This library is a port of the signing part of tweetnacl to WebAssembly + JavaScript. It implements the ed25519 signature scheme. watsign works in all modern browsers as well as node and deno!
The code is based on and tested against tweetnacl-js. If you only need signing, we offer the following advantages:
watsign is even a bit faster than noble-ed25519, which uses built-in JS BigInt for field arithmetic. As opposed to BigInt, the algorithms here (from tweetnacl) are carefully designed to resist timing attacks and prevent memory access patterns depending on secret data.
The code is almost entirely written in raw WAT (Webassembly text format) and bundled to JS-friendly Wasm with watever, the WAT bundler written also by me. Fun fact: even the entry point of this lib is autogenerated from a WAT file (./src/sign.wat). There is no custom JS glue code.
npm i watsign
import {newKeyPair, sign, verify} from 'watsign';
let {publicKey, secretKey} = await newKeyPair();
let message = new TextEncoder().encode('Something I want to sign');
let signature = await sign(message, secretKey);
let ok = await verify(message, signature, publicKey);
console.log('everything ok?', ok);
In deno, you can import from github:
import {newKeyPair, sign, verify} from 'https://raw.githubusercontent.com/mitschabaude/watsign/main/mod.js';
The API is a streamlined version of nacl.sign from tweetnacl-js. The only differences are:
sign is nacl.sign.detachednacl object with nested sub-objectscrypto_sign etc.) and no constants (nacl.sign.signatureLength etc.)Like in tweetnacl-js, all functions operate on Uint8Arrays.
The following is the full list of exported functions and their tweetnacl-js equivalents:
sign(message: Uint8Array, secretKey: Uint8Array): Promise<Uint8Array>
Sign a message with your secret key. Returns a 64 byte signature. Async version of nacl.sign.detached.
verify(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): Promise<boolean>
Verifies the signature, returns true if and only if it is valid. Async version of nacl.sign.detached.verify.
newKeyPair(): Promise<{secretKey: Uint8Array, publicKey: Uint8Array}>
Creates a new, random key pair. Async version of nacl.sign.keyPair.
keyPairFromSeed(seed: Uint8Array): Promise<{secretKey: Uint8Array, publicKey: Uint8Array}>
Deterministically creates a key pair from a 32-byte seed. Async version of nacl.sign.keyPair.fromSeed.
keyPairFromSecretKey(secretKey: Uint8Array): Promise<{secretKey: Uint8Array, publicKey: Uint8Array}>
Re-creates the full key pair from the 64-byte secret key (which, in fact, has the public key stored in its last 32 bytes). Async version of nacl.sign.keyPair.fromSecretKey.
Performance compared to tweetnacl-js and noble-ed25519 on my computer (Intel i7-10700) in Chromium 93 (via puppeteer).
We are 4-6x faster than tweetnacl-js in the warmed-up regime and up to 33x faster on cold start after page load. Compared to noble-ed25519, we are 1.2-3x faster (warmed up) and up to 17x on cold start.
First run after startup (varies between runs!):
sign (short msg): 2.99 ms
verify (short msg): 1.81 ms
sign (long msg): 1.32 ms
verify (long msg): 1.61 ms
Average of 50x after warm-up of 50x:
sign (short msg): 0.67 ± 0.06 ms
verify (short msg): 1.11 ± 0.03 ms
sign (long msg): 0.96 ± 0.06 ms
verify (long msg): 1.28 ± 0.02 ms
First run after startup (varies between runs!):
sign (short msg): 15.85 ms
verify (short msg): 8.45 ms
sign (long msg): 43.88 ms
verify (long msg): 12.18 ms
Average of 50x after warm-up of 50x:
sign (short msg): 2.86 ± 0.19 ms
verify (short msg): 5.65 ± 0.22 ms
sign (long msg): 5.70 ± 0.22 ms
verify (long msg): 7.21 ± 0.23 ms
First run after startup (varies between runs!):
sign (short msg): 53.17 ms
verify (short msg): 3.72 ms
sign (long msg): 2.11 ms
verify (long msg): 3.97 ms
Average of 50x after warm-up of 50x:
sign (short msg): 1.00 ± 0.06 ms
verify (short msg): 3.09 ± 0.09 ms
sign (long msg): 1.27 ± 0.09 ms
verify (long msg): 3.24 ± 0.09 ms
# before you do anything else
npm install
# build wasm and separate entry-points for node / deno / browser
npm run build
# run performance comparison above
node test/performance.js
FAQs
Tweetnacl's ed25519 signatures, ported to WebAssembly for speed
The npm package watsign receives a total of 1 weekly downloads. As such, watsign popularity was classified as not popular.
We found that watsign demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.