json-signatures

1.0.2 • Public • Published

JSON Signatures

Simplified API to sign and verify JSON data. Summary:

const JSONSign = require('json-signatures')
 
// create keypair
const kp = JSONSign.keypair()
 
// whatever, sign it
const msg = {b: 'foo', a: [1,2,3], c: [1,[{}]]}
const signedMessage = JSONSign.sign(kp.secret, msg)
 
// see if it has a valid signature
JSONSign.verify(signedMessage) // => true

Basically, it takes a JSON message M and a secret key, and turns it into JSON which can be used to verify M:

{ message: M
, signedBy: {
    pubkey: "HPe1gjvok8tL8wYQUJKnYHhWxhPNVywQ0kjDEjTxozE=",
    signature: "DRV1bnJamWrW73oMHIqYDRiO71SH0IdJL...g969qzh0Ag=="
  }
}

Detailed usage

npm install --save json-signatures

First, create a key pair.

const kp = JSONSign.keypair(nrOfRandomBytesForSecret)

It looks like

{
  public: "HPe1gjvok8tL8wYQUJ...VywQ0kjDEjTxozE=",
  secret: "QM+USi7HbuRHU1/DdYkzL322XNm3qJ...D+LLpjw=="
}

Then, you can use it to sign a JSON dictionary,

const signedMessage = JSONSign.sign(kp.secret, M)

The public key will be derived from the passed secret key.

The resulting signedMessage will look like this:

{
  message: M,
  signedBy: {
    pubkey: kp.public,
    signature: "+AAhMxhhjvz5CUEbZcziqb...ds/g6xFbU8WXLkdbloOUHBw=="
  }
}

Later, you can verify is a message is signed by a person with the secret corresponding to the public key.

if (! JSONSign.verify(signedMessage) ) {
  // message was tampered with
}

Links

Package Sidebar

Install

npm i json-signatures

Weekly Downloads

1

Version

1.0.2

License

AGPL-1.0

Last publish

Collaborators

  • wires