tweetnacl | Conservative , misuse-resistant crypto in Erlang
kandi X-RAY | tweetnacl Summary
kandi X-RAY | tweetnacl Summary
Tweetnacl is a research project to improve the state of Erlang crypto. API and codebase in flux while in v0.0.X, wear helmet while using.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of tweetnacl
tweetnacl Key Features
tweetnacl Examples and Code Snippets
Community Discussions
Trending Discussions on tweetnacl
QUESTION
I am trying to understand how to implement a minimal basic Public-key signature example based on the demo located here, using pure javascript.
My research has not yielded a simple javascript example that I can use to understand its inner workings, and the documentation is over my head at the moment.
I tried looking at the source code of the demo, but it is not revealing its secrets.
The library's examples does not have an example for this either.
Cryptography is something very new to me, so any baseline example of how to create their Public-key example with pure javascript in node.js would be greatly appreciated!
Pseudocode-ish:
...ANSWER
Answered 2020-Nov-11 at 09:16TweetNaCl.js is a port to JavaScript of TweetNaCl. TweetNacl in turn is a compact implementation of NaCl, which provides various encryption and signature algorithms essentially based on Curve25519. There are NaCl-compatible implementations or wrappers for many platforms, so that any of these documentations can be used for an introduction, e.g. the clear documentation of the Libsodium fork.
The documentation of TweetNaCl.js also gives a short overview of the functionality: nacl.sign(message, secretKey) creates a signed message consisting of the 64 bytes signature with attached message. nacl.sign.open(signedMessage, publicKey) verifies the message using the signature and returns the message if verification is successful. The algorithm used for signing is Ed25519.
As already noted in the comments, you do not distinguish clearly between encryption (purpose: secrecy) and signing (purpose: authentication / integrity). In particular, secrecy of the message is not the purpose of signing. This becomes apparent e.g. when the return of nacl.sign() contains the unencrypted message (see code snippet below). However, it is true that encryption with the private key is performed during signing (but not for the purpose of keeping it secret).
The following implementation is a pure JavaScript implementation:
QUESTION
I want to set a repository secret via the GitHub REST API. I use the example from the docs:
...ANSWER
Answered 2020-Sep-22 at 15:36The example code was not quite clear what the key actually is and where you get it. You need the "repository public key" that you get from the /repos/{owner}/{repo}/actions/secrets/public-key endpoint.
Use the repository public key together with the value from your new secret:
QUESTION
Our project is using asymmetric encryption with nacl.box and ephemeral keys:
ANSWER
Answered 2020-Sep-04 at 16:02tweetnacl-java is a port of tweetnacl-js. It is therefore to be expected that both provide the same functionality. At least for the posted method this is the case, which can be implemented on the Java side with TweetNaclFast as follows:
QUESTION
There are many Q&A's about converting blobs or Uint8Array to base64. But I have been unable to find how to convert from 32-bit arrays to base64. Here is an attempt.
ANSWER
Answered 2020-Sep-03 at 00:00The problem with your current code is that nacl.util.encodeBase64() takes in either a string, Array, or Uint8Array. Since your input isn't an Array or Uint8Array, it assumes you want to pass it in as a string.
The solution, of course, is to encode it into a Uint8Array first, then encode the Uint8Array into base64. When you decode, first decode the base64 into a Uint8Array, then convert the Uint8Array back into your Float32Array. This can be done using JavaScript ArrayBuffers.
QUESTION
I read a post: encrypted-data-between-node-js-and-python.
I need to implement the reverse path, create the encryption in python and decode in the node.
On the Python side I did:
...ANSWER
Answered 2020-Aug-19 at 09:11encrypted returned by SecretBox.encrypt() in the PyNaCl code is an EncryptedMessage object (a bytes subclass) that holds the concatenated (24 bytes) nonce and ciphertext. Note that EncryptedMessage also has the properties nonce and ciphertext.
Since the TweetNaCl code uses the concatenated (Base64 encoded) data, these data must first be separated (after Base64 decoding) and nonce and ciphertext must be processed separately in nacl.secretbox.open(). Please note that TweetNaCl uses TypedArrays. For the conversion to or from Utf8 or Base64 the functions from tweetnacl-util can be used:
QUESTION
I've generated a key pair using Tweetnacl.js:
...ANSWER
Answered 2019-Sep-20 at 10:48That being said, NaCl signing keys are 64 bytes, not 32. Hence the error you get.
In the base58KeyPairGenerator function, the secret key must be the output of nacl.sign.keyPair.fromSeed(seed).secretKey (or .privateKey or whatever it's called), not just the seed.
QUESTION
I see this on two different machines. When I navigate to the folder that contains my package.json file and execute the command yarn list, it lists a bunch of packages that I haven't installed. If I execute the command yarn check then it complains that most of the packages aren't installed.
So, what changed since the last time this worked correctly? Where is yarn finding all of the extraneous packages, and how do I convince it that they really aren't there?
Here are all of the relevant files in my project directory:
package.json
...ANSWER
Answered 2019-May-11 at 22:39I figured it out (mostly). Due to some magic that I haven't yet sorted out, I got a reference to npm inserted into my packages.json file.
Here's what I think happened: When I ran yarn list it informed me that a newer version of yarn was available. After considerable struggling and Googling, I figured out that I could upgrade yarn and npm to the latest version via:
QUESTION
I am building a web app from a sample I found, and get a warning in my output "DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead."
In the package-lock.json file it refers to safer-buffer, which from my research is what is used to upgrade the buffer, however I am assuming this may be causing the issue. Here are the parts of the file which refer to buffer:
...ANSWER
Answered 2019-Apr-18 at 09:47Just like the warning said
DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
To avoid the depreciation warning. You need to find out the new Buffer() methods in your codes and replace them with a new one. Such as in the extend-node.js file(NodeTaskApp-master\node_modules\iconv-lite\lib), Line 13:
QUESTION
I'm trying to get TweetNaCl.js working.
My problem is that when I decrypt the data, the output is encoded wrong.
Encrypted data:
...ANSWER
Answered 2019-Feb-12 at 07:55he.js library was conflicting with the TweetNaCl library. Removing it and it started to work like it should.
QUESTION
ANSWER
Answered 2019-Feb-10 at 17:27I had the same issue today and indeed not encouraging to have warnings on a fresh new project.
I just add babel core manually yarn add babel-core@^6.0.0and did not had pbs to run the new app.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install tweetnacl
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
