GithubHelp home page GithubHelp logo

whs / tweetnacl-sealed-box Goto Github PK

View Code? Open in Web Editor NEW
22.0 3.0 11.0 20 KB

libsodium's sealed box implementation for TweetNaCl

License: MIT License

JavaScript 85.74% HTML 14.26%
crypto javascript sealedbox nacl tweetnacl libsodium

tweetnacl-sealed-box's Introduction

libsodium Sealed Box for TweetNaCl.js

This library implements sealed box for TweetNaCl.

From libsodium's documentation:

Sealed boxes are designed to anonymously send messages to a recipient given its public key.

Only the recipient can decrypt these messages, using its private key. While the recipient can verify the integrity of the message, it cannot verify the identity of the sender.

A message is encrypted using an ephemeral key pair, whose secret part is destroyed right after the encryption process.

Without knowing the secret key used for a given message, the sender cannot decrypt its own message later. And without additional data, a message cannot be correlated with the identity of its sender.

Usage

This module can be installed from npm:

npm install tweetnacl-sealedbox-js

For use in web browsers, use sealedbox.web.js.

Then you can use it as follow:

var tweetnacl = require('tweetnacl');
tweetnacl.sealedbox = require('tweetnacl-sealedbox-js');

// generate box key pair
var keyPair = tweetnacl.box.keyPair();

// encrypt the message
var sealed = tweetnacl.sealedbox.seal(buffer, keyPair.publicKey);
// sealed will have the size of buffer.length + tweetnacl.sealedbox.overheadLength

// decrypt the message
var result = tweetnacl.sealedbox.open(sealed, keyPair.publicKey, keyPair.secretKey);

The message buffer should be a Uint8Array or Node.js's Buffer. String encoding functions can be found in tweetnacl-util-js.

Note that sealedbox.open may return null if the sealed box is tampered.

This library should be interoperable with libsodium's implementation of sealed box (i.e. libsodium sealed box can be opened in this library and vice-versa).

Security

I'm not a security expert, so use this at your own risk.

This library does not zero out memory except for the ephemeral secret key. However, the JavaScript run time in use may not guaranteed that the memory is securely wiped.

License

This library is licensed under the MIT license.

This project is unmaintained. You may use it, but issues and pull requests might be ignored.

tweetnacl-sealed-box's People

Contributors

dkarski avatar silentimp avatar whs avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

steverweber aviv-official silentimp ronnytodgers mtianyan systeminit aral pay-theory cyberpolaris dkarski

tweetnacl-sealed-box's Issues

Cannot find module

const tweetnacl = require('tweetnacl');
tweetnacl.sealedbox = require('tweetnacl-sealedbox-js');

Error: Cannot find module 'tweetnacl-sealedbox-js'
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
at Function.Module._load (internal/modules/cjs/loader.js:562:25)
at Module.require (internal/modules/cjs/loader.js:692:17)
at require (internal/modules/cjs/helpers.js:25:18)
at Object. (/home/breim/instagramer/lib/instagramer/index.js:4:23)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)

Use case

It would make a lot of sense to add a description of WHY someone would want to do this.

To my mind it comes down to what can be gleaned by outside observers from the meta-data derived by monitoring the transit. Even without knowing the contents of a message, a lot of information can be derived by knowing the sender and the recipient. If the sender can mask their identity, then half that meta-data goes away. If both the sender and the recipient can mask their identities at the same time, then all meta-data goes away and it frustrates potential eavesdroppers.

How exactly I may use sealedbox.web.js?

Hi, I need to create an isomorphic application, bundled with Webpack.
How exactly I should use sealedbox.web.js for the browser?
If I try to do this:

import utils from 'tweetnacl-util';
import tweetnacl from 'tweetnacl';
import sealedboxnode from 'tweetnacl-sealedbox-js/sealedbox.node';
import sealedboxweb from 'tweetnacl-sealedbox-js/sealedbox.web';

const sealedbox = process.browser ? sealedboxweb : sealedboxnode;
tweetnacl.sealedbox = sealedboxnode;
tweetnacl.utils = utils;

I am getting an errors:

Cannot find module 'nacl' from 'sealedbox.web.js'
Module not found: Can't resolve 'Object' in '/project/node_modules/tweetnacl-sealedbox-js'

What has gone wrong?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.