Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use 'expo-crypto' for sha256 digest instead of isomorphic-webcrypto. #12

Merged
merged 1 commit into from
Sep 18, 2024
Merged

Use 'expo-crypto' for sha256 digest instead of isomorphic-webcrypto. #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
# @digitalcredentials/jsonld-signatures ChangeLog

## 12.0.0 -

### Changed
- **BREAKING**: Now uses `expo-crypto` for React Native sha256 digest hashing, instead of
`@sphereon/[email protected]`.
- **IMPORTANT**: This means that IF you're using this library inside a React Native project, you MUST include `expo-crypto`
in your project's `dependencies`.

## 11.0.0 - 2024-08-03

### Changed
Expand Down
42 changes: 18 additions & 24 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,22 +14,8 @@
- [Commercial Support](#commercial-support)
- [License](#license)

## Version Compatibility

(Forked from [`jsonld-signatures` v9.0.0](https://github.com/digitalbazaar/jsonld-signatures)
to provide TypeScript compatibility.)

`jsonld-signatures` **v9.0** is compatible with the following signature suites:

* [`ed25519-signature-2020`](https://github.com/digitalcredentials/ed25519-signature-2020)
`>= 2.1.0`.

and the following related libraries:

* `crypto-ld` `>= 5.0.0` (and related key crypto suites such as
[`ed25519-verification-key-2020`](https://github.com/digitalbazaar/ed25519-verification-key-2020)
`>= 2.1.0`).
* `@digitalcredentials/vc` `>= 1.0`
to provide TypeScript, Jest, and React Native compatibility.)

## Background

Expand Down Expand Up @@ -61,7 +47,7 @@ document.
One common use case for creating these signatures is for use with
[Verifiable Credentials](https://w3c.github.io/vc-data-model) (VCs). If you're
working with those, you should use a higher-level library that's specifically
made for that purpose, such as [`@digitalcredentials/vc`](https://github.com/digitalcredentials/vc-js).
made for that purpose, such as [`@digitalcredentials/vc`](https://github.com/digitalcredentials/vc).
(Incidentally, `vc-js` uses this library, `jsonld-signatures`, under the hood.)

## Security
Expand Down Expand Up @@ -111,7 +97,22 @@ npm install

## Usage

`jsonld-signatures` (version `8.x` and above) is not meant for standalone use.
### React Native Usage

This library depends on `expo-crypto` when used inside React Native projects.
That means you must add `expo-crypto` to your project's dependencies.

Sample `package.json`:

```
"dependencies": {
"expo-crypto": "~12.8.0"
}
```

### Node.js and Browser Usage

`jsonld-signatures` (version `12.x` and above) is not meant for standalone use.
Instead, it's generally used through an individual _crypto suite_.
For detailed usage instructions, see the READMEs of the supported suites:

Expand All @@ -137,13 +138,6 @@ common. You'll need to:
* Set up your `documentLoader` to fetch contexts and documents securely.
* Lastly, perform the `jsigs.sign()` or `jsigs.verify()` operations.

### Node.js Native Canonize Bindings

Specialized use cases may wish to use the native canonize bindings. This mode
can be enabled by setting the `useNativeCanonize` option to `true`. See the
[jsonld.js notes](https://github.com/digitalbazaar/jsonld.js#nodejs-native-canonize-bindings)
on this feature and note you should benchmark performance before using it.

## Contribute

See [the contribute file](https://github.com/digitalbazaar/bedrock/blob/master/CONTRIBUTING.md)!
Expand Down
6 changes: 3 additions & 3 deletions lib/sha256digest-reactnative.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
/*
* Copyright (c) 2025 Digital Credentials Consortium - React Native addition.
* Copyright (c) 2021 Digital Bazaar, Inc. All rights reserved.
*/
'use strict';

const crypto = require('@sphereon/isomorphic-webcrypto');
import * as Crypto from 'expo-crypto';
require('fast-text-encoding');

module.exports = {
Expand All @@ -17,7 +18,6 @@ module.exports = {
async sha256digest({string}) {
const bytes = new TextEncoder().encode(string);
return new Uint8Array(
await crypto.subtle.digest({name: 'SHA-256'}, bytes)
);
await Crypto.digest(Crypto.CryptoDigestAlgorithm.SHA256, bytes));
}
};
4 changes: 2 additions & 2 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@
"dependencies": {
"@digitalcredentials/jsonld": "^9.0.0",
"@digitalbazaar/security-context": "^1.0.0",
"@sphereon/isomorphic-webcrypto": "^2.5.0-unstable.0",
"fast-text-encoding": "^1.0.3",
"serialize-error": "^8.0.1"
},
Expand Down Expand Up @@ -67,8 +66,9 @@
"browser": {
"crypto": false,
"./lib/sha256digest.js": "./lib/sha256digest-browser.js",
"./lib/sha256digest-reactnative.js": false,
"fast-text-encoding": false,
"@sphereon/isomorphic-webcrypto": false
"expo-crypto": false
},
"react-native": {
"crypto": false,
Expand Down
Loading