UNPKG

vouchsafe

Version:

Vouchsafe Decentralized Identity and Trust Verification module

github.com/ionzero/vouchsafe

ionzero/vouchsafe-js

74 lines (58 loc) • 2.29 kB

JavaScript

'use strict'; var node_crypto = require('node:crypto'); async function generateKeyPair() { const { publicKey, privateKey } = node_crypto.generateKeyPairSync('ed25519'); return { publicKey: publicKey.export({ type: 'spki', format: 'der' }), privateKey: privateKey.export({ type: 'pkcs8', format: 'der' }), }; } async function sign(data, privateKeyDer) { const key = crypto.createPrivateKey({ key: privateKeyDer, format: 'der', type: 'pkcs8' }); const sig = node_crypto.createSign('sha256').update(data).sign(key); return sig; } async function verify(data, signature, publicKeyDer) { const key = crypto.createPublicKey({ key: publicKeyDer, format: 'der', type: 'spki' }); return node_crypto.createVerify('sha256').update(data).verify(key, signature); } async function sha256(data) { return node_crypto.createHash('sha256').update(data).digest(); } async function sha512(data) { return node_crypto.createHash('sha512').update(data).digest(); } async function getKeyBytes(type, base64Der) { const der = Buffer.from(base64Der, 'base64'); try { let key; let raw; if (type === 'public') { key = await node_crypto.webcrypto.subtle.importKey('spki', der, { name: 'Ed25519' }, true, ['verify']); raw = new Uint8Array(await node_crypto.webcrypto.subtle.exportKey('raw', key)); if (raw.length !== 32) { throw new Error('Public key must be 32 bytes'); } } else if (type === 'private') { key = await node_crypto.webcrypto.subtle.importKey('pkcs8', der, { name: 'Ed25519' }, true, ['sign']); raw = new Uint8Array(await node_crypto.webcrypto.subtle.exportKey('pkcs8', key)); if (raw.length < 32) { throw new Error('Private key DER structure is too short'); } } else { throw new Error(`Unsupported key type: ${type}`); } return raw; } catch (err) { throw new Error(`Invalid Ed25519 ${type} key (node): ${err.message}`); } } exports.generateKeyPair = generateKeyPair; exports.getKeyBytes = getKeyBytes; exports.sha256 = sha256; exports.sha512 = sha512; exports.sign = sign; exports.verify = verify;