SafeExchange is a crypto library for key-exchange, encryption/decryption and digital signature signing
The library allows users to easily perform a Diffie-Hellman key exchange. It utilizes the aes-lib-js library for
AES encryption/decryption and automatically signs encrypted messages and verifies their digital signatures
To see how SafeExchange can be used see the details below or checkout ByteChat for a project using SafeExchange
First you need to generate a secret which you will keep private
The secret value is then used to create the public key which you may distribute
var secret = SafeExchange.generateSecretInt();
var publicKey = SafeExchange.generatePublicKey(secret);
When you receive a public key from another user you will need to use their public key in combination with your generated secret to create a mutual private key that only the two of you know its value
First generate your secret & public key as shown above then create the private key
Once you've created your private key, send them your public key and they will do the same to create a private key, the two keys should match
//Generate your own secret & public key
var friendPublicKey = data.publicKey;
var privateKey = SafeExchange.generatePrivateKey(friendPublicKey, secret);
//Send the friend your public key and they will create their own private key which should match yours
You can also create an IV (Initialization Vector) from your private key This IV will be required when encrypting/decrypting messages
var iv = SafeExchange.generateIV(privateKey);
The following function can be used to encrypt your message and generate a digital signature
The digital signature should be attached with your encrypted message so that the user can verify the authenticity of the message
var msgData = SafeExchange.signMessage(message, pkey, iv);
//Returns { msg: Encrypted message, hash: Encrypted hash value of the message }
The following function can be used to decrypt a received message and verify its digital signature
If the hashes don't match then it could be the message is not genuine and the function will return null otherwise it will return the decrypted message
var message = SafeExchange.releaseMessage(encMessage, encHash, privateKey, iv);
The following data can be distributed publicly:
- Public Key
The following data must not disclosed:
- Private key
- Secret
- IV
- aes-lib-js
- BigInt.js & YaMD5 (Both are included)
- Clone the SafeExchange repository
git clone https://github.com/kyleruss/safe-exchange.git
- Move
SafeExchange.js
and scripts in thedependencies
directory into your project - Include the SafeExchange library and its dependencies in your project Note: SafeExchange also requires aes-lib-js which needs to be loaded before SafeExchange
<!-- Include the aes-lib-js scripts here -->
<script src="depdencies/yamd5.min.js"></script>
<script src="dependencies/BigInt.js"></script>
<script src="SafeExchange.js"></script>
SafeExchange is available under the MIT License
See LICENSE for more details