Crypto operations and functionality for Dark Crystal key backup
This library adds:
- Packing secret together with a descriptive label using a protocol buffer.
- Generating signing keypairs, signing and verifying shards
- Deriving encryption keypairs from signing keypairs
- Encrypting and decrypting a message (asymmetric) to a single recipient
- One-way encrypting and decrypting a message (asymmetric) to a single recipient, ensuring that the sender cannot also decrypt the message. This is used for encrypting shards.
- Encrypting and decrypting a message to one or two recipients using [private-box])(https://github.com/auditdrivencrypto/private-box)
Note: to avoid confusion between signing keys and encryption keys, all the encryption functions here take signing keys and convert them internally.
See example.js
const packed = packLabel(secret, label)
Pack a secret together with a descriptive label, using a protocol buffer.
secret
should be a buffer or a string.label
is an optional argument which if given should be a string containing some useful contextual information about the secret.- returns a buffer
const { secret, label } = unpackLabel(packed)
packed
is a buffer created withpackLabel
- returns an object with properties
secret
andlabel
, which will be a buffer and a string respectively. If no label was given,label
will be the empty string.
const keypair = keypair()
Generate a keypair for signing.
- Returns a keypair object with properties
publicKey
,secretKey
which are buffers.
const signedShard = signShard(shard, keypair)
Sign a message, and pack the signature together with the message.
shard
is a bufferkeypair
is either a keypair object or a secret key given as a buffer.- returns a buffer, which contains both the shard and the signature.
const verifiedShard = openShard (signedShard, publicKey)
Verify a signed message, and if valid return the message without the signature.
publicKey
is a buffersignedShard
is a buffer- returns either a buffer with the verified shard, or false if the shard could not be verified
const shard = removeSignature(signedShard)
Remove the signature component from a signed shard.
This allows us to retrieve the shard data even if we were not able to validate it.
signedShard
is a buffer.- returns a buffer.
const boxKeypair = encryptionKeypair()
Generates a diffie-hellman asymmetric encryption keypair. Since the encryption functions given here derive encryption keys from signing keys internally, you should only need to use this for ephemeral encryption keys.
- Returns an object with properties
publicKey
,secretKey
, both of which are buffers.
const boxKeypair = signingKeypairToEncryptionKeypair(keypair)
Derives a diffie-hellman encryption keypair for use with box
and unbox
from a signing keypair.
Since the encryption functions given here do this internally, you should not need to use this.
keypair
is a keypair object generated withsigningKeypair()
- returns a keypair object, with properties
publicKey
andsecretKey
const cipherText = box(message, recipientPublicKey, senderSecretKey)
Encrypt a message to a specified recipient's key. The sender may also decrypt this message, giving a personal record of what was sent.
message
- a buffer containing the data to encrypt.recipientPublicKey
- a buffer containing the signing public key of the recipient.senderSecretKey
- a buffer containing the signing secret key of the sender (ourself).- Returns the cipher text as a buffer.
const message = unbox(cipherText, senderPublicKey, recipientSecretKey)
Decrypt a message encrypted to your own key. Or attempt to decrypt a message in order to find out whether it is encrypted to your own key.
cipherText
- a buffer generated bybox
.senderPublicKey
- a buffer containing the public signing key of the author of the message.recipientSecretKey
- a buffer containing our own secret signing key.- returns either
false
if the decryption was unsuccessful, or the decrypted message as a buffer.
const cipherText = oneWayBox(message, publicKey)
Encrypt a message to a particular recipient such that only the recipient and not the sender can decrypt it. Inspired by private-box
, see this note in the design document. This is used for encrypting shard data so the secret owner may not read it themselves. We could also just use private-box
itself for this, but this method is simpler and gives us smaller shards.
message
- should be a buffer of any length.publicKey
- a buffer containing the public signing key of the recipient- returns a buffer containing the cipher text. Note that this will be 32 bytes longer than if it was created with
box
, since it also contains an ephemeral public key.
const message = oneWayUnbox(cipherText, secretKey)
Decrypt a message encrypted with oneWayBox
.
cipherText
should be a buffer.secretKey
should be a buffer containing the secret signing key of the recipient.- Returns either
false
if the decryption was unsuccessful, or the decrypted message as a buffer.
const cipherText = privateBox(message, publicKeys)
Encrypt a message to up to two recipients, without revealing who they are in the metadata.
message
- should be a buffer of any length.publicKeys
- should be an array of up to two public signing keys. If a buffer is given, it will be interpreted as a single public key.- Returns a buffer.
const plainText = privateUnbox(cipherText, secretKey)
Decrypt a message encrypted with privateBox
cipherText
should be a buffer.secretKey
should be a buffer containing the secret signing key of the recipient.- Returns either
false
if the decryption was unsuccessful, or the decrypted message as a buffer.