npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@transmute/ecdsakoblitzsignature2019

v1.0.0

Published

[![Build Status](https://travis-ci.org/transmute-industries/PROPOSAL-EcdsaKoblitzSignature2019.svg?branch=master)](https://travis-ci.org/transmute-industries/PROPOSAL-EcdsaKoblitzSignature2019) [![codecov](https://codecov.io/gh/transmute-industries/PROPOS

Downloads

2

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ipbyrneipbyrneor13or13transmute-citransmute-ci

Keywords

Readme

PROPOSAL EcdsaKoblitzSignature2019

Build Status codecov Coverage Status MIT License GitHub forks GitHub stars

Motivation

Standards for JSON-LD Signatures provide clear guidance on required attributes for cryptographic suites, yet support for raw EC cryptography is poor, and many implementations are overly coupled to bitcoin or ethereum libraries.

We set out to provide a reference implementation in JavaScript.

We also seek to remedy confusion over how JWT and JSON-LD Signatures are compatible, this implementation differs significantly from Ed25519Signature2018.

If the signature is a valid JWS, then its property name should be jws, this library's signatures are base64Url(hex(leftpad(r),hex(leftpad(s)),hex(v)). This means that no JWS header is validated when the signature is verified.

It also means this signature suites internal signature method can be used to create a valid JWS for ES256K-R, but note that the JOSE algorithm registry does not contain these algorithms yet, and you may have trouble validating JWTs generated with these values such as did-jwt. When ES256K-R is added to JOSE, it would be best to use a JWS approach like the one used for Ed25519Signature2018.

JSON Web Token (JWT) with ES256K (secp256k1) signature

A linked data signature suite is for signing and verifying json-ld. JWS as used in JWTs are used for signing and verifying normal json objects, and in particular, there is no cannonization applied. This means that although EcdsaKoblitzSignature2019 and did-jwt both have signatues of the form base64Url(hex(leftpad(r),hex(leftpad(s)),hex(v)), they are not doing the same thing. One is used to create and verify JWTs, the other is uses to sign and verify json-ld. Both use ecdsa over secp256k1, but EcdsaKoblitzSignature2019 signs verifyData constructed from cannonized and hashing the document and its signatureOptions whereas did-jwt signs a sha256(base64Url(JSON.stringify(header)).base64Url(JSON.stringify(payload))). Though the signature algorithm and encoding of signature is the same, the preprocessing of json and intentions are different.

The correct way to unify these is the way Ed25519Signature2018 is implemented, but this cannot be done until JOSE supports ES256K-R.

It is possible to alter the signature format used by EcdsaKoblitzSignature2019 to be more like Ed25519Signature2018, in anticipation of JOSE support. Its unclear if that should be done or not.

Linked Data Signature Suite Details

canonicalization algorithm: URDNA2015

message digest algorithm: sha256

signature algorithm: secp256k1 ecdsa

signatureValue is base64urlencoded concatonation of hex encoded r, s, recoveryParam.

createVerifyData transforms a javascript objects similar to the approach used in RsaSignature2017, used by mastodon.

createVerifyData is described here

Details

This signature suite follows the approach taken by:

Commercial Support

Commercial support for this library is available upon request from Transmute: [email protected].

W3C Links

Linked Data Cryptographic Suite Registry

Linked Data Signatures

Decentralized Identifiers