Crate crypto_wasi
source ·Expand description
crypto-wasi
is subset of apis of nodejs’s crypto module for wasm32-wasi,
implemented in rust,
powered by WASI Cryptography APIs.
This library is developed and tested over WasmEdge runtime
Note: The api of this library is not completely consistent with the api of nodejs.
§Currently Subset Implemented
- [Hash] (sha256, sha512, sha512-256)
- Hmac (sha256, sha512)
- hkdf (sha256, sha512)
- pbkdf2 (sha256, sha512)
- scrypt
- Cipheriv & Decipheriv (aes-128-gcm, aes-256-gcm, chacha20-poly1305)
- generate_key_pair (rsa-[2048, 3072, 4096], rsa-pss-[2048, 3072, 4096], ecdsa-[prime256v1, secp256k1, secp384r1], ed25519, x25519)
- KeyObject (PublicKey & PrivateKey)
- [sign] & verify
- diffie_hellman
§Working In Process
- create_public_key & create_private_key
- ECDH (you can use generate_key_pair and diffie_hellman as alternatives)
§Not Implemented
createCipher
&createDecipher
: This function is semantically insecure for all supported ciphers and fatally flawed for ciphers in counter mode (such as CTR, GCM, or CCM).generateKey
&createSecretKey
: In nodejs,SecretKey
is just store the raw key data. In wasi-crypto,SymmetricKey
is equivalent toSecretKey
, which is also just store the raw key data in WasmEdge’s implementation. But in wasi-crypto, each key is required to be bound to a kind of algorithms, which cause some complications when managing keys and reusing keys. So we’re not going to implementSecretKey
.
§Known Issues:
- ECDSA_P384_SHA384 key export as Jwk: elliptic curve routines:ec_GFp_simple_point2oct:buffer too small
- ECDSA_P384_SHA384 in sign & verify use sha256 as digest actually
Modules§
- Low-level binding to
wasi-crypto
- Some helpful tools and simpified api
Structs§
- Equivalent to
crypto.Cipheriv
- Equivalent to
crypto.Decipheriv
- Equivalent to
crypto.Hash
- Equivalent to
crypto.Hmac
crypto.KeyObject
for private (asymmetric) keyscrypto.KeyObject
for public (asymmetric) keys
Enums§
- Setting encoding format for export PublicKey and PrivateKey
- Setting encoding type for export PrivateKey
- Setting encoding type for export PublicKey
Functions§
- Creates and returns a
Hash
object that can be used to generate hash digests using the given algorithm. - Creates and returns an
Hmac
object that uses the given algorithm and key. - Generates a new asymmetric key pair of the given
algorithm
- HKDF is a simple key derivation function defined in RFC 5869.
- As same as hkdf, but use hmac to manual expand
- Password-Based Key Derivation Function 2 (PBKDF2) implementation.
- Provides a synchronous scrypt implementation.