all cryptographic functionality used in @webboot. separated to simplify testing and auditing.

Usage no npm install needed!

<script type="module">
  import webbootCrypto from 'https://cdn.skypack.dev/@webboot/crypto';



this is the @webboot/crypto library.

not audited and deployed yet. please be careful

webboot aims to make tofu - trust on first use a bit less scary.

this library exposes all cryptographic functionality used throughout webboot, making both testing and auditing easier.

additionally, this library does not have production dependencies.

NPM version Linux Build Status Windows Build Status Coverage Status Greenkeeper badge Known Vulnerabilities


npm install --save-exact @webboot/crypto


import crypto from '@webboot/crypto'

const hash = crypto.hash.create('testing', 'sha512')


hashes a string with the specified algorithm. default algo is sha521

import crypto from '@webboot/crypto'

const { hash, algorithm } = crypto.hash.create('testing', 'sha512')
console.log({ hash, algorithm })


const options = {
  // ecdh curve to use
  curve: 'secp521r1',
  // return private key
  priv: false,
  // toString encoding to use before returning the keys, eg 'base64', 'hex'
  encoding: false,


generates an ecdh pub/priv key pair.

import crypto from '@webboot/crypto'

const { curve, priv, pub } = crypto.ecdh('testing', { priv: true })

// curve = 'secp521r1'
// priv  = Buffer
// pub   = Buffer

strings / hex

by default, crypto.ecdh returns buffers. to return base64 or hex strings, simply specifiy the encoding as such.

import crypto from '@webboot/crypto'

const { curve, priv, pub } = crypto.ecdh('testing', { encoding: 'base64', priv: true })

// curve = 'secp521r1'
// priv  = String
// pub   = String

generate secrets

import crypto from '@webboot/crypto'

const alicePrivateKey = crypto.hash.create('Alice: this string DOES NOT get hashed by ecdh.')
const bobPrivateKey = crypto.hash.create('Bob: this string DOES NOT get hashed by ecdh.')
const evePrivateKey = crypto.hash.create('Eve: this string DOES NOT get hashed by ecdh.')
const lilithPrivateKey = crypto.hash.create('Lilith: this string DOES NOT get hashed by ecdh.')

const alice = crypto.ecdh(alicePrivateKey)
const bob = crypto.ecdh(bobPrivateKey)
const eve = crypto.ecdh(evePrivateKey)
const lilith = crypto.ecdh(lilithPrivateKey)

const aliceSecret = alice.computeSecret(bob.pub)
const bobSecret = bob.computeSecret(alice.pub)
const eveSecret = eve.computeSecret(lilith.pub)
const lilithSecret = eve.computeSecret(eve.pub)

console.log(aliceSecret === bobSecret) // true
console.log(eveSecret === lilithSecret) // true
console.log(aliceSecret === eveSecret) // false
console.log(bobSecret === lilithSecret) // false

different curves

if you want to use a different curve, just specify it.

please note that secp521r1 has been chosen after careful consideration of curve options.

being one of the default curves, it's existence can be assumed on most systems. SP 800-186 draft



first release


bump required node version to 14.2.0

  • format
  • update number error handling
  • fix missing production dependency of @magic/types
  • update dependencies
0.0.1 - unreleased