The crypt-util library provides an implementation for local (on-device) usage, but is not responsible for the secure storage of any private keys. The local implementation creates derivable ECDSA keys which can also be used with an Ethereum network.
In an existing project (with
npm install crypt-util --save
Creating, importing and exporting keys
A new (random) key can be created. This implementation allows for importing and exporting the keys, so that they can be stored on a local storage or used in an external lib.
// Create a new master keycryptUtils.createMasterPrivateKey// Export master key: Exporting the master key should only be used if the key must be stored locally,// crypt-util does not store private keys on the deviceconsole.logmasterPrivExtKey// Import master key (if to be restored from a local storage)cryptUtils.importMasterPrivateKeymasterPrivExtKey
Key derivation with the out-of-the-box implementation is done according to BIP0044. We use the derived private keys and addresses with an Ethereum blockchain. Key derivation takes as input the variables
The key path will be formed as follows
accountId can be used if your application offers multiple accounts/profiles for one user. Leave
accountId = 0 when unused.
// Derive private key: Should only be used if an external package requires direct usage of the keyconsole.logprivKey// Derive public keyconsole.logpubKey// Derive address: In this case a keccak256 hash conform Ethereum standardsconsole.logaddress
Signing and verifying
secp256k1 signing algorithm is used over a
keccak256 hash from a given payload. A hexadecimal representation of the signature is returned.
// Don't forget to import your private key!// Sign a payload with a derived keyconst signature = cryptUtilsconsole// Verify payload and signatureconst verified = cryptUtilsconsole
Different crypto algorithms
Build a new class yourself, implementing the crypt-util interface using the cryptographic algorithm of your choice. As of now, only the secp256k1 algorithm is available out-of-the-box.
Besides unit testing with Mocha, the effectivity of all tests are also measured with the Stryker mutation testing framework.
npm run testnpm run stryker
We aim to achieve a coverage of 100%. Stryker and/or mocha test scores below 80% will fail the build.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
License and disclaimer
We discourage the use of this work in production environments as it is in active development and not mature enough.