cryptographic operations for cobox 2.2KB


The crypto primitives used in cobox, extracted into a separate module

npm install cobox-crypto


const Crypto = require('cobox-crypto')
const crypto = Crypto()

const accessKey = crypto.accessKey()


keyPair = crypto.keyPair()

Returns an ed25519 keypair that can used for tree signing.

const symKey = crypto.symmetricKey()

Returns an ed25519 symmetric key used for shared secret encryption

const accessKey = crypto.accessKey()

// OR

const accessKey = crypto.pack(pubKey, symKey)

Returns an access key, which consists of an ed25519 public key, packed together with an ed25519 symmetric key

const keys = crypto.unpack(key)

Returns an object containing a public key, and a shared secret if accessible. Public key alone is used for blind replication. The shared secret can then be used for decryption.

const valueEncoding = crypto.encoder(encryptionKey, {})

Returns a message encoder used for encrypting messages in hypercore. Can be passed to hypercore doing the following:

const accessKey = crypto.accessKey
const keys = crypto.unpack(accessKey)
var feed = hypercore(storage, keys.publicKey, {
  valueEncoding: crypto.encoder(keys.symmetricKey, { valueEncoding: 'utf-8' })

feed.ready(() => {
  feed.append("this is going to be encrypted", (err, seq) => {
    // do other stuff...
const { publicKey, secretKey } = boxKeypair(seed)
const boxed = box(publicKey, message, [contextMessage])

Encrypts a message to a given public key and returns it as a buffer

  • publicKey buffer or hex encoded string
  • message buffer or hex encoded string of any length
  • contextMessage, if passed, will be hashed in to the shared secret. Should be a buffer or hex encoded string.
const unboxed = unbox(cipherText, keypair, [contextMessage])

Decrypts a message using the given keypair.

  • cipherText the encrypted message given as a buffer.
  • keypair an object of the form { publicKey, secretKey } both of which should be buffers or hex encoded strings.
  • contextMessage, if given, will be hashed into the shared secret. Should be a buffer or hex encoded string.