		'use strict'
		var sodium = require('chloride')

		// var keypair = sodium.crypto_box_seed_keypair
		var from_seed = sodium.crypto_sign_seed_keypair
		@@ -39,5 +40,6 @@ var shared = sodium.crypto_scalarmult
		//TODO: sodium is missing box_seed_keypair. should make PR for that.
		// mix: sodium-native has this fn https://github.com/sodium-friends/sodium-native

		var _key = from_seed(state.random)
		// var kx = keypair(random)
		// var kx = keypair(random)
		var kx_pk = curvify_pk(_key.publicKey)
		@@ -191,5 +193,1 @@ var kx_sk = curvify_sk(_key.secretKey)
		}

index.js

		'use strict'
		module.exports = require('./protocol')(require('./crypto'))

package.json

		{
		"name": "secret-handshake",
		"description": "a simple and highly private secure-channel protocol",
		"version": "1.1.19",
		"version": "1.1.20",
		"homepage": "https://github.com/dominictarr/secret-handshake",
		@@ -10,2 +10,10 @@ "repository": {
		},
		"scripts": {
		"prepublishOnly": "npm ls && npm test",
		"test": "npm-run-all test:original test:shs1-test",
		"test:original": "set -e; for t in test/*.js; do node $t; done",
		"test:shs1-test": "npm-run-all test:shs1-test:*",
		"test:shs1-test:server": "shs1testserver test/shs1-test/server.js",
		"test:shs1-test:client": "shs1testclient test/shs1-test/client.js"
		},
		"dependencies": {
		@@ -19,5 +27,7 @@ "chloride": "^2.2.8",
		"devDependencies": {
		"npm-run-all": "^4.1.5",
		"pull-bitflipper": "~0.1.0",
		"pull-defer": "^0.2.2",
		"pull-hang": "0.0.0",
		"shs1-test": "^1.1.0",
		"stream-to-pull-stream": "^1.7.3",
		@@ -27,8 +37,4 @@ "tape": "^4.10.1",
		},
		"scripts": {
		"prepublishOnly": "npm ls && npm test",
		"test": "set -e; for t in test/*.js; do node $t; done"
		},
		"author": "Dominic Tarr <dominic.tarr@gmail.com> (http://dominictarr.com)",
		"license": "MIT"
		}

protocol.js

		@@ -81,4 +81,5 @@ 'use strict'
		function abort (err, reason) {
		if(err && err !== true) shake.abort(err, cb)
		else shake.abort(new Error(reason), cb)
		if(err && err !== true) shake.abort(err)
		else shake.abort(new Error(reason))
		// shake.abort(err) triggers cb(err)
		}
		@@ -120,4 +121,4 @@

		var en_nonce = state.remote.app_mac.slice(0, 24)
		var de_nonce = state.local.app_mac.slice(0, 24)
		var encryptNonce = state.remote.app_mac.slice(0, 24)
		var decryptNonce = state.local.app_mac.slice(0, 24)

		@@ -129,8 +130,14 @@ cb(null, {
		auth: state.auth,
		crypto: {
		encryptKey: state.encryptKey,
		decryptKey: state.decryptKey,
		encryptNonce: encryptNonce,
		decryptNonce: decryptNonce
		},
		source: pull(
		stream.source,
		boxes.createUnboxStream(state.decryptKey, de_nonce)
		boxes.createUnboxStream(state.decryptKey, decryptNonce)
		),
		sink: pull(
		boxes.createBoxStream(state.encryptKey, en_nonce),
		boxes.createBoxStream(state.encryptKey, encryptNonce),
		stream.sink
		@@ -167,2 +174,1 @@ )
		}

README.md

		@@ -59,17 +59,6 @@ # secret-handshake

		The simplest way to use secret-handshake is to use
		`require('secret-handshake/net')`, a wrapper around net.
		This makes it easy to create encrypted tcp connections.

		[pull-streams](https://github.com/dominictarr/pull-streams) are used.
		learn about how pull-streams from [these examples](https://github.com/dominictarr/pull-stream-examples)

		[chloride](https://github.com/dominictarr/chloride) is required to generate
		key pairs. (which is my fork of) [sodium](https://github.com/paixaop/node-sodium) (which is also compatible)


		``` js
		var SHS = require('secret-handshake')

		var cl = require('chloride').api
		var cl = require('chloride')
		var appKey = ... //32 random bytes
		@@ -95,15 +84,29 @@ var alice = cl.crypto_sign_keypair() //client

		//connect streams together.
		//simulate a streaming network connection by connecting streams together
		pull(alice_stream, bob_stream, alice_stream)
		```

		## Notes

		I recommend using secret-handshake via [multiserver](https://github.com/dominictarr/multiserver)

		[pull-streams](https://github.com/dominictarr/pull-streams) are used.
		Learn about how pull-streams from [these examples](https://github.com/dominictarr/pull-stream-examples)

		Keypairs are expected to be of the form [sodium](https://github.com/paixaop/node-sodium) produces.
		[chloride](https://github.com/dominictarr/chloride) is my fork of this and is compatible.

		If you're interested in the protocol, you can read more here : https://ssbc.github.io/scuttlebutt-protocol-guide/#handshake

		## api

		### createClient(keypair, appkey, timeout) => createClientStream(key, seed?, cb(err, plainstream)) => cipherstream
		### createClient(keypair, authorize, appkey, timeout) => createClientStream(key, seed?, cb(err, plainstream)) => cipherstream

		`createClient` takes `keypair` `appkey` and `timeout` and
		returns a `createClientStream`
		`createClient` takes:
		- `keypair` - a keypair of form `{ secretKey, publicKey }` - your clients keys (see `chloride#crypto_sign_keypair`)
		- `appkey` - the network identifier, 32 random bytes
		- `timeout` - an integer (in milliseconds? CHECK THIS)

		and returns a `createClientStream`

		`createClientStream` takes a the public `key` for the remote peer,
		@@ -121,24 +124,18 @@ an optional `seed` (which is used to generate a one-time private key),
		`createServer` is similar, except it takes `authorize`,
		which is an async function that will be called when a client connects.
		A stream constructor function is returned, but the server does
		take the client id as an argument. Instead, in the process
		of the handshake, the server learns the `id`, and passes it to
		`authorize`. If `authorize` calls back truthy,
		then it will callback `cb(null, plainstream)` else it errors,
		`cb(err)`. The value that `authorize` calls back `cb(null, <V>)`
		will be assigned to `plainstream.auth = <V>`. Also,
		the `id` of the remote will be assigned to `plainstream.id`.
		- `keypair` - a keypair of form `{ secretKey, publicKey }` (see `chloride#crypto_sign_keypair`)
		- `authorize` - an async function of signature `(id, cb)` that decides whether a client with id == publicKey is allowed to continue with handshake
		- `appkey` - the network identifier, 32 random bytes
		- `timeout` - an integer (in milliseconds? CHECK THIS)

		A stream constructor function is returned
		Note the server DOES NOT take the client id as an argument - instead, in the process
		of the handshake, the server learns the `id`, and passes it to `authorize`.
		If `authorize` calls back truthy, then it will callback `cb(null, plainstream)`
		else it errors, `cb(err)`.
		The value that `authorize` calls back `cb(null, <V>)` will be assigned to `plainstream.auth = <V>`.
		Also, the `id` of the remote will be assigned to `plainstream.id`.
		This way the application layer can know who it's peer is.


		build a client constructor. `keypair` may be null,
		if the stream will be used

		## License

		MIT

secret-handshake - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics