Lines 11-75typescript
11 data: object | string | number | boolean;
13 let { pem, data } = config;
14 let inputMessageStr = JSON.stringify(data);
15 let inputMessage = Buffer.from(inputMessageStr);
16 function isED25519(key: string | Buffer) {
17 return key.length < 256;
20 let key = extractRawED25519PrivateKey(pem);
21 let signature = await signED25519(key, inputMessage);
24 let key = await globalThis.crypto.subtle.importKey("spki", Buffer.from(pem as any), { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, false, ["sign"]);
25 let signatureBuffer = await globalThis.crypto.subtle.sign("RSASSA-PKCS1-v1_5", key, inputMessage);
26 return Buffer.from(signatureBuffer);
30export function extractRawED25519PrivateKey(pem: string | Buffer) {
31 let keyPart = pem.toString().replaceAll("-----BEGIN PRIVATE KEY-----", "").replaceAll("-----END PRIVATE KEY-----", "").replaceAll("\n", "").replaceAll("\r", "");
CriticalCritical Secret
Package contains a critical-looking secret pattern.
src/-a-auth/ed25519.tsView on unpkg · L31 CriticalSecret Pattern
RSA private key in src/-a-auth/ed25519.ts
src/-a-auth/ed25519.tsView on unpkg · L31 32 let forgeParsed = berTagParser(Buffer.from(keyPart, "base64"));
33 return forgeParsed[0].children![2].data.slice(2, 2 + 32);
35function wrapWithPEM(rawED25519Key: Buffer) {
36 let forgeBase = encodeBerTags([
37 { type: tagLookup.OCTET_STRING, data: rawED25519Key, }
39 let forgeValue = encodeBerTags([
41 type: tagLookup.SEQUENCE,
43 { type: tagLookup.INTEGER, data: [0], },
45 type: tagLookup.SEQUENCE,
47 { type: tagLookup.OBJECT_IDENTIFIER, data: [43, 101, 112], }
50 { type: tagLookup.OCTET_STRING, data: forgeBase, }
55 return "-----BEGIN PRIVATE KEY-----\n" + forgeValue.toString("base64") + "\n-----END PRIVATE KEY-----";
CriticalSecret Pattern
RSA private key in src/-a-auth/ed25519.ts
src/-a-auth/ed25519.tsView on unpkg · L55 58export async function signED25519(privateKey: Buffer, inputMessage: Buffer): Promise<Buffer> {
59 if (privateKey.length !== 32) {
60 throw new Error(`Invalid private key length, expected 32, got ${privateKey.length}`);
62 var pk = Buffer.alloc(32);
63 var sk = Buffer.alloc(64);
65 await crypto_sign_keypair(pk, sk);
67 let signedOutput = Buffer.alloc(64 + inputMessage.length);
68 await crypto_sign(signedOutput, inputMessage, sk);
69 return signedOutput.slice(0, 64);
71export async function extractPublicKey(privateKey: Buffer): Promise<Buffer> {
72 if (privateKey.length !== 32) throw new Error(`Invalid private key length, expected 32, got ${privateKey.length}. Only ED25519 is presently supported`);
73 var pk = Buffer.alloc(32);
74 var sk = Buffer.alloc(64);