this is the @webboot/crypto library.
not audited and deployed yet. please be careful
webboot aims to make tofu - trust on first use a bit less scary.
this library exposes all cryptographic functionality used throughout webboot, making both testing and auditing easier.
additionally, this library does not have production dependencies.
npm install --save-exact @webboot/cryptoimport crypto from '@webboot/crypto'
const hash = crypto.hash.create('testing', 'sha512')
console.log(hash)hashes a string with the specified algorithm. default algo is sha521
import crypto from '@webboot/crypto'
const { hash, algorithm } = crypto.hash.create('testing', 'sha512')
console.log({ hash, algorithm })const options = {
// ecdh curve to use
curve: 'secp521r1',
// return private key
priv: false,
// toString encoding to use before returning the keys, eg 'base64', 'hex'
encoding: false,
}generates an ecdh pub/priv key pair.
import crypto from '@webboot/crypto'
const { curve, priv, pub } = crypto.ecdh('testing', { priv: true })
// curve = 'secp521r1'
// priv = Buffer
// pub = Bufferby default, crypto.ecdh returns buffers.
to return base64 or hex strings, simply specifiy the encoding as such.
import crypto from '@webboot/crypto'
const { curve, priv, pub } = crypto.ecdh('testing', { encoding: 'base64', priv: true })
// curve = 'secp521r1'
// priv = String
// pub = Stringimport crypto from '@webboot/crypto'
const alicePrivateKey = crypto.hash.create('Alice: this string DOES NOT get hashed by ecdh.')
const bobPrivateKey = crypto.hash.create('Bob: this string DOES NOT get hashed by ecdh.')
const evePrivateKey = crypto.hash.create('Eve: this string DOES NOT get hashed by ecdh.')
const lilithPrivateKey = crypto.hash.create('Lilith: this string DOES NOT get hashed by ecdh.')
const alice = crypto.ecdh(alicePrivateKey)
const bob = crypto.ecdh(bobPrivateKey)
const eve = crypto.ecdh(evePrivateKey)
const lilith = crypto.ecdh(lilithPrivateKey)
const aliceSecret = alice.computeSecret(bob.pub)
const bobSecret = bob.computeSecret(alice.pub)
const eveSecret = eve.computeSecret(lilith.pub)
const lilithSecret = eve.computeSecret(eve.pub)
console.log(aliceSecret === bobSecret) // true
console.log(eveSecret === lilithSecret) // true
console.log(aliceSecret === eveSecret) // false
console.log(bobSecret === lilithSecret) // false
if you want to use a different curve, just specify it.
please note that secp521r1 has been chosen after careful consideration of curve options.
being one of the default curves, it's existence can be assumed on most systems. SP 800-186 draft
first release
bump required node version to 14.2.0
- format
- update number error handling
- fix missing production dependency of @magic/types
- update dependencies
...