voidlogue-crypto 1.0.11 → 1.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SECURITY.md +4 -4
- package/index.js +3 -3
- package/package.json +9 -3
- package/src/eff_wordlist.js +7776 -7776
- package/src/vault.js +93 -64
- package/src/voidshield.js +118 -47
package/SECURITY.md
CHANGED
|
@@ -27,7 +27,7 @@ cannot reverse this to learn the email addresses or the codename.
|
|
|
27
27
|
The encryption key is derived from the codename:
|
|
28
28
|
|
|
29
29
|
```
|
|
30
|
-
key = PBKDF2(codename, salt=roomHash, iterations=
|
|
30
|
+
key = PBKDF2(codename, salt=roomHash, iterations=600_000, hash=SHA-256)
|
|
31
31
|
→ AES-256-GCM key (non-extractable)
|
|
32
32
|
```
|
|
33
33
|
|
|
@@ -50,7 +50,7 @@ hR = SHA-256(recipientEmail.toLowerCase().trim())
|
|
|
50
50
|
fh[] = SHA-256(normalise(fieldValue)) for each security field
|
|
51
51
|
|
|
52
52
|
input = sort([hS, hR]).join(":") + ":" + fh.join(":")
|
|
53
|
-
key = PBKDF2(input, salt="voidlogue-revelation-v1", iterations=
|
|
53
|
+
key = PBKDF2(input, salt="voidlogue-revelation-v1", iterations=600_000)
|
|
54
54
|
→ AES-256-GCM key
|
|
55
55
|
```
|
|
56
56
|
|
|
@@ -73,7 +73,7 @@ The Vault encrypts the user's email and codename on-device before storing
|
|
|
73
73
|
them in `localStorage`:
|
|
74
74
|
|
|
75
75
|
```
|
|
76
|
-
key = PBKDF2(PIN, random_salt, iterations=
|
|
76
|
+
key = PBKDF2(PIN, random_salt, iterations=600_000) → AES-256-GCM key
|
|
77
77
|
blob = AES-256-GCM(JSON({email, codename}), key, random_IV)
|
|
78
78
|
```
|
|
79
79
|
|
|
@@ -88,7 +88,7 @@ ciphertext that cannot be decrypted without the PIN.
|
|
|
88
88
|
| Primitive | Algorithm | Rationale |
|
|
89
89
|
|---|---|---|
|
|
90
90
|
| Symmetric encryption | AES-256-GCM | NIST-approved; provides authenticated encryption (tamper detection) |
|
|
91
|
-
| Key derivation | PBKDF2, SHA-256,
|
|
91
|
+
| Key derivation | PBKDF2, SHA-256, 600k iterations | Standardised; makes brute-force computationally expensive |
|
|
92
92
|
| Hashing | SHA-256 | Collision-resistant; output is 256 bits |
|
|
93
93
|
| Randomness | `crypto.getRandomValues` with rejection sampling | Cryptographically secure; rejection sampling eliminates modular bias |
|
|
94
94
|
|
package/index.js
CHANGED
|
@@ -8,6 +8,6 @@
|
|
|
8
8
|
* @module voidlogue-crypto
|
|
9
9
|
*/
|
|
10
10
|
|
|
11
|
-
export { VoidShield, generateCodename } from
|
|
12
|
-
export { Vault, LabelCipher } from
|
|
13
|
-
export { EFF_WORDLIST } from
|
|
11
|
+
export { VoidShield, generateCodename } from './src/voidshield.js';
|
|
12
|
+
export { Vault, LabelCipher } from './src/vault.js';
|
|
13
|
+
export { EFF_WORDLIST } from './src/eff_wordlist.js';
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "voidlogue-crypto",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.12",
|
|
4
4
|
"description": "Open-source client-side cryptographic primitives for Voidlogue — published for independent audit and verification of privacy claims.",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"type": "module",
|
|
@@ -43,11 +43,17 @@
|
|
|
43
43
|
"node": ">=18.0.0"
|
|
44
44
|
},
|
|
45
45
|
"devDependencies": {
|
|
46
|
-
"vitest": "^1.0.0"
|
|
46
|
+
"vitest": "^1.0.0",
|
|
47
|
+
"prettier": "^3.0.0",
|
|
48
|
+
"eslint": "^8.0.0",
|
|
49
|
+
"@eslint/js": "^8.0.0"
|
|
47
50
|
},
|
|
48
51
|
"scripts": {
|
|
49
52
|
"test": "vitest run",
|
|
50
|
-
"test:watch": "vitest"
|
|
53
|
+
"test:watch": "vitest",
|
|
54
|
+
"format": "prettier --write \"src/**/*.js\" \"test/**/*.js\" \"*.js\"",
|
|
55
|
+
"lint": "eslint src test *.js",
|
|
56
|
+
"lint:fix": "eslint src test *.js --fix"
|
|
51
57
|
},
|
|
52
58
|
"publishConfig": {
|
|
53
59
|
"access": "public",
|