Easily encrypt/decrypt using the TweetNACL cryptographic library.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Secure client-to-server messaging

Secure messaging between a client and a server using a shared secret key. This uses a 32 bit key and a random 20 bit nonce for encryping and signing the payload.

Uses the tweetnacl library.


npm install https://github.com/peermusic/secure-client-server-messaging
var messaging = require('secure-client-server-messaging')

For reference see the Browserify Handbook.


var messaging = require('secure-client-server-messaging')

// Sign and encrypt the request payload with the given 32 bit key
var request = messaging.encrypt(payload, key);
// "request" is now an object {message: encryptedMessage, nonce: randomNonce}

// Get the decrypted and signature verified payload of a request object
var payload = messaging.decrypt(request, key);
// "payload" is now the original payload


npm test

Encryption & authentication flow

  1. Generate the message to the server
  2. Encrypt the message using secretbox with a random nonce and the private key and generate an object {message: encrypted-object-a, nonce: xxx}
  3. Send this object to the server
  4. The server decrypts object with the given nonce and the saved private key (this automatically verifies the signature)
  5. If the decryption and the signature check are valid, the request is continued as normal
  6. The server answers the same way a user would generate it's object and the user decrypts and verifies the signature before running like the server would before continuing as normal