http-request-signature

An HTTP signature parser and generator fully compliant with the proposed "Signing HTTP Messages" Internet Draft.

Status

Installation

Install the package via npm:

npm install http-request-signature --save

Install the package via yarn:

yarn add http-request-signature

Usage

Signing an HTTP message

const { sign } = require('http-request-signature');
const signature = sign({
  headers: {
    '(request-target)': 'post /foo',
    date: '2017-09-01T15:04:17.555Z',
    digest: 'SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE='
  },
  keyId: 'primary',
  secretKey: '96aa9ec42242a9a62196281045705196a64e12b15e9160bbb630e38385b82700e7876fd5cc3a228dad634816f4ec4b80a258b2a552467e5d26f30003211bc45d'
}, { algorithm: 'ed25519' });

// Result: `keyId="primary",algorithm="ed25519",headers="(request-target) date digest",signature="MSd6OVEG4bZ/ClBSKApzqC1UbUkPclq9PyLwWv1//Br2YouqOb1T6izcOPWPY9scxWSfLHR4m6d/HThm7MX7Dw=="`

Verifying an HTTP message

const { verify } = require('http-request-signature');
const result = verify({
  headers: {
    '(request-target)': 'post /foo',
    date: '2017-09-01T15:04:17.555Z',
    digest: 'SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE='
    signature: 'keyId="primary",algorithm="ed25519",headers="(request-target) date digest",signature="MSd6OVEG4bZ/ClBSKApzqC1UbUkPclq9PyLwWv1//Br2YouqOb1T6izcOPWPY9scxWSfLHR4m6d/HThm7MX7Dw=="'
  },
  publicKey: 'e7876fd5cc3a228dad634816f4ec4b80a258b2a552467e5d26f30003211bc45d'
}, { algorithm: 'ed25519' });

// Result:
// {
//   algorithm: 'ed25519',
//   headers: ['(request-target)', 'date', 'digest'],
//   keyId: 'primary',
//   signature: 'MSd6OVEG4bZ/ClBSKApzqC1UbUkPclq9PyLwWv1//Br2YouqOb1T6izcOPWPY9scxWSfLHR4m6d/HThm7MX7Dw==',
//   verified: true
// }

Supported algorithms

Only the ed25519 algorithm is supported at this time.

Release

npm version [<new-version> | major | minor | patch] -m "Release %s"

License

MIT