CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-peculiar--webcrypto

A WebCrypto polyfill for Node.js that provides comprehensive cryptographic operations using standard Web Crypto API

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

asymmetric-cryptography.mddocs/

Asymmetric Cryptography

Asymmetric cryptographic algorithms using key pairs (public and private keys) for encryption, decryption, digital signatures, and key agreement.

Capabilities

RSA Algorithms

RSA public-key cryptography for signatures and encryption with various padding schemes.

/**
 * RSA key generation parameters
 */
interface RsaKeyGenParams extends Algorithm {
  name: "RSASSA-PKCS1-v1_5" | "RSA-PSS" | "RSA-OAEP" | "RSAES-PKCS1-v1_5";
  modulusLength: 1024 | 2048 | 3072 | 4096;
  publicExponent: Uint8Array; // Usually [1, 0, 1] for 65537
}

interface RsaHashedKeyGenParams extends RsaKeyGenParams {
  hash: "SHA-1" | "SHA-256" | "SHA-384" | "SHA-512";
}

RSASSA-PKCS1-v1_5

RSA signatures with PKCS#1 v1.5 padding.

interface RsaPkcs1Params extends Algorithm {
  name: "RSASSA-PKCS1-v1_5";
}

RSA-PSS

RSA signatures with Probabilistic Signature Scheme padding.

interface RsaPssParams extends Algorithm {
  name: "RSA-PSS";
  saltLength: number; // Salt length in bytes
}

RSA-OAEP

RSA encryption with Optimal Asymmetric Encryption Padding.

interface RsaOaepParams extends Algorithm {
  name: "RSA-OAEP";
  label?: BufferSource; // Optional label
}

RSAES-PKCS1-v1_5

RSA encryption with PKCS#1 v1.5 padding (legacy compatibility).

interface RsaEsParams extends Algorithm {
  name: "RSAES-PKCS1-v1_5";
}

Usage Example:

// Generate RSA key pair
const keyPair = await crypto.subtle.generateKey(
  {
    name: "RSA-PSS",
    modulusLength: 2048,
    publicExponent: new Uint8Array([1, 0, 1]),
    hash: "SHA-256",
  },
  true,
  ["sign", "verify"]
);

// Sign data
const data = new TextEncoder().encode("Data to sign");
const signature = await crypto.subtle.sign(
  { name: "RSA-PSS", saltLength: 32 },
  keyPair.privateKey,
  data
);

// Verify signature
const isValid = await crypto.subtle.verify(
  { name: "RSA-PSS", saltLength: 32 },
  keyPair.publicKey,
  signature,
  data
);

Elliptic Curve Algorithms

Elliptic Curve cryptography for efficient signatures and key agreement.

/**
 * EC key generation parameters
 */
interface EcKeyGenParams extends Algorithm {
  name: "ECDSA" | "ECDH";
  namedCurve: "P-256" | "P-384" | "P-521" | "K-256" | string; // Includes Brainpool curves
}

ECDSA (Elliptic Curve Digital Signature Algorithm)

Digital signatures using elliptic curve cryptography.

interface EcdsaParams extends Algorithm {
  name: "ECDSA";
  hash: "SHA-1" | "SHA-256" | "SHA-384" | "SHA-512";
}

Usage Example:

// Generate ECDSA key pair
const keyPair = await crypto.subtle.generateKey(
  { name: "ECDSA", namedCurve: "P-256" },
  true,
  ["sign", "verify"]
);

// Sign with ECDSA
const data = new TextEncoder().encode("Message to sign");
const signature = await crypto.subtle.sign(
  { name: "ECDSA", hash: "SHA-256" },
  keyPair.privateKey,
  data
);

// Verify ECDSA signature
const isValid = await crypto.subtle.verify(
  { name: "ECDSA", hash: "SHA-256" },
  keyPair.publicKey,
  signature,
  data
);

ECDH (Elliptic Curve Diffie-Hellman)

Key agreement protocol for deriving shared secrets.

interface EcdhKeyDeriveParams extends Algorithm {
  name: "ECDH";
  public: CryptoKey; // Other party's public key
}

Usage Example:

// Generate key pairs for both parties
const aliceKeys = await crypto.subtle.generateKey(
  { name: "ECDH", namedCurve: "P-256" },
  false,
  ["deriveKey", "deriveBits"]
);

const bobKeys = await crypto.subtle.generateKey(
  { name: "ECDH", namedCurve: "P-256" },
  false,
  ["deriveKey", "deriveBits"]
);

// Derive shared key
const sharedKey = await crypto.subtle.deriveKey(
  { name: "ECDH", public: bobKeys.publicKey },
  aliceKeys.privateKey,
  { name: "AES-GCM", length: 256 },
  false,
  ["encrypt", "decrypt"]
);

Supported Curves

Standard Curves

  • P-256: NIST P-256 (secp256r1)
  • P-384: NIST P-384 (secp384r1)
  • P-521: NIST P-521 (secp521r1)
  • K-256: secp256k1 (Bitcoin curve)

Brainpool Curves

  • brainpoolP160r1, brainpoolP160t1
  • brainpoolP192r1, brainpoolP192t1
  • brainpoolP224r1, brainpoolP224t1
  • brainpoolP256r1, brainpoolP256t1
  • brainpoolP320r1, brainpoolP320t1
  • brainpoolP384r1, brainpoolP384t1
  • brainpoolP512r1, brainpoolP512t1

Key Classes

RSA Key Classes

class RsaPrivateKey extends AsymmetricKey {
  public algorithm: RsaHashedKeyAlgorithm;
  public type: "private";
  public usages: KeyUsage[];
  public extractable: boolean;
}

class RsaPublicKey extends AsymmetricKey {
  public algorithm: RsaHashedKeyAlgorithm;
  public type: "public"; 
  public usages: KeyUsage[];
  public extractable: boolean;
}

interface RsaHashedKeyAlgorithm extends KeyAlgorithm {
  name: "RSASSA-PKCS1-v1_5" | "RSA-PSS" | "RSA-OAEP" | "RSAES-PKCS1-v1_5";
  modulusLength: number;
  publicExponent: Uint8Array;
  hash: KeyAlgorithm;
}

EC Key Classes

class EcPrivateKey extends AsymmetricKey {
  public algorithm: EcKeyAlgorithm;
  public type: "private";
  public usages: KeyUsage[];
  public extractable: boolean;
}

class EcPublicKey extends AsymmetricKey {
  public algorithm: EcKeyAlgorithm;
  public type: "public";
  public usages: KeyUsage[];
  public extractable: boolean;
}

interface EcKeyAlgorithm extends KeyAlgorithm {
  name: "ECDSA" | "ECDH";
  namedCurve: string;
}

Install with Tessl CLI

npx tessl i tessl/npm-peculiar--webcrypto

docs

asymmetric-cryptography.md

crypto-interface.md

hash-functions.md

index.md

key-derivation.md

modern-cryptography.md

symmetric-encryption.md

tile.json