npm - @hackthedev/dsync-sign - Versions diffs - 1.0.10 → 1.0.11 - Mend

@hackthedev/dsync-sign 1.0.10 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/.gitattributes +2 -0
package/.github/workflows/publish.yml +43 -0
package/README.md +1 -103
package/index.mjs +341 -310
package/js/README.md +112 -0
package/js/index.mjs +341 -0
package/package.json +6 -2

package/.gitattributes ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ # Auto detect text files and perform LF normalization
2	+ * text=auto

package/.github/workflows/publish.yml ADDED Viewed

@@ -0,0 +1,43 @@
+name: Publish to npm
+on:
+  push:
+    branches:
+      - main
+permissions:
+  contents: write
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: true
+      - name: Skip version bump commits
+        run: |
+          if git log -1 --pretty=%B | grep -q "chore: bump version"; then
+            echo "Version bump commit detected, skipping."
+            exit 0
+          fi
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: https://registry.npmjs.org/
+      - run: npm ci
+      - run: |
+          git config user.name "github-actions"
+          git config user.email "actions@github.com"
+          npm version patch -m "chore: bump version %s"
+          git push
+      - run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/README.md CHANGED Viewed

@@ -7,106 +7,4 @@ dSyncSign is an additional package that comes with a few helper functions that c
 - Ability to verify signed strings/objects using a known public key
 - Ability to encrypt and decrypt data with a private key or password
-------
-## Importing
-You can import the package with the following line into your code and install it like below
-```js
-import { dSyncSign } from "@hackthedev/dsync-sign";
-const signer = new dSyncSign("./mykeys.json"); // optional path for private key file
-```
-```sh
-npm i @hackthedev/dsync-sign
-```
-------
-## Signing & Verifying JSON Objects
-You can also sign and very JSON objects pretty easily.
-```js
-const obj = { hello: "world" };
-await signer.signJson(obj);
-console.log("Object with sig", obj);
-const verified = await signer.verifyJson(obj, await signer.getPublicKey());
-console.log("JSON valid?", verified);
-```
-Output:
-```sh
-Object with sig {
-  hello: 'world',
-  sig: 'W3tGrkWdCT62Zc7eJKM2Pr13CgsQc65diH4N5d0pGasyKEpWQVZG5wz6WhlKoJmYqE8O4OSIcm/WVCBtnZM66zpic0PAtuGaTKt224AO/zDWrQhuCDflvR29OHzeKcnHXNVS924PXK24dA2MiILTYlSbGLguIw0bfIWN1hDeVHYWu3VeDmOSBFUlkaviJzxV/lALRSBySIDd5SFFQQWfk0hLv0Hy8MMHzGQetrs9/l5mBLGU8iSrA85alXFN+OKz0Qo57zgPV5cBCl19LB/ZL0oR+GsQv171Jn04UO8hFUsyJJqI2VnPAw11LgPqwXqHUDuQwdCS7zvTyDmlM7+rvA=='
-}
-JSON valid? true
-```
-------
-## Verifying & Signing nested JSON Objects
-Its also possible to sign nested or specific objects.
-```js
-const obj = {
-    hello: {
-        world: "hi"
-    },
-    bye: {
-        crazy: "indeed"
-    }
-};
-await signer.signJson(obj.hello);
-console.log("Object with sig", obj);
-const verified = await signer.verifyJson(obj.hello, await signer.getPublicKey());
-console.log("JSON valid?", verified);
-```
-Output:
-```sh
-Object with sig {
-  hello: {
-    world: 'hi',
-    sig: 'qEsJ8O7HVohexEFpvjVljfvSXdPp93DHAcg1PiLxNA0TjE48FdHd11cS5vYJlLPmpPEG/80cqETsHwlCjTiOZI6xC90IxdGTKGttjv1gFYM5bOgQlgcLW83BtlWdC0PES3xU5nEUCiNfXNKSeUT8HJTEsggQ6c17WjMcunZENEWiRqCQNY3ZXzvrqGKrJ/mm9BrRsgaFZMRh5j0eUhT1eJ4pVp6fleTAYIumuagpwG41MR3CG57dImxCoeFAcCDMikJEQKBknmhaDsEa9UFHzl8+hTsroI30ktTK7kOPf4XKbkuNGX+lZZwZPlWkfh/sQLSD59psvJDVvEQTrX1/KQ=='
-  },
-  bye: { crazy: 'indeed' }
-}
-JSON valid? true
-```
-------
-## Encryption & Decryption using password
-```js
-const secretMsg = "This is some secret text";
-const envPwd = await signer.encrypt(secretMsg, "somepass1234");
-console.log("Envelope (Password):", envPwd);
-const decPwd = await signer.decrypt(envPwd, "somepass1234");
-console.log("Decrypted (Password):", decPwd);
-```
-Output:
-```sh
-Envelope (Password): {
-  method: 'password',
-  salt: 'QxGLufg1lXn6boTVHme8+Q==',
-  iv: 'yum57MIAZc0hUBLXPd7hxQ==',
-  tag: 'jok95AmgKTj0okoLrFeL0A==',
-  ciphertext: 'cDz+F+z8i9emqTO5COKOYfnYWxTB4spC'
-}
-Decrypted (Password): This is some secret text
-```
+Folders like `/js` are meant to show the current available implementations, meaning as of right now dSyncSign is only available in JavaScript/NodeJS.

package/index.mjs CHANGED Viewed

@@ -1,310 +1,341 @@
-import {promises as fs} from "fs";
-import crypto from "crypto";
-export class dSyncSign {
-    constructor(keyFile = "./privatekey.json") {
-        this.KEY_FILE = keyFile;
-        this.sigField = "sig";
-    }
-    canonicalize(x) {
-        if (x === null || typeof x !== "object") return x;
-        if (Array.isArray(x)) return x.map(v => this.canonicalize(v));
-        const out = {};
-        for (const k of Object.keys(x).sort()) out[k] = this.canonicalize(x[k]);
-        return out;
-    }
-    stableStringify(obj) {
-        return JSON.stringify(this.canonicalize(obj));
-    }
-    normalizePublicKey(key) {
-        return key
-            .replace(/\r|\n|\s+/g, '')
-            .replace('-----BEGINPUBLICKEY-----', '-----BEGIN PUBLIC KEY-----')
-            .replace('-----ENDPUBLICKEY-----', '-----END PUBLIC KEY-----')
-            .replace(/-----BEGIN PUBLIC KEY-----/, '-----BEGIN PUBLIC KEY-----\n')
-            .replace(/-----END PUBLIC KEY-----/, '\n-----END PUBLIC KEY-----')
-            .replace(/(.{64})/g, '$1\n')
-            .trim();
-    }
-    async ensureKeyPair() {
-        try {
-            const raw = await fs.readFile(this.KEY_FILE, "utf8");
-            const {privateKey} = JSON.parse(raw);
-            crypto.createPrivateKey(privateKey);
-            const pubKey = crypto.createPublicKey(privateKey).export({type: "spki", format: "pem"});
-            return {privateKey, publicKey: pubKey.toString()};
-        } catch {
-            const {privateKey, publicKey} = crypto.generateKeyPairSync("rsa", {
-                modulusLength: 2048,
-                publicKeyEncoding: {type: "spki", format: "pem"},
-                privateKeyEncoding: {type: "pkcs8", format: "pem"}
-            });
-            await fs.writeFile(this.KEY_FILE, JSON.stringify({privateKey}, null, 2), {encoding: "utf8", mode: 0o600});
-            return {privateKey, publicKey};
-        }
-    }
-    async signString(text) {
-        const priv = await this.getPrivateKey();
-        const signer = crypto.createSign("SHA256");
-        signer.update(text, "utf8");
-        signer.end();
-        return signer.sign(priv, "base64");
-    }
-    verifyString(text, signatureBase64, publicKeyPem) {
-        const verifier = crypto.createVerify("SHA256");
-        verifier.update(text, "utf8");
-        verifier.end();
-        return verifier.verify(publicKeyPem, signatureBase64, "base64");
-    }
-    generateGid(publicKey) {
-        if (publicKey.length >= 120) {
-            return this.encodeToBase64(publicKey.substring(80, 120)) // 40 chars
-        } else {
-            return this.encodeToBase64(publicKey.substring(0, publicKey.length))
-        }
-    }
-    encodeToBase64(str) {
-        return Buffer.from(str, "utf8").toString("base64")
-    }
-    async getPrivateKey() {
-        const {privateKey} = await this.ensureKeyPair();
-        return privateKey;
-    }
-    async getPublicKey() {
-        const {publicKey} = await this.ensureKeyPair();
-        return publicKey;
-    }
-    async encrypt(data, recipient) {
-        const plaintext = typeof data === "string" ? data : this.stableStringify(data);
-        let aesKey;
-        let envelope = {method: ""};
-        if (recipient.includes("BEGIN PUBLIC KEY") || recipient.includes("BEGIN RSA PUBLIC KEY")) {
-            aesKey = crypto.randomBytes(32);
-            envelope.method = "rsa";
-            envelope.encKey = crypto.publicEncrypt(
-                {key: recipient, padding: crypto.constants.RSA_PKCS1_OAEP_PADDING},
-                aesKey
-            ).toString("base64");
-        } else {
-            const salt = crypto.randomBytes(16);
-            aesKey = crypto.pbkdf2Sync(recipient, salt, 100000, 32, "sha256");
-            envelope.method = "password";
-            envelope.salt = salt.toString("base64");
-        }
-        // Standard-konformer 12-Byte-IV (statt 16)
-        const iv = crypto.randomBytes(12);
-        const cipher = crypto.createCipheriv("aes-256-gcm", aesKey, iv);
-        const ciphertext = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
-        const tag = cipher.getAuthTag();
-        return {
-            ...envelope,
-            iv: iv.toString("base64"),
-            tag: tag.toString("base64"),
-            ciphertext: ciphertext.toString("base64")
-        };
-    }
-    async decrypt(envelope, password = null) {
-        let aesKey;
-        if (envelope.method === "rsa") {
-            const priv = await this.getPrivateKey();
-            aesKey = crypto.privateDecrypt(
-                {key: priv, padding: crypto.constants.RSA_PKCS1_OAEP_PADDING},
-                Buffer.from(envelope.encKey, "base64")
-            );
-        } else if (envelope.method === "password") {
-            if (!password) throw new Error("Password required for password-based decryption");
-            aesKey = crypto.pbkdf2Sync(
-                password,
-                Buffer.from(envelope.salt, "base64"),
-                100000,
-                32,
-                "sha256"
-            );
-        } else {
-            throw new Error("Unsupported envelope method");
-        }
-        const iv = Buffer.from(envelope.iv, "base64");
-        const tag = Buffer.from(envelope.tag, "base64");
-        const ciphertext = Buffer.from(envelope.ciphertext, "base64");
-        const decipher = crypto.createDecipheriv("aes-256-gcm", aesKey, iv);
-        decipher.setAuthTag(tag);
-        const dec = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
-        const txt = dec.toString("utf8");
-        try {
-            return JSON.parse(txt);
-        } catch {
-            return txt;
-        }
-    }
-    async signData(data) {
-        const priv = await this.getPrivateKey();
-        const signer = crypto.createSign("SHA256");
-        const payload = typeof data === "string" ? data : this.stableStringify(data);
-        signer.update(payload, "utf8");
-        signer.end();
-        return signer.sign(priv, "base64");
-    }
-    verifyData(data, signature, publicKey) {
-        const verifier = crypto.createVerify("SHA256");
-        const payload = typeof data === "string" ? data : this.stableStringify(data);
-        verifier.update(payload, "utf8");
-        verifier.end();
-        return verifier.verify(publicKey, signature, "base64");
-    }
-    getByPath(root, path) {
-        if (!path) return root;
-        const re = /([^.\[\]]+)|\[(\d+)\]/g;
-        const parts = [];
-        let m;
-        while ((m = re.exec(path)) !== null) parts.push(m[1] !== undefined ? m[1] : Number(m[2]));
-        let cur = root;
-        for (const p of parts) {
-            if (cur == null) return undefined;
-            cur = cur[p];
-        }
-        return cur;
-    }
-    cloneWithoutSig(obj) {
-        if (obj == null || typeof obj !== "object") return obj;
-        let copy;
-        if (typeof structuredClone === "function") {
-            try {
-                copy = structuredClone(obj);
-            } catch {
-                copy = JSON.parse(JSON.stringify(obj));
-            }
-        } else {
-            copy = JSON.parse(JSON.stringify(obj));
-        }
-        if (copy && Object.prototype.hasOwnProperty.call(copy, this.sigField)) delete copy[this.sigField];
-        return copy;
-    }
-    async signJson(targetOrRoot, path) {
-        let target = path ? this.getByPath(targetOrRoot, path) : targetOrRoot;
-        if (target == null) {
-            if (path) return false;
-            throw new TypeError("target required");
-        }
-        if (Array.isArray(target)) {
-            const out = [];
-            for (const item of target) {
-                if (item == null || typeof item !== "object") {
-                    out.push(null);
-                    continue;
-                }
-                if (Object.prototype.hasOwnProperty.call(item, this.sigField)) {
-                    out.push(item[this.sigField]);
-                    continue;
-                }
-                const payload = this.cloneWithoutSig(item);
-                const s = await this.signData(payload);
-                item[this.sigField] = s;
-                out.push(s);
-            }
-            return out;
-        }
-        if (typeof target === "object") {
-            if (Object.prototype.hasOwnProperty.call(target, this.sigField)) return target[this.sigField];
-            const payload = this.cloneWithoutSig(target);
-            const s = await this.signData(payload);
-            target[this.sigField] = s;
-            return s;
-        }
-        throw new TypeError("target must be object or array");
-    }
-    async verifyJson(targetOrRoot, publicKeyOrGetter, path) {
-        let target = path ? this.getByPath(targetOrRoot, path) : targetOrRoot;
-        if (target == null) {
-            if (path) return false;
-            throw new TypeError("target required");
-        }
-        if (Array.isArray(target)) {
-            const out = [];
-            for (const item of target) {
-                if (item == null || typeof item !== "object") {
-                    out.push(false);
-                    continue;
-                }
-                if (!Object.prototype.hasOwnProperty.call(item, this.sigField)) {
-                    out.push(false);
-                    continue;
-                }
-                const signature = item[this.sigField];
-                let pub = publicKeyOrGetter;
-                if (typeof publicKeyOrGetter === "function") pub = await publicKeyOrGetter(item, targetOrRoot);
-                if (!pub) {
-                    out.push(false);
-                    continue;
-                }
-                const payload = this.cloneWithoutSig(item);
-                out.push(Boolean(this.verifyData(payload, signature, pub)));
-            }
-            return out;
-        }
-        if (typeof target === "object") {
-            if (!Object.prototype.hasOwnProperty.call(target, this.sigField)) return false;
-            const signature = target[this.sigField];
-            let pub = publicKeyOrGetter;
-            if (typeof publicKeyOrGetter === "function") pub = await publicKeyOrGetter(target, targetOrRoot);
-            if (!pub) return false;
-            const payload = this.cloneWithoutSig(target);
-            return Boolean(this.verifyData(payload, signature, pub));
-        }
-        throw new TypeError("target must be object or array");
-    }
-}
+import {promises as fs} from "fs";
+import crypto from "crypto";
+export class dSyncSign {
+    constructor(keyFile = "./privatekey.json") {
+        this.KEY_FILE = keyFile;
+        this.sigField = "sig";
+    }
+    canonicalize(x) {
+        if (x === null || typeof x !== "object") return x;
+        if (Array.isArray(x)) return x.map(v => this.canonicalize(v));
+        const out = {};
+        for (const k of Object.keys(x).sort()) out[k] = this.canonicalize(x[k]);
+        return out;
+    }
+    stableStringify(obj) {
+        return JSON.stringify(this.canonicalize(obj));
+    }
+    normalizePublicKey(key) {
+        if (!key) return key;
+        // fuck you
+        key = String(key)
+            .replace(/&lt;br\s*\/?&gt;/gi, "\n")
+            .replace(/<br\s*\/?>/gi, "\n")
+            .replace(/\r\n/g, "\n")
+            .replace(/\r/g, "\n")
+            .trim();
+        if (key.includes("BEGIN PUBLIC KEY") || key.includes("BEGIN RSA PUBLIC KEY")) {
+            key = key
+                .replace(/\n+/g, "\n")
+                .replace(/-----BEGIN PUBLIC KEY-----\s*/g, "-----BEGIN PUBLIC KEY-----\n")
+                .replace(/-----END PUBLIC KEY-----/g, "\n-----END PUBLIC KEY-----")
+                .replace(/-----BEGIN RSA PUBLIC KEY-----\s*/g, "-----BEGIN RSA PUBLIC KEY-----\n")
+                .replace(/-----END RSA PUBLIC KEY-----/g, "\n-----END RSA PUBLIC KEY-----");
+            const isRsa = key.includes("BEGIN RSA PUBLIC KEY");
+            const begin = isRsa ? "-----BEGIN RSA PUBLIC KEY-----" : "-----BEGIN PUBLIC KEY-----";
+            const end = isRsa ? "-----END RSA PUBLIC KEY-----" : "-----END PUBLIC KEY-----";
+            let body = key
+                .replace(begin, "")
+                .replace(end, "")
+                .replace(/\s+/g, "");
+            body = body.match(/.{1,64}/g)?.join("\n") || body;
+            return `${begin}\n${body}\n${end}`;
+        }
+        return key;
+    }
+    async ensureKeyPair() {
+        try {
+            const raw = await fs.readFile(this.KEY_FILE, "utf8");
+            const {privateKey} = JSON.parse(raw);
+            crypto.createPrivateKey(privateKey);
+            const pubKey = crypto.createPublicKey(privateKey).export({type: "spki", format: "pem"});
+            return {privateKey, publicKey: pubKey.toString()};
+        } catch {
+            const {privateKey, publicKey} = crypto.generateKeyPairSync("rsa", {
+                modulusLength: 2048,
+                publicKeyEncoding: {type: "spki", format: "pem"},
+                privateKeyEncoding: {type: "pkcs8", format: "pem"}
+            });
+            await fs.writeFile(this.KEY_FILE, JSON.stringify({privateKey}, null, 2), {encoding: "utf8", mode: 0o600});
+            return {privateKey, publicKey};
+        }
+    }
+    async signString(text) {
+        const priv = await this.getPrivateKey();
+        const signer = crypto.createSign("SHA256");
+        signer.update(text, "utf8");
+        signer.end();
+        return signer.sign(priv, "base64");
+    }
+    verifyString(text, signatureBase64, publicKeyPem) {
+        publicKeyPem = this.normalizePublicKey(publicKeyPem);
+        const verifier = crypto.createVerify("SHA256");
+        verifier.update(text, "utf8");
+        verifier.end();
+        return verifier.verify(publicKeyPem, signatureBase64, "base64");
+    }
+    generateGid(publicKey) {
+        if (publicKey.length >= 120) {
+            return this.encodeToBase64(publicKey.substring(80, 120)) // 40 chars
+        } else {
+            return this.encodeToBase64(publicKey.substring(0, publicKey.length))
+        }
+    }
+    encodeToBase64(str) {
+        return Buffer.from(str, "utf8").toString("base64")
+    }
+    async getPrivateKey() {
+        const {privateKey} = await this.ensureKeyPair();
+        return privateKey;
+    }
+    async getPublicKey() {
+        const {publicKey} = await this.ensureKeyPair();
+        return publicKey;
+    }
+    async encrypt(data, recipient) {
+        const plaintext = typeof data === "string" ? data : this.stableStringify(data);
+        if (typeof recipient === "string") {
+            recipient = this.normalizePublicKey(recipient);
+        }
+        let aesKey;
+        let envelope = {method: ""};
+        if (typeof recipient === "string" && (recipient.includes("BEGIN PUBLIC KEY") || recipient.includes("BEGIN RSA PUBLIC KEY"))) {
+            aesKey = crypto.randomBytes(32);
+            envelope.method = "rsa";
+            envelope.encKey = crypto.publicEncrypt(
+                {key: recipient, padding: crypto.constants.RSA_PKCS1_OAEP_PADDING},
+                aesKey
+            ).toString("base64");
+        } else {
+            const salt = crypto.randomBytes(16);
+            aesKey = crypto.pbkdf2Sync(recipient, salt, 100000, 32, "sha256");
+            envelope.method = "password";
+            envelope.salt = salt.toString("base64");
+        }
+        const iv = crypto.randomBytes(12);
+        const cipher = crypto.createCipheriv("aes-256-gcm", aesKey, iv);
+        const ciphertext = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+        const tag = cipher.getAuthTag();
+        return {
+            ...envelope,
+            iv: iv.toString("base64"),
+            tag: tag.toString("base64"),
+            ciphertext: ciphertext.toString("base64")
+        };
+    }
+    async decrypt(envelope, password = null) {
+        let aesKey;
+        if (envelope.method === "rsa") {
+            const priv = await this.getPrivateKey();
+            aesKey = crypto.privateDecrypt(
+                {key: priv, padding: crypto.constants.RSA_PKCS1_OAEP_PADDING},
+                Buffer.from(envelope.encKey, "base64")
+            );
+        } else if (envelope.method === "password") {
+            if (!password) throw new Error("Password required for password-based decryption");
+            aesKey = crypto.pbkdf2Sync(
+                password,
+                Buffer.from(envelope.salt, "base64"),
+                100000,
+                32,
+                "sha256"
+            );
+        } else {
+            throw new Error("Unsupported envelope method");
+        }
+        const iv = Buffer.from(envelope.iv, "base64");
+        const tag = Buffer.from(envelope.tag, "base64");
+        const ciphertext = Buffer.from(envelope.ciphertext, "base64");
+        const decipher = crypto.createDecipheriv("aes-256-gcm", aesKey, iv);
+        decipher.setAuthTag(tag);
+        const dec = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+        const txt = dec.toString("utf8");
+        try {
+            return JSON.parse(txt);
+        } catch {
+            return txt;
+        }
+    }
+    async signData(data) {
+        const priv = await this.getPrivateKey();
+        const signer = crypto.createSign("SHA256");
+        const payload = typeof data === "string" ? data : this.stableStringify(data);
+        signer.update(payload, "utf8");
+        signer.end();
+        return signer.sign(priv, "base64");
+    }
+    verifyData(data, signature, publicKey) {
+        publicKey = this.normalizePublicKey(publicKey);
+        const verifier = crypto.createVerify("SHA256");
+        const payload = typeof data === "string" ? data : this.stableStringify(data);
+        verifier.update(payload, "utf8");
+        verifier.end();
+        return verifier.verify(publicKey, signature, "base64");
+    }
+    getByPath(root, path) {
+        if (!path) return root;
+        const re = /([^.\[\]]+)|\[(\d+)\]/g;
+        const parts = [];
+        let m;
+        while ((m = re.exec(path)) !== null) parts.push(m[1] !== undefined ? m[1] : Number(m[2]));
+        let cur = root;
+        for (const p of parts) {
+            if (cur == null) return undefined;
+            cur = cur[p];
+        }
+        return cur;
+    }
+    cloneWithoutSig(obj) {
+        if (obj == null || typeof obj !== "object") return obj;
+        let copy;
+        if (typeof structuredClone === "function") {
+            try {
+                copy = structuredClone(obj);
+            } catch {
+                copy = JSON.parse(JSON.stringify(obj));
+            }
+        } else {
+            copy = JSON.parse(JSON.stringify(obj));
+        }
+        if (copy && Object.prototype.hasOwnProperty.call(copy, this.sigField)) delete copy[this.sigField];
+        return copy;
+    }
+    async signJson(targetOrRoot, path) {
+        let target = path ? this.getByPath(targetOrRoot, path) : targetOrRoot;
+        if (target == null) {
+            if (path) return false;
+            throw new TypeError("target required");
+        }
+        if (Array.isArray(target)) {
+            const out = [];
+            for (const item of target) {
+                if (item == null || typeof item !== "object") {
+                    out.push(null);
+                    continue;
+                }
+                if (Object.prototype.hasOwnProperty.call(item, this.sigField)) {
+                    out.push(item[this.sigField]);
+                    continue;
+                }
+                const payload = this.cloneWithoutSig(item);
+                const s = await this.signData(payload);
+                item[this.sigField] = s;
+                out.push(s);
+            }
+            return out;
+        }
+        if (typeof target === "object") {
+            if (Object.prototype.hasOwnProperty.call(target, this.sigField)) return target[this.sigField];
+            const payload = this.cloneWithoutSig(target);
+            const s = await this.signData(payload);
+            target[this.sigField] = s;
+            return s;
+        }
+        throw new TypeError("target must be object or array");
+    }
+    async verifyJson(targetOrRoot, publicKeyOrGetter, path) {
+        let target = path ? this.getByPath(targetOrRoot, path) : targetOrRoot;
+        if (target == null) {
+            if (path) return false;
+            throw new TypeError("target required");
+        }
+        if (Array.isArray(target)) {
+            const out = [];
+            for (const item of target) {
+                if (item == null || typeof item !== "object") {
+                    out.push(false);
+                    continue;
+                }
+                if (!Object.prototype.hasOwnProperty.call(item, this.sigField)) {
+                    out.push(false);
+                    continue;
+                }
+                const signature = item[this.sigField];
+                let pub = publicKeyOrGetter;
+                if (typeof publicKeyOrGetter === "function") pub = await publicKeyOrGetter(item, targetOrRoot);
+                if (!pub) {
+                    out.push(false);
+                    continue;
+                }
+                const payload = this.cloneWithoutSig(item);
+                out.push(Boolean(this.verifyData(payload, signature, pub)));
+            }
+            return out;
+        }
+        if (typeof target === "object") {
+            if (!Object.prototype.hasOwnProperty.call(target, this.sigField)) return false;
+            const signature = target[this.sigField];
+            let pub = publicKeyOrGetter;
+            if (typeof publicKeyOrGetter === "function") pub = await publicKeyOrGetter(target, targetOrRoot);
+            if (!pub) return false;
+            const payload = this.cloneWithoutSig(target);
+            return Boolean(this.verifyData(payload, signature, pub));
+        }
+        throw new TypeError("target must be object or array");
+    }
+}

package/js/README.md ADDED Viewed

@@ -0,0 +1,112 @@
+# dSyncSign
+dSyncSign is an additional package that comes with a few helper functions that can enhance the plain dSync package. dSyncSign comes with the following features:
+- Creation of a private key file and public key
+- Ability to sign strings or json objects, or even nested objects inside a json object
+- Ability to verify signed strings/objects using a known public key
+- Ability to encrypt and decrypt data with a private key or password
+------
+## Importing
+You can import the package with the following line into your code and install it like below
+```js
+import { dSyncSign } from "@hackthedev/dsync-sign";
+const signer = new dSyncSign("./mykeys.json"); // optional path for private key file
+```
+```sh
+npm i @hackthedev/dsync-sign
+```
+------
+## Signing & Verifying JSON Objects
+You can also sign and very JSON objects pretty easily.
+```js
+const obj = { hello: "world" };
+await signer.signJson(obj);
+console.log("Object with sig", obj);
+const verified = await signer.verifyJson(obj, await signer.getPublicKey());
+console.log("JSON valid?", verified);
+```
+Output:
+```sh
+Object with sig {
+  hello: 'world',
+  sig: 'W3tGrkWdCT62Zc7eJKM2Pr13CgsQc65diH4N5d0pGasyKEpWQVZG5wz6WhlKoJmYqE8O4OSIcm/WVCBtnZM66zpic0PAtuGaTKt224AO/zDWrQhuCDflvR29OHzeKcnHXNVS924PXK24dA2MiILTYlSbGLguIw0bfIWN1hDeVHYWu3VeDmOSBFUlkaviJzxV/lALRSBySIDd5SFFQQWfk0hLv0Hy8MMHzGQetrs9/l5mBLGU8iSrA85alXFN+OKz0Qo57zgPV5cBCl19LB/ZL0oR+GsQv171Jn04UO8hFUsyJJqI2VnPAw11LgPqwXqHUDuQwdCS7zvTyDmlM7+rvA=='
+}
+JSON valid? true
+```
+------
+## Verifying & Signing nested JSON Objects
+Its also possible to sign nested or specific objects.
+```js
+const obj = {
+    hello: {
+        world: "hi"
+    },
+    bye: {
+        crazy: "indeed"
+    }
+};
+await signer.signJson(obj.hello);
+console.log("Object with sig", obj);
+const verified = await signer.verifyJson(obj.hello, await signer.getPublicKey());
+console.log("JSON valid?", verified);
+```
+Output:
+```sh
+Object with sig {
+  hello: {
+    world: 'hi',
+    sig: 'qEsJ8O7HVohexEFpvjVljfvSXdPp93DHAcg1PiLxNA0TjE48FdHd11cS5vYJlLPmpPEG/80cqETsHwlCjTiOZI6xC90IxdGTKGttjv1gFYM5bOgQlgcLW83BtlWdC0PES3xU5nEUCiNfXNKSeUT8HJTEsggQ6c17WjMcunZENEWiRqCQNY3ZXzvrqGKrJ/mm9BrRsgaFZMRh5j0eUhT1eJ4pVp6fleTAYIumuagpwG41MR3CG57dImxCoeFAcCDMikJEQKBknmhaDsEa9UFHzl8+hTsroI30ktTK7kOPf4XKbkuNGX+lZZwZPlWkfh/sQLSD59psvJDVvEQTrX1/KQ=='
+  },
+  bye: { crazy: 'indeed' }
+}
+JSON valid? true
+```
+------
+## Encryption & Decryption using password
+```js
+const secretMsg = "This is some secret text";
+const envPwd = await signer.encrypt(secretMsg, "somepass1234");
+console.log("Envelope (Password):", envPwd);
+const decPwd = await signer.decrypt(envPwd, "somepass1234");
+console.log("Decrypted (Password):", decPwd);
+```
+Output:
+```sh
+Envelope (Password): {
+  method: 'password',
+  salt: 'QxGLufg1lXn6boTVHme8+Q==',
+  iv: 'yum57MIAZc0hUBLXPd7hxQ==',
+  tag: 'jok95AmgKTj0okoLrFeL0A==',
+  ciphertext: 'cDz+F+z8i9emqTO5COKOYfnYWxTB4spC'
+}
+Decrypted (Password): This is some secret text
+```

package/js/index.mjs ADDED Viewed

@@ -0,0 +1,341 @@
+import {promises as fs} from "fs";
+import crypto from "crypto";
+export class dSyncSign {
+    constructor(keyFile = "./privatekey.json") {
+        this.KEY_FILE = keyFile;
+        this.sigField = "sig";
+    }
+    canonicalize(x) {
+        if (x === null || typeof x !== "object") return x;
+        if (Array.isArray(x)) return x.map(v => this.canonicalize(v));
+        const out = {};
+        for (const k of Object.keys(x).sort()) out[k] = this.canonicalize(x[k]);
+        return out;
+    }
+    stableStringify(obj) {
+        return JSON.stringify(this.canonicalize(obj));
+    }
+    normalizePublicKey(key) {
+        if (!key) return key;
+        // fuck you
+        key = String(key)
+            .replace(/&lt;br\s*\/?&gt;/gi, "\n")
+            .replace(/<br\s*\/?>/gi, "\n")
+            .replace(/\r\n/g, "\n")
+            .replace(/\r/g, "\n")
+            .trim();
+        if (key.includes("BEGIN PUBLIC KEY") || key.includes("BEGIN RSA PUBLIC KEY")) {
+            key = key
+                .replace(/\n+/g, "\n")
+                .replace(/-----BEGIN PUBLIC KEY-----\s*/g, "-----BEGIN PUBLIC KEY-----\n")
+                .replace(/-----END PUBLIC KEY-----/g, "\n-----END PUBLIC KEY-----")
+                .replace(/-----BEGIN RSA PUBLIC KEY-----\s*/g, "-----BEGIN RSA PUBLIC KEY-----\n")
+                .replace(/-----END RSA PUBLIC KEY-----/g, "\n-----END RSA PUBLIC KEY-----");
+            const isRsa = key.includes("BEGIN RSA PUBLIC KEY");
+            const begin = isRsa ? "-----BEGIN RSA PUBLIC KEY-----" : "-----BEGIN PUBLIC KEY-----";
+            const end = isRsa ? "-----END RSA PUBLIC KEY-----" : "-----END PUBLIC KEY-----";
+            let body = key
+                .replace(begin, "")
+                .replace(end, "")
+                .replace(/\s+/g, "");
+            body = body.match(/.{1,64}/g)?.join("\n") || body;
+            return `${begin}\n${body}\n${end}`;
+        }
+        return key;
+    }
+    async ensureKeyPair() {
+        try {
+            const raw = await fs.readFile(this.KEY_FILE, "utf8");
+            const {privateKey} = JSON.parse(raw);
+            crypto.createPrivateKey(privateKey);
+            const pubKey = crypto.createPublicKey(privateKey).export({type: "spki", format: "pem"});
+            return {privateKey, publicKey: pubKey.toString()};
+        } catch {
+            const {privateKey, publicKey} = crypto.generateKeyPairSync("rsa", {
+                modulusLength: 2048,
+                publicKeyEncoding: {type: "spki", format: "pem"},
+                privateKeyEncoding: {type: "pkcs8", format: "pem"}
+            });
+            await fs.writeFile(this.KEY_FILE, JSON.stringify({privateKey}, null, 2), {encoding: "utf8", mode: 0o600});
+            return {privateKey, publicKey};
+        }
+    }
+    async signString(text) {
+        const priv = await this.getPrivateKey();
+        const signer = crypto.createSign("SHA256");
+        signer.update(text, "utf8");
+        signer.end();
+        return signer.sign(priv, "base64");
+    }
+    verifyString(text, signatureBase64, publicKeyPem) {
+        publicKeyPem = this.normalizePublicKey(publicKeyPem);
+        const verifier = crypto.createVerify("SHA256");
+        verifier.update(text, "utf8");
+        verifier.end();
+        return verifier.verify(publicKeyPem, signatureBase64, "base64");
+    }
+    generateGid(publicKey) {
+        if (publicKey.length >= 120) {
+            return this.encodeToBase64(publicKey.substring(80, 120)) // 40 chars
+        } else {
+            return this.encodeToBase64(publicKey.substring(0, publicKey.length))
+        }
+    }
+    encodeToBase64(str) {
+        return Buffer.from(str, "utf8").toString("base64")
+    }
+    async getPrivateKey() {
+        const {privateKey} = await this.ensureKeyPair();
+        return privateKey;
+    }
+    async getPublicKey() {
+        const {publicKey} = await this.ensureKeyPair();
+        return publicKey;
+    }
+    async encrypt(data, recipient) {
+        const plaintext = typeof data === "string" ? data : this.stableStringify(data);
+        if (typeof recipient === "string") {
+            recipient = this.normalizePublicKey(recipient);
+        }
+        let aesKey;
+        let envelope = {method: ""};
+        if (typeof recipient === "string" && (recipient.includes("BEGIN PUBLIC KEY") || recipient.includes("BEGIN RSA PUBLIC KEY"))) {
+            aesKey = crypto.randomBytes(32);
+            envelope.method = "rsa";
+            envelope.encKey = crypto.publicEncrypt(
+                {key: recipient, padding: crypto.constants.RSA_PKCS1_OAEP_PADDING},
+                aesKey
+            ).toString("base64");
+        } else {
+            const salt = crypto.randomBytes(16);
+            aesKey = crypto.pbkdf2Sync(recipient, salt, 100000, 32, "sha256");
+            envelope.method = "password";
+            envelope.salt = salt.toString("base64");
+        }
+        const iv = crypto.randomBytes(12);
+        const cipher = crypto.createCipheriv("aes-256-gcm", aesKey, iv);
+        const ciphertext = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+        const tag = cipher.getAuthTag();
+        return {
+            ...envelope,
+            iv: iv.toString("base64"),
+            tag: tag.toString("base64"),
+            ciphertext: ciphertext.toString("base64")
+        };
+    }
+    async decrypt(envelope, password = null) {
+        let aesKey;
+        if (envelope.method === "rsa") {
+            const priv = await this.getPrivateKey();
+            aesKey = crypto.privateDecrypt(
+                {key: priv, padding: crypto.constants.RSA_PKCS1_OAEP_PADDING},
+                Buffer.from(envelope.encKey, "base64")
+            );
+        } else if (envelope.method === "password") {
+            if (!password) throw new Error("Password required for password-based decryption");
+            aesKey = crypto.pbkdf2Sync(
+                password,
+                Buffer.from(envelope.salt, "base64"),
+                100000,
+                32,
+                "sha256"
+            );
+        } else {
+            throw new Error("Unsupported envelope method");
+        }
+        const iv = Buffer.from(envelope.iv, "base64");
+        const tag = Buffer.from(envelope.tag, "base64");
+        const ciphertext = Buffer.from(envelope.ciphertext, "base64");
+        const decipher = crypto.createDecipheriv("aes-256-gcm", aesKey, iv);
+        decipher.setAuthTag(tag);
+        const dec = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+        const txt = dec.toString("utf8");
+        try {
+            return JSON.parse(txt);
+        } catch {
+            return txt;
+        }
+    }
+    async signData(data) {
+        const priv = await this.getPrivateKey();
+        const signer = crypto.createSign("SHA256");
+        const payload = typeof data === "string" ? data : this.stableStringify(data);
+        signer.update(payload, "utf8");
+        signer.end();
+        return signer.sign(priv, "base64");
+    }
+    verifyData(data, signature, publicKey) {
+        publicKey = this.normalizePublicKey(publicKey);
+        const verifier = crypto.createVerify("SHA256");
+        const payload = typeof data === "string" ? data : this.stableStringify(data);
+        verifier.update(payload, "utf8");
+        verifier.end();
+        return verifier.verify(publicKey, signature, "base64");
+    }
+    getByPath(root, path) {
+        if (!path) return root;
+        const re = /([^.\[\]]+)|\[(\d+)\]/g;
+        const parts = [];
+        let m;
+        while ((m = re.exec(path)) !== null) parts.push(m[1] !== undefined ? m[1] : Number(m[2]));
+        let cur = root;
+        for (const p of parts) {
+            if (cur == null) return undefined;
+            cur = cur[p];
+        }
+        return cur;
+    }
+    cloneWithoutSig(obj) {
+        if (obj == null || typeof obj !== "object") return obj;
+        let copy;
+        if (typeof structuredClone === "function") {
+            try {
+                copy = structuredClone(obj);
+            } catch {
+                copy = JSON.parse(JSON.stringify(obj));
+            }
+        } else {
+            copy = JSON.parse(JSON.stringify(obj));
+        }
+        if (copy && Object.prototype.hasOwnProperty.call(copy, this.sigField)) delete copy[this.sigField];
+        return copy;
+    }
+    async signJson(targetOrRoot, path) {
+        let target = path ? this.getByPath(targetOrRoot, path) : targetOrRoot;
+        if (target == null) {
+            if (path) return false;
+            throw new TypeError("target required");
+        }
+        if (Array.isArray(target)) {
+            const out = [];
+            for (const item of target) {
+                if (item == null || typeof item !== "object") {
+                    out.push(null);
+                    continue;
+                }
+                if (Object.prototype.hasOwnProperty.call(item, this.sigField)) {
+                    out.push(item[this.sigField]);
+                    continue;
+                }
+                const payload = this.cloneWithoutSig(item);
+                const s = await this.signData(payload);
+                item[this.sigField] = s;
+                out.push(s);
+            }
+            return out;
+        }
+        if (typeof target === "object") {
+            if (Object.prototype.hasOwnProperty.call(target, this.sigField)) return target[this.sigField];
+            const payload = this.cloneWithoutSig(target);
+            const s = await this.signData(payload);
+            target[this.sigField] = s;
+            return s;
+        }
+        throw new TypeError("target must be object or array");
+    }
+    async verifyJson(targetOrRoot, publicKeyOrGetter, path) {
+        let target = path ? this.getByPath(targetOrRoot, path) : targetOrRoot;
+        if (target == null) {
+            if (path) return false;
+            throw new TypeError("target required");
+        }
+        if (Array.isArray(target)) {
+            const out = [];
+            for (const item of target) {
+                if (item == null || typeof item !== "object") {
+                    out.push(false);
+                    continue;
+                }
+                if (!Object.prototype.hasOwnProperty.call(item, this.sigField)) {
+                    out.push(false);
+                    continue;
+                }
+                const signature = item[this.sigField];
+                let pub = publicKeyOrGetter;
+                if (typeof publicKeyOrGetter === "function") pub = await publicKeyOrGetter(item, targetOrRoot);
+                if (!pub) {
+                    out.push(false);
+                    continue;
+                }
+                const payload = this.cloneWithoutSig(item);
+                out.push(Boolean(this.verifyData(payload, signature, pub)));
+            }
+            return out;
+        }
+        if (typeof target === "object") {
+            if (!Object.prototype.hasOwnProperty.call(target, this.sigField)) return false;
+            const signature = target[this.sigField];
+            let pub = publicKeyOrGetter;
+            if (typeof publicKeyOrGetter === "function") pub = await publicKeyOrGetter(target, targetOrRoot);
+            if (!pub) return false;
+            const payload = this.cloneWithoutSig(target);
+            return Boolean(this.verifyData(payload, signature, pub));
+        }
+        throw new TypeError("target must be object or array");
+    }
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hackthedev/dsync-sign",
-  "version": "1.0.10",
+  "version": "1.0.11",
   "description": "",
   "main": "index.mjs",
   "type": "module",
@@ -9,5 +9,9 @@
   },
   "keywords": [],
   "author": "",
-  "license": "ISC"
+  "license": "ISC",
+  "dependencies": {
+    "crypto": "^1.0.1",
+    "fs": "^0.0.1-security"
+  }
 }