The intent of this is browserifable crypt, which uses the node module on the server, the subtle crypto api if available and the browserify-crypto if not.
Methods
var nCrypto - require('native-crypto');
var hash = new nCrypto.Hash(algo);
hash.update(buffer).update(otherBuffer);
hash.digest().then(function (yourHash){});
var hmac = new nCrypto.Hmac(algo, keyAsBuffer);
hash.update(buffer).update(otherBuffer);
hash.digest().then(function (yourHmac) {});
// or
var hmac = new nCrypto.Hmac(algo, keyAsBuffer, otherHmacToVerify);
hash.update(buffer).update(otherBuffer);
hash.verify().then(function (result) {
// result is a boolean
});
nCrypto.encrypt(key, iv, plainText, aad).then(function (cipherText) {
return nCrypto.decrypt(key, iv, cipherText, aad);
}).then(function (res) {
// res and plainText should be the same
});
// aad is optional
nCrypto.encrypt(key, iv, plainText).then(function (cipherText) {
return nCrypto.decrypt(key, iv, cipherText);
}).then(function (res) {
// res and plainText should be the same
});
Only JWK are supported and both RSA or ECDSA keys are supported (DSA is not
supported by web crypto). If using RSA make sure the .alg
parameter is set on the key and is one of RS256
, RS384
, or RS512
(based on what hash function you want to be using).
var sign = new nCrypto.Signature(privateKey);
sign.update(buffer).update(otherBuffer);
sign.sign().then(function (yourSig) {});
// or
var verify = new nCrypto.Signature(privateKey, sigToVerify);
verify.update(buffer).verify(otherBuffer);
verify.verify().then(function (result) {
// result is a boolean
});
No parameters are optional key may be a string or buffer, salt must be buffers, length is in bytes, algo may be any of the supported hash algorithms.
nCrypto.pbkdf2(key, salt, iterations, length, algo).then(function (derivedKey) {
// you have it
});
For RSA encryption and decryption, only OAEP padding is supported and only using a public key to encrypt and private to decrypt.
nCrypto.rsa.encrypt(key, data).then(function (result) {
// result is a buffer
});
nCrypto.rsa.decrypt(key, encryptedData).then(function (result) {
// result is a buffer
});
You can generate key pairs for signing/verifying in either RSA or ECDSA, or use with ECDH.
Accepts either a ECC curve:
nCrypto.generate('P-256').then(function (keypair) {
// keypair.publicKey and keypair.privateKey are JWK
});
nCrypto.generate('P-384').then(...
nCrypto.generate('P-521').then(...
or an RSA algorithm identifier and optional length and exponent (as buffer)
nCrypto.generate('RS256').then(...
nCrypto.generate('RS512', 4096, 65537).then(...
nCrypto.generate('RS384', 2048, 3).then(...
key length defaults to 4096 and public exponent to 65537 (aka 0x10001
)
Generate an ECDH Object, accepts a curve type and optionally a private key.
var ecdh1 = new nCrypto.ECDH('P-256'); // generates a new key
var ecdh2 = new nCrypto.ECDH('P-256', keypair.privateKey);
// you can pass in the privateKey from a generate command
You can use .getPublic()
and .getPrivate()
to get the public and private keys of the pair, this is especially handy if you had it generate the key for you, both return a promise.
ecdh1.getPublic().then(function (publicKey) {
// do stuff
});
Finally you can generate a shared secret with the .computeSecret
method, which takes a public key as a method.
ecdh2.computeSecret(publicKey).then(function (secret) {
// do stuff
})