npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

crypto-stamp

v2.2.0

Published

Create web ready crypto signatures (stamps)

Downloads

69

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

rumkinrumkin

Keywords

cryptographycryptoauthorizationsugnaturesignasynchronous cryptography

Readme

Crypto Stamp

npm Travis npm

Web-ready format and library for signing and verifying asynchronous cryptography signatures. It can be used for authorization and document verification in web pages and web services. It designed to be replay and length expansion attacks resistant.

Installation

Install with npm:

npm i crypto-stamp

Usage

Example of creation, signing and verification stamp with ed25519 custom stamp signer and verifier.

// Require CryptoStamp methods
const {createStamp, verifyStamp} = require('crypto-stamp');
// Require custom CryptoStamp encryption library for example ed25519
const {Signer, Verifier} = require('./crypto-stamp/ed25519');

// Signature generation item
const signer = new Signer({
    secret: Buffer.alloc(32), // Provide secret key
});

// Signature verification item
const verifier = new Verifier();

// Stamp data
const stampData = {
    type: 'auth',
    date: new Date('1970-01-01T00:00:00.000+00:00'),
    holders: ['cryptodoc.org'],
};

// Generate stamp
const stamp = await createStamp(stampData, signer);

// Verify stamp
if (await verifyStamp(stamp, verifier)) {
    // Stamp is valid. Yaeee!
}

Stamp can be used like a WebToken with encodeToken and decodeToken methods.

Stamp

Each stamp authorize action with type and custom params payload at a time as date to unlimited or several holders.

{
    // Stamp action type. Name or URI.
    type: 'auth',
    // Stamp data (optional)
    payload: {},
    // Date of creation
    date: '1970-01-01T00:00:00.000+00:00',
    // Stamp holders
    holders: ['cryptodoc.org', '[email protected]'],
    // Stamp verification data
    stamp: {
        // Signature algorithm name or URI.
        alg: 'ed25519',
        // Signature of length prefixed SHA3-256 hash
        signature: '...signature...',
        // Public key is optional and algorithm dependent property
        publicKey: '...public key...',
    },
}

API

createStamp()

(data:StampData, signer:StampSigner) -> Promise<Stamp,Error>

Method createsStamp converts StampData into deterministic length prefixed hash and sign with Signature interface instance.

const stamp = await verifyStamp(data, verifier)

verifyStamp()

(stamp:Stamp, verifier:StampVerifier) -> Promise<Boolean,Error>

Method verifyStamp converts StampData from stamp into deterministic length prefixed hash and verify it with StampVerifier interface instance.

const isValid = await verifyStamp(stamp, verifier)

StampData Type

{
    type: String,
    payload: Object,
    date: Date|Number,
    holders: String[],
}

Params for stamp creation.

StampSignature Type

{
    alg: String,
    signature: String|Object,
    signer: String?,
}

Stamp Type

{
    type: String,
    payload: Object,
    date: Date|Number,
    holders: String[],
    stamp: StampSignature
}

Stamp is StampData with StampSignature object.

StampSigner Interface

{
    sign(hash:Uint8Array|Buffer) -> Promise<Stamp,Error>
}

See example of ed25519 signer implementation in example/ed25519.js.

StampVerifier Interface

{
    verify(hash:Uint8Array|Buffer, StampSignature) -> Promise<Boolean,Error>
}

See example of ed25519 verifier implementation in example/ed25519.js.

encodeToken()

(stamp:Stamp) -> String

Convert base64 encoded web token string.

encodeToken(stamp) // -> String

decodeToken()

(token:String) -> Stamp

Convert base64 encoded WebToken to Stamp object.

decodeToken(token) // -> Stamp

getHash()

(value:Object, schema?:Object|Array|(() -> Object|Array)) -> Uint8Array

Return SHA3 hash from deterministic JSON string from JS value. Use schema to select exact object properties with normjson.

NOTE V8 doesn't sort object properties in lexicographical order so two familiar objects with different properties order will produce different JSON strings and thus different hashes.

Example
toHex(getHash({a: 1, b: 2})); // -> '7ed7e7ed5657f00683c745c9decb1b985bdd634f68f9f07c68e70b9593637da6'
toHex(getHash({b: 2, a: 1})); // -> '7ed7e7ed5657f00683c745c9decb1b985bdd634f68f9f07c68e70b9593637da6'

toHex()

(array:Uint8Array) -> String

Receive Uint8Array and convert it to hex string.

Spec

Data params.

| Param | Type | Description | |:------|:-----|:------------| | type | String | Required. Stamp type. For example "auth" or "accept". Could be complete URI | | payload | Object | Required. Stamp data. Could be any type. Differs for each action. Could be deleted when stamp created. By default it's an empty object | | date | String,Number | Optional. Date string in ISO 8601 format or unix timestamp | | holders | String[] | Optional. Holders is an array of signature receivers URIs |

Stamp params

| Param | Type | Description | |:------|:-----|:------------| | alg | String | Signature algorithm | | signature | String|Object | Signature itself. Usually hex string but depends on algorithm | | signer | String | Optional. Signature authentication value URI, name, etc | | ... | * | Multiple algorithm based params, for example publicKey. |

Hash

Hash is a SHA3-256 digest from 32 Uint Big Endian prefix length of stamp data and data converted to deterministic JSON string.

  • type
  • payload
  • date
  • holders

LICENSE

MIT