npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@ndn/keychain

v0.0.20240630

Published

NDNts: Key Chain

Downloads

21

Readme

@ndn/keychain

This package is part of NDNts, Named Data Networking libraries for the modern web.

This package provides signing algorithms, encryption algorithms, and certificate management features.

The implementation uses Web Crypto API that is natively supported in Node.js and modern browsers. Most browsers restrict WebCrypto to secure contexts only, so that this implementation will not work on a webpage that is not delivered securely. During development, you may use http://localhost or ngrok to serve the webpage from a secure context.

Signing Algorithms

This package implements signature types defined in NDN Packet Format 0.3:

  • [X] DigestSha256 (in @ndn/packet package)
    • [X] signing and verification
  • [X] SignatureSha256WithRsa (RSASSA-PKCS1-v1_5)
    • [X] signing and verification
    • [X] KeyLocator .Name
    • [ ] KeyLocator .KeyDigest
  • [X] SignatureSha256WithEcdsa
    • [X] signing and verification
    • [X] KeyLocator .Name
    • [ ] KeyLocator .KeyDigest
  • [X] SignatureHmacWithSha256
    • [X] signing and verification
    • [ ] KeyLocator matching
  • [X] SignatureEd25519
    • [X] signing and verification
    • [X] KeyLocator .Name
    • [ ] KeyLocator .KeyDigest

Both Interest and Data are signable.

  • [X] sign Interest
    • [X] put certificate name in KeyLocator
    • [X] generate SigNonce, SigTime, SigSeqNum
  • [X] verify Interest
    • [X] check ParametersSha256DigestComponent
    • [X] check SigNonce, SigTime, SigSeqNum
  • [X] sign Data
    • [X] put certificate name in KeyLocator
  • [X] verify Data

Encryption Algorithms

  • [X] AES-CBC
    • [X] low-level encryption and decryption
  • [X] AES-CTR and AES-GCM
    • [X] low-level encryption and decryption
    • [X] generate unique IV
    • [X] check IV uniqueness
  • [X] RSA-OAEP
    • [X] low-level encryption and decryption

Algorithm List (algoList)

Several functions accept an algoList argument that contains the crypto algorithms it can recognize. Typically, the default value of this argument is SigningAlgorithmListSlim, EncryptionAlgorithmListSlim, or CryptoAlgorithmListSlim. These slim lists include only ECDSA algorithm, which is the most commonly used in NDN applications.

If you need to use other algorithms or communicate with applications that use other algorithms, you should pass SigningAlgorithmListFull, EncryptionAlgorithmListFull, or CryptoAlgorithmListFull to these functions. These full lists include all algorithms implemented in NDNts.

If you know which algorithms are needed, you can import individual algorithms and pass an array of desired algorithms.

This design is a trade-off for reducing browser bundle size.

Certificate Management and Storage

Certificate class provides basic operations with NDN Certificate Format.

  • [X] generate self-signed certificate
  • [X] issue certificate to another public key
  • [X] import certificate as PublicKey for RSASSA-PKCS1-v1_5, ECDSA, Ed25519

KeyChain class provides storage of PrivateKey and Certificate. It could be ephemeral or persistent. KeyChain.createTemp() creates an in-memory ephemeral keychain. KeyChain.open(locator) opens a persistent keychain.

Persistent keychain in Node.js uses JSON files as underlying storage. The locator argument should be a filesystem directory where these files are stored. Private keys are saved as JSON Web Key (JWK) format, so that it's important to protect the storage directory. It is unsafe to simultaneously construct multiple KeyChain instances on the same storage directory or access the same keychain from multiple Node.js processes.

Persistent keychain in browser uses IndexedDB API. The locator argument determines the database name(s). Private keys are saved as non-extractable CryptoKey objects.

Known Issues

  • In Firefox, persistent keychain is unusable in a Private Browsing window, due to Mozilla Bug 781982.
  • In Chrome, AES 192-bit key is not supported.
  • Ed25519 in browser is implemented in JavaScript, which is less secure than native Web Crypto implementation.