## Members

passphrase: Utilities for converting keys to passphrases using bip39 or niceware
random: Random samplers.

## Constants

DEFAULT_SEED_SIZE : number: Default seed size in bytes.

## Functions

hmac(message, key) ⇒ Uint8Array

Implementation of HMAC SHA512 from https://github.com/dchest/tweetnacl-auth-js

getHKDF(ikm, info, extractLen, [salt]) ⇒ Uint8Array

Returns HKDF output according to rfc5869 using sha512

getSeed([size]) ⇒ Uint8Array

Generates a random seed.

deriveSigningKeysFromSeed(seed, [salt]) ⇒ Object

Derives an Ed25519 keypair given a random seed and an optional HKDF salt. Returns a nacl.sign keypair object: https://github.com/dchest/tweetnacl-js#naclsignkeypair

uint8ToHex(arr) ⇒ string

Converts Uint8Array or Buffer to a hex string.

hexToUint8([hex]) ⇒ Uint8Array

Converts hex string to a Uint8Array.

ed25519HttpSign(keyId, secretKey, headers) ⇒ string

Uses Ed25519, a public-key signature system: https://ed25519.cr.yp.to/

Spec: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12

Signs the message using the secret key and returns a signature.

ed25519HttpVerify(publicKey, headers) ⇒ Object

Uses Ed25519, a public-key signature system: https://ed25519.cr.yp.to/

Spec: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12

Verifies the signature for the message and returns parsed fields from the signature.

## Typedefs

Dictionary : Object.<string, (string|Array.<string>|undefined)>: A dictionary of values, commonly used for objects i.e '{ 'header-name': 'header-value' }'

## passphrase Utilities for converting keys to passphrases using bip39 or niceware **Kind**: global variable * [passphrase](#passphrase) * [.NICEWARE_32_BYTE_WORD_COUNT](#passphrase.NICEWARE_32_BYTE_WORD_COUNT) : number * [.BIP39_32_BYTE_WORD_COUNT](#passphrase.BIP39_32_BYTE_WORD_COUNT) : number * [.fromBytesOrHex(bytes, [useNiceware])](#passphrase.fromBytesOrHex) ⇒ string * [.toBytes32(passphrase)](#passphrase.toBytes32) ⇒ Uint8Array * [.toHex32(passphrase)](#passphrase.toHex32) ⇒ string ### passphrase.NICEWARE\_32\_BYTE\_WORD\_COUNT : number Number of niceware words corresponding to 32 bytes **Kind**: static constant of [passphrase](#passphrase) **Default**: 16 ### passphrase.BIP39\_32\_BYTE\_WORD\_COUNT : number Number of niceware words corresponding to 32 bytes **Kind**: static constant of [passphrase](#passphrase) **Default**: 24 ### passphrase.fromBytesOrHex(bytes, [useNiceware]) ⇒ string Converts bytes to passphrase using bip39 (default) or niceware **Kind**: static method of [passphrase](#passphrase) | Param | Type | Description | | --- | --- | --- | | bytes | Uint8Array \| Buffer \| string | Uint8Array / Buffer / hex string to convert; hex should not contain 0x prefix. | | [useNiceware] | boolean | Whether to use Niceware; defaults to false | ### passphrase.toBytes32(passphrase) ⇒ Uint8Array Converts a 32-byte passphrase to uint8array bytes. Infers whether the passphrase is bip39 or niceware based on length. **Kind**: static method of [passphrase](#passphrase) | Param | Type | Description | | --- | --- | --- | | passphrase | string | bip39/niceware phrase to convert | ### passphrase.toHex32(passphrase) ⇒ string Converts a 32-byte passphrase to hex. Infers whether the passphrase is bip39 or niceware based on length. **Kind**: static method of [passphrase](#passphrase) | Param | Type | Description | | --- | --- | --- | | passphrase | string | bip39/niceware phrase to convert | ## random Random samplers. **Kind**: global variable * [random](#random) * [.uniform(n)](#random.uniform) ⇒ number * [.uniform_01()](#random.uniform_01) ⇒ number ### random.uniform(n) ⇒ number Sample uniformly at random from nonnegative integers below a specified bound. **Kind**: static method of [random](#random) | Param | Type | Description | | --- | --- | --- | | n | number | exclusive upper bound, positive integer at most 2^53 | ### random.uniform\_01() ⇒ number Sample uniformly at random from floating-point numbers in [0, 1]. **Kind**: static method of [random](#random) ## DEFAULT\_SEED\_SIZE : number Default seed size in bytes. **Kind**: global constant **Default**: 32 ## hmac(message, key) ⇒ Uint8Array Implementation of HMAC SHA512 from https://github.com/dchest/tweetnacl-auth-js **Kind**: global function | Param | Type | Description | | --- | --- | --- | | message | Uint8Array | message to HMAC | | key | Uint8Array | the HMAC key | ## getHKDF(ikm, info, extractLen, [salt]) ⇒ Uint8Array Returns HKDF output according to rfc5869 using sha512 **Kind**: global function | Param | Type | Description | | --- | --- | --- | | ikm | Uint8Array | input keying material | | info | Uint8Array | context-specific info | | extractLen | number | length of extracted output keying material in octets | | [salt] | Uint8Array | optional salt | ## getSeed([size]) ⇒ Uint8Array Generates a random seed. **Kind**: global function | Param | Type | Description | | --- | --- | --- | | [size] | number | seed size in bytes; defaults to 32 | ## deriveSigningKeysFromSeed(seed, [salt]) ⇒ Object Derives an Ed25519 keypair given a random seed and an optional HKDF salt. Returns a nacl.sign keypair object: https://github.com/dchest/tweetnacl-js#naclsignkeypair **Kind**: global function | Param | Type | Description | | --- | --- | --- | | seed | Uint8Array | random seed, recommended length 32 | | [salt] | Uint8Array | random salt, recommended length 64 | ## uint8ToHex(arr) ⇒ string Converts Uint8Array or Buffer to a hex string. **Kind**: global function | Param | Type | Description | | --- | --- | --- | | arr | Uint8Array \| Buffer | Uint8Array / Buffer to convert | ## hexToUint8([hex]) ⇒ Uint8Array Converts hex string to a Uint8Array. **Kind**: global function | Param | Type | Description | | --- | --- | --- | | [hex] | string | Hex string to convert; defaults to ''. | ## ed25519HttpSign(keyId, secretKey, headers) ⇒ string Uses Ed25519, a public-key signature system: [https://ed25519.cr.yp.to/](https://ed25519.cr.yp.to/) Spec: [https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12) Signs the message using the secret key and returns a signature. **Kind**: global function **See**: {nacl.sign.detached} | Param | Type | Description | | --- | --- | --- | | keyId | string | an opaque string that the server can use to look up the component they need to validate the signature. | | secretKey | string | hex encoded secret key to sign the message. | | headers | [Dictionary](#Dictionary) | headers containing the properties to sign. | ## ed25519HttpVerify(publicKey, headers) ⇒ Object Uses Ed25519, a public-key signature system: [https://ed25519.cr.yp.to/](https://ed25519.cr.yp.to/) Spec: [https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12) Verifies the signature for the message and returns parsed fields from the signature. **Kind**: global function **See**: {nacl.sign.detached.verify} | Param | Type | Description | | --- | --- | --- | | publicKey | string | hex encoded public key to verify the signature. | | headers | [Dictionary](#Dictionary) | headers containing the signature for verification. | ## Dictionary : Object.<string, (string\|Array.<string>\|undefined)> A dictionary of values, commonly used for objects i.e '{ 'header-name': 'header-value' }' **Kind**: global typedef