sodium-cli

A simple CLI frontend for common sodium-native actions

Usage no npm install needed!

<script type="module">
  import sodiumCli from 'https://cdn.skypack.dev/sodium-cli';
</script>

README

sodium-cli

npm version build status

A simple CLI frontend for sodium-native actions.

Installation

npm install sodium-cli -g

Usage

sodium-cli ships with a few cli commands and a common.js api.

The CLI ships three commands:

$ keygen

key.public and key.secret written to /Users/bret/repos/sodium-cli

$ sign index.js

6be2ee42223ac80784c9ad19c3898a35a0ac012ae0938e546deda8d479291494c316eb2f2a3bb1dda695fbe84819de8a9ec43f356b69bd7f0cf0190b11230809

$ verify 6be2ee42223ac80784c9ad19c3898a35a0ac012ae0938e546deda8d479291494c316eb2f2a3bb1dda695fbe84819de8a9ec43f356b69bd7f0cf0190b11230809 index.js

Valid signature for index.js by ./key.public

There is also an API counterpart for each command:

const sodiumCLI = require('sodium-cli')
const cwd = process.cwd()

sodiumCLI.keygen(cwd, err => {
  if (err) throw err
  sodiumCLI.sign('./secret.key', './some-file', (err, sig) => {
    if (err) throw err
    sodiumCLI.verify(sig, './public.key', './some-file', (err, valid) => {
      if (err) throw err
      console.log('Signature is valid ' + valid)
    })
  })
})

CLI

keygen

Generate a libsodium crypto_sign keypair and save it to disk.

$ keygen --help

sodium-cli keygen: Generate a libsodium crypto_sign keypair and save it to disk

Usage: keygen {options}
    --dest, -d            path to save keypair (default: ".")
    --force, -f           overwrite existing key files (default: false)
    --help, -h            show help
    --version, -v         print the version of the program

$ keygen

key.public and key.secret written to /Users/bret/repos/sodium-cli

$ ls key*

key.public key.secret

If keygen finds any existing keys in the destination directory, it will refuse to generate new keys unless you pass the --force flag.

sign [file]

Sign a file with a libsodium crypto_sign secret key and print to stdout.

$ sign --help

sodium-cli sign: Sign a file with a libsodium crypto_sign secret key and print to stdout

Usage: sign [file] {options}
    --secret, -s          path to secret key to sign with (default: "./key.secret")
    --help, -h            show help
    --version, -v         print the version of the program

$ sign index.js
6be2ee42223ac80784c9ad19c3898a35a0ac012ae0938e546deda8d479291494c316eb2f2a3bb1dda695fbe84819de8a9ec43f356b69bd7f0cf0190b11230809

verify [signature] [public key]

Verify a file with a libsodium crypto_sign public key and signature.

$ verify
sodium-cli verify: Verify a file with a libsodium crypto_sign public key and signature

Usage: verify [signature] [file] {options}
    --public, -p          path to public key file to verify with (default: "./key.public")
    --help, -h            show help
    --version, -v         print the version of the program
$ verify 6be2ee42223ac80784c9ad19c3898a35a0ac012ae0938e546deda8d479291494c316eb2f2a3bb1dda695fbe84819de8a9ec43f356b69bd7f0cf0190b11230809 index.js

Valid signature for index.js by ./key.public

$ verify badSig index.js

ERROR: Signature appears invalid

API

sodiumCLI.keygen(destination, callback)

Generate a libsodium crypto_sign keypair and save it to a destination path as destination/public.key and destination/secret.key. Any existing key files are overwritten.

Callback is called with (err) after the key files are written to disk.

sodiumCLI.sign(secretPath, filePath, callback)

Sign a file at filePath with a libsodium crypto_sign secret key located at secretPath.

Callback is called with (err, signature) where signature is the hex representation of the signature.

sodiumCLI.verify(signature, publicPath, filePath, callback)

Verify a file at filePath with a libsodium crypto_sign public key located at publicPath and detached libsodium hex signature.

Callback is called with (err, valid) where valid is a boolean indicating if the file is valid for the signature, public key and file combination.

See also

  • sodium-native: the underlying bindings to libsodium used perform all cryptographic actions.
  • libsodium: docs for the libsodium library.

License

MIT