Skip to main content
Deno 2 is finally here 🎉️
Learn more
Module

std/crypto/keystack.ts>KeyStack

Deno standard library
Go to Latest
The Standard Library has been moved to JSR. See the blog post for details.
class KeyStack
import { KeyStack } from "https://deno.land/std@0.183.0/crypto/keystack.ts";

A cryptographic key chain which allows signing of data to prevent tampering, but also allows for easy key rotation without needing to re-sign the data.

Data is signed as SHA256 HMAC.

This was inspired by keygrip.

Examples

Example 1

import { KeyStack } from "https://deno.land/std@0.183.0/crypto/keystack.ts";

const keyStack = new KeyStack(["hello", "world"]);
const digest = await keyStack.sign("some data");

const rotatedStack = new KeyStack(["deno", "says", "hello", "world"]);
await rotatedStack.verify("some data", digest); // true

Constructors

new
KeyStack(keys: Iterable<Key>)

A class which accepts an array of keys that are used to sign and verify data and allows easy key rotation without invalidation of previously signed data.

Properties

readonly
length: number

Methods

indexOf(data: Data, digest: string): Promise<number>

Given data and a digest, return the current index of the key in the keys passed the constructor that was used to generate the digest. If no key can be found, the method returns -1.

sign(data: Data): Promise<string>

Take data and return a SHA256 HMAC digest that uses the current 0 index of the keys passed to the constructor. This digest is in the form of a URL safe base64 encoded string.

verify(data: Data, digest: string): Promise<boolean>

Given data and a digest, verify that one of the keys provided the constructor was used to generate the digest. Returns true if one of the keys was used, otherwise false.

[Symbol.for("Deno.customInspect")](inspect: (value: unknown) => string)
[Symbol.for("nodejs.util.inspect.custom")](
depth: number,
options: any,
inspect: (value: unknown, options?: unknown) => string,
)