/did-crypto-typescript

Crypto library to handle key management for DIDs

Primary LanguageTypeScriptApache License 2.0Apache-2.0

DIF Logo

DID TypeScript Crypto

This library provides core crypto functions.

Deterministic Pairwise Keys

A core capability of this library is the generation of deterministic pairwise keys.
A pairwise key is a unique key for a relationship between a persona (user's DID) and a peer such as a relying party or another DID user.
Deterministic means that all pairwise keys can be recalculated.

Cryptography in Browser and Nodejs

Different environments such as a browser or Node.js support different crypto libraries.
This library expects a crypto object which is the cryptography layer for the environment.

Browser

window.crypto

Node.js

import WebCrypto from 'node-webcrypto-ossl';
const crypto = new WebCrypto();

Supported algorithms

The library supports RSA and elliptic curve secp256k1 keys.
The library also supports secrets used for HMAC.
The algorithm specification are conform with the Web Cryptography API.
This repo has a collection of examples how to use the Web Cryptography API.

Key generation

const didKey = new DidKey(crypto, algorithm, null, true);

crypto: see cryptography section
algorithm: The generatekey algorithm as specified in Web Cryptography API
key: null means that Didkey has to generate the key
exportable: True if the key can be exported

Examples of supported algorithms

  • const algorithm = { name: 'hmac', hash: { name: 'SHA-256' } };
  • const algorithm = { name: 'ECDSA', namedCurve: 'P-256K', hash: { name: 'SHA-256' } };
  • const algorithm = { name: 'RSASSA-PKCS1-v1_5', modulusLength: 2048, publicExponent: new Uint8Array([0x01, 0x00, 0x01]), hash: { name: 'SHA-256' } };

methods of Didkey

const didKey = new DidKey(crypto, algorithm, null, true);

Generate a pairwise key

const pairwiseKey: DidKey = await didKey.generatePairwise(seed, personaId, peerId);
seed: Buffer representing at least 32 bytes of random data
personaId: String representing an identifier for a persona (user's DID)
peerId: String representing an identifier for the peer
Remark: To generate a deterministic key for a persona, use the same value for personaId and peerId.

Get the private key in Json Web Key format

const jwkKey = await didKey.getJwkKey(KeyExport.Private);

Get the public key in Json Web Key format

const jwkKey = await didKey.getJwkKey(KeyExport.Public);

Installation

Install the library into your project with npm:

npm install @decentralized-identity/did-crypto-typescript

Crypto Dependancy

This library uses @peculiar/webcrypto as base crypto library for nodejs. This library is still in an experimental stage and should for now not be used in production code. In the browser one can use the native window.crypto object supported in all modern browsers.

Supported algorithms

The library supports the following algorithms for generating pairwise keys: RSA secp256k1