secret-handshake
Advanced tools
secure-channel based on a a mutually authenticating key agreement handshake, with forward secure identity metadata.
For a full explaination of the design, read the Design Paper
This protocol derives shared keys and mutually authenticates both ends of the connection. The shared secrets are forward secure, and so is the identity metadata.
by "forward secure identity metadata" I mean:
And also:
note: a wrong number is just an accidental man in the middle.
By "confirm" I mean check a guess at the public key. By "learn" I mean that you can either extract the public key, or confirm the public key.
Also note that if the server decides not to authenticate a client, it will learn their public key. To get to this stage, the client must know the server's key, so now the client and server both know each others key. This is fair.
This protocol cannot hide your ip address. This protocol does not attempt to obscure packet boundries. If a man in the middle or wrong number later compromises the server's key, they will be able to extract the client key from the client's hello packet.
The simplest way to use secret-handshake is to use
require('secret-handshake/net'), a wrapper around net.
This makes it easy to create encrypted tcp connections.
pull-streams are used. learn about how pull-streams from these examples
sodium is required to generate key pairs.
var createNode = require('secret-handshake/net')
var sodium = require('sodium').api
var appKey = ... //32 random bytes
var aliceKey = sodium.crypto_sign_keypair() //client
var bobKey = sodium.crypto_sign_keypair() //server
var alice = createNode({
keys: aliceKey,
appKey: appKey
})
var bob = createNode({
keys: bobKey,
appKey: appKey,
//the authenticate function is required to receive calls.
authenticate: function (pub, cb) {
//decide whether to allow access to pub.
if(yes) cb(null, truthy)
else cb(new Error('reason'))
//The client WILL NOT see the unauthentication reason
}
})
//now, create a server (bob) and connect a client (alice)
bob.createServer(function (stream) {
pull(source, stream, sink)
}).listen(8978, function () {
var stream =
alice.connect({port: 8979, host: 'localhost', keys: bob.publicKey})
pull(source, stream, sink)
})
MIT
FAQs
a simple and highly private secure-channel protocol
The npm package secret-handshake receives a total of 98 weekly downloads. As such, secret-handshake popularity was classified as not popular.
We found that secret-handshake demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Deno 2.2 enhances Node.js compatibility, improves dependency management, adds OpenTelemetry support, and expands linting and task automation for developers.
Security News
React's CRA deprecation announcement sparked community criticism over framework recommendations, leading to quick updates acknowledging build tools like Vite as valid alternatives.
Security News
Ransomware payment rates hit an all-time low in 2024 as law enforcement crackdowns, stronger defenses, and shifting policies make attacks riskier and less profitable.