npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

pemmican

v0.1.4

Published

public/private key pair generation, signing, verification, encryption and decryption

Downloads

5

Readme

public/private key pair generation, signing, verification, encryption and decryption

Just like its namesake, the legendary survival food, our "pemmican" module delivers the essentials—public/private key generation, PEM conversion, data signing, verification and encryption/decryption—without any of the bloat.

Getting Started

Generating a Key Pair

Generate a public/private key pair to start securing your application. There are 2 types of key-pairs. One can be used for signing and another for encrypting and decrypting. The parameters "generateKeyPair" takes is either "signing" or "encryption".

import { Pemmican } from 'https://raw.githubusercontent.com/sebringj/pemmican/main/mod.ts';

async function generateKeys() {
  const { publicKeyPem, privateKeyPem } = await Pemmican.generateKeyPair('signing');
  console.log('Public Key:', publicKeyPem);
  console.log('Private Key:', privateKeyPem);
}

generateKeys();

Signing Data

Sign a piece of data using your private key, ensuring that it can be verified by the recipient.

import { Pemmican } from 'https://raw.githubusercontent.com/sebringj/pemmican/main/mod.ts';

async function signMessage() {
  const { privateKeyPem } = await Pemmican.generateKeyPair('signing'); // Assume privateKeyPem is obtained
  const data = 'Hello, Pemmican!';
  const { signatureBase64, timeStampISO } = await Pemmican.signData({ data, privateKeyPem });
  console.log('Signature:', signatureBase64);
  console.log('Timestamp:', timeStampISO);
}

signMessage();

Verifying a Signature

To verify a signature, you'll need the public key, the original data that was signed, and the signature you wish to verify. This ensures the integrity and authenticity of the data.

import { Pemmican } from 'https://raw.githubusercontent.com/sebringj/pemmican/main/mod.ts';

async function verifySignature() {
  // Obtain initial keys, usually generated beforehand and stored
  const { publicKeyPem, privateKeyPem } = await Pemmican.generateKeyPair('signing');

  // Create test data
  const data = 'Hello, Pemmican!';
  
  // Signing the data to generate a signature
  const { signatureBase64 } = await Pemmican.signData({ data, privateKeyPem });

  // Now, verifying the signature with the public key
  const isValid = await Pemmican.verifySignature({ data, signatureBase64, publicKeyPem });

  if (isValid) {
    console.log('The signature is valid.');
  } else {
    console.log('The signature is invalid.');
  }
}

verifySignature();

This example guides you through the process of:

  1. Assuming you have a public key (publicKeyPem) and a private key (privateKeyPem).
  2. Signing a message with the private key to produce a signature.
  3. Verifying the signature using the corresponding public key to ensure the message's integrity and authenticity.

Remember, in a real-world scenario, the public key and the signature would typically be shared with the recipient (for verification), while the private key is securely stored and used for signing by the sender.

Encrypt and Decrypt using public/private keys

To encrypt a payload and decrypt it, you use the public key to encrypt and then the private key to decrypt.

import { Pemmican } from 'https://raw.githubusercontent.com/sebringj/pemmican/main/mod.ts';

async function encryptAndDecrypt() {
  const { publicKeyPem, privateKeyPem } = await Pemmican.generateKeyPair('encryption');
  const data = "Secret message";

  const encryptedData = await Pemmican.encryptWithPublicKey({ data, publicKeyPem });
  const decryptedData = await Pemmican.decryptWithPrivateKey({ encryptedData, privateKeyPem });
  
  if (data === decryptedData) {
    console.log('The decrypted data matches the original data.')
  } else {
    console.log('The decrypted data does not match the original data.')
  }
}

encryptAndDecrypt();

In this example, the sender would be given a public key first from the receiver. The sender then can use the public key to encrypt the message and only then the receiver can decrypt it.