{"id":13438104,"url":"https://github.com/dchest/tweetnacl-js","last_synced_at":"2025-04-23T20:48:45.626Z","repository":{"id":12971214,"uuid":"15649752","full_name":"dchest/tweetnacl-js","owner":"dchest","description":"Port of TweetNaCl cryptographic library to JavaScript","archived":false,"fork":false,"pushed_at":"2024-08-14T17:25:56.000Z","size":4199,"stargazers_count":1846,"open_issues_count":7,"forks_count":296,"subscribers_count":43,"default_branch":"master","last_synced_at":"2025-04-16T00:11:52.378Z","etag":null,"topics":["authentication","crypto","curve25519","djb","ed25519","eddsa","elliptic-curves","javascript","libsodium","nacl","salsa20","secretbox","sha-512","signature","tweetnacl"],"latest_commit_sha":null,"homepage":"https://tweetnacl.js.org","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dchest.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.md","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-01-05T11:15:32.000Z","updated_at":"2025-04-15T21:14:45.000Z","dependencies_parsed_at":"2024-06-18T10:57:24.255Z","dependency_job_id":"b6b9710d-6c14-4920-8a63-a679d1adbcdf","html_url":"https://github.com/dchest/tweetnacl-js","commit_stats":{"total_commits":377,"total_committers":18,"mean_commits":"20.944444444444443","dds":0.06631299734748008,"last_synced_commit":"ce86a6a4ef649b9caa6eeb5aaf67b4d87d73fdf2"},"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchest%2Ftweetnacl-js","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchest%2Ftweetnacl-js/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchest%2Ftweetnacl-js/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchest%2Ftweetnacl-js/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dchest","download_url":"https://codeload.github.com/dchest/tweetnacl-js/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250506149,"owners_count":21441724,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","crypto","curve25519","djb","ed25519","eddsa","elliptic-curves","javascript","libsodium","nacl","salsa20","secretbox","sha-512","signature","tweetnacl"],"created_at":"2024-07-31T03:01:02.915Z","updated_at":"2025-04-23T20:48:45.608Z","avatar_url":"https://github.com/dchest.png","language":"JavaScript","funding_links":[],"categories":["JavaScript","javascript","Frameworks and Libs"],"sub_categories":["JavaScript"],"readme":"TweetNaCl.js\n============\n\nPort of [TweetNaCl](http://tweetnacl.cr.yp.to) / [NaCl](http://nacl.cr.yp.to/)\nto JavaScript for modern browsers and Node.js. Public domain.\n\nDemo: \u003chttps://dchest.github.io/tweetnacl-js/\u003e\n\nDocumentation\n=============\n\n* [Overview](#overview)\n* [Audits](#audits)\n* [Security Considerations](#security-considerations)\n* [Installation](#installation)\n* [Examples](#examples)\n* [Usage](#usage)\n * [Public-key authenticated encryption (box)](#public-key-authenticated-encryption-box)\n * [Secret-key authenticated encryption (secretbox)](#secret-key-authenticated-encryption-secretbox)\n * [Scalar multiplication](#scalar-multiplication)\n * [Signatures](#signatures)\n * [Hashing](#hashing)\n * [Random bytes generation](#random-bytes-generation)\n * [Constant-time comparison](#constant-time-comparison)\n* [System requirements](#system-requirements)\n* [Development and testing](#development-and-testing)\n* [Benchmarks](#benchmarks)\n* [Contributors](#contributors)\n* [Who uses it](#who-uses-it)\n\n\nOverview\n--------\n\nThe primary goal of this project is to produce a translation of TweetNaCl to\nJavaScript which is as close as possible to the original C implementation, plus\na thin layer of idiomatic high-level API on top of it.\n\nThere are two versions, you can use either of them:\n\n* `nacl.js` is the port of TweetNaCl with minimum differences from the\n original + high-level API.\n\n* `nacl-fast.js` is like `nacl.js`, but with some functions replaced with\n faster versions. (Used by default when importing NPM package.)\n\n\nAudits\n------\n\nTweetNaCl.js has been audited by [Cure53](https://cure53.de/) in January-February\n2017 (audit was sponsored by [Deletype](https://deletype.com)):\n\n\u003e The overall outcome of this audit signals a particularly positive assessment\n\u003e for TweetNaCl-js, as the testing team was unable to find any security\n\u003e problems in the library.\n\n[Read full audit report](https://cure53.de/tweetnacl.pdf)\n\nWhile the audit didn't find any bugs, there has been [1 bug](https://github.com/dchest/tweetnacl-js/issues/187) discovered and fixed after the audit.\n\n\nSecurity Considerations\n-----------------------\n\nIt is important to note that TweetNaCl.js is a low-level library\nthat doesn't provide complete security protocols. When designing\nprotocols, you should carefully consider various properties of\nunderlying primitives.\n\n### No secret key commitment\n\nWhile XSalsa20-Poly1305, as used in `nacl.secretbox` and `nacl.box`,\nmeets the standard notions of privacy and authenticity for a secret-key\nauthenticated-encryption scheme using nonces, it is *not key-committing*,\nwhich means that it is possible to find a ciphertext which decrypts to\nvalid plaintexts under two different keys. This may lead to vulnerabilities\nif encrypted messages are used in a context where key commitment is expected.\n\n### Signature malleability\n\nWhile Ed25519 as originally defined and implemented in `nacl.sign`\nmeets the standard notion of unforgeability for a public-key\nsignature scheme under chosen-message attacks, it is *malleable*:\ngiven a signed message, it is possible, without knowing the secret key,\nto create a different signature for the same message that will verify\nunder the same public key. This may lead to vulnerabilities if\nsignatures are used in a context where malleability is not expected.\n\n### Hash length-extension attacks\n\nThe SHA-512 hash function, as implemented by `nacl.hash`, is *not\nresistant* to length-extension attacks.\n\n### Side-channel attacks\n\nWhile TweetNaCl.js uses algorithmic constant-time operations,\nit is impossible to guarantee that they are physically constant time\ngiven JavaScript runtimes, JIT compilers, and other factors.\nIt is also impossible to guarantee that secret data is physically\nremoved from memory during cleanup due to copying garbage\ncollectors and optimizing compilers.\n\n\nInstallation\n------------\n\nYou can install TweetNaCl.js via a package manager:\n\n[Yarn](https://yarnpkg.com/):\n\n $ yarn add tweetnacl\n\n[NPM](https://www.npmjs.org/):\n\n $ npm install tweetnacl\n\nor [download source code](https://github.com/dchest/tweetnacl-js/releases).\n\n\nExamples\n--------\nYou can find usage examples in our [wiki](https://github.com/dchest/tweetnacl-js/wiki/Examples).\n\n\nUsage\n-----\n\nAll API functions accept and return bytes as `Uint8Array`s. If you need to\nencode or decode strings, use functions from\n\u003chttps://github.com/dchest/tweetnacl-util-js\u003e or one of the more robust codec\npackages.\n\nIn Node.js v4 and later `Buffer` objects are backed by `Uint8Array`s, so you\ncan freely pass them to TweetNaCl.js functions as arguments. The returned\nobjects are still `Uint8Array`s, so if you need `Buffer`s, you'll have to\nconvert them manually; make sure to convert using copying: `Buffer.from(array)`\n(or `new Buffer(array)` in Node.js v4 or earlier), instead of sharing:\n`Buffer.from(array.buffer)` (or `new Buffer(array.buffer)` Node 4 or earlier),\nbecause some functions return subarrays of their buffers.\n\n\n### Public-key authenticated encryption (box)\n\nImplements *x25519-xsalsa20-poly1305*.\n\n#### nacl.box.keyPair()\n\nGenerates a new random key pair for box and returns it as an object with\n`publicKey` and `secretKey` members:\n\n {\n publicKey: ..., // Uint8Array with 32-byte public key\n secretKey: ... // Uint8Array with 32-byte secret key\n }\n\n\n#### nacl.box.keyPair.fromSecretKey(secretKey)\n\nReturns a key pair for box with public key corresponding to the given secret\nkey.\n\n#### nacl.box(message, nonce, theirPublicKey, mySecretKey)\n\nEncrypts and authenticates message using peer's public key, our secret key, and\nthe given nonce, which must be unique for each distinct message for a key pair.\n\nReturns an encrypted and authenticated message, which is\n`nacl.box.overheadLength` longer than the original message.\n\n#### nacl.box.open(box, nonce, theirPublicKey, mySecretKey)\n\nAuthenticates and decrypts the given box with peer's public key, our secret\nkey, and the given nonce.\n\nReturns the original message, or `null` if authentication fails.\n\n#### nacl.box.before(theirPublicKey, mySecretKey)\n\nReturns a precomputed shared key which can be used in `nacl.box.after` and\n`nacl.box.open.after`.\n\n#### nacl.box.after(message, nonce, sharedKey)\n\nSame as `nacl.box`, but uses a shared key precomputed with `nacl.box.before`.\n\n#### nacl.box.open.after(box, nonce, sharedKey)\n\nSame as `nacl.box.open`, but uses a shared key precomputed with `nacl.box.before`.\n\n#### Constants\n\n##### nacl.box.publicKeyLength = 32\n\nLength of public key in bytes.\n\n##### nacl.box.secretKeyLength = 32\n\nLength of secret key in bytes.\n\n##### nacl.box.sharedKeyLength = 32\n\nLength of precomputed shared key in bytes.\n\n##### nacl.box.nonceLength = 24\n\nLength of nonce in bytes.\n\n##### nacl.box.overheadLength = 16\n\nLength of overhead added to box compared to original message.\n\n\n### Secret-key authenticated encryption (secretbox)\n\nImplements *xsalsa20-poly1305*.\n\n#### nacl.secretbox(message, nonce, key)\n\nEncrypts and authenticates message using the key and the nonce. The nonce must\nbe unique for each distinct message for this key.\n\nReturns an encrypted and authenticated message, which is\n`nacl.secretbox.overheadLength` longer than the original message.\n\n#### nacl.secretbox.open(box, nonce, key)\n\nAuthenticates and decrypts the given secret box using the key and the nonce.\n\nReturns the original message, or `null` if authentication fails.\n\n#### Constants\n\n##### nacl.secretbox.keyLength = 32\n\nLength of key in bytes.\n\n##### nacl.secretbox.nonceLength = 24\n\nLength of nonce in bytes.\n\n##### nacl.secretbox.overheadLength = 16\n\nLength of overhead added to secret box compared to original message.\n\n\n### Scalar multiplication\n\nImplements *x25519*.\n\n#### nacl.scalarMult(n, p)\n\nMultiplies an integer `n` by a group element `p` and returns the resulting\ngroup element.\n\n#### nacl.scalarMult.base(n)\n\nMultiplies an integer `n` by a standard group element and returns the resulting\ngroup element.\n\n#### Constants\n\n##### nacl.scalarMult.scalarLength = 32\n\nLength of scalar in bytes.\n\n##### nacl.scalarMult.groupElementLength = 32\n\nLength of group element in bytes.\n\n\n### Signatures\n\nImplements [ed25519](http://ed25519.cr.yp.to).\n\n#### nacl.sign.keyPair()\n\nGenerates new random key pair for signing and returns it as an object with\n`publicKey` and `secretKey` members:\n\n {\n publicKey: ..., // Uint8Array with 32-byte public key\n secretKey: ... // Uint8Array with 64-byte secret key\n }\n\n#### nacl.sign.keyPair.fromSecretKey(secretKey)\n\nReturns a signing key pair with public key corresponding to the given\n64-byte secret key. The secret key must have been generated by\n`nacl.sign.keyPair` or `nacl.sign.keyPair.fromSeed`.\n\n#### nacl.sign.keyPair.fromSeed(seed)\n\nReturns a new signing key pair generated deterministically from a 32-byte seed.\nThe seed must contain enough entropy to be secure. This method is not\nrecommended for general use: instead, use `nacl.sign.keyPair` to generate a new\nkey pair from a random seed.\n\n#### nacl.sign(message, secretKey)\n\nSigns the message using the secret key and returns a signed message.\n\n#### nacl.sign.open(signedMessage, publicKey)\n\nVerifies the signed message and returns the message without signature.\n\nReturns `null` if verification failed.\n\n#### nacl.sign.detached(message, secretKey)\n\nSigns the message using the secret key and returns a signature.\n\n#### nacl.sign.detached.verify(message, signature, publicKey)\n\nVerifies the signature for the message and returns `true` if verification\nsucceeded or `false` if it failed.\n\n#### Constants\n\n##### nacl.sign.publicKeyLength = 32\n\nLength of signing public key in bytes.\n\n##### nacl.sign.secretKeyLength = 64\n\nLength of signing secret key in bytes.\n\n##### nacl.sign.seedLength = 32\n\nLength of seed for `nacl.sign.keyPair.fromSeed` in bytes.\n\n##### nacl.sign.signatureLength = 64\n\nLength of signature in bytes.\n\n\n### Hashing\n\nImplements *SHA-512*.\n\n#### nacl.hash(message)\n\nReturns SHA-512 hash of the message.\n\n#### Constants\n\n##### nacl.hash.hashLength = 64\n\nLength of hash in bytes.\n\n\n### Random bytes generation\n\n#### nacl.randomBytes(length)\n\nReturns a `Uint8Array` of the given length containing random bytes of\ncryptographic quality.\n\n**Implementation note**\n\nTweetNaCl.js uses the following methods to generate random bytes,\ndepending on the platform it runs on:\n\n* `window.crypto.getRandomValues` (WebCrypto standard)\n* `window.msCrypto.getRandomValues` (Internet Explorer 11)\n* `crypto.randomBytes` (Node.js)\n\nIf the platform doesn't provide a suitable PRNG, the following functions,\nwhich require random numbers, will throw exception:\n\n* `nacl.randomBytes`\n* `nacl.box.keyPair`\n* `nacl.sign.keyPair`\n\nOther functions are deterministic and will continue working.\n\nIf a platform you are targeting doesn't implement secure random number\ngenerator, but you somehow have a cryptographically-strong source of entropy\n(not `Math.random`!), and you know what you are doing, you can plug it into\nTweetNaCl.js like this:\n\n nacl.setPRNG(function(x, n) {\n // ... copy n random bytes into x ...\n });\n\nNote that `nacl.setPRNG` *completely replaces* internal random byte generator\nwith the one provided.\n\n\n### Constant-time comparison\n\n#### nacl.verify(x, y)\n\nCompares `x` and `y` in constant time and returns `true` if their lengths are\nnon-zero and equal, and their contents are equal.\n\nReturns `false` if either of the arguments has zero length, or arguments have\ndifferent lengths, or their contents differ.\n\n\nSystem requirements\n-------------------\n\nTweetNaCl.js supports modern browsers that have a cryptographically secure\npseudorandom number generator and typed arrays, including the latest versions\nof:\n\n* Chrome\n* Firefox\n* Safari (Mac, iOS)\n* Internet Explorer 11\n\nOther systems:\n\n* Node.js\n\n\nDevelopment and testing\n------------------------\n\nInstall NPM modules needed for development:\n\n $ npm install\n\nTo build minified versions:\n\n $ npm run build\n\nTests use minified version, so make sure to rebuild it every time you change\n`nacl.js` or `nacl-fast.js`.\n\n### Testing\n\nTo run tests in Node.js:\n\n $ npm run test-node\n\nBy default all tests described here work on `nacl.min.js`. To test other\nversions, set environment variable `NACL_SRC` to the file name you want to test.\nFor example, the following command will test fast minified version:\n\n $ NACL_SRC=nacl-fast.min.js npm run test-node\n\nTo run full suite of tests in Node.js, including comparing outputs of\nJavaScript port to outputs of the original C version:\n\n $ npm run test-node-all\n\nTo prepare tests for browsers:\n\n $ npm run build-test-browser\n\nand then open `test/browser/test.html` (or `test/browser/test-fast.html`) to\nrun them.\n\nTo run tests in both Node and Electron:\n\n $ npm test\n\n### Benchmarking\n\nTo run benchmarks in Node.js:\n\n $ npm run bench\n $ NACL_SRC=nacl-fast.min.js npm run bench\n\nTo run benchmarks in a browser, open `test/benchmark/bench.html` (or\n`test/benchmark/bench-fast.html`).\n\n\nBenchmarks\n----------\n\nFor reference, here are benchmarks from MacBook Pro (Retina, 13-inch, Mid 2014)\nlaptop with 2.6 GHz Intel Core i5 CPU (Intel) in Chrome 53/OS X, Xiaomi Redmi\nNote 3 smartphone with 1.8 GHz Qualcomm Snapdragon 650 64-bit CPU (ARM) in\nChrome 52/Android, and MacBook Air 2020 with Apple M1 SOC (M1) in Chromium 102/macOS.\n\n| | nacl.js Intel | nacl-fast.js Intel | nacl.js ARM | nacl-fast.js ARM | nacl-fast.js M1 |\n| ------------- |:-------------:|:-------------------:|:-------------:|:-----------------:|:-----------------:|\n| salsa20 | 1.3 MB/s | 128 MB/s | 0.4 MB/s | 43 MB/s | 268 MB/s |\n| poly1305 | 13 MB/s | 171 MB/s | 4 MB/s | 52 MB/s | 248 MB/s |\n| hash | 4 MB/s | 34 MB/s | 0.9 MB/s | 12 MB/s | 76 MB/s |\n| secretbox 1K | 1113 op/s | 57583 op/s | 334 op/s | 14227 op/s | 54546 op/s |\n| box 1K | 145 op/s | 718 op/s | 37 op/s | 368 op/s | 1836 op/s |\n| scalarMult | 171 op/s | 733 op/s | 56 op/s | 380 op/s | 1882 op/s |\n| sign | 77 op/s | 200 op/s | 20 op/s | 61 op/s | 592 op/s |\n| sign.open | 39 op/s | 102 op/s | 11 op/s | 31 op/s | 300 op/s |\n\n(You can run benchmarks on your devices by clicking on the links at the bottom\nof the [home page](https://tweetnacl.js.org)).\n\nIn short, with *nacl-fast.js* and 1024-byte messages you can expect to encrypt and\nauthenticate more than 57000 messages per second on a typical laptop or more than\n14000 messages per second on a $170 smartphone, sign about 500 and verify 300\nmessages per second on a laptop or 60 and 30 messages per second on a smartphone,\nper CPU core (with Web Workers you can do these operations in parallel),\nwhich is good enough for most applications.\n\n\nContributors\n------------\n\nSee AUTHORS.md file.\n\n\nThird-party libraries based on TweetNaCl.js\n-------------------------------------------\n\n* [chloride](https://github.com/dominictarr/chloride) - unified API for various NaCl modules\n* [forward-secrecy](https://github.com/alax/forward-secrecy) — Axolotl ratchet implementation\n* [nacl-stream](https://github.com/dchest/nacl-stream-js) - streaming encryption\n* [ristretto255-js](https://github.com/calibra/ristretto255-js) — implementation of the [ristretto255 group](https://ristretto.group/)\n* [tweetnacl-auth-js](https://github.com/dchest/tweetnacl-auth-js) — implementation of [`crypto_auth`](http://nacl.cr.yp.to/auth.html)\n* [tweetnacl-js-sealed-box](https://github.com/TogaTech/tweetnacl-js-sealed-box) — fork that adds [`sealed boxes`](https://download.libsodium.org/doc/public-key_cryptography/sealed_boxes.html)\n* [ed2curve](https://github.com/dchest/ed2curve-js) — convert Ed25519 signing key pair to X25519 boxes key pair\n\n\nWho uses it\n-----------\n\nSome notable users of TweetNaCl.js are listed on the [associated wiki page](https://github.com/dchest/tweetnacl-js/wiki/Who-uses-TweetNaCl.js).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdchest%2Ftweetnacl-js","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdchest%2Ftweetnacl-js","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdchest%2Ftweetnacl-js/lists"}