or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

index.md
tile.json

tessl/npm-browserify-sign

Adds node crypto signing for browsers with cryptographic signing and verification functionality

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
npmpkg:npm/browserify-sign@4.2.x

To install, run

npx @tessl/cli install tessl/npm-browserify-sign@4.2.0

index.mddocs/

browserify-sign

browserify-sign provides cryptographic signing and verification functionality for browser environments by duplicating Node.js crypto module's public key functions. It offers a dual-mode architecture with a lightweight Node.js wrapper that delegates to native crypto methods and a comprehensive browser implementation that provides full cryptographic signing capabilities using pure JavaScript libraries.

Package Information

  • Package Name: browserify-sign
  • Package Type: npm
  • Language: JavaScript
  • Installation: npm install browserify-sign

Core Imports

Node.js:

const { createSign, createVerify, Sign, Verify } = require("browserify-sign");

Browser:

const { createSign, createVerify, Sign, Verify } = require("browserify-sign");
// Note: In browser mode, Sign and Verify reference the createSign and createVerify functions

For ES modules:

import { createSign, createVerify, Sign, Verify } from "browserify-sign";

Basic Usage

const { createSign, createVerify } = require("browserify-sign");

// Create a signer for RSA-SHA256
const signer = createSign("RSA-SHA256");
signer.update("data to sign");
const signature = signer.sign(privateKey);

// Create a verifier for RSA-SHA256
const verifier = createVerify("RSA-SHA256");
verifier.update("data to sign");
const isValid = verifier.verify(publicKey, signature);

Architecture

browserify-sign implements a dual-mode architecture:

  • Node.js Mode: Lightweight wrapper that exports native crypto.createSign, crypto.createVerify, crypto.Sign, and crypto.Verify directly
  • Browser Mode: Complete JavaScript implementation providing full cryptographic capabilities including RSA, ECDSA, and DSA signature algorithms
  • Export Behavior: In Node.js, Sign and Verify are the native crypto class constructors. In browser mode, Sign and Verify reference the createSign and createVerify factory functions respectively
  • Algorithm Support: Comprehensive support for multiple signature algorithms and hash functions via internal algorithm configuration
  • Streaming Interface: Both modes provide streaming interfaces compatible with Node.js crypto APIs, inheriting from stream.Writable in browser mode
  • Key Format Support: Handles multiple key formats (PEM, DER) through integration with parse-asn1

Capabilities

Sign Creation

Creates a new Sign instance for the specified algorithm.

/**
 * Creates a new Sign instance for cryptographic signing
 * @param {string} algorithm - The signing algorithm name (e.g., "RSA-SHA256", "ecdsa-with-SHA1")
 * @returns {Sign} A new Sign instance
 * @throws {Error} If the algorithm is unknown or unsupported
 */
function createSign(algorithm);

Verify Creation

Creates a new Verify instance for the specified algorithm.

/**
 * Creates a new Verify instance for signature verification
 * @param {string} algorithm - The verification algorithm name (e.g., "RSA-SHA256", "ecdsa-with-SHA1")
 * @returns {Verify} A new Verify instance
 * @throws {Error} If the algorithm is unknown or unsupported
 */
function createVerify(algorithm);

Algorithm Configuration Access

Direct access to the internal algorithms configuration object.

/**
 * Provides access to the internal algorithms configuration
 * Contains algorithm metadata including sign type, hash type, and ASN.1 identifiers
 */
const algos = require("browserify-sign/algos");

// algos object structure (all ID values are hex strings):
// {
//   "RSA-SHA256": {
//     "sign": "ecdsa/rsa",
//     "hash": "sha256", 
//     "id": "3031300d060960864801650304020105000420"
//   }
// }

Sign Class

Streaming interface for cryptographic signing. In Node.js mode, this is the native crypto.Sign class. In browser mode, this is a custom implementation that inherits from stream.Writable.

class Sign {
  /**
   * Constructor (typically not called directly - use createSign instead)
   * @param {string} algorithm - The signing algorithm
   */
  constructor(algorithm);

  /**
   * Updates the sign object with data to be signed
   * @param {string|Buffer} data - Data to add to the signature calculation
   * @param {string} [encoding] - String encoding when data is a string
   * @returns {Sign} Returns this for method chaining
   */
  update(data, encoding);

  /**
   * Generates the cryptographic signature for all accumulated data
   * @param {string|Buffer|Object} privateKey - Private key for signing
   * @param {string} [outputEncoding] - Output encoding for the signature
   * @returns {Buffer|string} The signature as Buffer or encoded string
   */
  sign(privateKey, outputEncoding);
}

Verify Class

Streaming interface for signature verification. In Node.js mode, this is the native crypto.Verify class. In browser mode, this is a custom implementation that inherits from stream.Writable.

class Verify {
  /**
   * Constructor (typically not called directly - use createVerify instead)
   * @param {string} algorithm - The verification algorithm
   */
  constructor(algorithm);

  /**
   * Updates the verify object with data to be verified
   * @param {string|Buffer} data - Data to add to the verification calculation
   * @param {string} [encoding] - String encoding when data is a string
   * @returns {Verify} Returns this for method chaining
   */
  update(data, encoding);

  /**
   * Verifies the signature against all accumulated data
   * @param {string|Buffer|Object} publicKey - Public key for verification
   * @param {string|Buffer} signature - Signature to verify
   * @param {string} [signatureEncoding] - Encoding of the signature parameter
   * @returns {boolean} true if signature is valid, false otherwise
   */
  verify(publicKey, signature, signatureEncoding);
}

Supported Algorithms

RSA Algorithms

// RSA with various hash algorithms
const RSA_ALGORITHMS = [
  "sha224WithRSAEncryption", "RSA-SHA224",
  "sha256WithRSAEncryption", "RSA-SHA256", 
  "sha384WithRSAEncryption", "RSA-SHA384",
  "sha512WithRSAEncryption", "RSA-SHA512",
  "RSA-SHA1",
  "ripemd160WithRSA", "RSA-RIPEMD160",
  "md5WithRSAEncryption", "RSA-MD5"
];

ECDSA Algorithms

// ECDSA with various hash algorithms
const ECDSA_ALGORITHMS = [
  "ecdsa-with-SHA1",
  "sha256", "sha224", "sha384", "sha512"
];

DSA Algorithms

// DSA with various hash algorithms
const DSA_ALGORITHMS = [
  "DSA-SHA", "DSA-SHA1", "DSA",
  "DSA-WITH-SHA224", "DSA-SHA224",
  "DSA-WITH-SHA256", "DSA-SHA256", 
  "DSA-WITH-SHA384", "DSA-SHA384",
  "DSA-WITH-SHA512", "DSA-SHA512",
  "DSA-RIPEMD160"
];

Supported Elliptic Curves

// Supported elliptic curves for ECDSA (OID to curve name mapping)
const SUPPORTED_CURVES = {
  "1.3.132.0.10": "secp256k1",
  "1.3.132.0.33": "p224", 
  "1.2.840.10045.3.1.1": "p192",
  "1.2.840.10045.3.1.7": "p256",
  "1.3.132.0.34": "p384",
  "1.3.132.0.35": "p521"
};

Error Handling

Common errors that may be thrown:

  • "Unknown message digest" - The specified algorithm is not supported
  • "wrong private key type" - Private key type doesn't match the signature algorithm
  • "wrong public key type" - Public key type doesn't match the signature algorithm
  • "illegal or unsupported padding mode" - Invalid RSA padding specified
  • "unknown curve" - Unsupported elliptic curve for ECDSA (e.g., "unknown curve 1.2.3.4.5")
  • "invalid sig" - Malformed DSA signature during verification

Usage Examples

Basic RSA Signing

const { createSign, createVerify } = require("browserify-sign");
const fs = require("fs");

// Load keys
const privateKey = fs.readFileSync("private-key.pem");
const publicKey = fs.readFileSync("public-key.pem");

// Sign data
const signer = createSign("RSA-SHA256");
signer.update("Hello, World!");
const signature = signer.sign(privateKey, "base64");

// Verify signature
const verifier = createVerify("RSA-SHA256");
verifier.update("Hello, World!");
const isValid = verifier.verify(publicKey, signature, "base64");

console.log("Signature valid:", isValid);

ECDSA Signing

const { createSign, createVerify } = require("browserify-sign");

// ECDSA keys (P-256 curve)
const privateKey = "-----BEGIN EC PRIVATE KEY-----...";
const publicKey = "-----BEGIN PUBLIC KEY-----...";

// Create signature
const signer = createSign("sha256");
signer.update("Message to sign");
const signature = signer.sign(privateKey);

// Verify signature  
const verifier = createVerify("sha256");
verifier.update("Message to sign");
const isValid = verifier.verify(publicKey, signature);

Streaming Usage

const { createSign } = require("browserify-sign");
const fs = require("fs");

const signer = createSign("RSA-SHA256");
const privateKey = fs.readFileSync("private-key.pem");

// Stream a large file through the signer
fs.createReadStream("large-file.txt")
  .pipe(signer)
  .on("finish", () => {
    const signature = signer.sign(privateKey, "hex");
    console.log("File signature:", signature);
  });

Key Object Format

// Private keys can be passed as objects with additional options
const privateKeyObject = {
  key: fs.readFileSync("encrypted-private-key.pem"),
  passphrase: "secret-password"
};

const signer = createSign("RSA-SHA256");
const signature = signer.update("data").sign(privateKeyObject);

Algorithm Configuration Usage

const algos = require("browserify-sign/algos");

// Check if an algorithm is supported
if (algos["RSA-SHA256"]) {
  console.log("RSA-SHA256 is supported");
  console.log("Hash type:", algos["RSA-SHA256"].hash);
  console.log("Sign type:", algos["RSA-SHA256"].sign);
}

// List all supported algorithms
const supportedAlgorithms = Object.keys(algos);
console.log("Supported algorithms:", supportedAlgorithms);