1 | # JavaScript Crypto Library [![Build Status](https://travis-ci.org/VirgilSecurity/virgil-crypto-javascript.svg?branch=v2_0)](https://travis-ci.org/VirgilSecurity/virgil-crypto-javascript) [![npm](https://img.shields.io/npm/v/virgil-crypto.svg)](https://www.npmjs.com/package/virgil-crypto)
|
2 |
|
3 | JavaScript wrapper of [Virgil Crypto Library](https://github.com/VirgilSecurity/virgil-crypto)
|
4 | for modern browsers and Node.js.
|
5 |
|
6 | - [Install](#install)
|
7 | - [Usage](#usage)
|
8 | - [Generate Keys](#generate-keys)
|
9 | - [Encryption](#encryption)
|
10 | - [Decryption](#decryption)
|
11 | - [Signatures](#signatures)
|
12 | - [Authenticated Encryption](#authenticated-encryption)
|
13 | - [Hashing](#hashing)
|
14 | - [Key Pair Utils](#key-pair-utils)
|
15 | - [Resources](#resources)
|
16 | - [License](#license)
|
17 | - [Contacts](#contacts)
|
18 |
|
19 | ## Install
|
20 |
|
21 | ### NPM
|
22 |
|
23 | ```sh
|
24 | npm install virgil-crypto
|
25 | ```
|
26 |
|
27 | ### CDN
|
28 | ```html
|
29 | <script
|
30 | src="https://cdn.virgilsecurity.com/packages/javascript/crypto/2.0.0/virgil-crypto.min.js"
|
31 | integrity="sha256-oJwQc439DKwfdwqVm0zSiniFFyWttnE7oenq1og2ajI="
|
32 | crossorigin="anonymous"></script>
|
33 | ```
|
34 |
|
35 | ## Usage
|
36 |
|
37 | All API functions accept and return bytes as `Buffer` objects. In browser
|
38 | [this module](https://github.com/feross/buffer) is used and is available via `VirgilCrypto.Buffer` property.
|
39 | In Node.js it's native [Buffer](https://nodejs.org/api/buffer.html).
|
40 |
|
41 | Async versions of functions are implemented using [Web Workers](https://developer.mozilla.org/en-US/docs/Web/API/Worker)
|
42 | and therefore are only available in the browser. This also means that Chrome and Opera will give an error
|
43 | `"Uncaught SecurityError: Script at '[blob url here]' cannot be accessed from origin 'null'."` when you try
|
44 | to load VirgilCrypto from `file:///` url. It needs to be on a proper domain.
|
45 |
|
46 | Async functions are Promise-based. Promise implementation is provided
|
47 | by [core-js](https://github.com/zloirock/core-js#ecmascript-6-promise).
|
48 |
|
49 | ## Generate Keys
|
50 |
|
51 | ### generateKeyPair(\[options\])
|
52 |
|
53 | Generates a key pair. Provide `options` to specify the type of keys to generate (see below for the list
|
54 | of available types) and\or password to use to encrypt the private key. The keys returned are in PEM format.
|
55 |
|
56 |
|
57 | #### Arguments
|
58 |
|
59 | * \[options={}\] (Object): The options object.
|
60 | * \[options.password\] (Buffer): Optional password to use to encrypt the private key.
|
61 | * \[options.type\] (string): Optional type of keys to generate.
|
62 |
|
63 |
|
64 | #### Returns
|
65 |
|
66 | * (Object.\<{privateKey: Buffer, publicKey: Buffer}\>): The new key pair.
|
67 |
|
68 |
|
69 | #### Available Key Pair Types
|
70 |
|
71 |
|
72 |
|
73 | | Key Type | Description |
|
74 | |-------------------|--------------------------------|
|
75 | | Default | the safest recommended type |
|
76 | | RSA_2048 | RSA 2048 bit (not recommended) |
|
77 | | RSA_3072 | RSA 3072 bit |
|
78 | | RSA_4096 | RSA 4096 bit |
|
79 | | RSA_8192 | RSA 8192 bit |
|
80 | | EC_SECP256R1 | 256-bits NIST curve |
|
81 | | EC_SECP384R1 | 384-bits NIST curve |
|
82 | | EC_SECP521R1 | 521-bits NIST curve |
|
83 | | EC_BP256R1 | 256-bits Brainpool curve |
|
84 | | EC_BP384R1 | 384-bits Brainpool curve |
|
85 | | EC_BP512R1 | 512-bits Brainpool curve |
|
86 | | EC_SECP256K1 | 256-bits "Koblitz" curve |
|
87 | | FAST_EC_X25519 | Curve25519 |
|
88 | | FAST_EC_ED25519 | Ed25519 |
|
89 |
|
90 | e.g. `VirgilCrypto.KeyPairType.EC_SECP384R1` for 384-bits NIST curve.
|
91 |
|
92 |
|
93 | #### Examples
|
94 |
|
95 | Generate a key pair of recommended safest type without encrypting private key:
|
96 |
|
97 | ```javascript
|
98 | var keyPair = VirgilCrypto.generateKeyPair();
|
99 | //{
|
100 | // publicKey: ..., // Buffer with public key
|
101 | // privateKey: ... // Buffer with private key
|
102 | //}
|
103 | ```
|
104 |
|
105 | Generate a key pair with encrypted private key and recommended type:
|
106 |
|
107 | ```javascript
|
108 | var keyPair = VirgilCrypto.generateKeyPair({
|
109 | password: new VirgilCrypto.Buffer('pa$$w0rd')
|
110 | });
|
111 | ```
|
112 |
|
113 | Generate Curve25519 key pair with encrypted private key:
|
114 |
|
115 | ```javascript
|
116 | var keyPairCurve25519 = VirgilCrypto.generateKeyPair({
|
117 | type: VirgilCrypto.KeyPairType.FAST_EC_X25519,
|
118 | password: new VirgilCrypto.Buffer('pa$$w0rd')
|
119 | });
|
120 | ```
|
121 |
|
122 | ### generateKeyPairAsync(\[options\]) (Browsers only)
|
123 |
|
124 | Same as [generateKeyPair](#generatekeypairoptions) but returns the Promise that is resolved with generated
|
125 | key pair or rejected with an error.
|
126 |
|
127 | #### Returns
|
128 |
|
129 | * (Promise\<Object.\<{privateKey: Buffer, publicKey: Buffer}\>\>): The Promise that will be resolved with the new key pair.
|
130 |
|
131 | #### Examples
|
132 |
|
133 |
|
134 | ```javascript
|
135 | VirgilCrypto.generateKeyPairAsync()
|
136 | .then(function (keyPair) {
|
137 | //{
|
138 | // publicKey: ..., // Buffer with public key material
|
139 | // privateKey: ... // Buffer with private key material
|
140 | //}
|
141 | });
|
142 | ```
|
143 |
|
144 | ## Encryption
|
145 |
|
146 | ### encrypt(data, recipientId | recipients | password, \[publicKey\])
|
147 |
|
148 | #### Arguments
|
149 |
|
150 | Encrypts the data with single recipient's public key, multiple recipients' public keys or password depending
|
151 | on the number and types of arguments passed.
|
152 |
|
153 | * data (Buffer): The data to encrypt.
|
154 | * recipientId|recipients|password: Either one of the following
|
155 | - recipientId (Buffer): The identifier of the intended recipient.
|
156 | - recipients (Array.\<{recipientId: Buffer, publicKey: Buffer}\>): Array of recipient ids with corresponding
|
157 | public keys to use for encryption.
|
158 | - password (Buffer): The password to use for encryption.
|
159 | * \[publicKey\] (Buffer): The public key to use for encryption. Used when encrypting for single recipient (i.e. when
|
160 | the second argument is recipientId).
|
161 |
|
162 | #### Returns
|
163 |
|
164 | * (Buffer): Returns encrypted data.
|
165 |
|
166 | #### Examples
|
167 |
|
168 | Using Password
|
169 |
|
170 | ```javascript
|
171 | var plainText = new Buffer('data to be encrypted');
|
172 | var password = new Buffer('pa$$w0rd');
|
173 |
|
174 | var encryptedData = VirgilCrypto.encrypt(plainText, password);
|
175 |
|
176 | console.log('Encrypted data: ' + encryptedData.toString('base64'));
|
177 | ```
|
178 |
|
179 | Using Key
|
180 |
|
181 | ```javascript
|
182 | var plainText = new Buffer('data to be encrypted');
|
183 | var recipientId = new Buffer('<SOME_RECIPIENT_ID>');
|
184 |
|
185 | var keyPair = VirgilCrypto.generateKeyPair();
|
186 | // using newly generated key pair and random recipient id here
|
187 | // as an example. In a real app, the key would have been provided
|
188 | // externally (e.g. from web service, database, file, etc.)
|
189 | var encryptedData = VirgilCrypto.encrypt(
|
190 | plainText, recipientId, keyPair.publicKey);
|
191 |
|
192 | console.log('Encrypted data: ' + encryptedData.toString('base64'));
|
193 | ```
|
194 |
|
195 | Using multiple keys
|
196 |
|
197 | ```javascript
|
198 | var plainText = new Buffer('data to be encrypted');
|
199 |
|
200 | var recipientId1 = new Buffer('<SOME_RECIPIENT_ID_1>');
|
201 | var recipientId2 = new Buffer('<SOME_RECIPIENT_ID_2>');
|
202 | var keyPair1 = VirgilCrypto.generateKeyPair();
|
203 | var keyPair2 = VirgilCrypto.generateKeyPair();
|
204 |
|
205 | // using newly generated key pairs and random recipient ids here
|
206 | // as an example. In a real app, the keys would have been provided
|
207 | // externally (e.g. from web service, database, file, etc.)
|
208 |
|
209 | var recipientsList = [{
|
210 | recipientId: recipientId1,
|
211 | publicKey: keyPair1.publicKey
|
212 | }, {
|
213 | recipientId: recipientId2,
|
214 | publicKey: keyPair2.publicKey
|
215 | }];
|
216 |
|
217 | var encryptedData = VirgilCrypto.encrypt(plaintText, recipientsList);
|
218 |
|
219 | // encrypted data now can be decrypted by either keyPair1.privateKey
|
220 | // or keyPair2.privateKey
|
221 |
|
222 | console.log('Encrypted data: ' + encryptedData.toString('base64'));
|
223 | ```
|
224 |
|
225 |
|
226 | ### encryptAsync(data, recipientId | recipients | password, \[publicKey\]) (Browsers only)
|
227 |
|
228 | Same as [encrypt](#encryptdata-recipientid--recipients--password-publickey) but returns the Promise
|
229 | that is resolved with encrypted data or rejected with an error.
|
230 |
|
231 | #### Returns
|
232 |
|
233 | * (Promise.\<Buffer\>): The Promise that will be resolved with encrypted data.
|
234 |
|
235 | #### Examples
|
236 |
|
237 | Using Password
|
238 |
|
239 | ```javascript
|
240 | var plainText = new VirgilCrypto.Buffer('data to be encrypted');
|
241 | var password = new VirgilCrypto.Buffer('pa$$w0rd');
|
242 |
|
243 | VirgilCrypto.encryptAsync(plainText, password)
|
244 | .then(function (encryptedData) {
|
245 | console.log('Encrypted data: ' + encryptedData.toString('base64'));
|
246 | })
|
247 | .catch(function (err) {
|
248 | // handle error
|
249 | console.log(err);
|
250 | });
|
251 | ```
|
252 |
|
253 | Using Key
|
254 |
|
255 | ```javascript
|
256 | var plainText = new VirgilCrypto.Buffer('data to be encrypted');
|
257 | var recipientId = new VirgilCrypto.Buffer('<SOME_RECIPIENT_ID>');
|
258 |
|
259 | var keyPair = VirgilCrypto.generateKeyPair();
|
260 | // using newly generated key pair and random recipient id here
|
261 | // as an example. In a real app, the key would have been provided
|
262 | // externally (e.g. from web service, database, file, etc.)
|
263 |
|
264 | VirgilCrypto.encryptAsync(plainText, recipientId, keyPair.publicKey)
|
265 | .then(function (encryptedData) {
|
266 | console.log('Encrypted data: ' + encryptedData.toString('base64'));
|
267 | })
|
268 | .catch(function (err) {
|
269 | // handle error
|
270 | console.log(err);
|
271 | });
|
272 |
|
273 | console.log('Encrypted data: ' + encryptedData.toString('base64'));
|
274 | ```
|
275 |
|
276 | Using multiple keys
|
277 |
|
278 | ```javascript
|
279 | var plainText = new VirgilCrypto.Buffer('data to be encrypted');
|
280 |
|
281 | var recipientId1 = new VirgilCrypto.Buffer('recipient1');
|
282 | var recipientId2 = new VirgilCrypto.Buffer('recipient2');
|
283 | var keyPair1 = VirgilCrypto.generateKeyPair();
|
284 | var keyPair2 = VirgilCrypto.generateKeyPair();
|
285 |
|
286 | // using newly generated key pairs and random recipient ids here
|
287 | // as an example. In a real app, the keys would have been provided
|
288 | // externally (e.g. from web service, database, file, etc.)
|
289 |
|
290 | var recipientsList = [{
|
291 | recipientId: recipientId1,
|
292 | publicKey: keyPair1.publicKey
|
293 | }, {
|
294 | recipientId: recipientId2,
|
295 | publicKey: keyPair2.publicKey
|
296 | }];
|
297 |
|
298 | VirgilCrypto.encryptAsync(plaintText, recipientsList)
|
299 | .then(function (encryptedData) {
|
300 | // encrypted data now can be decrypted by either keyPair1.privateKey
|
301 | // or keyPair2.privateKey
|
302 | console.log('Encrypted data: ' + encryptedData.toString('base64'));
|
303 | })
|
304 | .catch(function (err) {
|
305 | // handle error
|
306 | console.log(err);
|
307 | });
|
308 | ```
|
309 |
|
310 | ## Decryption
|
311 |
|
312 | ### decrypt(encryptedData, recipientId | password, \[privateKey\], \[privateKeyPassword\])
|
313 |
|
314 | Decrypts the data using password or private key depending on the number of arguments passed in.
|
315 |
|
316 | #### Arguments
|
317 |
|
318 | * encryptedData (Buffer): The data to decrypt.
|
319 | * recipientId|password: Either one of the following
|
320 | - recipientId (Buffer): The recipient id used for encryption.
|
321 | - password (Buffer): The password to use for decryption.
|
322 | * \[privateKey\] (Buffer): The private key to use for decryption.
|
323 | * \[privateKeyPassword\] (Buffer): Optional password used to encrypt the private key.
|
324 |
|
325 | #### Returns
|
326 |
|
327 | * (Buffer): Returns decrypted data.
|
328 |
|
329 | #### Examples
|
330 |
|
331 | Using password:
|
332 |
|
333 | ```javascript
|
334 | var password = new Buffer('pa$$w0rd');
|
335 | var plainText = new Buffer('data to be encrypted');
|
336 | var encryptedData = VirgilCrypto.encrypt(plainText, password);
|
337 | var decryptedData = VirgilCrypto.decrypt(encryptedData, password);
|
338 | console.log('Decrypted data: ' + decryptedData.toString('utf8'));
|
339 | ```
|
340 |
|
341 | Using private key:
|
342 |
|
343 | ```javascript
|
344 | var plainText = new Buffer('data to be encrypted');
|
345 | var recipientId = new Buffer('<SOME_RECIPIENT_ID>');
|
346 |
|
347 | var keyPair = VirgilCrypto.generateKeyPair();
|
348 | // using newly generated key pair and random recipient id here
|
349 | // as an example. In a real app, the keys would have been provided
|
350 | // externally (e.g. from web service, database, file, etc.)
|
351 | var encryptedData = VirgilCrypto.encrypt(
|
352 | plainText, recipientId, keyPair.publicKey);
|
353 |
|
354 | var decryptedData = VirgilCrypto.decrypt(
|
355 | encryptedData, recipientId, keyPair.privateKey);
|
356 |
|
357 | console.log('Decrypted data: ' + decryptedData.toString('utf8'));
|
358 | ```
|
359 |
|
360 | Using private key with password:
|
361 |
|
362 | ```javascript
|
363 | var plainText = new Buffer('data to be encrypted');
|
364 | var recipientId = new Buffer('<SOME_RECIPIENT_ID>');
|
365 | var privateKeyPassword = new Buffer('pa$$w0rd');
|
366 |
|
367 | var keyPair = VirgilCrypto.generateKeyPair({
|
368 | password: privateKeyPassword
|
369 | });
|
370 |
|
371 | // using newly generated key pair and random recipient id here
|
372 | // as an example. In a real app, the keys would have been provided
|
373 | // externally (e.g. from web service, database, file, etc.)
|
374 |
|
375 | var encryptedData = VirgilCrypto.encrypt(
|
376 | plainText, recipientId, keyPair.publicKey);
|
377 |
|
378 | var decryptedData = VirgilCrypto.decrypt(
|
379 | encryptedData,
|
380 | recipientId,
|
381 | keyPair.privateKey,
|
382 | privateKeyPassword);
|
383 |
|
384 | console.log('Decrypted data: ' + decryptedData.toString('utf8'));
|
385 | ```
|
386 |
|
387 |
|
388 | ### decryptAsync(encryptedData, recipientId | password, \[privateKey\], \[privateKeyPassword\]) (Browsers only)
|
389 |
|
390 | Same as [decrypt](#decryptencrypteddata-recipientid--password-privatekey-privatekeypassword) but returns a
|
391 | Promise that is resolved with decrypted data or rejected with an error.
|
392 |
|
393 | #### Returns
|
394 |
|
395 | * (Promise.\<Buffer\>): The Promise that will be resolved with decrypted data.
|
396 |
|
397 | #### Examples
|
398 |
|
399 | Using password:
|
400 |
|
401 | ```javascript
|
402 | var password = new VirgilCrypto.Buffer('pa$$w0rd');
|
403 | var plainText = new VirgilCrypto.Buffer('data to be encrypted');
|
404 | VirgilCrypto.encryptAsync(plainText, password)
|
405 | .then(function (encryptedData) {
|
406 | return VirgilCrypto.decryptAsync(encryptedData, password);
|
407 | });
|
408 | .then(function (decryptedData) {
|
409 | console.log('Decrypted data: ' + decryptedData.toString('utf8'));
|
410 | })
|
411 | .catch(function (err) {
|
412 | // handle error
|
413 | console.log(err);
|
414 | });
|
415 | ```
|
416 |
|
417 | Using private key:
|
418 |
|
419 | ```javascript
|
420 | var plainText = new Buffer('data to be encrypted');
|
421 | var recipientId = new Buffer('<SOME_RECIPIENT_ID>');
|
422 |
|
423 | var keyPair = VirgilCrypto.generateKeyPair();
|
424 | // using newly generated key pair and random recipient id here
|
425 | // as an example. In a real app, the keys would have been provided
|
426 | // externally (e.g. from web service, database, file, etc.)
|
427 |
|
428 | VirgilCrypto.encryptAsync(plainText, recipientId, keyPair.publicKey)
|
429 | .then(function (encryptedData) {
|
430 | return VirgilCrypto.decryptAsync(
|
431 | encryptedData, recipientId, keyPair.privateKey);
|
432 | });
|
433 | .then(function (decryptedData) {
|
434 | console.log('Decrypted data: ' + decryptedData.toString('utf8'));
|
435 | })
|
436 | .catch(function (err) {
|
437 | // handle error
|
438 | console.log(err);
|
439 | });
|
440 |
|
441 | console.log('Decrypted data: ' + decryptedData.toString('utf8'));
|
442 | ```
|
443 |
|
444 | Using private key with password:
|
445 |
|
446 | ```javascript
|
447 | var plainText = new Buffer('data to be encrypted');
|
448 | var recipientId = new Buffer('<SOME_RECIPIENT_ID>');
|
449 | var privateKeyPassword = new Buffer('pa$$w0rd');
|
450 |
|
451 | var keyPair = VirgilCrypto.generateKeyPair({
|
452 | password: privateKeyPassword
|
453 | });
|
454 |
|
455 | // using newly generated key pair and random recipient id here
|
456 | // as an example. In a real app, the keys would have been provided
|
457 | // externally (e.g. from web service, database, file, etc.)
|
458 |
|
459 | VirgilCrypto.encryptAsync(plainText, recipientId, keyPair.publicKey)
|
460 | .then(function (encryptedData) {
|
461 | return VirgilCrypto.decryptAsync(
|
462 | encryptedData,
|
463 | recipientId,
|
464 | keyPair.privateKey,
|
465 | privateKeyPassword);
|
466 | });
|
467 | .then(function (decryptedData) {
|
468 | console.log('Decrypted data: ' + decryptedData.toString('utf8'));
|
469 | })
|
470 | .catch(function (err) {
|
471 | // handle error
|
472 | console.log(err);
|
473 | });
|
474 | ```
|
475 |
|
476 | ## Signatures
|
477 |
|
478 | Cryptographic digital signatures use public key algorithms to provide authenticity and integrity assurances on the data.
|
479 | When you sign the data with a digital signature, someone else can verify the signature and can prove that the data
|
480 | originated from you and was not altered after you signed it.
|
481 |
|
482 | ### sign(data, privateKey, \[privateKeyPassword\])
|
483 |
|
484 | Signs the data using the private key and returns the signature.
|
485 |
|
486 | #### Arguments
|
487 |
|
488 | * data (Buffer): The data to sign
|
489 | * privateKey (Buffer): The private key to use for signing.
|
490 | * \[privateKeyPassword\]: Optional password used to encrypt the private key.
|
491 |
|
492 | #### Returns
|
493 |
|
494 | * (Buffer): Returns the signature.
|
495 |
|
496 | #### Examples
|
497 |
|
498 | ```javascript
|
499 | var plainText = new Buffer('data to be encrypted');
|
500 | var recipientId = new Buffer('<SOME_RECIPIENT_ID>');
|
501 |
|
502 | var keyPair = VirgilCrypto.generateKeyPair();
|
503 |
|
504 | var encryptedData = VirgilCrypto.encrypt(plainText, recipientId, keyPair.publicKey);
|
505 | var signature = VirgilCrypto.sign(encryptedData, keyPair.privateKey);
|
506 |
|
507 | console.log(signature.toString('base64'));
|
508 | ```
|
509 |
|
510 | Using encrypted private key
|
511 |
|
512 | ```javascript
|
513 | var keyPassword = new Buffer('pa$$w0rd');
|
514 | var plainText = new Buffer('data to be encrypted');
|
515 | var recipientId = new Buffer('<SOME_RECIPIENT_ID>');
|
516 |
|
517 | var keyPair = VirgilCrypto.generateKeyPair({
|
518 | password: keyPassword
|
519 | });
|
520 |
|
521 | var encryptedData = VirgilCrypto.encrypt(plainText, recipientId, keyPair.publicKey);
|
522 | var signature = VirgilCrypto.sign(encryptedData, keyPair.privateKey, keyPassword);
|
523 |
|
524 | console.log(signature.toString('base64'));
|
525 | ```
|
526 |
|
527 | ### signAsync(data, privateKey, \[privateKeyPassword\]) (Browsers only)
|
528 |
|
529 | Same as [sign](#signdata-privatekey-privatekeypassword) but returns the Promise that will be
|
530 | resolved with the signature or rejected with an error.
|
531 |
|
532 | #### Returns
|
533 |
|
534 | * (Promise.\<Buffer\>): The Promise that will be resolved with the signature.
|
535 |
|
536 | #### Examples
|
537 |
|
538 | ```javascript
|
539 | var plainText = new Buffer('data to be encrypted');
|
540 | var recipientId = new Buffer('<SOME_RECIPIENT_ID>');
|
541 |
|
542 | var keyPair = VirgilCrypto.generateKeyPair();
|
543 |
|
544 | var encryptedData = VirgilCrypto.encrypt(plainText, recipientId, keyPair.publicKey);
|
545 | VirgilCrypto.signAsync(encryptedData, keyPair.privateKey)
|
546 | .then(function (signature) {
|
547 | console.log(signature.toString('base64'));
|
548 | });
|
549 | ```
|
550 |
|
551 | Using encrypted private key
|
552 |
|
553 | ```javascript
|
554 | var keyPassword = new Buffer('pa$$w0rd');
|
555 | var plainText = new Buffer('data to be encrypted');
|
556 | var recipientId = new Buffer('<SOME_RECIPIENT_ID>');
|
557 |
|
558 | var keyPair = VirgilCrypto.generateKeyPair({
|
559 | password: keyPassword
|
560 | });
|
561 |
|
562 | var encryptedData = VirgilCrypto.encrypt(plainText, recipientId, keyPair.publicKey);
|
563 | VirgilCrypto.signAsync(encryptedData, keyPair.privateKey, keyPassword)
|
564 | .then(function (signature) {
|
565 | console.log(signature.toString('base64'));
|
566 | });
|
567 | ```
|
568 |
|
569 | ### verify(data, sign, publicKey)
|
570 |
|
571 | Verifies the signature for the data and returns `true` if verification succeeded or `false` if it failed.
|
572 |
|
573 | #### Arguments
|
574 |
|
575 | * data (Buffer): The signed data.
|
576 | * sign (Buffer): The signature.
|
577 | * publicKey (Buffer): The public key of the party that signed the data.
|
578 |
|
579 | #### Returns
|
580 |
|
581 | * (boolean): Returns `true` if verification succeeded or `false` if it failed.
|
582 |
|
583 | #### Examples
|
584 |
|
585 | ```javascript
|
586 | var isVerified = VirgilCrypto.verify(encryptedData, signature, keyPair.publicKey);
|
587 | console.log('Is signature valid: ' + isVerified);
|
588 | ```
|
589 |
|
590 | ### verifyAsync(data, sign, publicKey) (Browsers only)
|
591 |
|
592 | Same as [verify](#verifydata-sign-publickey) but returns the Promise that will be resolved with `true` if verification
|
593 | succeeded or `false` if it failed, or rejected with an error.
|
594 |
|
595 | #### Returns
|
596 |
|
597 | * (Promise.\<boolean\>): The Promise that will be resolved with `true` if verification succeeded or `false` if it failed.
|
598 |
|
599 | #### Examples
|
600 |
|
601 | ```javascript
|
602 | VirgilCrypto.verifyAsync(encryptedData, signature, keyPair.publicKey)
|
603 | .then(function (isVerified) {
|
604 | console.log('Is signature valid: ' + isVerified);
|
605 | });
|
606 | ```
|
607 |
|
608 | ## Authenticated Encryption
|
609 |
|
610 | Form of encryption which simultaneously provides confidentiality, integrity, and authenticity assurances on the data.
|
611 |
|
612 | ### signThenEncrypt(data, privateKey, recipientId | recipients, [publicKey])
|
613 |
|
614 | Combines encryption in a single step with message authentication. Signs the data using the private key and encrypts
|
615 | the signed message using the public key (or public keys depending on the number of arguments passed).
|
616 |
|
617 | #### Arguments
|
618 |
|
619 | * data (Buffer): The data to sign and encrypt.
|
620 | * privateKey (Buffer): The private key to use for signature generation.
|
621 | * recipientId|recipients: Either one of the following
|
622 | - recipientId (Buffer): The identifier of the intended recipient.
|
623 | - recipients (Array.\<{recipientId: Buffer, publicKey: Buffer}\>): Array of recipient ids with corresponding
|
624 | public keys to use for encryption.
|
625 | * \[publicKey\] (Buffer): The public key to use for encryption. Used when encrypting for single recipient (i.e. when
|
626 | the second argument is recipientId)
|
627 |
|
628 | #### Returns
|
629 |
|
630 | * (Buffer): Returns encrypted signed data.
|
631 |
|
632 | #### Examples
|
633 |
|
634 | ```javascript
|
635 | var plainText = new Buffer('data to be encrypted');
|
636 | var recipientId = new Buffer('<SOME_RECIPIENT_ID>');
|
637 |
|
638 | var senderKeyPair = VirgilCrypto.generateKeyPair();
|
639 | var recipientKeyPair = VirgilCrypto.generateKeyPair();
|
640 |
|
641 | // using newly generated key pair and random recipient id here
|
642 | // as an example. In a real app, the key would have been provided
|
643 | // externally (e.g. from web service, database, file, etc.)
|
644 |
|
645 | var encryptedSignedData = VirgilCrypto.signThenEncrypt(
|
646 | plainText,
|
647 | senderKeyPair,
|
648 | recipientId,
|
649 | recipientKeyPair.publicKey);
|
650 |
|
651 | console.log('Encrypted data: ' + encryptedSignedData.toString('base64'));
|
652 |
|
653 | ```
|
654 |
|
655 | ### signThenEncryptAsync(data, privateKey, recipientId | recipients, [publicKey]) (Browsers only)
|
656 |
|
657 | Same as [signThenEncrypt](#signthenencryptdata-privatekey-recipientid--recipients-publickey) but returns the Promise
|
658 | that will be resolved with encrypted data or rejected with an error.
|
659 |
|
660 | #### Returns
|
661 |
|
662 | * (Promise.\<Buffer\>): The Promise that will be resolved with encrypted signed data.
|
663 |
|
664 | #### Examples
|
665 |
|
666 | ```javascript
|
667 | var plainText = new Buffer('data to be encrypted');
|
668 | var recipientId = new Buffer('<SOME_RECIPIENT_ID>');
|
669 |
|
670 | var senderKeyPair = VirgilCrypto.generateKeyPair();
|
671 | var recipientKeyPair = VirgilCrypto.generateKeyPair();
|
672 |
|
673 | // using newly generated key pair and random recipient id here
|
674 | // as an example. In a real app, the key would have been provided
|
675 | // externally (e.g. from web service, database, file, etc.)
|
676 |
|
677 | VirgilCrypto.signThenEncryptAsync(
|
678 | plainText, senderKeyPair, recipientId, recipientKeyPair.publicKey)
|
679 | .then(function (encryptedSignedData) {
|
680 | console.log('Encrypted data: ' + encryptedSignedData.toString('base64'));
|
681 | })
|
682 | .catch(function (err) {
|
683 | // handle error
|
684 | console.log(err);
|
685 | });
|
686 |
|
687 | ```
|
688 |
|
689 | ### decryptThenVerify(cipherData, recipientId, privateKey, publicKey)
|
690 |
|
691 | Combines decryption in a single step with integrity verification. Decrypts the data and verifies the attached signature.
|
692 | Returns decrypted data if verification succeeded or throws `VirgilCrypto.VirgilCryptoError` if it failed.
|
693 |
|
694 | #### Arguments
|
695 |
|
696 | * cipherData (Buffer): The data to decrypt and verify.
|
697 | * recipientId (Buffer): The recipient id used for encryption.
|
698 | * privateKey (Buffer): The private key to use for decryption.
|
699 | * publicKey (Buffer): The sender's public key to use for signature verification.
|
700 |
|
701 | #### Returns
|
702 |
|
703 | * (Buffer): Returns decrypted data.
|
704 |
|
705 | #### Examples
|
706 |
|
707 | ```javascript
|
708 | var plainText = new Buffer('data to be encrypted');
|
709 | var recipientId = new Buffer('<SOME_RECIPIENT_ID>');
|
710 |
|
711 | var senderKeyPair = VirgilCrypto.generateKeyPair();
|
712 | var recipientKeyPair = VirgilCrypto.generateKeyPair();
|
713 |
|
714 | // using newly generated key pair and random recipient id here
|
715 | // as an example. In a real app, the keys would have been provided
|
716 | // externally (e.g. from web service, database, file, etc.)
|
717 |
|
718 | var encryptedData = VirgilCrypto.signThenEncrypt(
|
719 | plainText,
|
720 | senderKeyPair.privateKey,
|
721 | recipientId,
|
722 | recipientKeyPair.publicKey);
|
723 | var decryptedData = null;
|
724 |
|
725 | try {
|
726 | decryptedData = VirgilCrypto.decryptThenVerify(
|
727 | encryptedData,
|
728 | recipientId,
|
729 | recipientKeyPair.privateKey,
|
730 | senderKeyPair.pubicKey);
|
731 | } catch (err) {
|
732 | // Message integrity\authenticity verification failed
|
733 | console.log(err);
|
734 | }
|
735 |
|
736 | console.log('Decrypted data: ' + decryptedData.toString('utf8'));
|
737 | ```
|
738 |
|
739 | ### decryptThenVerifyAsync(cipherData, recipientId, privateKey, publicKey) (Browsers only)
|
740 |
|
741 | Same as [decryptThenVerify](#decryptthenverifycipherdata-recipientid-privatekey-publickey) but returns the Promise
|
742 | that will be resolved with decrypted data or rejected with `VirgilCrypto.VirgilCryptoError`.
|
743 |
|
744 | #### Returns
|
745 |
|
746 | * (Promise.\<Buffer\>): The Promise that will be resolved with decrypted data or rejected with an error.
|
747 |
|
748 | #### Examples
|
749 |
|
750 | ```javascript
|
751 | var plainText = new Buffer('data to be encrypted');
|
752 | var recipientId = new Buffer('<SOME_RECIPIENT_ID>');
|
753 |
|
754 | var senderKeyPair = VirgilCrypto.generateKeyPair();
|
755 | var recipientKeyPair = VirgilCrypto.generateKeyPair();
|
756 |
|
757 | // using newly generated key pair and random recipient id here
|
758 | // as an example. In a real app, the keys would have been provided
|
759 | // externally (e.g. from web service, database, file, etc.)
|
760 |
|
761 | VirgilCrypto.signThenEncrypt(
|
762 | plainText,
|
763 | senderKeyPair.privateKey,
|
764 | recipientId,
|
765 | recipientKeyPair.publicKey)
|
766 | .then(function (encryptedData) {
|
767 | return VirgilCrypto.decryptThenVerify(
|
768 | encryptedData,
|
769 | recipientId,
|
770 | recipientKeyPair.privateKey,
|
771 | senderKeyPair.pubicKey);
|
772 | })
|
773 | .then(function (decryptedData) {
|
774 | console.log('Decrypted data: ' + decryptedData.toString('utf8'));
|
775 | })
|
776 | .catch(function (err) {
|
777 | // Message integrity\authenticity verification failed
|
778 | console.log(ex);
|
779 | });
|
780 | ```
|
781 |
|
782 |
|
783 | ## Hashing
|
784 |
|
785 | ### hash(data, \[algorithm = VirgilCrypto.HashAlgorithm.SHA256\])
|
786 |
|
787 | Returns a cryptographic hash of the message.
|
788 |
|
789 | ### Arguments
|
790 |
|
791 | * data (Buffer): The data to compute the hash for.
|
792 | * \[algorithm=VirgilCrypto.HashAlgorithm.SHA256\] (string): Optional name of the hash algorithm to use (Default - SHA-256).
|
793 |
|
794 | ### Returns
|
795 |
|
796 | * (Buffer): Returns the hash.
|
797 |
|
798 | ### Supported hash algorithms
|
799 |
|
800 | | Algorithm |
|
801 | |------------|
|
802 | | SHA1 |
|
803 | | SHA224 |
|
804 | | SHA256 |
|
805 | | SHA384 |
|
806 | | SHA512 |
|
807 |
|
808 | e.g. `VirgilCrypto.HashAlgorithm.SHA1` for the SHA1 hash.
|
809 |
|
810 |
|
811 | ### obfuscate(value, salt, \[algorithm = VirgilCrypto.HashAlgorithm.SHA384\], \[iterations = 2048\])
|
812 |
|
813 | Returns an obfuscated value derived with PBKDF using the given salt, hash algorithm and number of iterations.
|
814 |
|
815 | #### Arguments
|
816 |
|
817 | * value (Buffer): The value to obfuscate.
|
818 | * salt (Buffer): The salt for PBKDF.
|
819 | * \[algorithm=VirgilCrypto.HashAlgorithm.SHA384\] (string): Optional name of the hash algorithm to use (Default - SHA-384).
|
820 | * \[iterations\] (iterations): Optional number of iterations for PBKDF (Default - 2048).
|
821 |
|
822 | #### Returns
|
823 |
|
824 | * (Buffer): Returns the obfuscated value.
|
825 |
|
826 |
|
827 | ## Key pair utils
|
828 |
|
829 | ### changePrivateKeyPassword(privateKey, oldPassword, newPassword)
|
830 |
|
831 | Changes the password used to encrypt the private key. Returns the private key encrypted using the new password.
|
832 |
|
833 | #### Arguments
|
834 |
|
835 | * privateKey (Buffer): The private key.
|
836 | * oldPassword (Buffer): The old password.
|
837 | * newPassword (Buffer): The new password.
|
838 |
|
839 | #### Returns
|
840 |
|
841 | * (Buffer): Returns the private key encrypted using the new password.
|
842 |
|
843 |
|
844 | ### decryptPrivateKey(privateKey, privateKeyPassword)
|
845 |
|
846 | Decrypts and returns the private key.
|
847 |
|
848 | #### Arguments
|
849 |
|
850 | * privateKey (Buffer): The private key to decrypt.
|
851 | * privateKeyPassword (Buffer): The password used to encrypt the private key.
|
852 |
|
853 | #### Returns
|
854 |
|
855 | * (Buffer): Returns the unencrypted private key.
|
856 |
|
857 |
|
858 | ### encryptPrivateKey(privateKey, privateKeyPassword)
|
859 |
|
860 | Encrypts and returns the private key.
|
861 |
|
862 | #### Arguments
|
863 |
|
864 | * privateKey (Buffer): The private key to encrypt.
|
865 | * privateKeyPassword (Buffer): The password to use for encryption.
|
866 |
|
867 | #### Returns
|
868 |
|
869 | * (Buffer): Returns the encrypted private key.
|
870 |
|
871 |
|
872 | ### extractPrivateKey(privateKey, \[privateKeyPassword\])
|
873 |
|
874 | Returns the public key computed from the private key.
|
875 |
|
876 | #### Arguments
|
877 |
|
878 | * privateKey (Buffer): The private key from which the public key is computed.
|
879 | * \[privateKeyPassword\] (Buffer): Optional password used for the private key encryption if applicable.
|
880 |
|
881 | #### Returns
|
882 |
|
883 | * (Buffer): Returns the public key.
|
884 |
|
885 |
|
886 | ### privateKeyToDER(privateKey, \[privateKeyPassword\])
|
887 |
|
888 | Returns the private key in DER format.
|
889 |
|
890 | #### Arguments
|
891 |
|
892 | * privateKey (Buffer): The private key to convert to DER format.
|
893 | * \[privateKeyPassword\] (Buffer): Optional password used for the private key encryption if applicable.
|
894 |
|
895 | #### Returns
|
896 |
|
897 | * (Buffer): Returns the private key in DER format.
|
898 |
|
899 | ### publicKeyToDER(publicKey)
|
900 |
|
901 | Returns the public key in DER format.
|
902 |
|
903 | #### Arguments
|
904 |
|
905 | * publicKey (Buffer): The public key to convert to DER format.
|
906 |
|
907 | #### Returns
|
908 |
|
909 | * (Buffer): Returns the public key in DER format.
|
910 |
|
911 |
|
912 | ## Resources
|
913 |
|
914 | * [Crypto Library](https://github.com/VirgilSecurity/virgil/blob/master/javascript/crypto-library/readme.md)
|
915 | * [SDK](https://github.com/VirgilSecurity/virgil/blob/master/javascript/keys-sdk/readme.md)
|
916 |
|
917 | ## License
|
918 | BSD 3-Clause. See [LICENSE](https://github.com/VirgilSecurity/virgil/blob/master/LICENSE) for details.
|
919 |
|
920 | ## Contacts
|
921 | Email: <support@virgilsecurity.com>
|