UNPKG

libnemo

Version:

Asynchronous, non-blocking Nano cryptocurrency integration toolkit.

zoso.dev

340 lines (266 loc) 12.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
<!-- SPDX-FileCopyrightText: 2024 Chris Duncan <chris@zoso.dev> SPDX-License-Identifier: GPL-3.0-or-later --> # libnemo `libnemo` is a fork of the nanocurrency-web toolkit. It is used for client-side implementations of Nano cryptocurrency wallets and enables building web-based applications that can work even while offline. `libnemo` supports managing wallets, deriving accounts, signing blocks, and more. It utilizes the Web Crypto API which is native to all modern browsers. Private keys are encrypted in storage with a user password as soon as they are derived, and they are not exposed to other processes unless specifically exported by the user. Optionally, Ledger device dependencies can be installed to enable Ledger hardware wallet support. ## Features * Generate new BIP-32 hierarchial deterministic (HD) wallets with a BIP-39 mnemonic phrase and the Nano path registered with BIP-44. Used by Ledger hardware wallet. * Generate new BLAKE2b wallets with a BIP-39 mnemonic phrases. Original method described by nano spec. * Import wallets with a mnemonic phrase or a seed. * Derive indexed accounts with a Nano address and a public-private keypair. * Create, sign, and verify send, receive, and change blocks. * Get account info and process blocks on the network while online. * Manage known addresses with a rolodex. * Sign and verify arbitrary strings with relevant keys. * Validate entropy, seeds, mnemonic phrases, and Nano addresses. * Convert Nano unit denominations. ## Installation ### From NPM ```console npm install libnemo ``` ## Usage #### ⚠️ The examples below should never be used for real transactions! ⚠️ ### Wallets and accounts At its core, a wallet is a hexadecimal string called a seed. From this seed, millions of unique accounts can be deterministically derived. The first account in a wallet starts at index 0. For clarity, the following terms are used throughout the library: * BIP-32 - Defines how hierarchical determinstic (HD) wallets are generated * BIP-39 - Defines how mnemonic phrases are generated * BIP-44 - Expands on BIP-32 to define how an enhanced derivation path can allow a single wallet to store multiple currencies `libnemo` is able to generate and import HD and BLAKE2b wallets, and it can derive accounts for both. An HD wallet seed is 128 characters while a BLAKE2b wallet seed is 64 characters. For enhanced security, `libnemo` requires a password to create or import wallets, and wallets are initialized in a locked state. Implementations can provide their own Uint8Array bytes instead of a password. Refer to the documentation on each class factory method for specific usage. ```javascript import { Bip44Wallet, Blake2bWallet } from 'libnemo' const wallet = await Bip44Wallet.create(password) const wallet = await Bip44Wallet.fromEntropy(password, entropy, salt?) const wallet = await Bip44Wallet.fromMnemonic(password, mnemonic, salt?) const wallet = await Bip44Wallet.fromSeed(password, seed) const wallet = await Bip44Wallet.create(password) const wallet = await Bip44Wallet.fromSeed(password, seed) const wallet = await Bip44Wallet.fromMnemonic(password, mnemonic) ``` ```javascript try { const unlockResult = await wallet.unlock(password) } catch(err) { console.log(err) } console.log(unlockResult) // true if successfully unlocked const { mnemonic, seed } = wallet const firstAccount = await wallet.account() const secondAccount = await wallet.account(1) const multipleAccounts = await wallet.accounts(2, 3) const thirdAccount = multipleAccounts[3] const { address, publicKey, index } = firstAccount const nodeUrl = 'https://nano-node.example.com/' await firstAccount.refresh(nodeUrl) // online const { frontier, balance, representative } = firstAccount ``` ### Blocks Blocks do not contain transaction amounts. Instead, they contain stateful balance changes only. For example, if sending Ӿ5 from an account with a balance of Ӿ20, the send block would contain `balance: Ӿ15` (psuedocode for demonstration purposes and not a literal depiction). This can be difficult to track, so `libnemo` provides the convenience of specifying an amount to send or receive and calculates the balance change itself. All blocks are 'state' types, but they are interpreted as one of three different subtypes based on the data they contain: send, receive, or change representative. `libnemo` implements them as the following classes: * SendBlock: the Nano balance of the account decreases * ReceivBlock: the Nano balance of the account increases and requires a matching SendBlock * ChangeBlock: the representative for the account changes while the Nano balance does not _Nano protocol allows changing the representative at the same time as a balance change. `libnemo` does not implement this for purposes of clarity; all ChangeBlock objects will maintain the same Nano balance._ Always fetch the most up to date information for the account from the network using the [account_info RPC command](https://docs.nano.org/commands/rpc-protocol/#account_info) which can then be used to populate the block parameters. Blocks require a small proof-of-work that must be calculated for the block to be accepted by the network. This can be provided when creating the block, generated with the `block.pow()` method, or a requested from a public node that allows the [work_generate RPC command](https://docs.nano.org/commands/rpc-protocol/#work_generate). Finally, the block must be signed with the private key of the account. `libnemo` accounts can sign blocks offline if desired. After being signed, the block can be published to the network with the [process RPC command](https://docs.nano.org/commands/rpc-protocol/#process). #### Creating blocks ```javascript import { SendBlock, ReceiveBlock, ChangeBlock } from 'libnemo' const send = new SendBlock( 'nano_1pu7p5n3ghq1i1p4rhmek41f5add1uh34xpb94nkbxe8g4a6x1p69emk8y1d', // sender '5618869000000000000000000000000', // current balance 'nano_3phqgrqbso99xojkb1bijmfryo7dy1k38ep1o3k3yrhb7rqu1h1k47yu78gz', // recipient '2000000000000000000000000000000', // amount to send 'nano_1stofnrxuz3cai7ze75o174bpm7scwj9jn3nxsn8ntzg784jf1gzn1jjdkou', // representative '92BA74A7D6DC7557F3EDA95ADC6341D51AC777A0A6FF0688A5C492AB2B2CB40D', // hash of previous block 'fbffed7c73b61367' // PoW nonce (optional at first but required to process) ) const receive = new ReceiveBlock( 'nano_1pu7p5n3ghq1i1p4rhmek41f5add1uh34xpb94nkbxe8g4a6x1p69emk8y1d', // recipient '18618869000000000000000000000000', // current balance 'CBC911F57B6827649423C92C88C0C56637A4274FF019E77E24D61D12B5338783', // origin (hash of matching send block) '7000000000000000000000000000000', // amount that was sent 'nano_1stofnrxuz3cai7ze75o174bpm7scwj9jn3nxsn8ntzg784jf1gzn1jjdkou', // representative '92BA74A7D6DC7557F3EDA95ADC6341D51AC777A0A6FF0688A5C492AB2B2CB40D', // hash of previous block 'c5cf86de24b24419' // PoW nonce (optional at first but required to process) ) const change = new ChangeBlock( 'nano_1pu7p5n3ghq1i1p4rhmek41f5add1uh34xpb94nkbxe8g4a6x1p69emk8y1d', // account redelegating vote weight '3000000000000000000000000000000', // current balance 'nano_1anrzcuwe64rwxzcco8dkhpyxpi8kd7zsjc1oeimpc3ppca4mrjtwnqposrs', // new representative '128106287002E595F479ACD615C818117FCB3860EC112670557A2467386249D4', // hash of previous block '0000000000000000' // PoW nonce (optional at first but required to process) ) ``` #### Signing a block with a wallet ```javascript const wallet = await Bip44Wallet.create('password123') await wallet.unlock('password123') try { await wallet.sign(0, block) } catch (err) { console.log(err) } ``` #### Signing a block with a detached account ```javascript const account = await Account.import({privateKey: K, index: 0}, 'password123') try { await account.sign(block, 'password123') } catch (err) { console.log(err) } ``` #### Signing a block with a private key ```javascript const privateKey = '3BE4FC2EF3F3B7374E6FC4FB6E7BB153F8A2998B3B3DAB50853EABE128024143' try { await block.sign(privateKey) } catch (err) { console.log(err) } ``` #### Calculating proof-of-work locally ```javascript try { await block.pow() } catch (err) { console.log(err) } ``` #### Requesting proof-of-work from an online service ```javascript const node = new Rpc('https://nano-node.example.com/') try { await block.pow('https://nano-node.example.com/') } catch (err) { console.log(err) } ``` #### Processing a block on the network ```javascript const node = new Rpc('https://nano-node.example.com', 'nodes-api-key') try { const hash = await block.process('https://nano-node.example.com/') } catch (err) { console.log(err) } ``` ### Tools #### Converting Nano denominations Raw values are the native unit of exchange throughout libnemo and are represented by the primitive bigint data type. Other supported denominations are as follows: | Unit | Raw | |-------|-----| | RAI | 10<sup>24</sup> raw | | NYANO | 10<sup>24</sup> raw | | KRAI | 10<sup>27</sup> raw | | PICO | 10<sup>27</sup> raw | | MRAI | 10<sup>30</sup> raw | | NANO | 10<sup>30</sup> raw | | KNANO | 10<sup>33</sup> raw | | MNANO | 10<sup>36</sup> raw | ```javascript import { Tools } from 'libnemo' // Denominations are case-insensitive const oneNanoToRaw = Tools.convert('1', 'NANO', 'RAW') // 1000000000000000000000000000000 const oneNonillionRawToNano = Tools.convert('1000000000000000000000000000000', 'RAW', 'NANO') // 1 const oneThousandNyanoToPico = Tools.convert('1000', 'nYaNo', 'pico') //1 const oneThousandPicoToNano = Tools.convert('1000', 'pico', 'NANO') // 1 ``` #### Verifying signatures and signing anything with the private key Since cryptocurrencies like Nano uses asymmetric keys to sign and verify blocks and transactions, a Nano account itself can be used to sign arbitrary data with its private key and verify signatures from other accounts with their public keys. For example, a client-side login can be implemented by challenging an account owner to sign their email address using their private key: ```javascript import { Tools } from 'libnemo' const privateKey = '3BE4FC2EF3F3B7374E6FC4FB6E7BB153F8A2998B3B3DAB50853EABE128024143' const publicKey = '5B65B0E8173EE0802C2C3E6C9080D1A16B06DE1176C938A924F58670904E82C4' const signature = await Tools.sign(privateKey, 'johndoe@example.com') const isValid = await Tools.verify(publicKey, signature, 'johndoe@example.com') ``` Ownership of a Nano address can also be proven by challenging the account owner to sign an arbitrary string and then validating the signature with the Nano account address. ```javascript import { Tools } from 'libnemo' const address = 'nano_1pu7p5n3ghq1i1p4rhmek41f5add1uh34xpb94nkbxe8g4a6x1p69emk8y1d' const privateKey = '3BE4FC2EF3F3B7374E6FC4FB6E7BB153F8A2998B3B3DAB50853EABE128024143' const randomData = new Entropy().hex const signature = await Tools.sign(privateKey, randomData) const publicKey = new Account(address).publicKey const isValid = await Tools.verify(publicKey, signature, randomData) ``` #### Validate a Nano account address ```javascript import { Tools } from 'libnemo' const valid = Account.validate('nano_1pu7p5n3ghq1i1p4rhmek41f5add1uh34xpb94nkbxe8g4a6x1p69emk8y1d') ``` ## Tests Test vectors were retrieved from the following publicly-available locations: * Nano (BIP-44): https://docs.nano.org/integration-guides/key-management/#test-vectors * Trezor (BIP-39): https://github.com/trezor/python-mnemonic/blob/master/vectors.json * BIP-32: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#user-content-Test_Vectors Another set of test vectors were created for libnemo based on the Trezor set. These extra test vectors were generated purely to test uncommon yet valid mnemonic phrase lengths like 15 or 18 words. #### ⚠️ The test vectors should never be used for real transactions! ⚠️ ## Building * `npm run build`: compile and build * `npm run test`: all of the above, run tests, and print results to the console * `npm run test:coverage`: all of the above, calculate code coverage, and print code coverage to the console * `npm run test:coverage:report`: all of the above, and open an HTML code coverage report in the browser (requires lcov and xdg-open) ## Donations If you find this library helpful, please consider tipping the developer. ``` nano_1zosoqs47yt47bnfg7sdf46kj7asn58b7uzm9ek95jw7ccatq37898u1zoso ```