https://github.com/fission-codes/keystore-idb
In-browser key management with IndexedDB and the Web Crypto API
https://github.com/fission-codes/keystore-idb
crypto cryptography ecc elliptic-curves indexeddb keys-in-browser rsa
Last synced: about 2 months ago
JSON representation
In-browser key management with IndexedDB and the Web Crypto API
- Host: GitHub
- URL: https://github.com/fission-codes/keystore-idb
- Owner: fission-codes
- License: apache-2.0
- Created: 2020-02-19T05:03:30.000Z (over 5 years ago)
- Default Branch: main
- Last Pushed: 2023-07-14T17:28:53.000Z (almost 2 years ago)
- Last Synced: 2025-03-25T11:48:18.453Z (2 months ago)
- Topics: crypto, cryptography, ecc, elliptic-curves, indexeddb, keys-in-browser, rsa
- Language: TypeScript
- Homepage:
- Size: 1.03 MB
- Stars: 58
- Watchers: 4
- Forks: 8
- Open Issues: 14
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Code of conduct: .github/CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# IndexedDB KeyStore
[](https://www.npmjs.com/package/keystore-idb)
[](https://github.com/fission-suite/blob/master/LICENSE)
[](https://codeclimate.com/github/fission-suite/keystore-idb/maintainability)
[](https://fission.codes)
[](https://discord.gg/zAQBDEq)
[](https://talk.fission.codes)
In-browser key management with IndexedDB and the Web Crypto API.
Securely store and use keys for encryption, decryption, and signatures. IndexedDB and Web Crypto keep keys safe from malicious javascript.
Supports both RSA (RSASSA-PKCS1-v1_5 & RSA-OAEP) and Elliptic Curves (P-256, P-381 & P-521).
ECC (Elliptic Curve Cryptography) is only available on Chrome. Firefox and Safari do not support ECC and must use RSA.
_Specifically, this is an issue with storing ECC keys in IndexedDB_
## Config
Below is the default config and all possible values
_Note: these are given as primitives, but in Typescript you can use the included enums_
```typescript
const defaultConfig = {
type: 'ecc', // 'ecc' | 'rsa'
curve: 'P-256', // 'P-256' | 'P-384' | 'P-521'
rsaSize: 2048, // 1024 | 2048 | 4096
symmAlg: 'AES-CTR', // 'AES-CTR' | 'AES-GCM' | 'AES-CBC'
symmLen: 128, // 128 | 192 | 256
hashAlg: 'SHA-256', // 'SHA-1' | 'SHA-256' | 'SHA-384' | 'SHA-512'
charSize: 16, // 8 | 16
storeName: 'keystore', // any string
exchangeKeyName: 'exchange-key', // any string
writeKeyName: 'write-key', // any string
}
```
_Note: if you don't include a crypto "type" (`'ecc' | 'rsa'`), the library will check if your browser supports ECC. If so (Chrome), it will use ECC, if not (Firefox, Safari) it will fall back to RSA._
## Example Usage
```typescript
import keystore from 'keystore-idb'
async function run() {
await keystore.clear()
const ks1 = await keystore.init({ storeName: 'keystore' })
const ks2 = await keystore.init({ storeName: 'keystore2' })
const msg = "Incididunt id ullamco et do."
// exchange keys and write keys are separate because of the Web Crypto API
const exchangeKey1 = await ks1.publicExchangeKey()
const writeKey1 = await ks1.publicWriteKey()
const exchangeKey2 = await ks2.publicExchangeKey()
// these keys get exported as strings
console.log('exchangeKey1: ', exchangeKey1)
console.log('writeKey1: ', writeKey1)
console.log('exchangeKey2: ', exchangeKey2)
const sig = await ks1.sign(msg)
const valid = await ks2.verify(msg, sig, writeKey1)
console.log('sig: ', sig)
console.log('valid: ', valid)
const cipher = await ks1.encrypt(msg, exchangeKey2)
const decipher = await ks2.decrypt(cipher, exchangeKey1)
console.log('cipher: ', cipher)
console.log('decipher: ', decipher)
}
run()
```
## Development
```shell
# install dependencies
yarn
# run development server
yarn start
# build
yarn build
# test
yarn test
# test w/ reloading
yarn test:watch
# publish (run this script instead of npm publish!)
./publish.sh
```