npm - @sd-jwt/crypto-nodejs - Versions diffs - 0.3.2-next.72 → 0.3.2-next.74 - Mend

@sd-jwt/crypto-nodejs 0.3.2-next.72 → 0.3.2-next.74

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -1,4 +1,13 @@
 declare const generateSalt: (length: number) => string;
 declare const digest: (data: string, algorithm?: string) => Uint8Array;
+declare const ES256: {
+    alg: string;
+    generateKeyPair(): Promise<{
+        publicKey: JsonWebKey;
+        privateKey: JsonWebKey;
+    }>;
+    getSigner(privateKeyJWK: object): Promise<(data: string) => Promise<string>>;
+    getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
+};
-export { digest, generateSalt };
+export { ES256, digest, generateSalt };

package/dist/index.d.ts CHANGED Viewed

@@ -1,4 +1,13 @@
 declare const generateSalt: (length: number) => string;
 declare const digest: (data: string, algorithm?: string) => Uint8Array;
+declare const ES256: {
+    alg: string;
+    generateKeyPair(): Promise<{
+        publicKey: JsonWebKey;
+        privateKey: JsonWebKey;
+    }>;
+    getSigner(privateKeyJWK: object): Promise<(data: string) => Promise<string>>;
+    getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>;
+};
-export { digest, generateSalt };
+export { ES256, digest, generateSalt };

package/dist/index.js CHANGED Viewed

@@ -16,10 +16,31 @@ var __copyProps = (to, from, except, desc) => {
   return to;
 };
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __async = (__this, __arguments, generator) => {
+  return new Promise((resolve, reject) => {
+    var fulfilled = (value) => {
+      try {
+        step(generator.next(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var rejected = (value) => {
+      try {
+        step(generator.throw(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+    step((generator = generator.apply(__this, __arguments)).next());
+  });
+};
 // src/index.ts
 var src_exports = {};
 __export(src_exports, {
+  ES256: () => ES256,
   digest: () => digest,
   generateSalt: () => generateSalt
 });
@@ -43,8 +64,96 @@ var digest = (data, algorithm = "SHA-256") => {
   return new Uint8Array(hashBuffer);
 };
 var toNodeCryptoAlg = (hashAlg) => hashAlg.replace("-", "").toLowerCase();
+var ES256 = {
+  alg: "ES256",
+  generateKeyPair() {
+    return __async(this, null, function* () {
+      const { subtle } = globalThis.crypto;
+      const keyPair = yield subtle.generateKey(
+        {
+          name: "ECDSA",
+          namedCurve: "P-256"
+          // ES256
+        },
+        true,
+        // whether the key is extractable (i.e., can be used in exportKey)
+        ["sign", "verify"]
+        // can be used to sign and verify signatures
+      );
+      const publicKeyJWK = yield subtle.exportKey("jwk", keyPair.publicKey);
+      const privateKeyJWK = yield subtle.exportKey("jwk", keyPair.privateKey);
+      return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+    });
+  },
+  getSigner(privateKeyJWK) {
+    return __async(this, null, function* () {
+      const { subtle } = globalThis.crypto;
+      const privateKey = yield subtle.importKey(
+        "jwk",
+        privateKeyJWK,
+        {
+          name: "ECDSA",
+          namedCurve: "P-256"
+          // Must match the curve used to generate the key
+        },
+        true,
+        // whether the key is extractable (i.e., can be used in exportKey)
+        ["sign"]
+      );
+      return (data) => __async(this, null, function* () {
+        const encoder = new TextEncoder();
+        const signature = yield subtle.sign(
+          {
+            name: "ECDSA",
+            hash: { name: "SHA-256" }
+            // Required for ES256
+          },
+          privateKey,
+          encoder.encode(data)
+        );
+        return btoa(String.fromCharCode(...new Uint8Array(signature))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+      });
+    });
+  },
+  getVerifier(publicKeyJWK) {
+    return __async(this, null, function* () {
+      const { subtle } = globalThis.crypto;
+      const publicKey = yield subtle.importKey(
+        "jwk",
+        publicKeyJWK,
+        {
+          name: "ECDSA",
+          namedCurve: "P-256"
+          // Must match the curve used to generate the key
+        },
+        true,
+        // whether the key is extractable (i.e., can be used in exportKey)
+        ["verify"]
+      );
+      return (data, signatureBase64url) => __async(this, null, function* () {
+        const encoder = new TextEncoder();
+        const signature = Uint8Array.from(
+          atob(signatureBase64url.replace(/-/g, "+").replace(/_/g, "/")),
+          (c) => c.charCodeAt(0)
+        );
+        const isValid = yield subtle.verify(
+          {
+            name: "ECDSA",
+            hash: { name: "SHA-256" }
+            // Required for ES256
+          },
+          publicKey,
+          signature,
+          encoder.encode(data)
+        );
+        return isValid;
+      });
+    });
+  }
+};
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  ES256,
   digest,
   generateSalt
 });

package/dist/index.mjs CHANGED Viewed

@@ -1,3 +1,24 @@
+var __async = (__this, __arguments, generator) => {
+  return new Promise((resolve, reject) => {
+    var fulfilled = (value) => {
+      try {
+        step(generator.next(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var rejected = (value) => {
+      try {
+        step(generator.throw(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+    step((generator = generator.apply(__this, __arguments)).next());
+  });
+};
 // src/crypto.ts
 import { createHash, randomBytes } from "crypto";
 var generateSalt = (length) => {
@@ -16,7 +37,95 @@ var digest = (data, algorithm = "SHA-256") => {
   return new Uint8Array(hashBuffer);
 };
 var toNodeCryptoAlg = (hashAlg) => hashAlg.replace("-", "").toLowerCase();
+var ES256 = {
+  alg: "ES256",
+  generateKeyPair() {
+    return __async(this, null, function* () {
+      const { subtle } = globalThis.crypto;
+      const keyPair = yield subtle.generateKey(
+        {
+          name: "ECDSA",
+          namedCurve: "P-256"
+          // ES256
+        },
+        true,
+        // whether the key is extractable (i.e., can be used in exportKey)
+        ["sign", "verify"]
+        // can be used to sign and verify signatures
+      );
+      const publicKeyJWK = yield subtle.exportKey("jwk", keyPair.publicKey);
+      const privateKeyJWK = yield subtle.exportKey("jwk", keyPair.privateKey);
+      return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+    });
+  },
+  getSigner(privateKeyJWK) {
+    return __async(this, null, function* () {
+      const { subtle } = globalThis.crypto;
+      const privateKey = yield subtle.importKey(
+        "jwk",
+        privateKeyJWK,
+        {
+          name: "ECDSA",
+          namedCurve: "P-256"
+          // Must match the curve used to generate the key
+        },
+        true,
+        // whether the key is extractable (i.e., can be used in exportKey)
+        ["sign"]
+      );
+      return (data) => __async(this, null, function* () {
+        const encoder = new TextEncoder();
+        const signature = yield subtle.sign(
+          {
+            name: "ECDSA",
+            hash: { name: "SHA-256" }
+            // Required for ES256
+          },
+          privateKey,
+          encoder.encode(data)
+        );
+        return btoa(String.fromCharCode(...new Uint8Array(signature))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+      });
+    });
+  },
+  getVerifier(publicKeyJWK) {
+    return __async(this, null, function* () {
+      const { subtle } = globalThis.crypto;
+      const publicKey = yield subtle.importKey(
+        "jwk",
+        publicKeyJWK,
+        {
+          name: "ECDSA",
+          namedCurve: "P-256"
+          // Must match the curve used to generate the key
+        },
+        true,
+        // whether the key is extractable (i.e., can be used in exportKey)
+        ["verify"]
+      );
+      return (data, signatureBase64url) => __async(this, null, function* () {
+        const encoder = new TextEncoder();
+        const signature = Uint8Array.from(
+          atob(signatureBase64url.replace(/-/g, "+").replace(/_/g, "/")),
+          (c) => c.charCodeAt(0)
+        );
+        const isValid = yield subtle.verify(
+          {
+            name: "ECDSA",
+            hash: { name: "SHA-256" }
+            // Required for ES256
+          },
+          publicKey,
+          signature,
+          encoder.encode(data)
+        );
+        return isValid;
+      });
+    });
+  }
+};
 export {
+  ES256,
   digest,
   generateSalt
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sd-jwt/crypto-nodejs",
-  "version": "0.3.2-next.72+a8bd120",
+  "version": "0.3.2-next.74+d503996",
   "description": "sd-jwt draft 7 implementation in typescript",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -52,5 +52,5 @@
       "esm"
     ]
   },
-  "gitHead": "a8bd120094ea0d022e963f03e32d90f51dd9443d"
+  "gitHead": "d5039962a53cb1b55a28dc956d71eab865c05917"
 }

package/src/crypto.ts CHANGED Viewed

@@ -19,3 +19,89 @@ export const digest = (data: string, algorithm = 'SHA-256'): Uint8Array => {
 const toNodeCryptoAlg = (hashAlg: string): string =>
   hashAlg.replace('-', '').toLowerCase();
+export const ES256 = {
+  alg: 'ES256',
+  async generateKeyPair() {
+    const { subtle } = globalThis.crypto;
+    const keyPair = await subtle.generateKey(
+      {
+        name: 'ECDSA',
+        namedCurve: 'P-256', // ES256
+      },
+      true, // whether the key is extractable (i.e., can be used in exportKey)
+      ['sign', 'verify'], // can be used to sign and verify signatures
+    );
+    // Export the public and private keys in JWK format
+    const publicKeyJWK = await subtle.exportKey('jwk', keyPair.publicKey);
+    const privateKeyJWK = await subtle.exportKey('jwk', keyPair.privateKey);
+    return { publicKey: publicKeyJWK, privateKey: privateKeyJWK };
+  },
+  async getSigner(privateKeyJWK: object) {
+    const { subtle } = globalThis.crypto;
+    const privateKey = await subtle.importKey(
+      'jwk',
+      privateKeyJWK,
+      {
+        name: 'ECDSA',
+        namedCurve: 'P-256', // Must match the curve used to generate the key
+      },
+      true, // whether the key is extractable (i.e., can be used in exportKey)
+      ['sign'],
+    );
+    return async (data: string) => {
+      const encoder = new TextEncoder();
+      const signature = await subtle.sign(
+        {
+          name: 'ECDSA',
+          hash: { name: 'SHA-256' }, // Required for ES256
+        },
+        privateKey,
+        encoder.encode(data),
+      );
+      return btoa(String.fromCharCode(...new Uint8Array(signature)))
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=+$/, ''); // Convert to base64url format
+    };
+  },
+  async getVerifier(publicKeyJWK: object) {
+    const { subtle } = globalThis.crypto;
+    const publicKey = await subtle.importKey(
+      'jwk',
+      publicKeyJWK,
+      {
+        name: 'ECDSA',
+        namedCurve: 'P-256', // Must match the curve used to generate the key
+      },
+      true, // whether the key is extractable (i.e., can be used in exportKey)
+      ['verify'],
+    );
+    return async (data: string, signatureBase64url: string) => {
+      const encoder = new TextEncoder();
+      const signature = Uint8Array.from(
+        atob(signatureBase64url.replace(/-/g, '+').replace(/_/g, '/')),
+        (c) => c.charCodeAt(0),
+      );
+      const isValid = await subtle.verify(
+        {
+          name: 'ECDSA',
+          hash: { name: 'SHA-256' }, // Required for ES256
+        },
+        publicKey,
+        signature,
+        encoder.encode(data),
+      );
+      return isValid;
+    };
+  },
+};

package/src/test/crypto.spec.ts CHANGED Viewed

@@ -1,5 +1,11 @@
 import { describe, expect, test } from 'vitest';
-import { generateSalt, digest } from '../crypto';
+import { generateSalt, digest, ES256 } from '../index';
+// Extract the major version as a number
+const nodeVersionMajor = parseInt(
+  process.version.split('.')[0].substring(1),
+  10,
+);
 describe('This file is for utility functions', () => {
   test('generateSalt', async () => {
@@ -27,4 +33,23 @@ describe('This file is for utility functions', () => {
     expect(s1).toBeDefined();
     expect(s1.length).toBe(64);
   });
+  (nodeVersionMajor < 20 ? test.skip : test)('ES256', async () => {
+    const { privateKey, publicKey } = await ES256.generateKeyPair();
+    expect(privateKey).toBeDefined();
+    expect(publicKey).toBeDefined();
+    expect(typeof privateKey).toBe('object');
+    expect(typeof publicKey).toBe('object');
+    const data =
+      'In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase.';
+    const signer = await ES256.getSigner(privateKey);
+    const signature = await signer(data);
+    expect(signature).toBeDefined();
+    expect(typeof signature).toBe('string');
+    const verifier = await ES256.getVerifier(publicKey);
+    const result = await verifier(data, signature);
+    expect(result).toBe(true);
+  });
 });