Javascript library for generating and working with EcdsaMultikey key pairs.
For use with:
@digitalbazaar/ecdsa-2019-cryptosuite
^1.0.0
crypto suite (withjsonld-signatures
^11.0.0
)@digitalbazaar/data-integrity
^1.0.0
See also (related specs):
As with most security- and cryptography-related tools, the overall security of your system will largely depend on your design decisions.
- Node.js 16+ is required.
To install locally (for development):
git clone https://github.com/digitalbazaar/ecdsa-multikey.git
cd ecdsa-multikey
npm install
To generate a new public/secret key pair:
{string} [curve]
[Required] ECDSA curve used to generate the key: ['P-256', 'P-384', 'P-521'].{string} [id]
[Optional] ID for the generated key.{string} [controller]
[Optional] Controller URI or DID to initialize the generated key. (This will be used to generateid
if it is not explicitly defined.)
import * as EcdsaMultikey from '@digitalbazaar/ecdsa-multikey';
const keyPair = await EcdsaMultikey.generate({curve: 'P-384'});
To create an instance of a public/secret key pair from data imported from
storage, use .from()
:
const serializedKeyPair = { ... };
const keyPair = await EcdsaMultikey.from(serializedKeyPair);
To export just the public key of a pair:
await keyPair.export({publicKey: true});
// ->
{
type: 'Multikey',
id: 'did:example:1234#zDnaeSMnptAKpH4AD41vTkwzjznW7yNetdRh9FJn8bJsbsdbw',
controller: 'did:example:1234',
publicKeyMultibase: 'zDnaeSMnptAKpH4AD41vTkwzjznW7yNetdRh9FJn8bJsbsdbw'
}
To export the full key pair, including secret key (warning: this should be a carefully considered operation, best left to dedicated Key Management Systems):
await keyPair.export({publicKey: true, secretKey: true});
// ->
{
type: 'Multikey',
id: 'did:example:1234#zDnaeSMnptAKpH4AD41vTkwzjznW7yNetdRh9FJn8bJsbsdbw',
controller: 'did:example:1234',
publicKeyMultibase: 'zDnaeSMnptAKpH4AD41vTkwzjznW7yNetdRh9FJn8bJsbsdbw',
secretKeyMultibase: 'z42twirSb1PULt5Sg6gjgNMsdiLycu6fbA83aX1vVb8e3ncP'
}
In order to perform a cryptographic signature, you need to create a sign
function, and then invoke it.
const keyPair = EcdsaMultikey.generate({curve: 'P-256'});
const {sign} = keyPair.signer();
// data is a Uint8Array of bytes
const data = (new TextEncoder()).encode('test data goes here');
// Signing also outputs a Uint8Array, which you can serialize to text etc.
const signature = await sign({data});
In order to verify a cryptographic signature, you need to create a verify
function, and then invoke it (passing it the data to verify, and the signature).
const keyPair = EcdsaMultikey.generate({curve: 'P-521'});
const {verify} = keyPair.verifier();
const valid = await verify({data, signature});
// true
See the contribute file!
PRs accepted.
If editing the Readme, please conform to the standard-readme specification.
Commercial support for this library is available upon request from Digital Bazaar: [email protected]
New BSD License (3-clause) © 2023 Digital Bazaar