CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-libsodium-wrappers

The Sodium cryptographic library compiled to pure JavaScript providing comprehensive cryptographic operations including encryption, digital signatures, key exchange, password hashing, and random number generation for web browsers and Node.js environments.

Pending
Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Pending

The risk profile of this skill

Overview
Eval results
Files

digital-signatures.mddocs/

Digital Signatures

Ed25519-based digital signatures provide message authentication and non-repudiation. These signatures are deterministic, fast, and provide high security with small signature sizes.

Capabilities

Standard Signatures

/**
 * Generates a new Ed25519 key pair for digital signatures
 * @returns Object with publicKey, privateKey, and keyType properties
 */
function crypto_sign_keypair();

/**
 * Signs a message and returns the signed message
 * @param message - The message to sign
 * @param privateKey - 64-byte private key
 * @returns Signed message (signature + original message)
 */
function crypto_sign(message, privateKey);

/**
 * Verifies a signed message and extracts the original message
 * @param signedMessage - The signed message to verify
 * @param publicKey - 32-byte public key of the signer
 * @returns Original message if signature is valid
 * @throws Error if signature verification fails
 */
function crypto_sign_open(signedMessage, publicKey);

/**
 * Creates a detached signature for a message
 * @param message - The message to sign
 * @param privateKey - 64-byte private key
 * @returns 64-byte detached signature
 */
function crypto_sign_detached(message, privateKey);

/**
 * Verifies a detached signature
 * @param signature - 64-byte signature to verify
 * @param message - The original message that was signed
 * @param publicKey - 32-byte public key of the signer
 * @returns true if signature is valid, false otherwise
 */
function crypto_sign_verify_detached(signature, message, publicKey);

/**
 * Generates a deterministic key pair from a seed
 * @param seed - 32-byte seed for key generation
 * @returns Object with publicKey, privateKey, and keyType properties
 */
function crypto_sign_seed_keypair(seed);

Usage Example:

// Generate signing key pair
const keyPair = sodium.crypto_sign_keypair();

// Sign a message
const message = sodium.from_string("Hello, World!");
const signedMessage = sodium.crypto_sign(message, keyPair.privateKey);

// Verify and extract message
const verified = sodium.crypto_sign_open(signedMessage, keyPair.publicKey);
console.log(sodium.to_string(verified)); // "Hello, World!"

// Detached signature
const signature = sodium.crypto_sign_detached(message, keyPair.privateKey);
const isValid = sodium.crypto_sign_verify_detached(signature, message, keyPair.publicKey);
console.log(isValid); // true

Streaming Signatures

For large messages that don't fit in memory, use streaming signature operations.

/**
 * Initializes a streaming signature context
 * @returns State address for subsequent operations
 */
function crypto_sign_init();

/**
 * Updates the streaming signature with a message chunk
 * @param state_address - State from crypto_sign_init
 * @param message_chunk - Part of the message to sign
 */
function crypto_sign_update(state_address, message_chunk);

/**
 * Finalizes streaming signature and creates the signature
 * @param state_address - State from crypto_sign_init  
 * @param privateKey - 64-byte private key
 * @returns 64-byte signature
 */
function crypto_sign_final_create(state_address, privateKey);

/**
 * Finalizes streaming signature verification
 * @param state_address - State from crypto_sign_init
 * @param signature - 64-byte signature to verify
 * @param publicKey - 32-byte public key of the signer
 * @returns true if signature is valid, false otherwise
 */
function crypto_sign_final_verify(state_address, signature, publicKey);

Streaming Usage Example:

// Sign large message in chunks
let state = sodium.crypto_sign_init();
sodium.crypto_sign_update(state, chunk1);
sodium.crypto_sign_update(state, chunk2);
sodium.crypto_sign_update(state, chunk3);
const signature = sodium.crypto_sign_final_create(state, privateKey);

// Verify large message in chunks
state = sodium.crypto_sign_init();
sodium.crypto_sign_update(state, chunk1);
sodium.crypto_sign_update(state, chunk2);
sodium.crypto_sign_update(state, chunk3);
const isValid = sodium.crypto_sign_final_verify(state, signature, publicKey);

Key Conversion

Convert between Ed25519 and Curve25519 keys for use with other algorithms.

/**
 * Converts Ed25519 public key to Curve25519 public key
 * @param edPk - 32-byte Ed25519 public key
 * @returns 32-byte Curve25519 public key
 */
function crypto_sign_ed25519_pk_to_curve25519(edPk);

/**
 * Converts Ed25519 secret key to Curve25519 secret key
 * @param edSk - 64-byte Ed25519 secret key  
 * @returns 32-byte Curve25519 secret key
 */
function crypto_sign_ed25519_sk_to_curve25519(edSk);

/**
 * Extracts public key from Ed25519 secret key
 * @param privateKey - 64-byte Ed25519 secret key
 * @returns 32-byte Ed25519 public key
 */
function crypto_sign_ed25519_sk_to_pk(privateKey);

/**
 * Extracts seed from Ed25519 secret key
 * @param privateKey - 64-byte Ed25519 secret key
 * @returns 32-byte seed used to generate the key pair
 */
function crypto_sign_ed25519_sk_to_seed(privateKey);

Key Pair Structure

interface SigningKeyPair {
  publicKey: Uint8Array;  // 32 bytes - share with others for verification
  privateKey: Uint8Array; // 64 bytes - keep secret for signing
  keyType: string;        // "ed25519"
}

Constants

const crypto_sign_BYTES = 64;           // Signature size
const crypto_sign_PUBLICKEYBYTES = 32;  // Public key size
const crypto_sign_SECRETKEYBYTES = 64;  // Secret key size  
const crypto_sign_SEEDBYTES = 32;       // Seed size

Security Considerations

  • Private Key Security: Ed25519 private keys must be kept absolutely secret
  • Deterministic Signatures: Ed25519 signatures are deterministic - the same message with the same key always produces the same signature
  • Key Generation: Always use crypto_sign_keypair() or crypto_sign_seed_keypair() for secure key generation
  • Message Integrity: Signatures provide authentication and integrity but not confidentiality - encrypt if needed
  • Public Key Verification: Ensure public keys are obtained from trusted sources to prevent impersonation attacks

docs

advanced-cryptography.md

aead.md

authentication.md

digital-signatures.md

hashing.md

index.md

key-exchange.md

password-hashing.md

public-key-encryption.md

random.md

secret-key-encryption.md

stream-ciphers.md

utilities.md

tile.json