import { KeyStack } from "https://deno.land/std@0.183.0/crypto/keystack.ts";
A cryptographic key chain which allows signing of data to prevent tampering, but also allows for easy key rotation without needing to re-sign the data.
Data is signed as SHA256 HMAC.
This was inspired by keygrip.
Examples
Example 1
Example 1
import { KeyStack } from "https://deno.land/std@0.183.0/crypto/keystack.ts";
const keyStack = new KeyStack(["hello", "world"]);
const digest = await keyStack.sign("some data");
const rotatedStack = new KeyStack(["deno", "says", "hello", "world"]);
await rotatedStack.verify("some data", digest); // true
Constructors
A class which accepts an array of keys that are used to sign and verify data and allows easy key rotation without invalidation of previously signed data.
Methods
Given data
and a digest
, return the current index of the key in the
keys
passed the constructor that was used to generate the digest. If no
key can be found, the method returns -1
.
Take data
and return a SHA256 HMAC digest that uses the current 0 index
of the keys
passed to the constructor. This digest is in the form of a
URL safe base64 encoded string.
Given data
and a digest
, verify that one of the keys
provided the
constructor was used to generate the digest
. Returns true
if one of
the keys was used, otherwise false
.