native-crypto

native-crypto

The intent of this is browserifable crypt, which uses the node module on the server, the subtle crypto api if available and the browserify-crypto if not.

Methods

Hash

var nCrypto - require('native-crypto');

var hash = new nCrypto.Hash(algo);
hash.update(buffer).update(otherBuffer);
hash.digest().then(function (yourHash){});

Hmac

var hmac = new nCrypto.Hmac(algo, keyAsBuffer);
hash.update(buffer).update(otherBuffer);
hash.digest().then(function (yourHmac) {});
// or
var hmac = new nCrypto.Hmac(algo, keyAsBuffer, otherHmacToVerify);
hash.update(buffer).update(otherBuffer);
hash.verify().then(function (result) {
  // result is a boolean
});

encrypt/decrypt

nCrypto.encrypt(key, iv, plainText, aad).then(function (cipherText) {
  return nCrypto.decrypt(key, iv, cipherText, aad);
}).then(function (res) {
  // res and plainText should be the same
});
// aad is optional
nCrypto.encrypt(key, iv, plainText).then(function (cipherText) {
  return nCrypto.decrypt(key, iv, cipherText);
}).then(function (res) {
  // res and plainText should be the same
});

Signatures

Only JWK are supported and both RSA or ECDSA keys are supported (DSA is not supported by web crypto). If using RSA make sure the .alg parameter is set on the key and is one of RS256, RS384, or RS512 (based on what hash function you want to be using).

var sign = new nCrypto.Signature(privateKey);
sign.update(buffer).update(otherBuffer);
sign.sign().then(function (yourSig) {});
// or
var verify = new nCrypto.Signature(privateKey, sigToVerify);
verify.update(buffer).verify(otherBuffer);
verify.verify().then(function (result) {
  // result is a boolean
});

PBKDF2

No parameters are optional key may be a string or buffer, salt must be buffers, length is in bytes, algo may be any of the supported hash algorithms.

nCrypto.pbkdf2(key, salt, iterations, length, algo).then(function (derivedKey) {
  // you have it
});

RSA

For RSA encryption and decryption, only OAEP padding is supported and only using a public key to encrypt and private to decrypt.

nCrypto.rsa.encrypt(key, data).then(function (result) {
  // result is a buffer
});
nCrypto.rsa.encrypt(key, encryptedData).then(function (result) {
  // result is a buffer
});

Key Generation

You can generate key pairs for signing/verifying in either RSA or ECDSA, or use with ECDH.

Accepts either a ECC curve:

nCrypto.generate('P-256').then(function (keypair) {
  // keypair.publicKey and keypair.privateKey are JWK
});
nCrypto.generate('P-384').then(...
nCrypto.generate('P-521').then(...

or an RSA algorithm identifier and optional length and exponent (as buffer)

nCrypto.generate('RS256').then(...
nCrypto.generate('RS512', 4096, 65537).then(...
nCrypto.generate('RS384', 2048, 3).then(...

key length defaults to 4096 and public exponent to 65537 (aka 0x10001)

ECDH

Generate an ECDH Object, accepts a curve type and optionally a private key.

var ecdh1 = new nCrypto.ECDH('P-256'); // generates a new key
var ecdh2 = new nCrypto.ECDH('P-256', keypair.privateKey);
// you can pass in the privateKey from a generate command

You can use .getPublic() and .getPrivate() to get the public and private keys of the pair, this is especially handy if you had it generate the key for you, both return a promise.

ecdh1.getPublic().then(function (publicKey) {
  // do stuff
});

Finally you can generate a shared secret with the .computeSecret method, which takes a public key as a method.

ecdh2.computeSecret(publicKey).then(function (secret) {
  // do stuff
})