From 61b9d1f87a86c2a71303ef10a799516145dee1e8 Mon Sep 17 00:00:00 2001 From: queicherius Date: Tue, 10 Jan 2017 20:39:15 +0100 Subject: [PATCH] Initial implementation --- .babelrc | 11 +++++++ .gitignore | 22 +++++++++++++ .npmignore | 22 +++++++++++++ .travis.yml | 8 +++++ LICENCE | 21 +++++++++++++ README.md | 77 +++++++++++++++++++++++++++++++++++++++++++++ package.json | 24 ++++++++++++++ src/index.js | 70 +++++++++++++++++++++++++++++++++++++++++ tests/index.spec.js | 68 +++++++++++++++++++++++++++++++++++++++ 9 files changed, 323 insertions(+) create mode 100644 .babelrc create mode 100644 .gitignore create mode 100644 .npmignore create mode 100644 .travis.yml create mode 100644 LICENCE create mode 100644 README.md create mode 100644 package.json create mode 100644 src/index.js create mode 100644 tests/index.spec.js diff --git a/.babelrc b/.babelrc new file mode 100644 index 0000000..6e3801a --- /dev/null +++ b/.babelrc @@ -0,0 +1,11 @@ +{ + "presets": ["latest", "stage-0"], + "env": { + "test": { + "plugins": [ + ["istanbul", {"include": ["src/**"]}], + "rewire" + ] + } + } +} \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..00629f1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,22 @@ +# Logs +npm-debug.log* + +# Coverage directories +coverage/ +.nyc_output/ + +# Compiled code +build/ + +# Dependencies +node_modules/ + +# Optional npm cache directory +.npm/ + +# Webflow +.idea/ + +# Operating System +.DS_Store +Thumbs.db \ No newline at end of file diff --git a/.npmignore b/.npmignore new file mode 100644 index 0000000..5491a77 --- /dev/null +++ b/.npmignore @@ -0,0 +1,22 @@ +# Logs +npm-debug.log* + +# Coverage directories +coverage/ +.nyc_output/ + +# Source code +src/ + +# Dependencies +node_modules/ + +# Optional npm cache directory +.npm/ + +# Webflow +.idea/ + +# Operating System +.DS_Store +Thumbs.db \ No newline at end of file diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..da4ad26 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,8 @@ +language: node_js +node_js: + - "6" +after_script: "$(npm bin)/codecov" +branches: + only: + - master + - /^greenkeeper.*$/ \ No newline at end of file diff --git a/LICENCE b/LICENCE new file mode 100644 index 0000000..b5911af --- /dev/null +++ b/LICENCE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2017 queicherius (David Reeß) + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..a9d067f --- /dev/null +++ b/README.md @@ -0,0 +1,77 @@ +# asymmetric-crypto + +[![Build Status](https://img.shields.io/travis/queicherius/asymmetric-crypto.svg?style=flat-square)](https://travis-ci.org/queicherius/asymmetric-crypto) +[![Coverage Status](https://img.shields.io/codecov/c/github/queicherius/asymmetric-crypto/master.svg?style=flat-square)](https://codecov.io/github/queicherius/asymmetric-crypto) + +> Encryption and signing using public-key cryptography (via [`tweetnacl`](https://github.com/dchest/tweetnacl-js)) + +## Install + +``` +npm install asymmetric-crypto +``` + +This module can be used for Node.js as well as browsers using [Browserify](https://github.com/substack/browserify-handbook#how-node_modules-works). + +## Usage + +```js +import * as crypto from 'asymmetric-crypto' + +// Generate a key pair +const keyPair = crypto.keyPair() +// -> { +// secretKey: 'KOy7fMWMkRc+QX8dzpfX9VwJKlc/+Zkyw5C7RGTXT920IjiKUdOSe/3sNnrETw7ej9TBFzsPyRfkWGMsGLAufQ==', +// publicKey: 'tCI4ilHTknv97DZ6xE8O3o/UwRc7D8kX5FhjLBiwLn0=' +// } + +// Regenerate a key pair from the secret key +const newKeyPair = crypto.fromSecretKey(keyPair.secretKey) +// -> { +// secretKey: 'KOy7fMWMkRc+QX8dzpfX9VwJKlc/+Zkyw5C7RGTXT920IjiKUdOSe/3sNnrETw7ej9TBFzsPyRfkWGMsGLAufQ==', +// publicKey: 'tCI4ilHTknv97DZ6xE8O3o/UwRc7D8kX5FhjLBiwLn0=' +// } + +const myKeyPair = crypto.keyPair() +const theirKeyPair = crypto.keyPair() + +// Encrypt data +const encrypted = crypto.encrypt('some data', theirKeyPair.publicKey, myKeyPair.secretKey) +// -> { +// data: '63tP2r8WQuJ+k+jzsd8pbT6WYPHMTafpeg==', +// nonce: 'BDHALdoeBiGg7wJbVdfJhVQQyvpxrBSo' +// } + +// Decrypt data +const decrypted = crypto.decrypt(encrypted.data, encrypted.nonce, myKeyPair.publicKey, theirKeyPair.secretKey) +// -> 'some data' + +// Sign a message +const message = 'some message' +const signature = crypto.sign(message, myKeyPair.secretKey) +// -> '8oz1aNkSBG1qvYhc+E2VBkgHSxCORGdsyf7LFQuLDmZvJt6vaEzHMIsofmTykMunhCrChEHT9Fgw3sp/W6+7Bw==' + +// Verify the signature on a message +const validSignature = crypto.verify(message, signature, myKeyPair.publicKey) +// -> true +``` + +## Tests + +``` +npm test +``` + +## Internals + +- [`tweetnacl`](https://github.com/dchest/tweetnacl-js) for the cryptographic implementation +- [`tweetnacl-util`](https://github.com/dchest/tweetnacl-util-js) for converting into / from strings +- [`ed2curve`](https://github.com/dchest/ed2curve-js) for converting *Ed25519* keys into *curve25519-xsalsa20-poly1305* keys (so you can encrypt and sign with the same key pair) + +## Licence + +MIT + +--- + +Thanks to @pguth for the inspiration. :smile: diff --git a/package.json b/package.json new file mode 100644 index 0000000..da6b134 --- /dev/null +++ b/package.json @@ -0,0 +1,24 @@ +{ + "name": "asymmetric-crypto", + "version": "0.1.0", + "description": "Encryption and signing using public-key cryptography (via tweetnacl)", + "main": "./build/index.js", + "scripts": { + "build": "abc build", + "test": "abc test && abc lint" + }, + "author": "queicherius@gmail.com", + "license": "MIT", + "repository": { + "type": "git", + "url": "https://github.com/queicherius/asymmetric-crypto" + }, + "dependencies": { + "ed2curve": "^0.2.1", + "tweetnacl": "^0.14.5", + "tweetnacl-util": "^0.13.5" + }, + "devDependencies": { + "abc-environment": "^1.0.5" + } +} diff --git a/src/index.js b/src/index.js new file mode 100644 index 0000000..ba2fe0e --- /dev/null +++ b/src/index.js @@ -0,0 +1,70 @@ +import nacl from 'tweetnacl' +import naclUtil from 'tweetnacl-util' +import ed2curve from 'ed2curve' + +export function keyPair () { + const keyPair = nacl.sign.keyPair() + + return { + secretKey: naclUtil.encodeBase64(keyPair.secretKey), + publicKey: naclUtil.encodeBase64(keyPair.publicKey) + } +} + +export function fromSecretKey (secretKey) { + secretKey = naclUtil.decodeBase64(secretKey) + + const keyPair = nacl.sign.keyPair.fromSecretKey(secretKey) + + return { + secretKey: naclUtil.encodeBase64(keyPair.secretKey), + publicKey: naclUtil.encodeBase64(keyPair.publicKey) + } +} + +export function encrypt (data, theirPublicKey, mySecretKey) { + data = naclUtil.decodeUTF8(data) + theirPublicKey = ed2curve.convertPublicKey(naclUtil.decodeBase64(theirPublicKey)) + mySecretKey = ed2curve.convertSecretKey(naclUtil.decodeBase64(mySecretKey)) + + const nonce = nacl.randomBytes(nacl.box.nonceLength) + + data = nacl.box(data, nonce, theirPublicKey, mySecretKey) + + return { + data: naclUtil.encodeBase64(data), + nonce: naclUtil.encodeBase64(nonce) + } +} + +export function decrypt (data, nonce, theirPublicKey, mySecretKey) { + data = naclUtil.decodeBase64(data) + nonce = naclUtil.decodeBase64(nonce) + theirPublicKey = ed2curve.convertPublicKey(naclUtil.decodeBase64(theirPublicKey)) + mySecretKey = ed2curve.convertSecretKey(naclUtil.decodeBase64(mySecretKey)) + + data = nacl.box.open(data, nonce, theirPublicKey, mySecretKey) + + if (!data) { + throw new Error('failed opening nacl.box') + } + + return naclUtil.encodeUTF8(data) +} + +export function sign (data, mySecretKey) { + data = naclUtil.decodeUTF8(data) + mySecretKey = naclUtil.decodeBase64(mySecretKey) + + data = nacl.sign.detached(data, mySecretKey) + + return naclUtil.encodeBase64(data) +} + +export function verify (data, signature, theirPublicKey) { + data = naclUtil.decodeUTF8(data) + signature = naclUtil.decodeBase64(signature) + theirPublicKey = naclUtil.decodeBase64(theirPublicKey) + + return nacl.sign.detached.verify(data, signature, theirPublicKey) +} diff --git a/tests/index.spec.js b/tests/index.spec.js new file mode 100644 index 0000000..5fc8d1e --- /dev/null +++ b/tests/index.spec.js @@ -0,0 +1,68 @@ +/* eslint-env node, mocha */ +import { expect } from 'chai' +import * as module from '../src/index.js' + +describe('key generation', () => { + it('generates a key pair', () => { + const keyPair = module.keyPair() + expect(keyPair.secretKey).to.be.a('string') + expect(keyPair.publicKey).to.be.a('string') + }) + + it('generates a key pair from the secret key', () => { + const keyPair = module.keyPair() + const keyPairFromSecretKey = module.fromSecretKey(keyPair.secretKey) + expect(keyPair).to.deep.equal(keyPairFromSecretKey) + }) +}) + +describe('encryption', () => { + it('encrypts and decrypts', () => { + const myKeyPair = module.keyPair() + const theirKeyPair = module.keyPair() + const data = 'some data to encrypt' + + const encrypted = module.encrypt(data, theirKeyPair.publicKey, myKeyPair.secretKey) + expect(encrypted.data).to.be.a('string') + expect(encrypted.nonce).to.be.a('string') + + const decrypted = module.decrypt(encrypted.data, encrypted.nonce, myKeyPair.publicKey, theirKeyPair.secretKey) + expect(decrypted).to.equal(data) + }) + + it('fails decryption when using the wrong key', () => { + const randomKeyPair = module.keyPair() + const publicKey = 'J2rbR/Be2ukJuf6od+amUufeb4iN3pnF8hOHTprfUgY=' + const encrypted = { + data: '1WTd5WyEhy9lX+z1ibF2C4ChghbAKfYmM/DV4LePC2us+cfU', + nonce: 'u8VL7Ekv7GiJcThczjbYgfI/ZN95OdUz' + } + + expect(() => { + module.decrypt(encrypted.data, encrypted.nonce, publicKey, randomKeyPair.secretKey) + }).to.throw('failed opening nacl.box') + }) +}) + +describe('signing', () => { + it('signs and verifies', () => { + const myKeyPair = module.keyPair() + const data = 'some data to sign' + + const signed = module.sign(data, myKeyPair.secretKey) + expect(signed).to.be.a('string') + + const verified = module.verify(data, signed, myKeyPair.publicKey) + expect(verified).to.equal(true) + }) + + it('fails verification for the wrong key', () => { + const myKeyPair = module.keyPair() + const otherKeyPair = module.keyPair() + const data = 'some data to sign' + const signed = module.sign(data, myKeyPair.secretKey) + + const verified = module.verify(data, signed, otherKeyPair.publicKey) + expect(verified).to.equal(false) + }) +})