npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@nichoth/rawr-x3dh

v0.2.0

Published

TypeScript implementation of X3DH, as described in ***[Going Bark: A Furry's Guide to End-to-End Encryption](https://soatok.blog/2020/11/14/going-bark-a-furrys-guide-to-end-to-end-encryption/)***.

Downloads

96

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

nichothnichoth

Keywords

X3DHKey agreementcryptographyDiffie-Hellman

Readme

Rawr X3DH

TypeScript implementation of X3DH, as described in Going Bark: A Furry's Guide to End-to-End Encryption.

Support me on Patreon

fork

This is a fork of soatok/rawr-x3dh.

OwO What's This?

This library implements the Extended Triple Diffie-Hellman key exchange, with a few minor tweaks:

  1. Identity keys are Ed25519 public keys, not X25519 public keys. See this for an explanation.
  2. Encryption/decryption and KDF implementations are pluggable (assuming you implement the interface I provide), so you aren't married to HKDF or a particular cipher. (Although I recommend hard-coding it to your application!)

Installation

npm install @nichoth/rawr-x3dh

If you're working server-side, you'll also want to install sodium-native, so that sodium-plus will run faster.

If you're working in a browser or browser extension, don't install sodium-native.

Usage

First, you'll want to import the X3DH class from our module.

import { X3DH } from '@nichoth/rawr-x3dh'

const x3dh = new X3DH()

Note: You can pass some classes to the constructor to replace my algorithm implementations for your own.

import { X3DH } from '@nichoth/rawr-x3dh'

const x3dh = new X3DH(
    sessionKeyManager, /* SessionKeyManagerInterface */
    identityKeyManager, /* IdentityKeyManagerInterface */
    symmetricEncryptionHandler, /* SymmetricEncryptionInterface */
    keyDerivationFunction /* KeyDerivationFunction */
)

Once your X3DH object's instantiated, you will be able to initialize handshakes either as a sender or as a recipient. Then you will be able to encrypt additional messages on either side, and the encryption key shall ratchet forward.

const firstEncrypted = await x3dh.initSend(
    'recipient@server2',
    serverApiCallFunc,
    firstMessage
);

The serverApiCallFunc parameter should be a function that sends a request to the server to obtain the identity key, signed pre-key, and optional one-time key for the handshake.

See the definition of the InitClientFunction type in lib/index.ts.

Once this has completed, you can call encryptNext() multiple times to append messages to send.

const nextEncrypted = await x3dh.encryptNext(
    'recipient@server2',
    'This is a follow-up message UwU'
);

On the other side, your communication partner will use the following feature.

const [sender, firstMessage] = await x3dh.initRecv(senderInfo);
const nextMessage = await x3dh.decryptNext(sender, nextEncrypted);

Note: initRecv() will always return the sender identity (a string) and the message (a Buffer that can be converted to a string). The sender identity should be usable for decryptNext() calls.

However, that doesn't mean it's trustworthy! This library only implements the X3DH pattern. It doesn't implement the Gossamer integration.

Should I Use This?

Don't use it in production until version 1.0.0 has been tagged. The API can break at any moment until that happens (especially if I decide I hate the default key management classes I wrote).

However, feel free to test and play with it.

Questions and Answers

Any Interest in Porting This to $LANG?

I'd love to port this to more languages! That will also allow me to write end-to-end integration tests.

As long as there's a good libsodium implementation, it should be doable.

However, I don't have nearly as much free time as I'd like, so I can't commit to building or supporting multiple implementations right now.

Conversely, if you've ported this to another language, let me know and I'll maintain a list here:

  • (Currently, none.)

Why "Rawr"?

The canonical abbreviation for the eXtended 3-way Diffie Hellman deniable authenticated key exchange is X3DH.

There is a cursed furry copypasta/meme that begins with "rawr x3". The juxtaposition of "x3" and "X3DH" is too perfect an opportunity for dumb jokes to pass up.

Is this a furry thing?

You betcha!

And remember: It's not furry trash, it's yiff-raff.

Why? Just, Why?

I've written a lot of words to answer this line of questioning already on my blog.

You will probably find the answer you're seeking here or here.

Comic by loviesophiee

This is Unprofessional

Folks often say there's an XKCD for Everything! And thus:

XKCD

Who Made That Awesome Project Logo?

Sophie made it.