UNPKG

@libp2p/keychain

Version:

Key management and cryptographically protected messages

github.com/libp2p/js-libp2p/tree/main/packages/keychain

libp2p/js-libp2p

70 lines 2.76 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
/** * @packageDocumentation * * - Manages the life cycle of a key * - Keys are encrypted at rest * - Enforces the use of safe key names * - Uses encrypted PKCS 8 for key storage * - Uses PBKDF2 for a "stretched" key encryption key * - Enforces NIST SP 800-131A and NIST SP 800-132 * - Delays reporting errors to slow down brute force attacks * * ## KeyInfo * * The key management and naming service API all return a `KeyInfo` object. The `id` is a universally unique identifier for the key. The `name` is local to the key chain. * * ```JSON * { * "name": "rsa-key", * "id": "QmYWYSUZ4PV6MRFYpdtEDJBiGs4UrmE6g8wmAWSePekXVW" * } * ``` * * The **key id** is the SHA-256 [multihash](https://github.com/multiformats/multihash) of its public key. * * The *public key* is a [protobuf encoding](https://github.com/libp2p/js-libp2p/blob/main/packages/crypto/src/keys/keys.proto) containing a type and the [DER encoding](https://en.wikipedia.org/wiki/X.690) of the PKCS [SubjectPublicKeyInfo](https://www.ietf.org/rfc/rfc3279.txt). * * ## Private key storage * * A private key is stored as an encrypted PKCS 8 structure in the PEM format. It is protected by a key generated from the key chain's *pass phrase* using **PBKDF2**. * * The default options for generating the derived encryption key are in the `dek` object. This, along with the pass phrase, is the input to a `PBKDF2` function. * * ```TypeScript * const defaultOptions = { * // See https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 * dek: { * keyLength: 512 / 8, * iterationCount: 1000, * salt: 'at least 16 characters long', * hash: 'sha2-512' * } * } * ``` * * ## Physical storage * * The actual physical storage of an encrypted key is left to implementations of [interface-datastore](https://github.com/ipfs/interface-datastore/). * * A key benefit is that now the key chain can be used in browser with the [js-datastore-level](https://github.com/ipfs/js-datastore-level) implementation. */ import { Keychain as KeychainClass } from "./keychain.js"; export function keychain(init = {}) { return (components) => { return new KeychainClass(components, init); }; } export function isKeychain(obj) { if (obj == null) { return false; } return typeof obj.findKeyByName === 'function' && typeof obj.findKeyById === 'function' && typeof obj.importKey === 'function' && typeof obj.exportKey === 'function' && typeof obj.removeKey === 'function' && typeof obj.renameKey === 'function' && typeof obj.listKeys === 'function' && typeof obj.rotateKeychainPass === 'function'; } //# sourceMappingURL=index.js.map