Skip to main content
Home
Browse packagesDocs
Sign In with GitHubSign In with GitLab

@std/crypto@0.215.0

latest
Works with
It is unknown whether this package works with Browsers, Deno, Node.js, Cloudflare Workers, Bun
It is unknown whether this package works with Browsers
It is unknown whether this package works with Deno
It is unknown whether this package works with Node.js
It is unknown whether this package works with Cloudflare Workers
It is unknown whether this package works with Bun
JSR Score70%
Published2 years ago (0.215.0)
default

Extensions to the Web Crypto supporting additional encryption APIs, but also delegating to the built-in APIs when possible.

Classes

c
KeyStack(keys: Iterable<Key>)

A cryptographic key chain which allows signing of data to prevent tampering, but also allows for easy key rotation without needing to re-sign the data.

  • indexOf(
    data: Data,
    digest: string
    ): Promise<number>

    Given data and a digest, return the current index of the key in the keys passed the constructor that was used to generate the digest. If no key can be found, the method returns -1.

  • length(): number

    Number of keys

  • sign(data: Data): Promise<string>

    Take data and return a SHA256 HMAC digest that uses the current 0 index of the keys passed to the constructor. This digest is in the form of a URL safe base64 encoded string.

  • verify(
    data: Data,
    digest: string
    ): Promise<boolean>

    Given data and a digest, verify that one of the keys provided the constructor was used to generate the digest. Returns true if one of the keys was used, otherwise false.

Functions

f
timingSafeEqual(
a: ArrayBufferView | ArrayBufferLike | DataView,
b: ArrayBufferView | ArrayBufferLike | DataView
): boolean

When checking the values of cryptographic hashes are equal, default comparisons can be susceptible to timing based attacks, where attacker is able to find out information about the host system by repeatedly checking response times to equality comparisons of values.

Interfaces

I
StdCrypto

Extensions to the Web Crypto interface.

  • subtle: StdSubtleCrypto

    Extension to the crypto.SubtleCrypto interface.

I
StdSubtleCrypto

Extensions to the web standard SubtleCrypto interface.

  • digest(
    algorithm: DigestAlgorithm,
    data:
    BufferSource
    | AsyncIterable<BufferSource>
    | Iterable<BufferSource>
    ): Promise<ArrayBuffer>

    Returns a new Promise object that will digest data using the specified AlgorithmIdentifier.

  • digestSync(
    algorithm: DigestAlgorithm,
    data: BufferSource | Iterable<BufferSource>
    ): ArrayBuffer

    Returns a ArrayBuffer with the result of digesting data using the specified AlgorithmIdentifier.

Type Aliases

T
Data = string | number[] | ArrayBuffer | Uint8Array

Types of data that can be signed cryptographically.

T
DigestAlgorithm = DigestAlgorithmName | DigestAlgorithmObject

Extended digest algorithms accepted by stdCrypto.subtle.digest.

T
DigestAlgorithmName = WasmDigestAlgorithm | FNVAlgorithms

Extended digest algorithm names.

T
DigestAlgorithmObject = { name: DigestAlgorithmName; length?: number; }

Extended digest algorithm objects.

  • length: number
    No documentation available
  • name: DigestAlgorithmName
    No documentation available
T
FNVAlgorithms = "FNV32" | "FNV32A" | "FNV64" | "FNV64A"

FNV (Fowler/Noll/Vo) algorithms names.

T
Key = string | number[] | ArrayBuffer | Uint8Array

Types of keys that can be used to sign data.

T
WasmDigestAlgorithm = digestAlgorithms[number]

An algorithm name supported by std/crypto/_wasm.

Variables

v
crypto: StdCrypto

An wrapper for WebCrypto adding support for additional non-standard algorithms, but delegating to the runtime WebCrypto implementation whenever possible.

v
wasmDigestAlgorithms:
"BLAKE2B-128"
| "BLAKE2B-160"
| "BLAKE2B-224"
| "BLAKE2B-256"
| "BLAKE2B-384"
| "BLAKE2B"
| "BLAKE2S"
| "BLAKE3"
| "KECCAK-224"
| "KECCAK-256"
| "KECCAK-384"
| "KECCAK-512"
| "SHA-384"
| "SHA3-224"
| "SHA3-256"
| "SHA3-384"
| "SHA3-512"
| "SHAKE128"
| "SHAKE256"
| "TIGER"
| "RIPEMD-160"
| "SHA-224"
| "SHA-256"
| "SHA-512"
| "MD4"
| "MD5"
| "SHA-1"
[]

All cryptographic hash/digest algorithms supported by std/crypto/_wasm.

crypto

Extensions to the Web Crypto API supporting additional encryption APIs, but also delegating to the built-in APIs when possible.

Examples

Example 1

import { crypto } from "@std/crypto";

// This will delegate to the runtime's WebCrypto implementation.
console.log(
  new Uint8Array(
    await crypto.subtle.digest(
      "SHA-384",
      new TextEncoder().encode("hello world"),
    ),
  ),
);

// This will use a bundled Wasm/Rust implementation.
console.log(
  new Uint8Array(
    await crypto.subtle.digest(
      "BLAKE3",
      new TextEncoder().encode("hello world"),
    ),
  ),
);

Convert hash to a string

import {
  crypto,
} from "@std/crypto";
import { encodeHex } from "@std/encoding/hex"
import { encodeBase64 } from "@std/encoding/base64"

const hash = await crypto.subtle.digest(
  "SHA-384",
  new TextEncoder().encode("You hear that Mr. Anderson?"),
);

// Hex encoding
console.log(encodeHex(hash));

// Or with base64 encoding
console.log(encodeBase64(hash));

Interfaces

I
StdCrypto

Extensions to the Web Crypto interface.

  • subtle: StdSubtleCrypto

    Extension to the crypto.SubtleCrypto interface.

I
StdSubtleCrypto

Extensions to the web standard SubtleCrypto interface.

  • digest(
    algorithm: DigestAlgorithm,
    data:
    BufferSource
    | AsyncIterable<BufferSource>
    | Iterable<BufferSource>
    ): Promise<ArrayBuffer>

    Returns a new Promise object that will digest data using the specified AlgorithmIdentifier.

  • digestSync(
    algorithm: DigestAlgorithm,
    data: BufferSource | Iterable<BufferSource>
    ): ArrayBuffer

    Returns a ArrayBuffer with the result of digesting data using the specified AlgorithmIdentifier.

Type Aliases

T
DigestAlgorithm = DigestAlgorithmName | DigestAlgorithmObject

Extended digest algorithms accepted by stdCrypto.subtle.digest.

T
DigestAlgorithmName = WasmDigestAlgorithm | FNVAlgorithms

Extended digest algorithm names.

T
DigestAlgorithmObject = { name: DigestAlgorithmName; length?: number; }

Extended digest algorithm objects.

  • length: number
    No documentation available
  • name: DigestAlgorithmName
    No documentation available
T
FNVAlgorithms = "FNV32" | "FNV32A" | "FNV64" | "FNV64A"

FNV (Fowler/Noll/Vo) algorithms names.

T
WasmDigestAlgorithm = digestAlgorithms[number]

An algorithm name supported by std/crypto/_wasm.

Variables

v
crypto: StdCrypto

An wrapper for WebCrypto adding support for additional non-standard algorithms, but delegating to the runtime WebCrypto implementation whenever possible.

v
wasmDigestAlgorithms:
"BLAKE2B-128"
| "BLAKE2B-160"
| "BLAKE2B-224"
| "BLAKE2B-256"
| "BLAKE2B-384"
| "BLAKE2B"
| "BLAKE2S"
| "BLAKE3"
| "KECCAK-224"
| "KECCAK-256"
| "KECCAK-384"
| "KECCAK-512"
| "SHA-384"
| "SHA3-224"
| "SHA3-256"
| "SHA3-384"
| "SHA3-512"
| "SHAKE128"
| "SHAKE256"
| "TIGER"
| "RIPEMD-160"
| "SHA-224"
| "SHA-256"
| "SHA-512"
| "MD4"
| "MD5"
| "SHA-1"
[]

All cryptographic hash/digest algorithms supported by std/crypto/_wasm.

timing_safe_equal

Functions

f
timingSafeEqual(
a: ArrayBufferView | ArrayBufferLike | DataView,
b: ArrayBufferView | ArrayBufferLike | DataView
): boolean

When checking the values of cryptographic hashes are equal, default comparisons can be susceptible to timing based attacks, where attacker is able to find out information about the host system by repeatedly checking response times to equality comparisons of values.

unstable_keystack

Provides the KeyStack class which implements the KeyRing interface for managing rotatable keys.

Classes

c
KeyStack(keys: Iterable<Key>)

A cryptographic key chain which allows signing of data to prevent tampering, but also allows for easy key rotation without needing to re-sign the data.

  • indexOf(
    data: Data,
    digest: string
    ): Promise<number>

    Given data and a digest, return the current index of the key in the keys passed the constructor that was used to generate the digest. If no key can be found, the method returns -1.

  • length(): number

    Number of keys

  • sign(data: Data): Promise<string>

    Take data and return a SHA256 HMAC digest that uses the current 0 index of the keys passed to the constructor. This digest is in the form of a URL safe base64 encoded string.

  • verify(
    data: Data,
    digest: string
    ): Promise<boolean>

    Given data and a digest, verify that one of the keys provided the constructor was used to generate the digest. Returns true if one of the keys was used, otherwise false.

Type Aliases

T
Data = string | number[] | ArrayBuffer | Uint8Array

Types of data that can be signed cryptographically.

T
Key = string | number[] | ArrayBuffer | Uint8Array

Types of keys that can be used to sign data.

Report package

Please provide a reason for reporting this package. We will review your report and take appropriate action.

Please review the JSR usage policy before submitting a report.

Add Package

deno add jsr:@std/crypto

Import symbol

import * as crypto from "@std/crypto";
or

Import directly with a jsr specifier

import * as crypto from "jsr:@std/crypto";