UNPKG

@synet/core

Version:

Core cryptographic and identity primitives for Synet agents.

synthetism.ai/synet

synthetism/synet

136 lines (115 loc) 3.68 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
import * as crypto from "node:crypto"; /** * Sign a message with a private key * @param privateKey The private key in PEM format * @param message The message to sign * @returns The signature as a base64 string * @throws {Error} If inputs are invalid or signing fails */ export function signMessage(privateKey: string, message: string): string { try { if (!privateKey || !message) { throw new Error("Invalid input: privateKey and message are required"); } const keyType = detectKeyType(privateKey); if (keyType === "ed25519") { // Use the modern API for Ed25519 const signature = crypto.sign(null, Buffer.from(message), { key: privateKey, format: "pem", }); return signature.toString("base64"); } // Use the traditional API for RSA const sign = crypto.createSign("SHA256"); sign.update(message); sign.end(); return sign.sign(privateKey, "base64"); } catch (error: unknown) { //console.error("Error signing message:", error); if (error instanceof Error) { throw new Error(`Failed to sign message: ${error.message}`); } throw new Error("Failed to sign message: Unknown error"); } } /** * Verify a signature with a public key * @param publicKey The public key in PEM format * @param message The original message * @param signature The signature to verify (base64 string) * @returns True if the signature is valid, false otherwise * @throws {Error} If inputs are invalid or signing fails */ export function verifySignature( publicKey: string, message: string, signature: string, ): boolean { if (!publicKey || !message || !signature) { throw new Error( "Invalid input: publicKey, message and signature are required", ); } if (!publicKey.includes("-----BEGIN") || !publicKey.includes("-----END")) { throw new Error("Invalid publicKey format: PEM format required"); } try { const keyType = detectKeyType(publicKey); if (keyType === "ed25519") { // Use the modern API for Ed25519 return crypto.verify( null, Buffer.from(message), { key: publicKey, format: "pem", }, Buffer.from(signature, "base64"), ); } // Use the traditional API for RSA const verify = crypto.createVerify("SHA256"); verify.update(message); verify.end(); return verify.verify(publicKey, signature, "base64"); } catch (error: unknown) { console.error("Error signing message:", error); if (error instanceof Error) { throw new Error(`Failed to verify signature: ${error.message}`); } throw new Error("Failed to verify signature: Unknown error"); } } /** * Detects the type of key based on its PEM content * @param key The key in PEM format * @returns 'rsa' or 'ed25519' */ function detectKeyType(key: string): "rsa" | "ed25519" { try { // For ED25519 keys in PKCS#8 format, the key is shorter // RSA keys are much longer due to their modulus const keyObj = crypto.createPublicKey({ key: key, format: "pem", }); const keyType = keyObj.asymmetricKeyType; if (keyType === "ed25519") { return "ed25519"; } return "rsa"; } catch (_e) { // If we can't create a key object, try some heuristics if (key.includes("BEGIN PRIVATE KEY") && key.length < 400) { // ED25519 private keys are much shorter than RSA return "ed25519"; } if (key.includes("BEGIN PUBLIC KEY") && key.length < 300) { // ED25519 public keys are much shorter than RSA return "ed25519"; } // Default to RSA as fallback return "rsa"; } }