0.1.15 • Published 5 months ago
@trenskow/signed-stream v0.1.15
@trenskow/signed-stream
A package for cryptographically signing or verifying a stream.
Usage
Signing
An example of how to sign a stream.
import { createReadStream } from 'stream';
import { SignStream } from '@trenskow/signed-stream';
const fileSignature = async (file) => {
const signStream = new SignStream({
algorithm: 'SHA256', // Default is `SHA256`,
privateKey: '-----BEGIN PUBLIC KEY-----\n-...'
});
return await createReadStream(file)
.pipe(signStream)
.signature('base64'); // Default encoding is none (returns a `Buffer`).
};Verifying
An example of how to verify a stream.
import { createReadStream } from 'stream';
import { VerifyStream } from '@trenskow/signed-stream';
const validateSignature = async (file, signature, encoding) => {
const verifyStream = new VerifyStream({
algorithm: 'SHA256', // Default is `SHA256`.
privateKey: '-----BEGIN PRIVATE KEY-----\n...',
signature,
encoding
});
const valid = await createReadStream(file)
.pipe(verifyStream)
.valid();
if (!valid) {
throw new Error('File has incorrect signature.');
}
return true;
};Further processing data
You can postpone to await the result if you need to pipe data further.
const readStream = createReadStream(inputFile);
const writeStream = createWriteStream(outputFile);
const verifyStream = new VerifyStream({ /* options */ });
readStream
.pipe(verifyStream)
.pipe(outputStream);
console.info(`File is valid: ${await verifyStream.valid()}`);This also works with
SignStream'ssignature()method.
License
See license in LICENSE.