This is a fork of TweetNaCl.js modified to be tree shakeable, in other words, it was modified to use ES modules and exports were flattened instead of just exporting the CommonJS export as a default export (like tweetnacl-es6);
Exports were flattened by replacing dots with underlines. Example:
// Instead of
const nacl = require('tweetnacl')
const exampleKeyPair = nacl.box.keyPair()
// Write the following
import { box_keyPair } from './nacl-fast.js'
const exampleKeyPair = box_keyPair()Low level functions were exported directly in root level so instead of importing those using lowlevel_ prefix you can import those directly, like this: import { crypto_box } from './nacl-fast.js'. Only nacl-fast.js as modified. Minified files aren't provided as this fork is made to be used with a tool that does tree shaking (like Rollup). This README.md file was simplified to only include parts that were changed by the fork, for complete info about TweetNaCl.js check the original project.
import { hash } from 'tweetnacl'
console.log(hash(new Uint8Array()))Build sizes after compiling the above code using Rollup then minifing:
FILE GZIP BROTLI
original.js 10.74KB 8.25KB
fork.js 2.90KB 2.37KB(This section needs to be expanded in future.)
Implements x25519-xsalsa20-poly1305.
Generates a new random key pair for box and returns it as an object with
publicKey and secretKey members:
{
publicKey: ..., // Uint8Array with 32-byte public key
secretKey: ... // Uint8Array with 32-byte secret key
}Returns a key pair for box with public key corresponding to the given secret key.
Encrypts and authenticates message using peer's public key, our secret key, and the given nonce, which must be unique for each distinct message for a key pair.
Returns an encrypted and authenticated message, which is
box_overheadLength longer than the original message.
Authenticates and decrypts the given box with peer's public key, our secret key, and the given nonce.
Returns the original message, or null if authentication fails.
Returns a precomputed shared key which can be used in box_after and
box_open_after.
Same as box, but uses a shared key precomputed with box_before.
Same as box_open, but uses a shared key precomputed with box_before.
Length of public key in bytes.
Length of secret key in bytes.
Length of precomputed shared key in bytes.
Length of nonce in bytes.
Length of overhead added to box compared to original message.
Implements xsalsa20-poly1305.
Encrypts and authenticates message using the key and the nonce. The nonce must be unique for each distinct message for this key.
Returns an encrypted and authenticated message, which is
secretbox_overheadLength longer than the original message.
Authenticates and decrypts the given secret box using the key and the nonce.
Returns the original message, or null if authentication fails.
Length of key in bytes.
Length of nonce in bytes.
Length of overhead added to secret box compared to original message.
Implements x25519.
Multiplies an integer n by a group element p and returns the resulting
group element.
Multiplies an integer n by a standard group element and returns the resulting
group element.
Length of scalar in bytes.
Length of group element in bytes.
Implements ed25519.
Generates new random key pair for signing and returns it as an object with
publicKey and secretKey members:
{
publicKey: ..., // Uint8Array with 32-byte public key
secretKey: ... // Uint8Array with 64-byte secret key
}Returns a signing key pair with public key corresponding to the given
64-byte secret key. The secret key must have been generated by
sign_keyPair or sign_keyPair_fromSeed.
Returns a new signing key pair generated deterministically from a 32-byte seed.
The seed must contain enough entropy to be secure. This method is not
recommended for general use: instead, use sign_keyPair to generate a new
key pair from a random seed.
Signs the message using the secret key and returns a signed message.
Verifies the signed message and returns the message without signature.
Returns null if verification failed.
Signs the message using the secret key and returns a signature.
Verifies the signature for the message and returns true if verification
succeeded or false if it failed.
Length of signing public key in bytes.
Length of signing secret key in bytes.
Length of seed for sign_keyPair_fromSeed in bytes.
Length of signature in bytes.
Implements SHA-512.
Returns SHA-512 hash of the message.
Length of hash in bytes.
Returns a Uint8Array of the given length containing random bytes of
cryptographic quality.
Implementation note
TweetNaCl.js uses the following methods to generate random bytes, depending on the platform it runs on:
window.crypto.getRandomValues (WebCrypto standard)window.msCrypto.getRandomValues (Internet Explorer 11)crypto.randomBytes (Node.js)If the platform doesn't provide a suitable PRNG, the following functions, which require random numbers, will throw exception:
randomBytesbox_keyPairsign_keyPairOther functions are deterministic and will continue working.
If a platform you are targeting doesn't implement secure random number
generator, but you somehow have a cryptographically-strong source of entropy
(not Math.random!), and you know what you are doing, you can plug it into
TweetNaCl.js like this:
setPRNG(function(x, n) {
// ... copy n random bytes into x ...
});Note that setPRNG completely replaces internal random byte generator
with the one provided.
Compares x and y in constant time and returns true if their lengths are
non-zero and equal, and their contents are equal.
Returns false if either of the arguments has zero length, or arguments have
different lengths, or their contents differ.