Port of TweetNaCl / NaCl to javascript Node.js.
- Overview
- Installation
- Usage
- Examples
- System requirements
- Development and testing
- Contributors
- Who uses it
The primary goal of this project is to compile and wrap all of function of TweetNaCl to into the Node.js library with node-ffi and node-ref.Plus a thin layer of idiomatic high-level API on top of it.
There are two main classes, you can use both of it:
tweetnacl_wrapper.js
is wraper class of TweetNaCl.nacl.js
the original + high-level API.
Tweetnacl-nodewrap.js supports for all of devices:
Other systems:
- Node.js (we test on nodejs 10.20 and 12)
- g++: Install g++ to compile C++ code
- node-gyp: native addon build tool
You can install tweetnacl_wrapper.is via a package manager:
NPM:
$ npm install tweetnacl-nodewrap
-
NOTE: When you want to use with node-webkit version, please follow these steps bellow
-
Install nw-gyp: native addon build tool for node-webkit.
-
Rebuild
node-ref
withnw-gyp
$ cd node_modules/ref $ nw-gyp rebuild --target=xxx (xxx: your nw-gyp version)
-
Rebuild
tweetnacl-nodewrap
withnw-gyp
$ cd <root folder of tweetnacl-nodewrap> $ nw-gyp rebuild --target=xxx (xxx: your nw-gyp version)
-
All API functions accept and return Buffer as base64
. You can easy to decode by nacl.util.encodeBase64(value)
or toString('base64')
.
Implements curve25519-xsalsa20-poly1305.
Generates a new random key pair for box and returns it as an object with
publicKey
and secretKey
members:
{
publicKey: ..., // Buffer with 32-byte public key
secretKey: ... // Buffer with 32-byte secret key
}
Returns a key pair for box with public key corresponding to the given secret key.
Encrypt and authenticates message using peer's public key, our secret key, and the given nonce, which must be unique for each distinct message for a key pair.
Returns an encrypted and authenticated message, which is
nacl.box.overheadLength
longer than the original message.
Authenticates and decrypts the given box with peer's public key, our secret key, and the given nonce.
Returns the original message, or false
if authentication fails.
Returns a precomputed shared key which can be used in nacl.box.after
and
nacl.box.open.after
.
Same as nacl.box
, but uses a shared key precomputed with nacl.box.before
.
Same as nacl.box.open
, but uses a shared key precomputed with nacl.box.before
.
Length of public key in bytes.
Length of secret key in bytes.
Length of precomputed shared key in bytes.
Length of nonce in bytes.
Length of overhead added to box compared to original message.
Implements xsalsa20-poly1305.
Encrypt and authenticates message using the key and the nonce. The nonce must be unique for each distinct message for this key.
Returns an encrypted and authenticated message, which is
nacl.secretbox.overheadLength
longer than the original message.
Authenticates and decrypts the given secret box using the key and the nonce.
Returns the original message, or false
if authentication fails.
Length of key in bytes.
Length of nonce in bytes.
Length of overhead added to secret box compared to original message.
Implements e25519.
Multiplies an integer n
by a group element p
and returns the resulting
group element.
Multiplies an integer n
by a standard group element and returns the resulting
group element.
Length of scalar in bytes.
Length of group element in bytes.
Implements ed25519.
Generates new random key pair for signing and returns it as an object with
publicKey
and secretKey
members:
{
publicKey: ..., // Buffer with 32-byte public key
secretKey: ... // Buffer with 64-byte secret key
}
Returns a signing key pair with public key corresponding to the given
64-byte secret key. The secret key must have been generated by
nacl.sign.keyPair
or nacl.sign.keyPair.fromSeed
.
Returns a new signing key pair generated deterministically from a 32-byte seed.
The seed must contain enough entropy to be secure. This method is not
recommended for general use: instead, use nacl.sign.keyPair
to generate a new
key pair from a random seed.
Signs the message using the secret key and returns a signed message.
Verifies the signed message and returns the message without signature.
Returns null
if verification failed.
Signs the message using the secret key and returns a signature.
Verifies the signature for the message and returns true
if verification
succeeded or false
if it failed.
Length of signing public key in bytes.
Length of signing secret key in bytes.
Length of seed for nacl.sign.keyPair.fromSeed
in bytes.
Length of signature in bytes.
Implements SHA-512.
Returns SHA-512 hash of the message.
Length of hash in bytes.
Implements RAND_bytes openSSL.
Returns a Buffer of base64
of the given length containing random bytes of
cryptographic quality.
Implementation note
Tweetnacl-nodewrap.js uses the RAND_bytes methods of openSSL.
Compares x
and y
in constant time and returns true
if their lengths are
non-zero and equal, and their contents are equal.
Returns false
if either of the arguments has zero length, or arguments have
different lengths, or their contents differ.
Special thanks to @TooTallNate who is owner of node-ffi and node-ref, and also help us quickly resolve some issues.
Copyright (c) 2014-2015 Bitmark Inc (support@bitmark.com).
Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.