r-secure-token
Advanced tools
🔐 A secure alternative to JWT, using AES-256-GCM encryption and Ed25519 digital signatures for authentication and authorization.
R-Secure-Token provides a high-security approach for token generation and verification, ensuring tamper-proof and encrypted payloads.
✅ AES-256-GCM Encryption – Strong encryption for payload security.
✅ Ed25519 Signatures – Prevents forgery and tampering.
✅ Replay Attack Prevention – Unique nonce per token.
✅ JWT Alternative – Secure and stateless authentication.
✅ High Performance – Optimized for speed and security.
Install via NPM:
npm install r-secure-token
or with Yarn:
yarn add r-secure-token
import { RSecureToken } from 'r-secure-token';
(async () => {
const tokenService = new RSecureToken();
const payload = { data: { userId: 123 }, exp: Date.now() + 60000 }; // 1-minute expiry
const tokenData = await tokenService.generateToken(payload);
console.log('Token:', tokenData.token);
console.log('Signature:', tokenData.signature);
})();
import { RSecureToken } from 'r-secure-token';
(async () => {
const tokenService = new RSecureToken();
const { token, signature } = /* Token received from user */;
const verifiedPayload = await tokenService.verifyToken(token, signature);
if (verifiedPayload) {
console.log('Valid Token:', verifiedPayload);
} else {
console.log('Invalid or Expired Token!');
}
})();
| Feature | JWT (JSON Web Tokens) | R-Secure-Token |
|---|---|---|
| Encryption | ❌ No built-in encryption | ✅ AES-256-GCM |
| Signature Type | RSA / HMAC / ECDSA | ✅ Ed25519 |
| Tamper Protection | ✅ Yes | ✅ Yes |
| Readable Payload | ❌ Exposed (Base64-encoded JSON) | ✅ Encrypted |
| Replay Attack Resistance | ❌ None | ✅ Unique nonce per token |
| Verification Type | Requires shared secret (HMAC) or public-private keypair | ✅ Uses asymmetric cryptography |
Creates a new instance of RSecureToken. If no secret key is provided, a random one is generated.
Creates a secure, signed token.
payload (object) – The data to include in the token, including an exp (expiration timestamp).{
token: string; // Encrypted token
signature: string; // Ed25519 signature
}
Verifies and decrypts the token if valid.
token (string) – The encrypted token.signature (string) – The digital signature for verification.null.Example Response:
{
data: { userId: 123 },
exp: 1700000000000
}
🔹 Store Secret Keys Securely: Never hardcode them in your source code. Use environment variables or a secure key management system.
🔹 Rotate Keys Periodically: Regularly update encryption and signing keys to minimize security risks.
🔹 Use Short-Lived Tokens: Prevent token abuse by setting short expiration times (exp).
🔹 Avoid Token Storage in Local Storage: Instead, store tokens in HTTP-only cookies or secure storage solutions.
This project is licensed under the MIT License.
👨💻 Contributions are welcome! Feel free to submit pull requests or report issues on GitHub.
📧 Need Help? Open an issue or contact us!
FAQs
R secure token generation library using AES-GCM and Ed25519
We found that r-secure-token demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OpenAI rotated macOS signing certificates after a malicious Axios package reached its CI pipeline in a broader software supply chain attack.
Security News
Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.
Security News
Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.