GpgLinkedDataKeyClass2020.js

  2. const openpgp = require('openpgp');
  5. class GpgLinkedDataKeyClass2020 {
  6.   /**
  7.    * @param {KeyPairOptions} options - The options to use.
  8.    * @param {string} options.id - The key ID.
  9.    * @param {string} options.controller - The key controller.
  10.    * @param {string} options.publicKeyGpg - The ascii armored Public Key.
  11.    * @param {string} options.privateKeyGpg - The ascii armored Private Key.
  12.    * @param {string} options.passphrase - The private key passphrase if needed.
  13.    * 
  14.    */
  15.   constructor(options = {}) {
  16.     this.id = options.id;
  17.     this.type = options.type;
  18.     this.controller = options.controller;
  19.     this.privateKeyGpg = options.privateKeyGpg;
  20.     this.publicKeyGpg = options.publicKeyGpg;
  21.     this.passphrase = options.passphrase;
  23.     this.init();
  24.   }
  26.   async init() {
  27.     if (this.id === undefined) {
  28.       this.id = this.controller + "#" + await this.fingerprint();
  29.     }
  30.   }
  32.   /**
  33.    * Returns the JWK encoded public key.
  34.    *
  35.    * @returns {string} The JWK encoded public key.
  36.    */
  37.   get publicKey() {
  38.     return this.publicKeyGpg;
  39.   }
  41.   /**
  42.    * Returns the JWK encoded private key.
  43.    *
  44.    * @returns {string} The JWK encoded private key.
  45.    */
  46.   get privateKey() {
  47.     return this.privateKeyGpg;
  48.   }
  50.   /**
  51.    * Generates a KeyPair with an optional deterministic seed.
  52.    * @param {KeyPairOptions} [options={}] - The options to use.
  53.    *
  54.    * @returns {Promise<GpgLinkedDataKeyClass2020>} Generates a key pair.
  55.    */
  56.   static async generate({ userIds, curve, rsaBits, passphrase }, options = {}) {
  57.     // let key = jose.JWK.generateSync(kty, crv);
  59.     if (curve) {
  60.       const { privateKeyArmored, publicKeyArmored, revocationCertificate } = await openpgp.generateKey({
  61.         userIds,    // you can pass multiple user IDs
  62.         curve,      // ECC curve name
  63.         passphrase  // protects the private key
  64.       });
  66.       return new GpgLinkedDataKeyClass2020({
  67.         privateKeyGpg: privateKeyArmored,
  68.         publicKeyGpg: publicKeyArmored,
  69.         revocationCertificate,
  70.         ...options
  71.       });
  72.     }
  74.     if (rsaBits) {
  75.       const { privateKeyArmored, publicKeyArmored, revocationCertificate } = await openpgp.generateKey({
  76.         userIds,    // you can pass multiple user IDs
  77.         rsaBits,    // RSA key size
  78.         passphrase  // protects the private key
  79.       });
  81.       return new GpgLinkedDataKeyClass2020({
  82.         privateKeyGpg: privateKeyArmored,
  83.         publicKeyGpg: publicKeyArmored,
  84.         revocationCertificate,
  85.         ...options
  86.       });
  87.     }
  92.   }
  94.   /**
  95.    * Returns a signer object for use with jsonld-signatures.
  96.    *
  97.    * @returns {{sign: Function}} A signer for the json-ld block.
  98.    */
  99.   signer() {
  100.     return signerFactory(this);
  101.   }
  103.   /**
  104.    * Returns a verifier object for use with jsonld-signatures.
  105.    *
  106.    * @returns {{verify: Function}} Used to verify jsonld-signatures.
  107.    */
  108.   verifier(key) {
  109.     return verifierFactory(this);
  110.   }
  112.   /**
  113.    * Adds a public key base to a public key node.
  114.    *
  115.    * @param {Object} publicKeyNode - The public key node in a jsonld-signature.
  116.    * @param {string} publicKeyNode.publicKeyGpg - JWK Public Key for
  117.    *   jsonld-signatures.
  118.    *
  119.    * @returns {Object} A PublicKeyNode in a block.
  120.    */
  121.   addEncodedPublicKey(publicKeyNode) {
  122.     publicKeyNode.publicKeyGpg = this.publicKeyGpg;
  123.     return publicKeyNode;
  124.   }
  126.   /**
  127.    * Generates and returns a public key fingerprint using https://tools.ietf.org/html/rfc7638
  128.    *
  129.    * @param {string} publicKeyGpg - The ascii armor encoded public key material.
  130.    *
  131.    * @returns {string} The fingerprint.
  132.    */
  133.   static async fingerprintFromPublicKey({ publicKeyGpg }) {
  134.     const { keys: [publicKey] } = await openpgp.key.readArmored(publicKeyGpg);
  135.     return publicKey.getFingerprint()
  136.   }
  138.   /**
  139.    * Generates and returns a public key fingerprint using https://tools.ietf.org/html/rfc7638
  140.    *
  141.    * @returns {string} The fingerprint.
  142.    */
  143.   async fingerprint() {
  144.     const { keys: [publicKey] } = await openpgp.key.readArmored(this.publicKeyGpg);
  145.     return publicKey.getFingerprint()
  146.   }
  148.   /**
  149.    * Tests whether the fingerprint was generated from a given key pair.
  150.    *
  151.    * @param {string} fingerprint - A JWK public key.
  152.    *
  153.    * @returns {Object} An object indicating valid is true or false.
  154.    */
  155.   async verifyFingerprint(fingerprint) {
  156.     const fingerprintFromKey = await this.fingerprint()
  157.     return fingerprintFromKey === fingerprint;
  158.   }
  160.   static async from(options) {
  161.     return new GpgLinkedDataKeyClass2020(options);
  162.   }
  164.   /**
  165.    * Contains the public key for the KeyPair
  166.    * and other information that json-ld Signatures can use to form a proof.
  167.    * @param {Object} [options={}] - Needs either a controller or owner.
  168.    * @param {string} [options.controller=this.controller]  - DID of the
  169.    * person/entity controlling this key pair.
  170.    *
  171.    * @returns {Object} A public node with
  172.    * information used in verification methods by signatures.
  173.    */
  174.   publicNode({ controller = this.controller } = {}) {
  175.     const publicNode = {
  176.       id: this.id,
  177.       type: this.type
  178.     };
  179.     if (controller) {
  180.       publicNode.controller = controller;
  181.     }
  182.     this.addEncodedPublicKey(publicNode); // Subclass-specific
  183.     return publicNode;
  184.   }
  185. }
  187. /**
  188.  * @ignore
  189.  * Returns an object with an async sign function.
  190.  * The sign function is bound to the KeyPair
  191.  * and then returned by the KeyPair's signer method.
  192.  * @param {GpgLinkedDataKeyClass2020} key - An GpgLinkedDataKeyClass2020.
  193.  *
  194.  * @returns {{sign: Function}} An object with an async function sign
  195.  * using the private key passed in.
  196.  */
  197. function signerFactory(key) {
  198.   if (!key.privateKeyGpg) {
  199.     return {
  200.       async sign() {
  201.         throw new Error("No private key to sign with.");
  202.       }
  203.     };
  204.   }
  206.   return {
  207.     async sign({ data }) {
  208.       const { keys: [privateKey] } = await openpgp.key.readArmored(key.privateKeyGpg);
  209.       if (key.passphrase) {
  210.         await privateKey.decrypt(this.passphrase);
  211.       }
  212.       const { signature: detachedSignature } = await openpgp.sign({
  213.         message: openpgp.message.fromBinary(
  214.           Buffer.from(data)
  215.         ),
  216.         privateKeys: [privateKey],
  217.         detached: true
  218.       });
  220.       return detachedSignature;
  221.     }
  222.   };
  223. }
  225. /**
  226.  * @ignore
  227.  * Returns an object with an async verify function.
  228.  * The verify function is bound to the KeyPair
  229.  * and then returned by the KeyPair's verifier method.
  230.  * @param {GpgLinkedDataKeyClass2020} key - An GpgLinkedDataKeyClass2020.
  231.  *
  232.  * @returns {{verify: Function}} An async verifier specific
  233.  * to the key passed in.
  234.  */
  235. verifierFactory = key => {
  236.   if (!key.publicKeyGpg) {
  237.     return {
  238.       async sign() {
  239.         throw new Error("No public key to verify with.");
  240.       }
  241.     };
  242.   }
  244.   return {
  245.     async verify({ data, signature }) {
  246.       const { signatures } = await openpgp.verify({
  247.         message: openpgp.message.fromBinary(
  248.           Buffer.from(data)
  249.         ),
  250.         signature: await openpgp.signature.readArmored(signature), // parse detached signature
  251.         publicKeys: (await openpgp.key.readArmored(key.publicKeyGpg)).keys // for verification
  252.       });
  253.       const { valid } = signatures[0];
  254.       return valid;
  256.     }
  257.   };
  258. };
  260. module.exports = GpgLinkedDataKeyClass2020;