@dash-ota/shared
v0.1.0
Published
Shared crypto + protocol core for dash-ota (Ed25519, AES-256-GCM, ECDSA device-key auth, canonical JSON, manifest schema).
Readme
@dash-ota/shared
The crypto + protocol core shared by dash-ota's
@dash-ota/cli (signer) and
@dash-ota/backend
(distributor). Pure Node crypto — no external crypto dependencies.
This is an internal building block. App developers integrate
react-native-dash-ota(client) and@dash-ota/backend(server); you rarely depend on this package directly.
What's inside
- Ed25519 manifest signing + verification (
signManifest,verifyManifest) - AES-256-GCM payload encryption + the
SOA1archive format (buildRelease,openRelease) - ECDSA P-256 request verification for the hardware device-key auth (
verifyRequestEcdsa) - Canonical JSON, the manifest schema, and targeting (exact
runtimeVersiongate,targetAppVersionssemver subset, deterministic rollout bucketing) runtimeVersionfingerprinting of native inputs
Installation
npm install @dash-ota/sharedDesign
The trust split — signing only in the CLI, verification in native, a compromise-tolerant backend — is described in POC.md.
License
MIT