Password protected ed25519 key pairs.
await SecureKey.generate('/path/to/keyfile')
// interactive prompt for password
const keyPair = await SecureKey.open('/path/to/keyfile')
// interactive prompt for password
// key pair is locked initially
keyPair.unlock()
// use key pair
const signature = crypto.sign(message, keyPair)
// lock key pair in between usage
keyPair.lock()
// ... do some more
// clear key pair finally
keyPair.clear()
Byte length of secret key
Byte length of public key
Generate a new key pair and store to path
.
Public key will be written to path.public
opts
can be passed:
-
password
: specify password for non-interactive mode
Open a key pair stored at path
.
opts
can be passed:
-
password
: specify password for non-interactive mode -
protected
:true
by default. If set tofalse
, secret key will be written to a plain buffer
Unlock the key pair.
Throws an error if secret key is not in secure memory.
Lock the key pair.
Any attmept to access keyPair.secretKey will trigger a segfault.
Throws an error if secret key is not in secure memory.
Clear the secret key from memory.
The secret key.
The public key.
Boolean indicating if the key pair is locked.
Apache-2.0