PubNub FunctionsCrypto Module

The cryptography module provides a collection of crypto helper methods.

The Crypto module is made available via the following require statement:

const crypto = require('crypto');

To get a list of available crypto algorithms, check the ALGORITHM property on the crypto class.

console.log(crypto.ALGORITHM);
// -> ED25519, ECDSA_P256_SHA1, ECDSA_P256_SHA256, ECDSA_P256_SHA512, HMAC_SHA1, HMAC_SHA256, HMAC_SHA512

To generate HMAC signatures, use the hmac() method. The hmac() method produces a Base64 encoded output.

Usage: hmac(key, msg, algorithm) where:

  • key: the signature key
  • msg: the payload to be encrypted
  • algorithm: the desired algorithm to be used
crypto.hmac(base64.btoa('sharedSecretKey'), 'secretPayload', crypto.ALGORITHM.HMAC_SHA1).then((result) => { 
    console.log(result); 
}).catch((error) => { 
    console.log(error) 
});

To generate SHA1 signatures, use the sha1() method.

Usage: sha1(msg) where:

  • msg: the payload to be encrypted
crypto.sha1('secretPayload').then((result2) => { 
    console.log("secretPayload:" + result2); 
}).catch((error) => { 
    console.log(error) 
});

To generate SHA256 signatures, use the sha256() method.

Usage: sha256(msg) where:

  • msg: the payload to be encrypted
crypto.sha256('secretPayload').then((result2) => { 
    console.log("secretPayload:" + result2); 
}).catch((error) => { 
    console.log(error) 
});

To generate SHA512 signatures, use the sha512() method.

Method Signature: sha512(msg) where:

  • msg: the payload to be encrypted
crypto.sha512('secretPayload').then((result2) => { 
    console.log("secretPayload:" + result2); 
}).catch((error) => { 
    console.log(error) 
});

const secretKey_ed25519 = {
    'kty'   : 'EdDSA',
    'crv'   : 'Ed25519',
    'sk'    : 'bfk0DBOMwYi1_kRk66o_f8IGotVcNDRwfnTJ_ATiDrs',
    'use'   : 'sig',
};
const publicKey_ed25519 = {
    'kty'   : 'EdDSA',
    'crv'   : 'Ed25519',
    'pk'    : 'wNrBAsRTMYbiXcQxKEcjU-qr24eLFSrrjgAfktkCM6c',
    'use'   : 'sig',
};

To sign a payload with a key and specific algorithm, use the sign() method.

Usage: sign(key, msg, algorithm) where:

  • key: the signature key
  • msg: the payload to be encrypted
  • algorithm: the desired algorithm to be used
crypto.sign(privateKey, 'secretPayload', crypto.ALGORITHM.ECDSA_P256_SHA1).then((result4) => { 
    console.log(result4); 
}).catch((error) => { 
    console.log(error) 
});

To verify a signed payload, use the verify() method.

Usage: verify(sig, key, msg, algorithm) where:

  • sign: the existing signature to verify
  • key: the signature key
  • msg: the payload to be encrypted
  • algorithm: the desired algorithm to be used
 crypto.verify(<existing_signature>, publicKey, 'secretPayload', crypto.ALGORITHM.ECDSA_P256_SHA1).then((results) => {
    console.log(results)
}).catch((error) => { 
    console.log(error) 
});
 
PubNub Functions provides a rich set of tools, and this documentation does not cover all of the potential situations you may encounter. If you need help with a situation not covered by the documentation, please contact PubNub Support.