UNPKG

@identity.com/dsr

Version:

The Dynamic Scope Request (DSR) javascript library provides capability around securely requesting credential information between an ID Requester and an ID Holder

85 lines (72 loc) 2.19 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
const sjcl = require('sjcl'); const stableStringify = require('json-stable-stringify'); // well-known hex public key prefix const MAGIC_BYTE = '04'; const CURVE = sjcl.ecc.curves.k256; /** * * @param {*} hexpub - The public key serialized in hex format * * return the public key on raw byte format */ function deserializeHexPub(hexpub) { let point = hexpub; if (hexpub.startsWith(MAGIC_BYTE)) { point = point.substr(2); } /* eslint-disable-next-line new-cap */ const key = new sjcl.ecc.ecdsa.publicKey(CURVE, sjcl.codec.hex.toBits(point)); return key; } /** * * @param {*} hexprv - The private key serialized in hex format * * return the private key on raw byte format */ function deserializeHexPrv(hexprv) { /* eslint-disable-next-line new-cap */ return new sjcl.ecc.ecdsa.secretKey(CURVE, CURVE.field.fromBits(sjcl.codec.hex.toBits(hexprv))); } /** * * @param {*} request - The request object to be signed * @param {*} hexprv - The private key used on the signing algorithm * * return hexprv.sign(SHA256(request))) as signature */ function sign(request, hexprv) { const prv = deserializeHexPrv(hexprv); const serialized = stableStringify(request); const hashed = sjcl.hash.sha256.hash(serialized); const signature = prv.sign(hashed); return { signature: sjcl.codec.hex.fromBits(signature), algorithm: 'ES256' }; } /** * * @param {*} request - The request object to match the signature * @param {*} signature - The digital signatures * @param {*} hexpub - The public key used to verify the signature * * return true is it vefication is valid */ function verify(request, signature, hexpub) { const pub = deserializeHexPub(hexpub); const serialized = stableStringify(request); const hashed = sjcl.hash.sha256.hash(serialized); return pub.verify(hashed, sjcl.codec.hex.toBits(signature)); } // This is just a sanity check to make sure the installed SJCL is correct function sanityCheck() { const pair = sjcl.ecc.ecdsa.generateKeys(sjcl.ecc.curves.k256); const signature = pair.sec.sign('Hello!'); return pair.pub.verify('Hello!', signature); } module.exports = { sign, verify, sanityCheck };