Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Encrypted communication bridge between client and server using Node-RSA library
The library uses Node-RSA to create a bridge between server-client with encrypted communication, enabling secure end-to-end communication.
RSA Bridge Server Instance
import { RSAServer } from "rsa-bridge";
const rsa = new RSAServer({ bits: 1024 });
app.use(
rsa.gate((req, res, next) => {
// your handler functions
})
);
RSA Bridge Client Instance
import { RSAClient } from "rsa-bridge";
const rsa = new RSAClient({ bits: 1024 });
rsa.connect(PATH);
rsa.fetch(INPUT, OPTIONS);
npm install rsa-bridge
npm test
Its use is divided into an client instance (RSAClient
) and an server instance (RSAServer
).
The server instance must expose the public key (publish
) and have the middleware (gate
) to inject RSA into the handler.
The client instance must have the public key exposure endpoint (connect
) to encrypt the data.
To instantiate the service on the server it is necessary to specify bits
or keys
that will be used.
Below is an example of instantiating the model used both on the server and on the client
import { BasicRSA } from "rsa-bridge";
const rsa = new BasicRSA(BasicRSAConfig);
bits
{
bits: number;
}
{
keys: {
private: string,
public: string,
...
}
}
The instance configuration is the same as found here. Although it is possible, a custom
key is not recommended for clients.
import { RSAClient } from "rsa-bridge";
const rsa = new RSAClient(BasicRSAConfig);
Obtains a connection to the server's RSA service, via the endpoint defined for public key exposure.
The PATH
must point to the address defined here.
rsa.connect(PATH);
Execute a request to the server using the encryption bridge.
rsa.fetch(INPUT, OPTIONS).then(({ body, response }) => {
// decrypted data
});
The instance configuration is the same as found here.
import { RSAServer } from "rsa-bridge";
const rsa = new RSAServer(BasicRSAConfig);
The public key must be exposed for the bridge to work. The method must be GET
.
app.get(PATH, rsa.publish);
It can be used as a middleware, propagating the service to all routes
app.use(rsa.gate);
app.post("example", HANDLER);
It can also be used on a , as in the single path
app.post("/example", rsa.gate(HANDLER));
If the request passed the gate, the data sent in the body can be obtained
app.use(rsa.gate);
app.post("/example", (req, res) => {
req.body; // decrypted data
});
The send
function will be wrapped by the gate
to encrypt the data before sending it to the client.
Predecessors like .json()
and .status()
can be used as well.
app.use(rsa.gate);
app.post("/example", (req, res) => {
res.status(200).send(DATA); // L0SQ23.....
});
The wrapped res
will extend throughout the request until the response, even with the use of next()
for example.
app.use(rsa.gate);
app.use((req, res, next) => {
next();
});
app.use((req, res) => {
res.status(200).json(DATA); // L0SQ23.....
});
Returns encrypted data as base64
const encrypted = rsa.encrypt(data);
returns decrypted data as utf8
const decrypted = rsa.decrypt(data);
returns encrypted data as base64
encrypted with a different key
const encrypted = rsa.encryptWithKey(key, data, format?);
exports the node's public key. The default encoding is "UTF8" but can be changed.
const publicKey = rsa.publicKey(KeyFormat, OutputEncoding);
An example implementation with reactJS is available in examples. There is a live version at https://rsa-bridge.vercel.app
FAQs
Encrypted communication bridge between client and server using Node-RSA library
The npm package rsa-bridge receives a total of 1 weekly downloads. As such, rsa-bridge popularity was classified as not popular.
We found that rsa-bridge demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.