1.0.2 • Published 8 years ago

json-signatures v1.0.2

Weekly downloads
-
License
AGPL-1.0
Repository
-
Last release
8 years ago

JSON Signatures

Simplified API to sign and verify JSON data. Summary:

const JSONSign = require('json-signatures')

// create keypair
const kp = JSONSign.keypair()

// whatever, sign it
const msg = {b: 'foo', a: [1,2,3], c: [1,[{}]]}
const signedMessage = JSONSign.sign(kp.secret, msg)

// see if it has a valid signature
JSONSign.verify(signedMessage) // => true

Basically, it takes a JSON message M and a secret key, and turns it into JSON which can be used to verify M:

{ message: M
, signedBy: {
    pubkey: "HPe1gjvok8tL8wYQUJKnYHhWxhPNVywQ0kjDEjTxozE=",
    signature: "DRV1bnJamWrW73oMHIqYDRiO71SH0IdJL...g969qzh0Ag=="
  }
}

Detailed usage

npm install --save json-signatures

First, create a key pair.

const kp = JSONSign.keypair(nrOfRandomBytesForSecret)

It looks like

{
  public: "HPe1gjvok8tL8wYQUJ...VywQ0kjDEjTxozE=",
  secret: "QM+USi7HbuRHU1/DdYkzL322XNm3qJ...D+LLpjw=="
}

Then, you can use it to sign a JSON dictionary,

const signedMessage = JSONSign.sign(kp.secret, M)

The public key will be derived from the passed secret key.

The resulting signedMessage will look like this:

{
  message: M,
  signedBy: {
    pubkey: kp.public,
    signature: "+AAhMxhhjvz5CUEbZcziqb...ds/g6xFbU8WXLkdbloOUHBw=="
  }
}

Later, you can verify is a message is signed by a person with the secret corresponding to the public key.

if (! JSONSign.verify(signedMessage) ) {
  // message was tampered with
}

Links

jsonsignaturecryptoellipticed25519
canonical-jsonellipticsecure-random
@infinitebrahmanuniverse/nolb-json-s@everything-registry/sub-chunk-1985
1.0.2

8 years ago

1.0.1

8 years ago

1.0.0

8 years ago