The crypto-key library it's part of the crypto utility libraries and can be installed by running the following command:
npm i @alessiofrittoli/crypto-keyor using pnpm
pnpm i @alessiofrittoli/crypto-keyThis module supports different input data types and it uses the coerceToUint8Array utility function from @alessiofrittoli/crypto-buffer to convert it to a Uint8Array.
- See
coerceToUint8Arrayfor more informations about the supported input types.
The Hash class provides utility methods for hashing strings and validating hashed values using cryptographic algorithms.
It supports a variety of algorithms based on the OpenSSL version available on the platform.
Generates a hash of a given string using a specified cryptographic algorithm.
Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
input |
crypto.BinaryLike |
- | The data to be hashed. |
algorithm |
Algo.Hash | Algo.OtherHash |
'SHA-256' | (Optional) The cryptographic hash algorithm. |
Returns
Type: Buffer
The resulting hash digest Buffer.
Compares input data with a hashed value to verify if they match.
Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
input |
crypto.BinaryLike |
- | The raw input data. |
digest |
CoerceToUint8ArrayInput |
- | The hash digest value to compare against. |
algorithm |
Algo.Hash | Algo.OtherHash |
'SHA-256' | (Optional) The hash algorithm previously used while generating the hashed data. |
Returns
Type: boolean
true if the input matches the hashed digest value, false otherwise.
import { Hash } from '@alessiofrittoli/crypto-key'
// or
import { Hash } from '@alessiofrittoli/crypto-key/Hash'
console.log(
Hash.digest( 'raw string value' )
.toString( 'hex' )
)import { Hash } from '@alessiofrittoli/crypto-key'
// or
import { Hash } from '@alessiofrittoli/crypto-key/Hash'
const rawInput = 'raw string value'
const hash = Hash.digest( rawInput )
const isValid = Hash.isValid( rawInput, hash )
console.log( isValid ) // Outputs: `true`The Hmac class provides utility methods for generating and validating HMAC (Hash-based Message Authentication Code) values using cryptographic algorithms.
Generates a Hash-based Message Authentication Code (HMAC) for a given message using a secret key.
Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
message |
crypto.BinaryLike |
- | The data to be hashed. |
secret |
crypto.BinaryLike | crypto.KeyObject |
- | The secret key to use for generating the HMAC. |
algorithm |
Algo.Hash |
'SHA-256' | (Optional) The cryptographic hash algorithm. |
encoding |
BufferEncoding |
- | (Optional) The encoding for the output string. |
options |
stream.TransformOptions |
- | (Optional) Additional stream transform options. |
Returns
Type: HmacReturnType<T>
The resulting HMAC value. If encoding is specified, the output is a string in the specified encoding; otherwise, a Buffer.
Validates a given HMAC value against a message and secret key.
Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
digest |
CoerceToUint8ArrayInput |
- | The HMAC digest to validate. |
message |
crypto.BinaryLike |
- | The original message used to generate the HMAC. |
secret |
crypto.BinaryLike | crypto.KeyObject |
- | The secret key used for generating the HMAC. |
algorithm |
Algo.Hash |
'SHA-256' | (Optional) The hash algorithm used for generating the HMAC. |
encoding |
BufferEncoding |
- | (Optional) The encoding used to generate the hash output. |
options |
stream.TransformOptions |
- | (Optional) Additional stream transform options used for generating the HMAC. |
Returns
Type: boolean
true if the provided HMAC matches the generated one. false otherwise.
import { Hmac } from '@alessiofrittoli/crypto-key'
// or
import { Hmac } from '@alessiofrittoli/crypto-key/Hmac'
console.log(
Hmac.digest( 'raw string value', 'mysecretkey', 'SHA-256', 'hex' )
) // Outputs the HMAC value in HEX format.import { Hmac } from '@alessiofrittoli/crypto-key'
// or
import { Hmac } from '@alessiofrittoli/crypto-key/Hmac'
const message = 'raw string value'
const secret = 'mysecretkey'
const hmac = Hmac.digest( message, secret )
console.log(
Hmac.isValid( hmac, message, secret )
) // Outputs: `true`The Scrypt class provides methods for hashing and securely comparing keys using the scrypt key derivation algorithm.
It supports customizable options for computational cost, memory usage, and parallelization to balance security and performance.
Defines customization options for the scrypt algorithm.
Properties
| Property | Type | Default | Description |
|---|---|---|---|
cost |
number |
16384 |
Computational cost factor. Must be a power of 2. Higher values increase security but are slower. |
blockSize |
number |
8 |
Memory cost factor. Higher values increase memory usage, improving security against GPU attacks. |
parallelization |
number |
1 |
Parallelization factor. Determines how many threads can be used. |
maxmem |
number |
32 * 1024 * 1024 (32MB) |
Maximum memory (in bytes) to be used during key derivation. |
N |
number |
16384 |
Alias for cost. |
r |
number |
8 |
Alias for blockSize. |
p |
number |
1 |
Alias for parallelization. |
Suggested options
| Scope | cost (N) |
blockSize (r) |
parallelization (p) |
maxmem |
|---|---|---|---|---|
| Standard security (default) | 16384 |
8 |
1 |
32 MB |
| High security | 65536 |
16 |
1 |
64 MB |
| Limited resources | 8192 |
4 |
1 |
16 MB |
Defines options for the hash and isValid methods.
Properties
| Property | Type | Default | Description |
|---|---|---|---|
length |
number |
64 |
The hash length. Must be between 16 and 256. |
saltLength |
number |
32 |
The salt length. Must be between 16 and 64. |
options |
ScryptOptions |
See above | Custom options for the scrypt algorithm. |
Generates a hash for a given key using the scrypt key derivation algorithm.
Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
key |
crypto.BinaryLike |
- | The key to hash. |
options |
ScryptHashOptions |
- | (Optional) Configuration options for hashing. |
Returns
Type: Buffer
A Buffer containing the salt (first saltLength bytes) followed by the derived hash.
Validates the given key with the given hash.
Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
key |
crypto.BinaryLike |
- | The key to validate. |
hash |
CoerceToUint8ArrayInput |
- | The hash to compare against. |
options |
ScryptHashOptions |
- | (Optional) Configuration options. Must match those used for hashing. |
Returns
Type: boolean
true if the key is valid, false otherwise.
import { Scrypt } from '@alessiofrittoli/crypto-key'
// or
import { Scrypt } from '@alessiofrittoli/crypto-key/Scrypt'
console.log(
Scrypt.hash( 'user-provided-password' )
.toString( 'hex' )
) // Outputs the hash in HEX format.import { Scrypt } from '@alessiofrittoli/crypto-key'
// or
import { Scrypt } from '@alessiofrittoli/crypto-key/Scrypt'
import { Scrypt } from './Scrypt';
const password = 'user-provided-password';
const hash = Scrypt.hash( password, { length: 32, saltLength: 16 } )
console.log(
Scrypt.isValid( password, hash, { length: 32, saltLength: 16 } )
) // Outputs: truenpm installor using pnpm
pnpm iRun the following command to test and build code for distribution.
pnpm buildwarnings / errors check.
pnpm lintRun all the defined test suites by running the following:
# Run tests and watch file changes.
pnpm test:watch
# Run tests in a CI environment.
pnpm test:ci- See
package.jsonfile scripts for more info.
Run tests with coverage.
An HTTP server is then started to serve coverage files from ./coverage folder.
test:coverage:serveContributions are truly welcome!
Please refer to the Contributing Doc for more information on how to start contributing to this project.
Help keep this project up to date with GitHub Sponsor.
If you believe you have found a security vulnerability, we encourage you to responsibly disclose this and NOT open a public issue. We will investigate all legitimate reports. Email [email protected] to disclose any security vulnerabilities.
|
|
|