff inside, turn the key and it's automagically signed and encrypted. Reverse direction works, too. There's also signing functionality. For details about how to use that stuff, go to the NaCl homepage.
box, unbox, sign and unsign return null if one of the parameters is
incorrect or a signature is invalid. The methods never throw.
// encrypt and sign (message may be string or Buffer, all others must be Buffers, returns a Buffer)
box(message, nonce, pubkey, privkey)
// decrypt and validate (all parameters buffers, returns a Buffer or null)
unbox(box, nonce, pubkey, privkey)
// generates a new keypair, returns {private: <buffer>, public: <buffer>}
boxKeypair()
// lengths of nonces and public and private keys in bytes
// { nonce: x, pubkey: x, privkey: x }
lengths.box
// sign, returns the signed message as Buffer (message is a Buffer or a string, privkey is a Buffer)
sign(message, privkey)
// verify signature and remove it (parameters are Buffers, returns a Buffer or null)
unsign(message, pubkey)
// generates a new keypair, returns {private: <buffer>, public: <buffer>}
signKeypair()
// lengths of public and private keys in bytes
// { pubkey: x, privkey: x }
lengths.sign
This takes some time because there's a long benchmark that takes place after the actual C++ library got compiled. Didn't measure the time, but it's more than a few minutes.
npm install nacl
FAQs
Networking and Cryptography library bindings - high-speed, high-security, easy-to-use crypto library
The npm package nacl receives a total of 0 weekly downloads. As such, nacl popularity was classified as not popular.
We found that nacl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."