KeyStack - @std/crypto

class KeyStack

A cryptographic key chain which allows signing of data to prevent tampering, but also allows for easy key rotation without needing to re-sign the data.

Data is signed as SHA256 HMAC.

This was inspired by keygrip.

Examples

Example 1

import { KeyStack } from "@std/crypto/unstable_keystack";

const keyStack = new KeyStack(["hello", "world"]);
const digest = await keyStack.sign("some data");

const rotatedStack = new KeyStack(["deno", "says", "hello", "world"]);
await rotatedStack.verify("some data", digest); // true

Constructors

new KeyStack(keys: Iterable<Key>)

A class which accepts an array of keys that are used to sign and verify data and allows easy key rotation without invalidation of previously signed data.

Properties

readonly

length: number

Number of keys

Methods

[Symbol.for("Deno.customInspect")](inspect: (value: unknown) => string): string

Custom output for Deno.inspect.

[Symbol.for("nodejs.util.inspect.custom")](depth: number,
options: any,
inspect: (value: unknown,
options?: unknown
) => string
): string

Custom output for Node's util.inspect.

indexOf(data: Data,
digest: string
): Promise<number>

Given data and a digest, return the current index of the key in the keys passed the constructor that was used to generate the digest. If no key can be found, the method returns -1.

sign(data: Data): Promise<string>

Take data and return a SHA256 HMAC digest that uses the current 0 index of the keys passed to the constructor. This digest is in the form of a URL safe base64 encoded string.

verify(data: Data,
digest: string
): Promise<boolean>

Given data and a digest, verify that one of the keys provided the constructor was used to generate the digest. Returns true if one of the keys was used, otherwise false.

@std/crypto@0.215.0

Examples

Example 1

Constructors

Properties

Methods

Report package