Skiff is a privacy-first workspace that empowers you to communicate and collaborate with freedom. Building our end-to-end encrypted product, however, is a novel engineering challenge requiring fast encryption, intuitive design, and compatibility across all native and web platforms.
We’re excited to announce that all of our cryptography work is fully open-source, helping you and your teams build better and more secure apps.
For quick reference, check out our documentation site here.
Introducing @skiff-org/skiff-crypto
Our NPM library @skiff-org/skiff-crypto, a powerful open-source cryptography and object versioning library, is designed to provide secure encryption, decryption, hashing, signing, and versioning capabilities. With skiff-crypto, developers can easily integrate robust encryption algorithms into their applications and securely version objects. Managing encrypted data for apps that scale to millions of users is no small challenge, and we hope this library helps make that simpler.
Skiff Crypto offers a comprehensive set of cryptographic functions and object versioning utilities, empowering developers to secure their data and manage object versions efficiently. The library supports symmetric and asymmetric encryption schemes, enabling encryption and decryption of data using secret keys and public-key authentication. It also supports key generation and derivation, as well as other convenient utility functions, like UTF8 or base64 encoding.
Let’s take a closer look at some of the key features and functionalities provided by @skiff-org/skiff-crypto.
Symmetric Encryption and Decryption
Skiff crypto includes functions for symmetric encryption and decryption using the NaCl secretbox algorithm. Developers can encrypt and decrypt objects with a shared secret key, ensuring data confidentiality and integrity.
Here’s an example of how to use the `encryptSymmetric` and `decryptSymmetric` functions:
import { encryptSymmetric, createJSONWrapperDatagram, decryptSymmetric, generateSymmetricKey } from '@skiff-org/skiff-crypto';
// A datagram is used to manage object versions and metadata
const TestDatagram = createJSONWrapperDatagram('ddl://test');
const draftSymmetricKey = generateSymmetricKey();
// Encrypting data
const encryptedData = encryptSymmetric('Hello, world!', draftSymmetricKey);
// Decrypting data
const decryptedData = decryptSymmetric(encryptedData, draftSymmetricKey);
console.log(decryptedData); // Output: Hello, world!Asymmetric Encryption and Decryption
@skiff-org/skiff-crypto supports asymmetric encryption and decryption using the NaCl box algorithm. Developers can use public and private keys to securely encrypt and decrypt data, providing enhanced security and data exchange between parties.
Check out the example below to see how to use the asymmetric encryption and decryption functions:
import { stringEncryptAsymmetric, stringDecryptAsymmetric, generatePublicPrivateKeyPair } from '@skiff-org/skiff-crypto';
const plaintext = "Hello, skiff-crypto!";
const keypair = generatePublicPrivateKeyPair();
const encrypted = stringEncryptAsymmetric(keypair.privateKey, { key: keypair.publicKey }, plaintext);
const decrypted = stringDecryptAsymmetric(keypair.privateKey, { key: keypair.publicKey }, encrypted);
console.log('Plaintext:', plaintext);
console.log('Ciphertext:', encrypted);
console.log('Expected to be true:', plaintext === decrypted);Object Versioning
With Skiff Crypto, developers can easily version their objects to manage data changes and maintain compatibility across different versions of their applications. The library provides utilities for creating datagrams that encode and decode JSON-serializable data, allowing seamless versioning of objects.
Here’s an example of creating a JSON wrapper datagram:
import { createJSONWrapperDatagram } from '@skiff-org/skiff-crypto';
// Creating a JSON wrapper datagram
const datagram = createJSONWrapperDatagram('ddl://myJSONType', '0.1.0');
// Serializing data
const serializedData = datagram.serialize({ name: 'John', age: 30 });
// Deserializing data
const deserializedData = datagram.deserialize(serializedData);
console.log(deserializedData); // Output: { name: 'John', age: 30 }Hashing
The library also provides a utility function for generating SHA-512 hashes of values. Developers can easily generate hash values for data integrity verification or other cryptographic purposes.
Here’s an example of generating a SHA-512 hash:
import { generateHash } from '@skiff-org/skiff-crypto';
const hashedValue = generateHash('Hello, world!');Signature Verification
Skiff Crypto offers functions for verifying and creating detached signatures. Developers can verify the authenticity and integrity of messages using public keys and check whether the signatures are valid given the provided context.
Using context-dependent signatures can be a critical additional security against replay attacks or other issues associated with signature reuse.
Check out the snippet below to generate a detatched signature:
import { verifyDetachedSignatureAsymmetric } from '@skiff-org/skiff-crypto';
const message = 'Hello, world!';
const signature = 'SIGNATURE_TO_VERIFY';
const publicKey = 'PUBLIC_KEY_TO_USE';
// signature context makes sure that intent is known
const isValid = verifyDetachedSignatureAsymmetric(message, signature, publicKey, 'DOCUMENT_DATA');
console.log(isValid); // Output: trueGet Started with @skiff-org/skiff-crypto
To start using @skiff-org/skiff-crypto in your projects, you can install it via npm:
npm install @skiff-org/skiff-cryptoOr with yarn:
yarn add @skiff-org/skiff-cryptoFor detailed usage instructions, including more examples and API documentation, please refer to the official documentation site.
Contributing
@skiff-org/skiff-crypto is an open-source project, and we welcome contributions and feedback from the community. If you encounter any issues, have suggestions for improvements, or would like to contribute to the project, please visit the GitHub repository.
We hope Skiff Crypto will empower developers to create better and more secure products.
