Identify kind of key.
Named private key.
Named public key.
Named secret key.
AES-CBC encryption algorithm.
Initialization Vectors must be 16 octets. During encryption, if IV is unspecified, it is randomly generated. During decryption, quality of IV is not checked.
AES-CTR encryption algorithm.
Initialization Vectors must be 16 octets. During encryption, if IV is unspecified, it is constructed with two parts:
AES-GCM encryption algorithm.
Initialization Vectors must be 12 octets. During encryption, if IV is unspecified, it is constructed with two parts:
AES block size in octets.
A full list of crypto algorithms.
A slim list of crypto algorithms. If you need more algorithms, explicitly import them or use CryptoAlgorithmListFull.
Sha256WithEcdsa signing algorithm.
A full list of encryption algorithms. This list currently contains AES-CBC, AES-CTR, AES-GCM, and RSA-OAEP.
A slim list of encryption algorithms. This list is currently empty. If you need more algorithms, explicitly import them or use EncryptionAlgorithmListFull.
HmacWithSha256 signing algorithm.
Sha256WithRsa signing algorithm.
RSA-OAEP encryption algorithm.
A full list of signing algorithms. This list currently contains ECDSA, RSA, and HMAC.
A slim list of signing algorithms. This list currently contains ECDSA. If you need more algorithms, explicitly import them or use SigningAlgorithmListFull.
Create a plain decrypter from crypto key.
Create a named decrypter from crypto key.
Create a plain encrypter from crypto key.
Create a named encrypter from crypto key.
Create a named encrypter from certificate public key.
Create a plain signer from crypto key.
Create a named signer from crypto key.
Create a plain verifier from crypto key.
Create a named verifier from crypto key.
Create a named verifier from certificate public key.
Generate a pair of encrypter and decrypter.
Generate a pair of encrypter and decrypter, and save to KeyChain.
Generate a pair of signer and verifier with the default ECDSA signing algorithm.
Generate a pair of signer and verifier with the default ECDSA signing algorithm, and save to KeyChain.
Generate a pair of signer and verifier.
Generate a pair of signer and verifier, and save to KeyChain.
Generated using TypeDoc
@ndn/keychain
This package is part of NDNts, Named Data Networking libraries for the modern web.
This package provides signing algorithms, encryption algorithms, and certificate management features.
The implementation uses Web Crypto API.
http://localhost
or ngrok.Signing Algorithms
This package implements signature types defined in NDN Packet Format 0.3:
@ndn/packet
package)Both Interest and Data are signable.
Encryption Algorithms
Algorithm List (algoList)
Several functions accept an
algoList
argument that contains the crypto algorithms it can recognize. Typically, the default value of this argument isSigningAlgorithmListSlim
,EncryptionAlgorithmListSlim
, orCryptoAlgorithmListSlim
. These slim lists include only ECDSA algorithm, which is the most commonly used in NDN applications.If you need to use other algorithms or communicate with applications that use other algorithms, you should pass
SigningAlgorithmListFull
,EncryptionAlgorithmListFull
, orCryptoAlgorithmListFull
to these functions. These full lists include all algorithms implemented in NDNts.If you know which algorithms are needed, you can import individual algorithms and an array of desired algorithms.
This design is a trade-off for reducing browser bundle size.
Certificate Management and Storage
Certificate
class provides basic operations with NDN Certificate Format 2.0.PublicKey
for RSASSA-PKCS1-v1_5 and ECDSAKeyChain
class provides storage ofPrivateKey
andCertificate
. It could be ephemeral or persistent.KeyChain.createTemp()
creates an in-memory ephemeral keychain.KeyChain.open(locator)
opens a persistent keychain.Persistent keychain in Node.js uses JSON files as underlying storage. The locator argument should be a filesystem directory where these files are stored. Private keys are saved as JSON Web Key (JWK) format, so that it's important to protect the storage directory. It is unsafe to simultaneously construct multiple
KeyChain
instances on the same storage directory or access the same keychain from multiple Node.js processes.Persistent keychain in browser uses IndexedDB API. The locator argument determines the database name(s). Private keys are saved as non-extractable
CryptoKey
objects.Known Issues
CryptoKey
, due to Mozilla Bug 1545813.