Gathering detailed insights and metrics for react-native-fast-openpgp
Gathering detailed insights and metrics for react-native-fast-openpgp
Installations
npm install react-native-fast-openpgpDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>= 18.0.0
Typescript Support
Yes
Node Version
16.20.2
NPM Version
8.19.4
Statistics
45 Stars
281 Commits
18 Forks
4 Watching
9 Branches
3 Contributors
Updated on 06 Nov 2024
Languages
TypeScript (76.39%)
JavaScript (5.08%)
C (4.38%)
C++ (4.03%)
Java (3.06%)
Objective-C++ (1.73%)
Ruby (1.54%)
Shell (1.25%)
Kotlin (1.17%)
Objective-C (0.94%)
CMake (0.33%)
Makefile (0.07%)
Swift (0.02%)
Total Downloads
Cumulative downloads
Total Downloads
107,180
Last day
-39.3%
34
Compared to previous day
Last week
-2.9%
409
Compared to previous week
Last month
44.6%
1,643
Compared to previous month
Last year
38.7%
23,219
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Peer Dependencies
2
Dev Dependencies
21
@commitlint/config-conventional@evilmartians/lefthook@react-native/eslint-config@release-it/conventional-changelog@types/jest@types/react@types/react-nativecommitlintdel-clieslinteslint-config-prettiereslint-plugin-prettierjestpod-installprettierreactreact-nativereact-native-builder-bobrelease-itturbotypescript
Versions
react-native-fast-openpgp
Getting started
$ npm install react-native-fast-openpgp --save
JSI
If you want to use with JSI instead of NativeModules you need to set
1import OpenPGP from "react-native-fast-openpgp"; 2 3OpenPGP.useJSI = true;
if you need to use generate methods it is a good idea to disable it, because for now JSI will block your UI but it is faster compared to NativeModules
Usage
Encrypt methods
1import OpenPGP from "react-native-fast-openpgp"; 2 3const encrypted = await OpenPGP.encrypt(message: string, publicKey: string, signedEntity?: Entity, fileHints?: FileHints, options?: KeyOptions ): Promise<string>; 4const outputFile = await OpenPGP.encryptFile(inputFile: string, outputFile: string, publicKey: string, signedEntity?: Entity, fileHints?: FileHints, options?: KeyOptions): Promise<number>; 5 6const encryptedSymmetric = await OpenPGP.encryptSymmetric(message: string, passphrase: string, fileHints?: FileHints, options?: KeyOptions ): Promise<string>; 7const outputFile = await OpenPGP.encryptSymmetricFile(inputFile: string, outputFile: string, passphrase: string, fileHints?: FileHints, options?: KeyOptions ): Promise<number> ;
Decrypt methods
1import OpenPGP from "react-native-fast-openpgp"; 2 3const decrypted = await OpenPGP.decrypt(message: string, privateKey: string, passphrase: string, options?: KeyOptions ): Promise<string>; 4const outputFile = await OpenPGP.decryptFile(inputFile: string, outputFile: string, privateKey: string, passphrase: string, options?: KeyOptions ): Promise<number>; 5 6const decryptedSymmetric = await OpenPGP.decryptSymmetric(message: string, passphrase: string, options?: KeyOptions ): Promise<string>; 7const outputFile = await OpenPGP.decryptSymmetricFile(inputFile: string, outputFile: string, passphrase: string, options?: KeyOptions ): Promise<number> ;
Sign and Verify methods
1import OpenPGP from "react-native-fast-openpgp"; 2 3const signed = await OpenPGP.sign(message: string, privateKey: string, passphrase: string, options?: KeyOptions ): Promise<string>; 4const signed = await OpenPGP.signFile(inputFile: string, privateKey: string, passphrase: string, options?: KeyOptions ): Promise<string>; 5 6const verified = await OpenPGP.verify(signature: string, message: string, publicKey: string ): Promise<boolean>; 7const verified = await OpenPGP.verifyFile(signature: string, inputFile: string,publicKey: string): Promise<boolean>;
Generate
1import OpenPGP from "react-native-fast-openpgp"; 2 3const generated = await OpenPGP.generate(options: Options): Promise<KeyPair>;
Convert methods
1import OpenPGP from "react-native-fast-openpgp"; 2 3const publicKey = await OpenPGP.convertPrivateKeyToPublicKey(privateKey: string): Promise<string>;
Metadata methods
1import OpenPGP from "react-native-fast-openpgp"; 2 3const metadata1 = await OpenPGP.getPublicKeyMetadata(publicKey: string): Promise<PublicKeyMetadata>; 4const metadata2 = await OpenPGP.getPrivateKeyMetadata(privateKey: string): Promise<PrivateKeyMetadata>;
Encrypt with multiple keys
1import OpenPGP from "react-native-fast-openpgp"; 2 3const publicKeys = `-----BEGIN PGP PUBLIC KEY BLOCK----- 4 5mQENBF0Tpe0BCADm+ja4vMKuodkQEhLm/092M/6gt4TaKwzv8QcA53/FrM3g8wab 6D4m65Neoc7DBEdvzgK9IUMpwG5N0t+0pfWLhs8AZdMxE7RbP 7=kbtq 8-----END PGP PUBLIC KEY BLOCK----- 9-----BEGIN PGP PUBLIC KEY BLOCK----- 10 11mQENBF0Tpe0BCADm+ja4vMKuodkQEhLm/092M/6gt4TaKwzv8QcA53/FrM3g8wab 12D4m65Neoc7DBEdvzgK9IUMpwG5N0t+0pfWLhs8AZdMxE7RbP 13=kbtq 14-----END PGP PUBLIC KEY BLOCK----- 15-----BEGIN PGP PUBLIC KEY BLOCK----- 16 17mQENBF0Tpe0BCADm+ja4vMKuodkQEhLm/092M/6gt4TaKwzv8QcA53/FrM3g8wab 18D4m65Neoc7DBEdvzgK9IUMpwG5N0t+0pfWLhs8AZdMxE7RbP 19=kbtq 20-----END PGP PUBLIC KEY BLOCK-----`; 21const encrypted = await OpenPGP.encrypt("sample text" publicKeys);
Types
1import OpenPGP from "react-native-fast-openpgp"; 2 3export enum Algorithm { 4 RSA = 0, 5 ECDSA = 1, 6 EDDSA = 2, 7 ECHD = 3, 8 DSA = 4, 9 ELGAMAL = 5, 10} 11 12export enum Curve { 13 CURVE25519 = 0, 14 CURVE448 = 1, 15 P256 = 2, 16 P384 = 3, 17 P521 = 4, 18 SECP256K1 = 5, 19 BRAINPOOLP256 = 6, 20 BRAINPOOLP384 = 7, 21 BRAINPOOLP512 = 8, 22} 23 24export enum Hash { 25 SHA256 = 0, 26 SHA224 = 1, 27 SHA384 = 2, 28 SHA512 = 3, 29} 30 31export enum Compression { 32 NONE = 0, 33 ZLIB = 1, 34 ZIP = 2, 35} 36 37export enum Cipher { 38 AES128 = 0, 39 AES192 = 1, 40 AES256 = 2, 41 DES = 3, 42 CAST5 = 4, 43} 44 45export interface KeyOptions { 46 /** 47 * The public key algorithm to use - will always create a signing primary 48 * key and encryption subkey. 49 * @default RSA 50 */ 51 algorithm?: Algorithm; 52 53 /** 54 * Curve configures the desired packet.Curve if the Algorithm is PubKeyAlgoECDSA, 55 * PubKeyAlgoEdDSA, or PubKeyAlgoECDH. If empty Curve25519 is used. 56 * @default CURVE25519 57 */ 58 curve?: Curve; 59 60 /** 61 * RSABits is the number of bits in new RSA keys made with NewEntity. 62 * If zero, then 2048 bit keys are created. 63 * @default 2048 64 */ 65 rsaBits?: number; 66 67 /** 68 * Cipher is the cipher to be used. 69 * If zero, AES-128 is used. 70 * @default AES128 71 */ 72 cipher?: Cipher; 73 74 /** 75 * Compression is the compression algorithm to be 76 * applied to the plaintext before encryption. If zero, no 77 * compression is done. 78 * @default none 79 */ 80 compression?: Compression; 81 82 /** 83 * Hash is the default hash function to be used. 84 * If zero, SHA-256 is used. 85 * @default SHA256 86 */ 87 hash?: Hash; 88 89 /** 90 * CompressionLevel is the compression level to use. It must be set to 91 * between -1 and 9, with -1 causing the compressor to use the 92 * default compression level, 0 causing the compressor to use 93 * no compression and 1 to 9 representing increasing (better, 94 * slower) compression levels. If Level is less than -1 or 95 * more then 9, a non-nil error will be returned during 96 * encryption. See the constants above for convenient common 97 * settings for Level. 98 * @default 0 99 */ 100 compressionLevel?: number; 101} 102 103export interface Options { 104 comment?: string; 105 email?: string; 106 name?: string; 107 passphrase?: string; 108 keyOptions?: KeyOptions; 109} 110 111export interface KeyPair { 112 publicKey: string; 113 privateKey: string; 114} 115 116export interface PublicKeyMetadata { 117 keyID: string; 118 keyIDShort: string; 119 creationTime: string; 120 fingerprint: string; 121 keyIDNumeric: string; 122 isSubKey: boolean; 123} 124export interface PrivateKeyMetadata { 125 keyID: string; 126 keyIDShort: string; 127 creationTime: string; 128 fingerprint: string; 129 keyIDNumeric: string; 130 isSubKey: boolean; 131 encrypted: boolean; 132} 133 134/** 135 * An Entity represents the components of an OpenPGP key: a primary public key 136 * (which must be a signing key), one or more identities claimed by that key, 137 * and zero or more subkeys, which may be encryption keys. 138 */ 139export interface Entity { 140 publicKey: string; 141 privateKey: string; 142 passphrase?: string; 143} 144 145export interface FileHints { 146 /** 147 * IsBinary can be set to hint that the contents are binary data. 148 */ 149 isBinary?: boolean; 150 /** 151 * FileName hints at the name of the file that should be written. It's 152 * truncated to 255 bytes if longer. It may be empty to suggest that the 153 * file should not be written to disk. It may be equal to "_CONSOLE" to 154 * suggest the data should not be written to disk. 155 */ 156 fileName?: string; 157 /** 158 * ModTime format allowed: RFC3339, contains the modification time of the file, or the zero time if not applicable. 159 */ 160 modTime?: string; 161} 162
Native Code
the native library is made in Golang for faster performance
https://github.com/jerson/openpgp-mobile
Contributing
See the contributing guide to learn how to contribute to the repository and the development workflow.
License
MIT
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
binaries present in source code
Details
- Warn: binary detected: android/src/main/jniLibs/arm64-v8a/libopenpgp_bridge.so:1
- Warn: binary detected: android/src/main/jniLibs/armeabi-v7a/libopenpgp_bridge.so:1
- Warn: binary detected: android/src/main/jniLibs/x86/libopenpgp_bridge.so:1
- Warn: binary detected: android/src/main/jniLibs/x86_64/libopenpgp_bridge.so:1
- Warn: binary detected: example/android/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: ios/Openpgp.xcframework/ios-arm64/libopenpgp_bridge.a:1
- Warn: binary detected: ios/Openpgp.xcframework/ios-arm64_x86_64-simulator/libopenpgp_bridge.a:1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/android.yml:1
- Warn: no topLevel permission defined: .github/workflows/ios.yml:1
- Warn: no topLevel permission defined: .github/workflows/npm.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
Found 0/24 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/android.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/android.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/android.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/ios.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/ios.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/ios.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/npm.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/npm.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/release.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/android.yml:38
- Warn: npmCommand not pinned by hash: .github/workflows/android.yml:39
- Warn: npmCommand not pinned by hash: .github/workflows/android.yml:40
- Warn: npmCommand not pinned by hash: .github/workflows/ios.yml:29
- Warn: npmCommand not pinned by hash: .github/workflows/ios.yml:30
- Warn: npmCommand not pinned by hash: .github/workflows/ios.yml:31
- Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
- Info: 0 out of 6 npmCommand dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 13 are checked with a SAST tool
Reason
30 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-c2jc-4fpr-4vhg
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
- Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
- Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
Score
2
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More