Skip to content

Cryptographic signing of your redux (or flux) actions

Notifications You must be signed in to change notification settings

grrowl/redux-signatures

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

redux-signatures

Signs redux (or flux) actions for you cryptographically.

Designed for use with redux-scuttlebutt

Contributions, suggestions and questions welcome.

signatures

  • Ed25519: "High speed, high security signatures". On my machine, signs in 1ms, verifies in 6ms.
    • Sign actions against a public key
    • Verifies actions against their signature and a public key (author)
    • Secure against modification, but not omission.

use

sign and verify

For import { verifyAction, signAction } from 'redux-signatures',

  • verifyAction(identity, callback, action): calls callback(true) if action is valid, callback(false) otherwise.
    • usually callback is a redux store dispatch
  • signAction(identity, callback, action): calls callback with action, with publicKey and signature added to the meta key
    • publicKey and signature constants are exported as META_PUBLIC_KEY and META_SIGNATURE respectively.

identity

For import { Ed25519 } from 'redux-signatures',

  • identity = new Ed25519(): generates a new Ed25519 identity.

  • identity = new Ed25519(privateKey: string): recreates an existing Ed25519 identity from privateKey.

  • identity.sign(message: string) => signature: string: Returns the signature for a given message.

  • identity.verifyPublic(message: string, signature: string, publicKey:string) => valid: bool: Verifies a given message against the given signature and publicKey.

  • identity.verify(message: string, signature: string) => valid: bool: Verifies a given message against the given signature and this identity.

  • identity.publicKey => hex: string: Returns the identity's publicKey

  • identity.privateKey => hex: string: Returns the identity's privateKey

example

const { Ed25519, signAction, verifyAction } from 'redux-signatures'

// create the identity object with a random key.
const identity = new Ed25519()

// serialise action, calls identity.sign, returns action with signature
signAction(identity, callback, action)

// serialise action, calls identity.verify with the action and its included signature
verifyAction(identity, callback, action)

// maintain identity
const identity = new Ed25519(localStorage['privateKey'])
localStorage['privateKey'] = identity.privateKey

// now the app can render the local identity
const initialState = {
  identity: identity.publicKey,
}

// for use with redux-scuttlebutt
return createStore(rootReducer, initialState, scuttlebutt({
  verifyAsync: verifyAction.bind(undefined, identity),
  signAsync: signAction.bind(undefined, identity),
}))

licence

MIT.

About

Cryptographic signing of your redux (or flux) actions

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published