Simple, extensible interface for the tweetnacl-js cryptography library
Cryptography is hard. Even subtle bugs in implementation can render your efforts insecure. That inspired the creation of TweetNaCl and its JavaScript port, TweetNaCl.js. TweetNaCl.js is an opinionated bundle of universal JavaScript that distills cryptography best practices and is auditable (that is, making it easier for other security professionals to review it). That's good because the code is short and introduces minimal abstraction. However, that lack of abstraction can make the API hard to use.
Panda Confidential aims to make Tweet NaCl easier to use—and extend—with minimal reduction in auditability.
Because panda-confidential is extensible, you must instantiate a new instance before using it. This helps prevent unexpected changes by third parties.
import {confidential} from "panda-confidential"
do ->
# Instantiate Panda-Confidential
{encrypt, decrypt, key} = confidential()Panda-confidential wraps the TweetNaCl.js interface with three pairs of opposing functions:
encryptanddecryptsignandverifyencodeanddecode
These functions are generics and infer intent based on their arguments. For example, if you invoke encrypt with a symmetric key, you get symmetric encryption.
# Generate symmetric key of correct length that should be saved.
myKey = await key.Symmetric()
# Person A symmetrically encrypts their data.
message = "Hello World!"
ciphertext = await encrypt myKey, messageThe details -- key length, ensuring a robust source of randomness, encryption algorithm, etc -- are all handled by TweetNaCl.js. encrypt and the key type system just provides a super simple interface for that power.
Use decrypt to retrieve the data just as simply.
# Later, Person A decrypts that ciphertext.
output = await decrypt myKey, ciphertextPlease see the full API documentation for more detailed information about key types and function pairs.
For the browser, bundle using your favorite bundler:
npm i -s panda-confidential