tessl/npm-peculiar--webcrypto
A WebCrypto polyfill for Node.js that provides comprehensive cryptographic operations using standard Web Crypto API
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
crypto-interface.mddocs/
Core Cryptographic Interface
The main Crypto class provides WebCrypto API compatibility with additional utility methods for random value generation and UUID creation.
Capabilities
Crypto Class
Main cryptographic interface implementing the global Crypto standard.
/**
* Main cryptographic interface implementing globalThis.Crypto
* Provides access to cryptographic operations and random utilities
*/
class Crypto implements globalThis.Crypto {
/** SubtleCrypto interface for cryptographic operations */
public subtle: SubtleCrypto;
/**
* Fill array with cryptographically secure random values
* @param array - ArrayBufferView to fill with random data
* @returns The same array filled with random values
*/
getRandomValues<T extends ArrayBufferView | null>(array: T): T;
}Usage Examples:
import { Crypto } from "@peculiar/webcrypto";
const crypto = new Crypto();
// Generate random bytes
const buffer = new Uint8Array(32);
crypto.getRandomValues(buffer);
console.log("Random bytes:", Array.from(buffer));
// Generate more random data
const moreBytes = new Uint8Array(16);
crypto.getRandomValues(moreBytes);
console.log("More random bytes:", Array.from(moreBytes));
// Access cryptographic operations
const keyPair = await crypto.subtle.generateKey(
{ name: "ECDSA", namedCurve: "P-256" },
true,
["sign", "verify"]
);CryptoKey Class
Represents cryptographic keys with algorithm metadata and usage constraints.
/**
* Represents a cryptographic key
* Implements the globalThis.CryptoKey interface
*/
class CryptoKey implements globalThis.CryptoKey {
/** Algorithm information for this key */
public algorithm: KeyAlgorithm;
/** Whether the key can be exported */
public extractable: boolean;
/** Key type: "secret", "private", or "public" */
public type: KeyType;
/** Array of allowed operations for this key */
public usages: KeyUsage[];
}SubtleCrypto Interface
The SubtleCrypto interface provides cryptographic operations. All methods are asynchronous and return Promises.
/**
* Cryptographic operations interface
* Extends webcrypto-core SubtleCrypto with algorithm providers
*/
class SubtleCrypto extends core.SubtleCrypto {
/**
* Generate cryptographic key or key pair
* @param algorithm - Algorithm parameters for key generation
* @param extractable - Whether the key can be exported
* @param keyUsages - Allowed operations for the key
* @returns Promise resolving to CryptoKey or CryptoKeyPair
*/
generateKey(
algorithm: AlgorithmIdentifier,
extractable: boolean,
keyUsages: KeyUsage[]
): Promise<CryptoKey | CryptoKeyPair>;
/**
* Import cryptographic key from external format
* @param format - Key format ("raw", "pkcs8", "spki", "jwk")
* @param keyData - Key data in specified format
* @param algorithm - Algorithm parameters for imported key
* @param extractable - Whether the key can be exported
* @param keyUsages - Allowed operations for the key
* @returns Promise resolving to CryptoKey
*/
importKey(
format: KeyFormat,
keyData: BufferSource | JsonWebKey,
algorithm: AlgorithmIdentifier,
extractable: boolean,
keyUsages: KeyUsage[]
): Promise<CryptoKey>;
/**
* Export cryptographic key to external format
* @param format - Desired export format
* @param key - Key to export
* @returns Promise resolving to exported key data
*/
exportKey(format: KeyFormat, key: CryptoKey): Promise<ArrayBuffer | JsonWebKey>;
/**
* Encrypt data using specified algorithm and key
* @param algorithm - Encryption algorithm and parameters
* @param key - Encryption key
* @param data - Data to encrypt
* @returns Promise resolving to encrypted data
*/
encrypt(
algorithm: AlgorithmIdentifier,
key: CryptoKey,
data: BufferSource
): Promise<ArrayBuffer>;
/**
* Decrypt data using specified algorithm and key
* @param algorithm - Decryption algorithm and parameters
* @param key - Decryption key
* @param data - Data to decrypt
* @returns Promise resolving to decrypted data
*/
decrypt(
algorithm: AlgorithmIdentifier,
key: CryptoKey,
data: BufferSource
): Promise<ArrayBuffer>;
/**
* Generate digital signature for data
* @param algorithm - Signature algorithm and parameters
* @param key - Private key for signing
* @param data - Data to sign
* @returns Promise resolving to signature
*/
sign(
algorithm: AlgorithmIdentifier,
key: CryptoKey,
data: BufferSource
): Promise<ArrayBuffer>;
/**
* Verify digital signature
* @param algorithm - Signature algorithm and parameters
* @param key - Public key for verification
* @param signature - Signature to verify
* @param data - Original data
* @returns Promise resolving to verification result
*/
verify(
algorithm: AlgorithmIdentifier,
key: CryptoKey,
signature: BufferSource,
data: BufferSource
): Promise<boolean>;
/**
* Compute hash digest of data
* @param algorithm - Hash algorithm
* @param data - Data to hash
* @returns Promise resolving to hash digest
*/
digest(algorithm: AlgorithmIdentifier, data: BufferSource): Promise<ArrayBuffer>;
/**
* Wrap (encrypt) a cryptographic key
* @param format - Format of key to wrap
* @param key - Key to wrap
* @param wrappingKey - Key used for wrapping
* @param wrapAlgorithm - Wrapping algorithm
* @returns Promise resolving to wrapped key data
*/
wrapKey(
format: KeyFormat,
key: CryptoKey,
wrappingKey: CryptoKey,
wrapAlgorithm: AlgorithmIdentifier
): Promise<ArrayBuffer>;
/**
* Unwrap (decrypt) a cryptographic key
* @param format - Format of wrapped key
* @param wrappedKey - Wrapped key data
* @param unwrappingKey - Key used for unwrapping
* @param unwrapAlgorithm - Unwrapping algorithm
* @param unwrappedKeyAlgorithm - Algorithm for unwrapped key
* @param extractable - Whether unwrapped key can be exported
* @param keyUsages - Allowed operations for unwrapped key
* @returns Promise resolving to unwrapped CryptoKey
*/
unwrapKey(
format: KeyFormat,
wrappedKey: BufferSource,
unwrappingKey: CryptoKey,
unwrapAlgorithm: AlgorithmIdentifier,
unwrappedKeyAlgorithm: AlgorithmIdentifier,
extractable: boolean,
keyUsages: KeyUsage[]
): Promise<CryptoKey>;
/**
* Derive raw bits from key using key derivation algorithm
* @param algorithm - Key derivation algorithm and parameters
* @param baseKey - Base key for derivation
* @param length - Number of bits to derive
* @returns Promise resolving to derived bits
*/
deriveBits(
algorithm: AlgorithmIdentifier,
baseKey: CryptoKey,
length: number
): Promise<ArrayBuffer>;
/**
* Derive new key from base key using key derivation algorithm
* @param algorithm - Key derivation algorithm and parameters
* @param baseKey - Base key for derivation
* @param derivedKeyType - Algorithm for derived key
* @param extractable - Whether derived key can be exported
* @param keyUsages - Allowed operations for derived key
* @returns Promise resolving to derived CryptoKey
*/
deriveKey(
algorithm: AlgorithmIdentifier,
baseKey: CryptoKey,
derivedKeyType: AlgorithmIdentifier,
extractable: boolean,
keyUsages: KeyUsage[]
): Promise<CryptoKey>;
}Types
type KeyFormat = "raw" | "pkcs8" | "spki" | "jwk";
type KeyType = "secret" | "private" | "public";
type KeyUsage = "encrypt" | "decrypt" | "sign" | "verify" | "deriveKey" | "deriveBits" | "wrapKey" | "unwrapKey";
interface KeyAlgorithm {
name: string;
}
interface CryptoKeyPair {
privateKey: CryptoKey;
publicKey: CryptoKey;
}
interface Algorithm {
name: string;
}
type AlgorithmIdentifier = Algorithm | string;
interface JsonWebKey {
alg?: string;
crv?: string;
d?: string;
dp?: string;
dq?: string;
e?: string;
ext?: boolean;
k?: string;
key_ops?: string[];
kty?: string;
n?: string;
oth?: RsaOtherPrimesInfo[];
p?: string;
q?: string;
qi?: string;
use?: string;
x?: string;
y?: string;
}
interface RsaOtherPrimesInfo {
d?: string;
r?: string;
t?: string;
}Install with Tessl CLI
npx tessl i tessl/npm-peculiar--webcrypto