Utilities around Spectre / Master Password Algorithm (by Maarten Billemont), implemented in TypeScript, using Noble & Scure cryptography by @paulmillr. Used for deriving stateless accounts & passwords, 2fa, shamir secret sharing, crypto/bitcoin/nostr public and private keys, and more.
- Don't store, derive! Derive passwords and keys from a master password and a name
- Cloud-less & storage-less password manager, stateless password derivation
- Uses only audited Noble & Scure cryptography by @paulmillr
- TypeScript implementation of Spectre.app / Master Password Algorithm by Maarten Billemont
- Stateless account & password derivation - no need to store anything
- Stateless wallet/keys derivation for Ethereum, Bitcoin, Litecoin, Vertcoin, Nostr
- Support for splitting the secret key with Shamir Secret Sharing scheme
- AES-256-GCM encrypt/decrypt a private thing using the secret key
- Generate and validate 2FA tokens (HOTP & TOTP)
- RFC 4226 & RFC 6238
- support
SHA-1,SHA-256,SHA-512hashing algorithms - support different digits lengths, up to 10
npm add cryptils
bun add cryptils
deno add npm:cryptils
import { deriveCryptoKeys, spectreV4 } from 'cryptils/derive';
// personal name (can be anything), master password, account name (or site url + handle)
const wgw = spectreV4('some persona', 'fool master pawdy', 'twitter.com/wgw_eth');
const keys = deriveCryptoKeys(wgw.secret);
console.log('privkey', bytesToHex(wgw.secret));
console.log('wiggle account:', wgw);
// => { secret: uint8array, persona: string, securepass: string, account: string }
console.log('crypto keys:', keys);
// => { bitcoin, nostr, ethereum, litecoin, vertcoin }or using separate functions, to save on computation
import { deriveBitcoinKeys, deriveEthereumKeys, deriveNostrKeys, spectreV4 } from 'cryptils/derive';
const wgw = spectreV4('some persona', 'fool master pawdy', 'twitter.com/wgw_eth');
console.log('btc1', deriveBitcoinKeys(wgw.secret));
console.log('btc2', deriveBitcoinKeys(randomBytes(32)));
// => { mnemonic, salt, privkey, pubkey, address }
console.log('eth', deriveEthereumKeys(wgw.secret));
// => { mnemonic, salt, privkey, pubkey, address }
console.log('nostr', deriveNostrKeys(wgw.secret));
// => { mnemonic salt, privkey, pubkey, npub, nsec, nrepo }import {
getHotp,
getOtpSecret,
getTokenUri,
getTotp,
parseOtpSecret,
validateHotp,
validateTotp,
} from 'cryptils/otp';
import qrcode from 'qrcode';
// accepts secret uint8array, secret as base32 string, or hex string,
// if not passed anything it will generate random secret
const secret = getOtpSecret();
const token = await getTotp(secret, { digits: 8, algorithm: 'SHA-512' });
const valid = await validateTotp(secret, token, { digits: 8, algorithm: 'SHA-512' });
console.log({ secret, token, valid });
const hotp = await getHotp(secret);
console.log({ hotp, valid: await validateHotp(secret, hotpToken) });
const parsedSecret = parseOtpSecret('5DXDAFF6BALL25TOYZXJHDCW4LY4OWTH');
const uri = getTokenUri(secret, { issuer: 'MyApp', username: 'barry' });
cosole.log({ parsedSecret, uri });
console.log(await qrcode.toString(uri));import { decryptWithSecret, encryptWithSecret } from 'cryptils/aes';
import { spectreV4 } from 'cryptils/derive';
import { randomBytes } from 'cryptils/utils';
const account = spectreV4('usrname', 'foo pass bar', 'twt.com');
// or try with random one
const secret = randomBytes(32);
console.log({ account });
const encrypted = await encryptWithSecret(account.securepass, account.secret);
const decrypted = await decryptWithSecret(encrypted, account.secret);
console.log({ encrypted, decrypted, same: decrypted === account.securepass });export type SpectreOptions = { template?: string; hash?: any; iterations?: number };
export type SpectreResult = { secret: Uint8Array; name: string; user: string; pass: string };
export type HexString = string;
export type Input = Uint8Array | string;
export type SecretKey = Uint8Array | HexString;
export type HashAlgo = 'SHA-1' | 'SHA-256' | 'SHA-512' | string;
export type TokenResult = string;SPDX-License-Identifier: MPL-2.0