Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
ssb-keys - npm Package Compare versions
Comparing version 7.1.5 to 7.1.6
| { | ||
| "name": "ssb-keys", | ||
| "description": "keyfile operations for ssb", | ||
| "version": "7.1.5", | ||
| "version": "7.1.6", | ||
| "homepage": "https://github.com/ssbc/ssb-keys", | ||
@@ -6,0 +6,0 @@ "repository": { |
@@ -37,4 +37,31 @@ # SSB-Keys | ||
| ### loadOrCreateSync (filename) | ||
| ### `keys` | ||
| in the below methods, `keys` is an object of the following form: | ||
| ``` js | ||
| { | ||
| "curve": "ed25519", | ||
| "public": "<base64_public_key>.ed25519", | ||
| "private": "<base64_private_key>.ed25519", | ||
| "id": "@<base64_public_key>.ed25519" | ||
| } | ||
| ``` | ||
| The format of the id feed is described in the [protocol guide - keys and identities](https://ssbc.github.io/scuttlebutt-protocol-guide/#keys-and-identities) | ||
| when stored in a file, the file also contains a comment warning the reader | ||
| about safe private key security. | ||
| Comment lines are prefixed with `#` after removing them the result is valid JSON. | ||
| ### hash (data, encoding) => id | ||
| Returns the sha256 hash of a given data. If encoding is not provided then it is assumed to be _binary_. | ||
| ### getTag (ssb_id) => tag | ||
| The SSB ids contain a tag at the end. This function returns it. | ||
| So if you have a string like `@gaQw6zD4pHrg8zmrqku24zTSAINhRg=.ed25519` this function would return `ed25519`. | ||
| This is useful as SSB start providing features for different encryption methods and cyphers. | ||
| ### loadOrCreateSync (filename) => keys | ||
| Load a file containing the your private key. the file will also | ||
@@ -45,2 +72,5 @@ contain a comment with a warning about keeping the file secret. | ||
| (web apps should be hosted a secure way, for example [web-bootloader](https://github.com/dominictarr/web-bootloader)) | ||
| In the browser, the `filename` is used as the `localStorage` key. | ||
| (note: web workers do not support localStorage, so the browser storage localtion will likely | ||
| be changed to indexeddb in the future) | ||
@@ -52,4 +82,12 @@ If the file does not exist it will be created. there is also | ||
| ### generate(curve, seed) | ||
| `keys` is an object as described in [`keys`](#keys) section. | ||
| ### loadOrCreate (filename, cb) | ||
| If a sync file access method is not available, `loadOrCreate` can be called with a | ||
| callback. that callback will be called with `cb(null, keys)`. If loading | ||
| the keys errored, new keys are created. | ||
| ### generate(curve, seed) => keys | ||
| generate a key, with optional seed. | ||
@@ -59,2 +97,4 @@ curve defaults to `ed25519` (and no other type is currently supported) | ||
| `keys` is an object as described in [`keys`](#keys) section. | ||
| ### signObj(keys, hmac_key?, obj) | ||
@@ -70,2 +110,4 @@ | ||
| The fine details of the signature format are described in the [protocol guide](https://ssbc.github.io/scuttlebutt-protocol-guide/#signature) | ||
| ### verifyObj(keys, hmac_key?, obj) | ||
@@ -75,12 +117,30 @@ | ||
| ### box(msg, recipients) | ||
| encrypt a message to many recipients. msg will be JSON encoded, then encrypted | ||
| ### box(content, recipients) => boxed | ||
| encrypt a message content to many recipients. msg will be JSON encoded, then encrypted | ||
| with [private-box](https://github.com/auditdrivencrypto/private-box) | ||
| ### unbox (boxed, keys) | ||
| `recipients` must be an array of feed ids. your own feed id should be included. | ||
| the encryption format is described in the [protocol guide - encrypting](https://ssbc.github.io/scuttlebutt-protocol-guide/#encrypting) | ||
| ### unbox (boxed, keys) => content | ||
| decrypt a message encrypted with `box`. If the `boxed` successfully decrypted, | ||
| the parsed JSON is returned, if not, `undefined` is returned. | ||
| the decryption process is described in the [protocol guide - decrypting](https://ssbc.github.io/scuttlebutt-protocol-guide/#decrypting) | ||
| ### unboxKey (boxed, keys) => msg_key | ||
| extract the `msg_key` used to encrypt this message, or null if it cannot be decrypted. | ||
| the `msg_key` if not null, can then be passed to `unboxBody` | ||
| ### unboxBody (boxed, msg_key) => content | ||
| decrypt a message `content` with a `msg_key`. returns the plaintext message content or null if | ||
| this is not the correct `msg_key`. The purpose of `unboxBody` and `unboxKey` is so support | ||
| messages that are shared then later revealed. | ||
| ### LICENSE | ||
@@ -90,1 +150,9 @@ | ||
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by7124.49%
1363911
- Number of package files
- increased by16.67%
14
- Lines of code
- increased by5446.35%
26567
- Number of lines in readme file
- increased by80.95%
152
Worsened metrics
- Number of medium supply chain risk alerts
- increased byInfinity%
1
No dependency changes