http-message-signatures
    TypeScript icon, indicating that this package has built-in type declarations

    0.1.1 • Public • Published

    HTTP Message Signatures

    Based on the draft specifications for HTTP Message Signatures, this library facilitates the signing of HTTP messages before being sent.

    Specifications

    Two specifications are supported by this library:

    1. HTTPBIS
    2. Cavage

    Approach

    As the cavage specification is now expired and superseded by the HTTPBIS one, this library takes a "HTTPBIS-first" approach. This means that most support and maintenance will go into the HTTPBIS implementation and syntax. The syntax is then back-ported to the Cavage implementation as much as possible.

    Examples

    Signing a request

    const { sign, createSigner } = require('http-message-signing');
    
    (async () => {
        const signedRequest = await sign({
            method: 'POST',
            url: 'https://example.com',
            headers: {
                'content-type': 'text/plain',
            },
            body: 'test',
        }, {
            components: [
                '@method',
                '@authority',
                'content-type',
            ],
            parameters: {
                created: Math.floor(Date.now() / 1000),
            },
            keyId: 'my-hmac-secret',
            signer: createSigner('hmac-sha256'),
        });
        // signedRequest now has the `Signature` and `Signature-Input` headers
    })().catch(console.error);

    Signing with your own signer

    It's possible to provide your own signer (this is useful if you're using a secure enclave or key management service). To do so, you must implement a callable that has the alg prop set to a valid algorithm value. It's possible to use proprietary algorithm values if you have some internal signing logic you need to support.

    const mySigner = async (data) => {
        return Buffer.from('my sig');
    }
    mySigner.alg = 'custom-123';

    Install

    npm i http-message-signatures

    DownloadsWeekly Downloads

    13

    Version

    0.1.1

    License

    ISC

    Unpacked Size

    33.3 kB

    Total Files

    18

    Last publish

    Collaborators

    • dhensby