Package Exports
- cryptils
- cryptils/aes
- cryptils/age
- cryptils/bech32encode
- cryptils/derive
- cryptils/ethereum
- cryptils/index.js
- cryptils/otp
- cryptils/package.json
- cryptils/shamir
- cryptils/types
- cryptils/utils
Readme
cryptils  
  
 
Utilities around Spectre / Master Password Algorithm (by Maarten Billemont), implemented in TypeScript, using Noble & Scure cryptography by @paulmillr. Used for deriving stateless accounts & passwords, 2fa, shamir secret sharing, crypto/bitcoin/nostr public and private keys, and more.
Highlights
- Don't store, derive! Derive passwords and keys from a master password and a name
- Cloud-less & storage-less password manager, stateless password derivation
- Uses only audited Noble & Scure cryptography by @paulmillr
- TypeScript implementation of Spectre.app / Master Password Algorithm by Maarten Billemont
- Stateless account & password derivation - no need to store anything
- Stateless wallet/keys derivation for Ethereum, Bitcoin, Litecoin, Vertcoin, Nostr
- Support for splitting the secret key with Shamir Secret Sharing scheme
- AES-256-GCM encrypt/decrypt a private thing using the secret key
- Generate and validate 2FA tokens (HOTP & TOTP)- RFC 4226 & RFC 6238
- support SHA-1,SHA-256,SHA-512hashing algorithms
- support different digits lengths, up to 10
 
Install
npm add cryptils
bun add cryptils
deno add npm:cryptilsUsage
import { deriveCryptoKeys, spectreV4 } from 'cryptils/derive';
// personal name (can be anything), master password, account name (or site url + handle)
const wgw = spectreV4('some persona', 'fool master pawdy', 'twitter.com/wgw_eth');
const keys = deriveCryptoKeys(wgw.secret);
console.log('privkey', bytesToHex(wgw.secret));
console.log('wiggle account:', wgw);
// => { secret: uint8array, persona: string, securepass: string, account: string }
console.log('crypto keys:', keys);
// => { bitcoin, nostr, ethereum, litecoin, vertcoin }or using separate functions, to save on computation
import { deriveBitcoinKeys, deriveEthereumKeys, deriveNostrKeys, spectreV4 } from 'cryptils/derive';
const wgw = spectreV4('some persona', 'fool master pawdy', 'twitter.com/wgw_eth');
console.log('btc1', deriveBitcoinKeys(wgw.secret));
console.log('btc2', deriveBitcoinKeys(randomBytes(32)));
// => { mnemonic, salt, privkey, pubkey, address }
console.log('eth', deriveEthereumKeys(wgw.secret));
// => { mnemonic, salt, privkey, pubkey, address }
console.log('nostr', deriveNostrKeys(wgw.secret));
// => { mnemonic salt, privkey, pubkey, npub, nsec, nrepo }Docs
Example with 2FA OTP
import {
  getHotp,
  getOtpSecret,
  getTokenUri,
  getTotp,
  parseOtpSecret,
  validateHotp,
  validateTotp,
} from 'cryptils';
import qrcode from 'qrcode';
// accepts secret uint8array, secret as base32 string, or hex string,
// if not passed anything it will generate random secret
const secret = getOtpSecret();
const token = await getTotp(secret, { digits: 8, algorithm: 'SHA-512' });
const valid = await validateTotp(secret, token, { digits: 8, algorithm: 'SHA-512' });
console.log({ secret, token, valid });
const hotp = await getHotp(secret);
console.log({ hotp, valid: await validateHotp(secret, hotpToken) });
const parsedSecret = parseOtpSecret('5DXDAFF6BALL25TOYZXJHDCW4LY4OWTH');
const uri = getTokenUri(secret, { issuer: 'MyApp', username: 'barry' });
cosole.log({ parsedSecret, uri });
console.log(await qrcode.toString(uri));Example with AES-256-GCM
import { decryptWithSecret, encryptWithSecret } from 'cryptils/aes';
import { spectreV4 } from 'cryptils/derive';
import { randomBytes } from 'cryptils/utils';
const account = spectreV4('usrname', 'foo pass bar', 'twt.com');
// or try with random one
const secret = randomBytes(32);
console.log({ account });
const encrypted = await encryptWithSecret(account.pass, account.secret);
const decrypted = await decryptWithSecret(encrypted, account.secret);
console.log({ encrypted, decrypted, same: decrypted === account.pass });Types
export type SpectreOptions = { template?: string; hash?: any; iterations?: number };
export type SpectreResult = { secret: Uint8Array; name: string; user: string; pass: string };
export type HexString = string;
export type Input = Uint8Array | string;
export type SecretKey = Uint8Array | HexString;
export type HashAlgo = 'SHA-1' | 'SHA-256' | 'SHA-512' | string;
export type TokenResult = string;
export type KeysResult = {
  mnemonic: string;
  privkey: HexString;
  pubkey: HexString;
  npub: string; // npub1...abc
  nsec: string; // nsec1...abc
  nrepo: string; // nrepo1...abc
  ethereum: `0x${string}`; // 0x1987...abc
  bitcoin: string; // bc1p...abc
  litecoin: string; // ltc1p...abc
  vertcoin: string; // vtc1p...abc
};LICENSE
SPDX-License-Identifier: MPL-2.0