@dash-ota/shared

v0.1.0

Published

Shared crypto + protocol core for dash-ota (Ed25519, AES-256-GCM, ECDSA device-key auth, canonical JSON, manifest schema).

Readme

@dash-ota/shared

The crypto + protocol core shared by dash-ota's @dash-ota/cli (signer) and @dash-ota/backend (distributor). Pure Node cryptono external crypto dependencies.

This is an internal building block. App developers integrate react-native-dash-ota (client) and @dash-ota/backend (server); you rarely depend on this package directly.

What's inside

  • Ed25519 manifest signing + verification (signManifest, verifyManifest)
  • AES-256-GCM payload encryption + the SOA1 archive format (buildRelease, openRelease)
  • ECDSA P-256 request verification for the hardware device-key auth (verifyRequestEcdsa)
  • Canonical JSON, the manifest schema, and targeting (exact runtimeVersion gate, targetAppVersions semver subset, deterministic rollout bucketing)
  • runtimeVersion fingerprinting of native inputs

Installation

npm install @dash-ota/shared

Design

The trust split — signing only in the CLI, verification in native, a compromise-tolerant backend — is described in POC.md.

License

MIT