sodium-native
Advanced tools
The sodium-native package provides native bindings to the libsodium library, which is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing, and more.
Encryption and Decryption
This feature allows you to encrypt and decrypt messages using secret-key cryptography. The code sample demonstrates how to encrypt a message and then decrypt it back to its original form.
const sodium = require('sodium-native');
const message = Buffer.from('Hello, World!');
const cipher = Buffer.alloc(message.length + sodium.crypto_secretbox_MACBYTES);
const nonce = Buffer.alloc(sodium.crypto_secretbox_NONCEBYTES);
const key = Buffer.alloc(sodium.crypto_secretbox_KEYBYTES);
sodium.randombytes_buf(nonce);
sodium.randombytes_buf(key);
sodium.crypto_secretbox_easy(cipher, message, nonce, key);
const decrypted = Buffer.alloc(message.length);
if (!sodium.crypto_secretbox_open_easy(decrypted, cipher, nonce, key)) {
throw new Error('Decryption failed');
}
console.log(decrypted.toString());Hashing
This feature allows you to hash data using a cryptographic hash function. The code sample demonstrates how to hash a message and output the hash in hexadecimal format.
const sodium = require('sodium-native');
const input = Buffer.from('Hello, World!');
const output = Buffer.alloc(sodium.crypto_generichash_BYTES);
sodium.crypto_generichash(output, input);
console.log(output.toString('hex'));Key Derivation
This feature allows you to derive subkeys from a master key using a key derivation function. The code sample demonstrates how to derive a subkey from a master key.
const sodium = require('sodium-native');
const masterKey = Buffer.alloc(sodium.crypto_kdf_KEYBYTES);
sodium.randombytes_buf(masterKey);
const subKey = Buffer.alloc(sodium.crypto_kdf_BYTES_MIN);
sodium.crypto_kdf_derive_from_key(subKey, 1, 'context', masterKey);
console.log(subKey.toString('hex'));Digital Signatures
This feature allows you to create and verify digital signatures. The code sample demonstrates how to generate a key pair, sign a message, and verify the signature.
const sodium = require('sodium-native');
const message = Buffer.from('Hello, World!');
const publicKey = Buffer.alloc(sodium.crypto_sign_PUBLICKEYBYTES);
const secretKey = Buffer.alloc(sodium.crypto_sign_SECRETKEYBYTES);
sodium.crypto_sign_keypair(publicKey, secretKey);
const signature = Buffer.alloc(sodium.crypto_sign_BYTES);
sodium.crypto_sign_detached(signature, message, secretKey);
if (sodium.crypto_sign_verify_detached(signature, message, publicKey)) {
console.log('Signature is valid');
} else {
console.log('Signature is invalid');
}libsodium-wrappers is a JavaScript wrapper for the libsodium library, providing similar functionalities to sodium-native but with a focus on ease of use and compatibility with web environments. It is built on top of the WebAssembly version of libsodium, making it suitable for both Node.js and browser environments.
tweetnacl is a cryptographic library that provides a subset of the functionalities offered by sodium-native. It is a smaller, self-contained library that is easy to use and suitable for environments where a smaller footprint is required. However, it does not offer the same breadth of features as sodium-native.
The built-in crypto module in Node.js provides various cryptographic functionalities, including hashing, encryption, and digital signatures. While it is not as comprehensive as sodium-native, it is a good alternative for basic cryptographic needs and does not require any additional dependencies.
Low level bindings for libsodium.
npm install sodium-native
The goal of this project is to be thin, stable, unopionated wrapper around libsodium.
All methods exposed are more or less a direct translation of the libsodium c-api. This means that most data types are buffers and you have to manage allocating return values and passing them in as arguments intead of receiving them as return values.
This makes this API harder to use than other libsodium wrappers out there, but also means that you'll be able to get a lot of perf / memory improvements as you can do stuff like inline encryption / decryption, re-use buffers etc.
This also makes this library useful as a foundation for more high level crypto abstractions that you want to make.
var sodium = require('sodium-native')
var nonce = Buffer.alloc(sodium.crypto_secretbox_NONCEBYTES)
var key = sodium.sodium_malloc(sodium.crypto_secretbox_KEYBYTES) // secure buffer
var message = Buffer.from('Hello, World!')
var ciphertext = Buffer.alloc(message.length + sodium.crypto_secretbox_MACBYTES)
sodium.randombytes_buf(nonce) // insert random data into nonce
sodium.randombytes_buf(key) // insert random data into key
// encrypted message is stored in ciphertext.
sodium.crypto_secretbox_easy(ciphertext, message, nonce, key)
console.log('Encrypted message:', ciphertext)
var plainText = Buffer.alloc(ciphertext.length - sodium.crypto_secretbox_MACBYTES)
if (!sodium.crypto_secretbox_open_easy(plainText, ciphertext, nonce, key)) {
console.log('Decryption failed!')
} else {
console.log('Decrypted message:', plainText, '(' + plainText.toString() + ')')
}
Complete documentation may be found on the sodium-friends website
MIT
v4.3.1
FAQs
Low level bindings for libsodium
The npm package sodium-native receives a total of 167,572 weekly downloads. As such, sodium-native popularity was classified as popular.
We found that sodium-native demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.