npmpackage.info

Gathering detailed insights and metrics for libp2p-keychain

Other packages similar to libp2p-keychain

@libp2p/interface-keychain

2.0.5

Keychain interface for libp2p

@libp2p/keychain

5.2.8

Key management and cryptographically protected messages

@libp2p/cms

2.0.2

Cryptographically protected messages using the libp2p keychain

@xstorage/xs-js-libp2p-keychain

0.1.0

xStorage impletion of ipfs js-libp2p-keychain

Gathering detailed insights and metrics for libp2p-keychain

libp2p-keychain - 0.6.1 | npmpackage.info

libp2p-keychain

Key management and cryptographically protected messages

0.6.1

NOASSERTION

TypeScript

3.9

Installations

npm install libp2p-keychain

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

>=10.0.0

Node Version

12.16.3

NPM Version

6.14.4 Pull Requests

Open

0

Total

55

Closed

15

Merged

40

Issues

Open

3

Total

14

Closed

11

Releases

v2.0.1

Updated on Jun 15, 2023

v2.0.0

Updated on Mar 13, 2023

v1.0.1

Updated on Mar 13, 2023

v1.0.0

Updated on Jan 27, 2023

v0.6.1

Updated on Jun 09, 2020

v0.6.0

Updated on Dec 18, 2019

View All 21 releases

Languages

TypeScript

TypeScript (100%)

Developer

libp2p

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

NOASSERTION License

19 Stars

119 Commits

8 Forks

18 Watchers

4 Branches

49 Contributors

Updated on Jul 17, 2024

Maintainers

View All 49 Contributors

Package Meta Information

Latest Version

0.6.1

Package Id

libp2p-keychain@0.6.1

Size

41.91 kB

NPM Version

6.14.4

Node Version

12.16.3

Published on

Jun 09, 2020

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

err-code interface-datastore libp2p-crypto merge-options node-forge sanitize-filename

Dev Dependencies

aegir chai chai-string datastore-fs datastore-level dirty-chai level multihashes peer-id promisify-es6 rimraf

js-libp2p-keychain

A secure key chain for libp2p in JavaScript

Lead Maintainer

Vasco Santos.

Features

Manages the lifecycle of a key
Keys are encrypted at rest
Enforces the use of safe key names
Uses encrypted PKCS 8 for key storage
Uses PBKDF2 for a "stetched" key encryption key
Enforces NIST SP 800-131A and NIST SP 800-132
Uses PKCS 7: CMS (aka RFC 5652) to provide cryptographically protected messages
Delays reporting errors to slow down brute force attacks

Install

1npm install --save libp2p-keychain

Usage

1const Keychain = require('libp2p-keychain')
2const FsStore = require('datastore-fs')
3
4const datastore = new FsStore('./a-keystore')
5const opts = {
6  passPhrase: 'some long easily remembered phrase'
7}
8const keychain = new Keychain(datastore, opts)

API

Managing a key

async createKey (name, type, size)
async renameKey (oldName, newName)
async removeKey (name)
async exportKey (name, password)
async importKey (name, pem, password)
async importPeer (name, peer)

A naming service for a key

async listKeys ()
async findKeyById (id)
async findKeyByName (name)

Cryptographically protected messages

async cms.encrypt (name, plain)
async cms.decrypt (cmsData)

KeyInfo

The key management and naming service API all return a KeyInfo object. The id is a universally unique identifier for the key. The name is local to the key chain.

1{
2  name: 'rsa-key',
3  id: 'QmYWYSUZ4PV6MRFYpdtEDJBiGs4UrmE6g8wmAWSePekXVW'
4}

The key id is the SHA-256 multihash of its public key. The public key is a protobuf encoding containing a type and the DER encoding of the PKCS SubjectPublicKeyInfo.

Private key storage

A private key is stored as an encrypted PKCS 8 structure in the PEM format. It is protected by a key generated from the key chain's passPhrase using PBKDF2.

The default options for generating the derived encryption key are in the dek object. This, along with the passPhrase, is the input to a PBKDF2 function.

1const defaultOptions = {
2  //See https://cryptosense.com/parameter-choice-for-pbkdf2/
3  dek: {
4    keyLength: 512 / 8,
5    iterationCount: 1000,
6    salt: 'at least 16 characters long',
7    hash: 'sha2-512'
8  }
9}

key storage

Physical storage

The actual physical storage of an encrypted key is left to implementations of interface-datastore. A key benifit is that now the key chain can be used in browser with the js-datastore-level implementation.

Cryptographic Message Syntax (CMS)

CMS, aka PKCS #7 and RFC 5652, describes an encapsulation syntax for data protection. It is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. Basically, cms.encrypt creates a DER message that can be only be read by someone holding the private key.

Contribute

Feel free to join in. All welcome. Open an issue!

This repository falls under the IPFS Code of Conduct.

License

MIT

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

9

License

Determines if the project has defined a license.

3

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

3

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 3

Details

Warn: third-party GitHubAction not pinned by hash: .github/workflows/automerge.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/automerge.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-test-and-release.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/js-test-and-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pull-request.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/semantic-pull-request.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/stale.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p-keychain/stale.yml/master?enable=pin
Info: 0 out of 22 GitHub-owned GitHubAction dependencies pinned
Info: 9 out of 24 third-party GitHubAction dependencies pinned

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Security-Policy

Determines if the project has published a security policy.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

Score

3.9

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to libp2p-keychain

Other packages similar to libp2p-keychain

libp2p-keychain

Installations

Developer Guide

No

CommonJS

>=10.0.0

12.16.3

6.14.4

Pull Requests

0

55

15

40

Issues

3

14

11

Releases

Languages

Developer

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

NaN

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

js-libp2p-keychain

Lead Maintainer

Features

Table of Contents

Install

Usage

API

KeyInfo

Private key storage

Physical storage

Cryptographic Message Syntax (CMS)

Contribute

License

10

10

10

9

3

3

0

0

0

0

0

0

0

3.9

/10