mirror of https://github.com/waku-org/js-waku.git
Promote dedicated symmetric key generation API
Using the private key API for symmetric key is confusing.
This commit is contained in:
Franck Royer
parent
f0183784a3
commit
75352abcac
|
|
@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
- **Breaking**: Moved `startTime` and `endTime` for history queries to a `timeFilter` property as both or neither must be passed; passing only one parameter is not supported.
|
- **Breaking**: Moved `startTime` and `endTime` for history queries to a `timeFilter` property as both or neither must be passed; passing only one parameter is not supported.
|
||||||
|
- Renamed and promote the usage of `generateSymmetricKey()` to generate random symmetric keys.
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
- Buffer concat error when using symmetric encryption in the browser.
|
- Buffer concat error when using symmetric encryption in the browser.
|
||||||
|
|
|
||||||
|
|
@ -138,14 +138,14 @@ A quick note on the cryptographic libraries used as it is a not a straightforwar
|
||||||
Asymmetric private keys and symmetric keys are expected to be 32 bytes arrays.
|
Asymmetric private keys and symmetric keys are expected to be 32 bytes arrays.
|
||||||
|
|
||||||
```ts
|
```ts
|
||||||
import { generatePrivateKey, getPublicKey } from 'js-waku';
|
import { generatePrivateKey, generateSymmetricKey, getPublicKey } from 'js-waku';
|
||||||
|
|
||||||
// Asymmetric
|
// Asymmetric
|
||||||
const privateKey = generatePrivateKey();
|
const privateKey = generatePrivateKey();
|
||||||
const publicKey = getPublicKey(privateKey);
|
const publicKey = getPublicKey(privateKey);
|
||||||
|
|
||||||
// Symmetric
|
// Symmetric
|
||||||
const symKey = generatePrivateKey();
|
const symKey = generateSymmetricKey();
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Encrypt Waku Messages
|
#### Encrypt Waku Messages
|
||||||
|
|
|
||||||
|
|
@ -62,9 +62,9 @@ To use symmetric encryption, you first need to generate a key.
|
||||||
You can simply use `generatePrivateKey` for secure key generation:
|
You can simply use `generatePrivateKey` for secure key generation:
|
||||||
|
|
||||||
```js
|
```js
|
||||||
import { generatePrivateKey } from 'js-waku';
|
import { generateSymmetricKey } from 'js-waku';
|
||||||
|
|
||||||
const key = generatePrivateKey();
|
const key = generateSymmetricKey();
|
||||||
```
|
```
|
||||||
|
|
||||||
### Encrypt Message
|
### Encrypt Message
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,11 @@ export { Waku, DefaultPubSubTopic } from './lib/waku';
|
||||||
|
|
||||||
export { WakuMessage } from './lib/waku_message';
|
export { WakuMessage } from './lib/waku_message';
|
||||||
|
|
||||||
export { generatePrivateKey, getPublicKey } from './lib/waku_message/version_1';
|
export {
|
||||||
|
generatePrivateKey,
|
||||||
|
generateSymmetricKey,
|
||||||
|
getPublicKey,
|
||||||
|
} from './lib/waku_message/version_1';
|
||||||
|
|
||||||
export {
|
export {
|
||||||
WakuLightPush,
|
WakuLightPush,
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,11 @@ import { delay } from '../delay';
|
||||||
import { hexToBuf } from '../utils';
|
import { hexToBuf } from '../utils';
|
||||||
import { Waku } from '../waku';
|
import { Waku } from '../waku';
|
||||||
|
|
||||||
import { generatePrivateKey, getPublicKey } from './version_1';
|
import {
|
||||||
|
generatePrivateKey,
|
||||||
|
generateSymmetricKey,
|
||||||
|
getPublicKey,
|
||||||
|
} from './version_1';
|
||||||
|
|
||||||
import { WakuMessage } from './index';
|
import { WakuMessage } from './index';
|
||||||
|
|
||||||
|
|
@ -122,7 +126,7 @@ describe('Waku Message: Node only', function () {
|
||||||
payload: Buffer.from(messageText, 'utf-8').toString('hex'),
|
payload: Buffer.from(messageText, 'utf-8').toString('hex'),
|
||||||
};
|
};
|
||||||
|
|
||||||
const symKey = generatePrivateKey();
|
const symKey = generateSymmetricKey();
|
||||||
|
|
||||||
waku.relay.addDecryptionKey(symKey);
|
waku.relay.addDecryptionKey(symKey);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
import { IvSize, SymmetricKeySize } from './index';
|
import { IvSize } from './index';
|
||||||
|
|
||||||
declare global {
|
declare global {
|
||||||
interface Window {
|
interface Window {
|
||||||
|
|
@ -44,10 +44,6 @@ export async function decrypt(
|
||||||
.then(Buffer.from);
|
.then(Buffer.from);
|
||||||
}
|
}
|
||||||
|
|
||||||
export function generateKeyForSymmetricEnc(): Buffer {
|
|
||||||
return crypto.getRandomValues(Buffer.alloc(SymmetricKeySize));
|
|
||||||
}
|
|
||||||
|
|
||||||
export function generateIv(): Uint8Array {
|
export function generateIv(): Uint8Array {
|
||||||
const iv = new Uint8Array(IvSize);
|
const iv = new Uint8Array(IvSize);
|
||||||
crypto.getRandomValues(iv);
|
crypto.getRandomValues(iv);
|
||||||
|
|
|
||||||
|
|
@ -15,10 +15,6 @@ export interface Symmetric {
|
||||||
* Proceed with symmetric decryption of `cipherText` value.
|
* Proceed with symmetric decryption of `cipherText` value.
|
||||||
*/
|
*/
|
||||||
decrypt: (iv: Buffer, key: Buffer, cipherText: Buffer) => Promise<Buffer>;
|
decrypt: (iv: Buffer, key: Buffer, cipherText: Buffer) => Promise<Buffer>;
|
||||||
/**
|
|
||||||
* Generate a new private key for Symmetric encryption purposes.
|
|
||||||
*/
|
|
||||||
generateKeyForSymmetricEnc: () => Buffer;
|
|
||||||
/**
|
/**
|
||||||
* Generate an Initialization Vector (iv) for for Symmetric encryption purposes.
|
* Generate an Initialization Vector (iv) for for Symmetric encryption purposes.
|
||||||
*/
|
*/
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
import { createCipheriv, createDecipheriv, randomBytes } from 'crypto';
|
import { createCipheriv, createDecipheriv, randomBytes } from 'crypto';
|
||||||
|
|
||||||
import { IvSize, SymmetricKeySize, TagSize } from './index';
|
import { IvSize, TagSize } from './index';
|
||||||
|
|
||||||
const Algorithm = 'aes-256-gcm';
|
const Algorithm = 'aes-256-gcm';
|
||||||
|
|
||||||
|
|
@ -31,10 +31,6 @@ export async function decrypt(
|
||||||
return Buffer.concat([a, b]);
|
return Buffer.concat([a, b]);
|
||||||
}
|
}
|
||||||
|
|
||||||
export function generateKeyForSymmetricEnc(): Buffer {
|
|
||||||
return randomBytes(SymmetricKeySize);
|
|
||||||
}
|
|
||||||
|
|
||||||
export function generateIv(): Buffer {
|
export function generateIv(): Buffer {
|
||||||
return randomBytes(IvSize);
|
return randomBytes(IvSize);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@ import * as secp256k1 from 'secp256k1';
|
||||||
|
|
||||||
import { hexToBuf } from '../utils';
|
import { hexToBuf } from '../utils';
|
||||||
|
|
||||||
import { IvSize, symmetric } from './symmetric';
|
import { IvSize, symmetric, SymmetricKeySize } from './symmetric';
|
||||||
|
|
||||||
const FlagsLength = 1;
|
const FlagsLength = 1;
|
||||||
const FlagMask = 3; // 0011
|
const FlagMask = 3; // 0011
|
||||||
|
|
@ -15,6 +15,8 @@ const IsSignedMask = 4; // 0100
|
||||||
const PaddingTarget = 256;
|
const PaddingTarget = 256;
|
||||||
const SignatureLength = 65;
|
const SignatureLength = 65;
|
||||||
|
|
||||||
|
export const PrivateKeySize = 32;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Encode the payload pre-encryption.
|
* Encode the payload pre-encryption.
|
||||||
*
|
*
|
||||||
|
|
@ -172,14 +174,19 @@ export async function decryptSymmetric(
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Generate a new key. Can be used as a private key for Asymmetric encryption
|
* Generate a new private key to be used for asymmetric encryption.
|
||||||
* or a key for symmetric encryption.
|
|
||||||
*
|
*
|
||||||
* If using Asymmetric encryption, use {@link getPublicKey} to get the
|
* Use {@link getPublicKey} to get the corresponding Public Key.
|
||||||
* corresponding Public Key.
|
|
||||||
*/
|
*/
|
||||||
export function generatePrivateKey(): Uint8Array {
|
export function generatePrivateKey(): Uint8Array {
|
||||||
return randomBytes(32);
|
return randomBytes(PrivateKeySize);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generate a new symmetric key to be used for symmetric encryption.
|
||||||
|
*/
|
||||||
|
export function generateSymmetricKey(): Uint8Array {
|
||||||
|
return randomBytes(SymmetricKeySize);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,11 @@ import {
|
||||||
import { delay } from '../delay';
|
import { delay } from '../delay';
|
||||||
import { Waku } from '../waku';
|
import { Waku } from '../waku';
|
||||||
import { WakuMessage } from '../waku_message';
|
import { WakuMessage } from '../waku_message';
|
||||||
import { generatePrivateKey, getPublicKey } from '../waku_message/version_1';
|
import {
|
||||||
|
generatePrivateKey,
|
||||||
|
generateSymmetricKey,
|
||||||
|
getPublicKey,
|
||||||
|
} from '../waku_message/version_1';
|
||||||
|
|
||||||
import { Direction } from './history_rpc';
|
import { Direction } from './history_rpc';
|
||||||
|
|
||||||
|
|
@ -160,7 +164,7 @@ describe('Waku Store', () => {
|
||||||
'This message is not for and I must not be able to read it';
|
'This message is not for and I must not be able to read it';
|
||||||
|
|
||||||
const privateKey = generatePrivateKey();
|
const privateKey = generatePrivateKey();
|
||||||
const symKey = generatePrivateKey();
|
const symKey = generateSymmetricKey();
|
||||||
const publicKey = getPublicKey(privateKey);
|
const publicKey = getPublicKey(privateKey);
|
||||||
|
|
||||||
const [
|
const [
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue