ssb-keys - npm Package Compare versions
Comparing version 7.2.0 to 7.2.1
10
index.js
@@ -153,5 +153,11 @@ 'use strict' | ||
| function ssbSecretKeyToPrivateBoxSecret (keys) { | ||
| return sodium.crypto_sign_ed25519_sk_to_curve25519(u.toBuffer(keys.private || keys)) | ||
| } | ||
| exports.ssbSecretKeyToPrivateBoxSecret = ssbSecretKeyToPrivateBoxSecret | ||
| exports.unboxKey = function (boxed, keys) { | ||
| boxed = u.toBuffer(boxed) | ||
| var sk = sodium.crypto_sign_ed25519_sk_to_curve25519(u.toBuffer(keys.private || keys)) | ||
| var sk = ssbSecretKeyToPrivateBoxSecret(keys) | ||
| return pb.multibox_open_key(boxed, sk) | ||
@@ -192,2 +198,2 @@ } | ||
| return JSON.parse(ptxt.toString()) | ||
| } | ||
| } |
| { | ||
| "name": "ssb-keys", | ||
| "description": "keyfile operations for ssb", | ||
| "version": "7.2.0", | ||
| "version": "7.2.1", | ||
| "homepage": "https://github.com/ssbc/ssb-keys", | ||
@@ -6,0 +6,0 @@ "repository": { |
@@ -148,2 +148,6 @@ # SSB-Keys | ||
| ### ssbSecretKeyToPrivateBoxSecret(keys) | ||
| Convert from the ed25519 secret key (ssb secret key type) to the curve25519 key type that is used by `private-box`. | ||
| ### LICENSE | ||
@@ -150,0 +154,0 @@ |
@@ -35,17 +35,17 @@ 'use strict' | ||
| return [ | ||
| '# this is your SECRET name.', | ||
| '# this name gives you magical powers.', | ||
| '# with it you can mark your messages so that your friends can verify', | ||
| '# that they really did come from you.', | ||
| '#', | ||
| '# if any one learns this name, they can use it to destroy your identity', | ||
| '# NEVER show this to anyone!!!', | ||
| '', | ||
| legacy ? keys.private : JSON.stringify(keys, null, 2), | ||
| '', | ||
| '# WARNING! It\'s vital that you DO NOT edit OR share your secret name', | ||
| '# instead, share your public name', | ||
| '# your public name: ' + keys.id | ||
| ].join('\n') | ||
| return `# WARNING: Never show this to anyone. | ||
| # WARNING: Never edit it or use it on multiple devices at once. | ||
| # | ||
| # This is your SECRET, it gives you magical powers. With your secret you can | ||
| # sign your messages so that your friends can verify that the messages came | ||
| # from you. If anyone learns your secret, they can use it to impersonate you. | ||
| # | ||
| # If you use this secret on more than one device you will create a fork and | ||
| # your friends will stop replicating your content. | ||
| # | ||
| ${legacy ? keys.private : JSON.stringify(keys, null, 2)} | ||
| # | ||
| # The only part of this file that's safe to share is your public name: | ||
| # | ||
| # ${keys.id}` | ||
| } | ||
@@ -52,0 +52,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.65%
22843
- Lines of code
- increased by1%
504
- Number of lines in readme file
- increased by2.5%
164
- Number of medium supply chain risk alerts
- decreased by-50%
1