Package Exports
- vericrypt
- vericrypt/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (vericrypt) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
VeriCrypt
A secure message encryption and signing package using Ed25519 for signing and X25519 for encryption.
Installation
npm install vericryptFeatures
- Separate Keypairs for Signing and Encryption: Uses Ed25519 for signing and X25519 for encryption
- Message signing and verification using Ed25519
- Message encryption and decryption using X25519
- Forward secrecy with ephemeral keys for each encryption
- All keys and messages are base64 encoded for easy transmission
- Built on tweetnacl for proven security and reliability
Usage
Key Generation
const { generateKeyPair } = require('vericrypt');
// Generate key pairs for both signing and encryption
const keys = generateKeyPair();
// Ed25519 keys for signing/verification
console.log('Signing Private Key:', keys.signingPrivateKey);
console.log('Signing Public Key:', keys.signingPublicKey);
// X25519 keys for encryption/decryption
console.log('Encryption Private Key:', keys.encryptionPrivateKey);
console.log('Encryption Public Key:', keys.encryptionPublicKey);Signing Messages
const { sign } = require('vericrypt');
const message = 'Hello, World!';
const signingPrivateKey = keys.signingPrivateKey;
// Sign the message (synchronous operation)
const signedData = sign(message, signingPrivateKey);
console.log('Message:', signedData.message);
console.log('Signature:', signedData.signature);Verifying Signatures
const { verify } = require('vericrypt');
const signingPublicKey = keys.signingPublicKey;
// Verify the signed message (synchronous operation)
const isValid = verify(signedData, signingPublicKey);
if (isValid) {
console.log('Signature is valid');
} else {
console.log('Signature is invalid');
}Encrypting Messages
const { encrypt } = require('vericrypt');
const message = 'Hello, World!';
const receiverEncryptionPublicKey = recipientKeys.encryptionPublicKey;
// Encrypt the message
const encryptedData = encrypt(message, receiverEncryptionPublicKey);
console.log('Encrypted Message:', encryptedData.encryptedMessage);
console.log('Nonce:', encryptedData.nonce);
console.log('Ephemeral Public Key:', encryptedData.ephemeralPublicKey);Decrypting Messages
const { decrypt } = require('vericrypt');
const receiverEncryptionPrivateKey = recipientKeys.encryptionPrivateKey;
// Decrypt the message
const decryptedMessage = decrypt(encryptedData, receiverEncryptionPrivateKey);
if (decryptedMessage) {
console.log('Decrypted Message:', decryptedMessage);
} else {
console.log('Decryption failed');
}Complete Example: Sign, Encrypt, Decrypt, and Verify
const { generateKeyPair, sign, verify, encrypt, decrypt } = require('vericrypt');
// Generate random key pairs for sender and receiver
const senderKeys = generateKeyPair();
const receiverKeys = generateKeyPair();
const message = 'Hello, World!';
// 1. Sign the message with sender's signing key
const signedData = sign(message, senderKeys.signingPrivateKey);
// 2. Encrypt the signed message with receiver's encryption key
const encryptedData = encrypt(signedData.message, receiverKeys.encryptionPublicKey);
// 3. Decrypt the message with receiver's decryption key
const decryptedMessage = decrypt(encryptedData, receiverKeys.encryptionPrivateKey);
// 4. Verify the signature with sender's verification key
const isValid = verify({
message: decryptedMessage,
signature: signedData.signature
}, senderKeys.signingPublicKey);
if (isValid && decryptedMessage === message) {
console.log('Message successfully decrypted and verified!');
}API Reference
Functions
generateKeyPair()
Generates a new random keypair for both signing and encryption.
- Returns: Object with base64-encoded keys:
{ signingPrivateKey: string, signingPublicKey: string, encryptionPrivateKey: string, encryptionPublicKey: string }
sign(message, signingPrivateKey)
Signs a message using Ed25519.
- Parameters:
message(string): Message to signsigningPrivateKey(string): Base64-encoded Ed25519 private key
- Returns:
{message: string, signature: string}
verify(signedData, signingPublicKey)
Verifies a signed message using Ed25519.
- Parameters:
signedData(object):{message: string, signature: string}signingPublicKey(string): Base64-encoded Ed25519 public key
- Returns:
boolean
encrypt(message, receiverEncryptionPublicKey)
Encrypts a message using X25519.
- Parameters:
message(string): Message to encryptreceiverEncryptionPublicKey(string): Base64-encoded X25519 public key
- Returns:
{encryptedMessage: string, nonce: string, ephemeralPublicKey: string}
decrypt(encryptedData, receiverEncryptionPrivateKey)
Decrypts a message using X25519.
- Parameters:
encryptedData(object):{encryptedMessage: string, nonce: string, ephemeralPublicKey: string}receiverEncryptionPrivateKey(string): Base64-encoded X25519 private key
- Returns:
string | null- Decrypted message or null if decryption fails
Security Notes
- Keep all private keys secure and never share them.
- The package uses:
- Ed25519 for signing and verification
- X25519 for encryption and decryption
- tweetnacl for cryptographic operations
- Each encryption operation generates a new ephemeral key pair for forward secrecy.
- All messages are signed before encryption to ensure authenticity.
- Built on tweetnacl for proven security and reliability.
- Synchronous operations for better performance and simplicity.
Dependencies
tweetnacl- Proven cryptographic library for Ed25519 and X25519tweetnacl-util- Utility functions for tweetnacl
License
ISC