The intent of this is browserifable crypt, which uses the node module on the server, the subtle crypto api if available and the browserify-crypto if not.
Methods
var nCrypto - require('native-crypto');
var hash = new nCrypto.Hash(algo);
hash.update(buffer).update(otherBuffer);
hash.digest().then(function (yourHash){});
var hmac = new nCrypto.Hmac(algo, keyAsBuffer);
hash.update(buffer).update(otherBuffer);
hash.digest().then(function (yourHmac) {});
// or
var hmac = new nCrypto.Hmac(algo, keyAsBuffer, otherHmacToVerify);
hash.update(buffer).update(otherBuffer);
hash.verify().then(function (result) {
// result is a boolean
});
nCrypto.encrypt(key, iv, plainText, aad).then(function (cipherText) {
return nCrypto.decrypt(key, iv, cipherText, aad);
}).then(function (res) {
// res and plainText should be the same
});
// aad is optional
nCrypto.encrypt(key, iv, plainText).then(function (cipherText) {
return nCrypto.decrypt(key, iv, cipherText);
}).then(function (res) {
// res and plainText should be the same
});
Only JWK are supported and both RSA or ECDSA keys are supported (DSA is not
supported by web crypto). If using RSA make sure the .alg
parameter is set on the key and is one of RS256
, RS384
, or RS512
(based on what hash function you want to be using).
var sign = new nCrypto.Signature(privateKey);
sign.update(buffer).update(otherBuffer);
sign.sign().then(function (yourSig) {});
// or
var verify = new nCrypto.Signature(privateKey, sigToVerify);
verify.update(buffer).verify(otherBuffer);
verify.verify().then(function (result) {
// result is a boolean
});
No parameters are optional key may be a string or buffer, salt must be buffers, length is in bytes, algo may be any of the supported hash algorithms.
nCrypto.pbkdf2(key, salt, iterations, length, algo).then(function (derivedKey) {
// you have it
});
For RSA encryption and decryption, only OAEP padding is supported and only using a public key to encrypt and private to decrypt.
nCrypto.rsa.encrypt(key, data).then(function (result) {
// result is a buffer
});
nCrypto.rsa.encrypt(key, encryptedData).then(function (result) {
// result is a buffer
});
You can generate key pairs for signing/verifying in either RSA or ECDSA.
Accepts either a ECC curve:
nCrypto.generate('P-256').then(function (keypair) {
// keypair.publicKey and keypair.privateKey are JWK
});
nCrypto.generate('P-384').then(...
nCrypto.generate('P-521').then(...
or an RSA algorithm identifier and optional length and exponent (as buffer)
nCrypto.generate('RS256').then(...
nCrypto.generate('RS512', 4096, 65537).then(...
nCrypto.generate('RS384', 2048, 3).then(...
key length defaults to 4096 and public exponent to 65537 (aka 0x10001
)