https://github.com/SocketDev/wormhole-crypto Skip to content Sign up Sign up * Why GitHub? Features - + Mobile - + Actions - + Codespaces - + Packages - + Security - + Code review - + Project management - + Integrations - + GitHub Sponsors - + Customer stories- * Team * Enterprise * Explore + Explore GitHub - Learn and contribute + Topics - + Collections - + Trending - + Learning Lab - + Open source guides - Connect with others + The ReadME Project - + Events - + Community forum - + GitHub Education - + GitHub Stars program - * Marketplace * Pricing Plans - + Compare plans - + Contact Sales - + Education - [ ] [search-key] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this organization All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up Sign up {{ message }} SocketDev / wormhole-crypto * Notifications * Star 104 * Fork 2 Streaming encryption for Wormhole.app, based on Encrypted Content-Encoding for HTTP (RFC 8188) MIT License 104 stars 2 forks Star Notifications * Code * Issues 1 * Pull requests 0 * Actions * Security * Insights More * Code * Issues * Pull requests * Actions * Security * Insights master Switch branches/tags [ ] Branches Tags Nothing to show {{ refName }} default View all branches Nothing to show {{ refName }} default View all tags 3 branches 3 tags Go to file Code Clone HTTPS GitHub CLI [https://github.com/S] Use Git or checkout with SVN using the web URL. [gh repo clone Socket] Work fast with our official CLI. Learn more. * Open with GitHub Desktop * Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit @feross feross 0.1.0 ... be402be Apr 19, 2021 0.1.0 be402be Git stats * 27 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .github Add airtap.local to /etc/hosts Apr 15, 2021 lib Remove unused onEnd support from transformStream Apr 16, 2021 test initial commit Apr 15, 2021 .airtap.yml Run tests in all local browsers by default Apr 19, 2021 .gitignore Add .gitignore Apr 15, 2021 .npmignore initial commit Apr 15, 2021 LICENSE initial commit Apr 15, 2021 README.md Minor readme formatting issues Apr 20, 2021 SECURITY.md Create SECURITY.md Apr 16, 2021 index.js Export plaintextSize and encryptedSize Apr 16, 2021 package.json 0.1.0 Apr 20, 2021 View code wormhole-crypto Streaming encryption for Wormhole.app, based on Encrypted Content-Encoding for HTTP (RFC 8188) Install Usage API new Keychain([key, [salt]]) key salt keychain.key keychain.keyB64 keychain.salt keychain.saltB64 keychain.authToken() keychain.authTokenB64() keychain.authHeader() keychain.setAuthToken (authToken) authToken keychain.encryptStream(stream) stream keychain.decryptStream(encryptedStream) encryptedStream keychain.encryptMeta(meta) meta keychain.decryptMeta(encryptedMeta) encryptedMeta plaintextSize(encryptedSize) encryptedSize (plaintextSize) License README.md wormhole-crypto ci npm downloads javascript style guide Streaming encryption for Wormhole.app, based on Encrypted Content-Encoding for HTTP (RFC 8188) This package is used by Wormhole.app. Install npm install wormhole-crypto Usage Here's a quick example of how to use this package to turn a plaintext WHATWG readable stream into an encrypted stream. import { Keychain } from 'wormhole-crypto' // Create a new keychain. Since no arguments are specified, the key and salt // are generated. const keychain = new Keychain() // Get a WHATWG stream somehow, from fetch(), from a Blob(), etc. const stream = getStream() // Create an encrypted version of that stream const encryptedStream = await keychain.encryptStream(stream) // Normally you'd now use `encryptedStream`, e.g. in fetch(), etc. // However, for this example, we'll just decrypt the stream immediately const plaintextStream = await keychain.decryptStream(encryptedStream) // Now, you can use `plaintextStream` and it will be identical to if you had // used `stream`. API new Keychain([key, [salt]]) Type: Class Returns: Keychain Create a new keychain object. The keychain can be used to create encryption streams, decryption streams, and to encrypt or decrypt a "metadata" buffer. key Type: Uint8Array | string | null Default: null The main key. This should be 16 bytes in length. If a string is given, then it should be a base64-encoded string. If the argument is null, then a key will be automatically generated. salt Type: Uint8Array | string | null Default: null The salt. This should be 16 bytes in length. If a string is given, then it should be a base64-encoded string. If this argument is null, then a salt will be automatically generated. keychain.key Type: Uint8Array The main key. keychain.keyB64 Type: string The main key as a base64-encoded string. keychain.salt Type: Uint8Array The salt. Implementation note: The salt is used to derive the (internal) metadata key and authentication token. keychain.saltB64 Type: string The salt as a base64-encoded string. keychain.authToken() Type: Function Returns: Promise[Uint8Array] Returns a Promise which resolves to the authentication token. By default, the authentication token is automatically derived from the main key using HKDF SHA-256. In Wormhole, the authentication token is used to communicate with the server and prove that the client has permission to fetch data for a room. Without a valid authentication token, the server will not return the encrypted room metadata or allow downloading the encrypted file data. Since the authentication token is derived from the main key, the client presents it to the Wormhole server as a "reader token" to prove that it is in possession of the main key without revealing the main key to the server. For destructive operations, like modifying the room, the client instead presents a "writer token", which is not derived from the main key but is provided by the server to the room creator who overrides the keychain authentication token by calling keychain.setAuthToken (authToken) with the "writer token". keychain.authTokenB64() Type: Function Returns: Promise[string] Returns a Promise that resolves to the authentication token as a base64-encoded string. keychain.authHeader() Type: Function Returns: Promise[string] Returns a Promise that resolves to the HTTP header value to be provided to the Wormhole server. It contains the authentication token. keychain.setAuthToken(authToken) Type: Function Returns: undefined Update the keychain authentication token to authToken. authToken Type: Uint8Array | string | null Default: null The authentication token. This should be 16 bytes in length. If a string is given, then it should be a base64-encoded string. If this argument is null, then an authentication token will be automatically generated. keychain.encryptStream(stream) Type: Function Returns: Promise[ReadableStream] Returns a Promise that resolves to a ReadableStream encryption stream that consumes the data in stream and returns an encrypted version. Data is encrypted with Encrypted Content-Encoding for HTTP (RFC 8188) . stream Type: ReadableStream A WHATWG readable stream used as a data source for the encrypted stream. keychain.decryptStream(encryptedStream) Type: Function Returns: Promise[ReadableStream] Returns a Promise that resolves to a ReadableStream decryption stream that consumes the data in encryptedStream and returns a plaintext version. encryptedStream Type: ReadableStream A WHATWG readable stream used as a data source for the plaintext stream. keychain.encryptMeta(meta) Type: Function Returns: Promise[Uint8Array] Returns a Promise that resolves to an encrypted version of meta. The metadata is encrypted with AES-GCM. Implementation note: The metadata key is automatically derived from the main key using HKDF SHA-256. The value is not user-controlled. Implementation note: The initialization vector (IV) is automatically generated and included in the encrypted output. No need to generate it or to manage it separately from the encrypted output. meta Type: Uint8Array The metadata buffer to encrypt. keychain.decryptMeta(encryptedMeta) Type: Function Returns: Promise[Uint8Array] Returns a Promise that resolves to a decrypted version of encryptedMeta. encryptedMeta Type: Uint8Array The encrypted metadata buffer to decrypt. plaintextSize(encryptedSize) Type: Function Returns: Number Given an encrypted size, return the corresponding plaintext size. encryptedSize(plaintextSize) Type: Function Returns: Number Given a plaintext size, return the corresponding encrypted size. License MIT. Copyright (c) Socket Inc About Streaming encryption for Wormhole.app, based on Encrypted Content-Encoding for HTTP (RFC 8188) Resources Readme License MIT License Releases 3 tags Packages 0 No packages published Contributors 3 * @feross feross Feross Aboukhadijeh * @jhiesey jhiesey John Hiesey * @dependabot dependabot[bot] Languages * JavaScript 100.0% * (c) 2021 GitHub, Inc. * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.