Skip to content
/ keystore-idb Public
forked from fission-codes/keystore-idb

In-browser key management with IndexedDB and the Web Crypto API

License

Apache-2.0 license
0 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

zkorum/keystore-idb

BranchesTags

Repository files navigation

IndexedDB KeyStore

Build Status License Maintainability Built by FISSION Discord Discourse

In-browser key management with IndexedDB and the Web Crypto API.

Securely store and use keys for encryption, decryption, and signatures. IndexedDB and Web Crypto keep keys safe from malicious javascript.

Supports both RSA (RSA-PSS & RSA-OAEP) and Elliptic Curves (P-256, P-381 & P-521).

ECC (Elliptic Curve Cryptography) is only available on Chrome. Firefox and Safari do not support ECC and must use RSA.

Config

Below is the default config and all possible values

const defaultConfig = {
  type: 'ecc', // 'ecc' | 'rsa'
  curve: 'P-256', // 'P-256' | 'P-384' | 'P-521'
  rsaSize: 2048, // 1024 | 2048 | 4096
  symmAlg: 'AES-CTR', // 'AES-CTR' | 'AES-GCM' | 'AES-CBC'
  hashAlg: 'SHA-256', // 'SHA-1' | 'SHA-256' | 'SHA-384' | 'SHA-512'
  readKeyName: 'read-key', // any string
  writeKeyName: 'write-key', // any string
}

Note: if you don't include a crypto "type" ('ecc' | 'rsa'), the library will check if your browser supports ECC. If so (Chrome), it will use ECC, if not (Firefox, Safari) it will fall back to RSA.

Example Usage

  import KeyStore from './keystore'

  const ALG = 'rsa'
  await KeyStore.clear()
  const ks1 = await KeyStore.init({ type: ALG, readKeyName: 'read-key-1', writeKeyName: 'write-key-1' })
  const ks2 = await KeyStore.init({ type: ALG, readKeyName: 'read-key-2', writeKeyName: 'write-key-2' })

  const msg = "Incididunt id ullamco et do."
  const readKey1 = ks1.readKey
  const readKey2 = ks2.readKey
  const writeKey1 = ks1.writeKey

  const sig = await ks1.sign(msg)
  const valid = await ks2.verify(msg, sig, writeKey1.publicKey)
  console.log('sig: ', sig)
  console.log('valid: ', valid)

  const cipher = await ks1.encrypt(msg, readKey2.publicKey)
  const decipher = await ks2.decrypt(cipher, readKey1.publicKey)
  console.log('cipher: ', cipher)
  console.log('decipher: ', decipher)

  // read keys are write keys are separate because of the Web Crypto API
  const readKey = await ks1.publicReadKey()
  const writeKey = await ks1.publicWriteKey()
  console.log('readKey: ', readKey)
  console.log('writeKey: ', writeKey)

Development

# install dependencies
yarn

# run development server
yarn start

# build
yarn build

# test
yarn test

About

In-browser key management with IndexedDB and the Web Crypto API

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 97.1%
  • JavaScript 2.9%