Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It's cross-compilable & support most of the modern devices. Using this plugin you will be able to use it directly with your NativeScript project.
For iOS I have compiled it directly from source code. For Android I have used Lazysodium native library.
Note: I am not an expert of neigher iOS nor Android. So, please contribute if you think something you can do better :)
- iOS
- Android
Libsodium can be use with other programming languages too. You can get more references from here: https://libsodium.gitbook.io/doc/bindings_for_other_languages
tns plugin add nativescript-simple-libsodium
Import
TS/Angular:
import { SimpleLibsodium, AEDMethod, AEDValues, Base64Variant, Keybytes, Noncebytes } from 'nativescript-simple-libsodium';
let simpleLibsodium = new SimpleLibsodium();
JavaScript:
var mSimpleLibsodium = require("nativescript-simple-libsodium");
var simpleLibsodium = new mSimpleLibsodium.SimpleLibsodium();
Please check the demo project for more details example.
Generate Random Data:
simpleLibsodium.generateRandomData();
// OR
simpleLibsodium.generateKeyWithSuppliedString("Jibon Costa"); // Keep in mind that in order to produce the same key from the same password, the same algorithm, the same salt, and the same values for opslimit and memlimit have to be used. Therefore, these parameters have to be stored for each user.
AED Encryption/Decryption:
let key = this.simpleLibsodium.generateRandomData(AEDValues.XCHACHA20POLY1305_IETF_KEYBYTES);
// or let key = this.simpleLibsodium.generateKeyWithSuppliedString("myKey", AEDValues.XCHACHA20POLY1305_IETF_KEYBYTES);
let enc = this.simpleLibsodium.AEDEncrypt(AEDMethod.XCHACHA20_POLY1305_IETF, "Hello World", key.raw);
console.dir(enc);
let dec = this.simpleLibsodium.AEDDecrypt(AEDMethod.XCHACHA20_POLY1305_IETF, enc.rawCrypted, key.raw, enc.rawNonce);
console.dir(dec);
Secret Box:
let key = this.simpleLibsodium.generateRandomData(Keybytes.SECRETBOX_KEYBYTES);
// or let key = this.simpleLibsodium.generateKeyWithSuppliedString("myKey", Keybytes.SECRETBOX_KEYBYTES);
let enc = this.simpleLibsodium.secretBoxEncrypt("Hello World", key.raw);
console.dir(enc);
let dec = this.simpleLibsodium.secretBoxOpen(enc.rawCrypted, key.raw, enc.rawNonce);
console.dir(dec);
Salsa20:
let key = this.simpleLibsodium.generateRandomData(Keybytes.STREAM_KEYBYTES);
// or let key = this.simpleLibsodium.generateKeyWithSuppliedString("myKey", Keybytes.STREAM_KEYBYTES);
let enc = this.simpleLibsodium.xSalsa20Encrypt("Hello World", key.raw);
console.dir(enc);
let dec = this.simpleLibsodium.xSalsa20Decrypt(enc.rawCrypted, key.raw, enc.rawNonce);
console.dir(dec);
Box Easy:
let bob = this.simpleLibsodium.boxKeyPaired();
let alice = this.simpleLibsodium.boxKeyPaired();
// Bob sending message to Alice. So, here will need Alice's public key & Bob's private/secret key
let enc = this.simpleLibsodium.boxEasy("Hello World", alice.public_key, bob.private_key);
console.dir(enc);
// Alice got the message from Bob. Now Alice need his private key & Bob's public key.
let dec = this.simpleLibsodium.boxOpenEasy(enc.rawCrypted, enc.rawNonce, bob.public_key, alice.private_key);
console.dir(dec);
Password Hash/Verification:
let enc = this.simpleLibsodium.passwordHash("MyPassword");
console.dir(enc);
if (this.simpleLibsodium.passwordHashVerify(enc.plainHash, "MyPassword")) {
console.log("Password Matched!");
} else {
console.log("Password invalid!");
}
Crypto Authentication/Verification:
let enc = this.simpleLibsodium.cryptoAuth("Jibon Costa");
console.dir(enc);
if (this.simpleLibsodium.cryptoAuthVerify(enc.rawCrypted, "Jibon Costa", enc.rawKey)) {
console.log("Matched !")
} else {
console.log("Didn't match")
}
SHA-256/512 Hash:
let enc = this.simpleLibsodium.SHA2Hash("MyPassword", 512); // or 256
console.dir(enc);
Methods | Description | Reference |
---|---|---|
generateRandomData(length?: number) | Generate Random Data | https://libsodium.gitbook.io/doc/generating_random_data |
generateKeyWithSuppliedString(mykey: string, length?: number, salt?: any, opslimit?: number, memlimit?: number) | Generate Random Data with Key. Algorithm: crypto_pwhash_ALG_ARGON2ID13 , opslimit: crypto_pwhash_OPSLIMIT_MIN , memlimit: crypto_pwhash_MEMLIMIT_MIN . If you don't provide anything for salt then it will generate automatically & return back as output. Keep in mind that in order to produce the same key from the same password, the same algorithm, the same salt, and the same values for opslimit and memlimit have to be used. |
https://libsodium.gitbook.io/doc/password_hashing/the_argon2i_function#key-derivation |
AEDEncrypt(method: AEDMethod, msg: string, key: any, nonce?: any, additionalMsg?: string) | AED Encryption. Here nonce & additionalMsg are optional. If you don't insert anything as nonce then it will generate nonce automatically. If you don't insert anything as additionalMsg then Hexadecimal value of nonce will be use as additionalMsg . |
https://libsodium.gitbook.io/doc/secret-key_cryptography/aead |
AEDDecrypt(method: AEDMethod, encrypData: any, key: any, nonce: any, additionalMsg?: string) | AED Decryption. Here encrypData , key & nonce should need to be binary data. If you have Hexadecimal or base64 string then you will need to convert before using. In this case you can use hexTobin() or base64Tobytes() methods to convert. |
https://libsodium.gitbook.io/doc/secret-key_cryptography/aead |
secretBoxEncrypt(text: string, key: any, nonce?: any) | Authenticated encryption. If you don't insert anything as nonce then it will generate nonce automatically. |
https://libsodium.gitbook.io/doc/secret-key_cryptography/authenticated_encryption#combined-mode |
secretBoxOpen(encrypData: any, key: any, nonce: any) | Authenticated decryption. Here encrypData , key & nonce should need to be binary data. If you have Hexadecimal or base64 string then you will need to convert before using. In this case you can use hexTobin() or base64Tobytes() methods to convert. |
https://libsodium.gitbook.io/doc/secret-key_cryptography/authenticated_encryption#combined-mode |
xSalsa20Encrypt(message: string, key: any, nonce?: any) | Stream cipher. If you don't insert anything as nonce then it will generate nonce automatically. |
https://libsodium.gitbook.io/doc/advanced/stream_ciphers/xsalsa20 |
xSalsa20Decrypt(encrypData: any, key: any, nonce: any) | Stream cipher. Here encrypData , key & nonce should need to be binary data. If you have Hexadecimal or base64 string then you will need to convert before using. In this case you can use hexTobin() or base64Tobytes() methods to convert. |
https://libsodium.gitbook.io/doc/advanced/stream_ciphers/xsalsa20 |
boxEasy(msg: string, public_key: any, private_key: any, nonce?: any) | Authenticated encryption with key pair. If you don't insert anything as nonce then it will generate nonce automatically. |
https://libsodium.gitbook.io/doc/public-key_cryptography/authenticated_encryption |
boxOpenEasy(ciphertext: any, public_key: any, private_key: any, nonce: any) | Authenticated decryption with key pair. Here ciphertext , public_key , private_key & nonce should need to be binary data. If you have Hexadecimal or base64 string then you will need to convert before using. In this case you can use hexTobin() or base64Tobytes() methods to convert. |
https://libsodium.gitbook.io/doc/public-key_cryptography/authenticated_encryption |
boxKeyPaired() | Key pair generation | https://libsodium.gitbook.io/doc/public-key_cryptography/authenticated_encryption#key-pair-generation |
passwordHash(password: string), opslimit?: number, memlimit?: number | Password hash for storage. opslimit: crypto_pwhash_OPSLIMIT_INTERACTIVE , memlimit: crypto_pwhash_MEMLIMIT_INTERACTIVE |
https://libsodium.gitbook.io/doc/password_hashing/the_argon2i_function#password-storage |
passwordHashVerify(plainHash: any, password: string) | Password verification. Here the value plainHash should need to plain text/string. |
https://libsodium.gitbook.io/doc/password_hashing/the_argon2i_function#password-storage |
cryptoAuth(msg: string) | Authentication | https://libsodium.gitbook.io/doc/secret-key_cryptography/secret-key_authentication |
cryptoAuthVerify(ciphertext: any, msg: string, key: any) | Authentication verification. Here the value ciphertext & key should need to be binary data. If you have Hexadecimal or base64 string then you will need to convert before using. In this case you can use hexTobin() or base64Tobytes() methods to convert. |
https://libsodium.gitbook.io/doc/secret-key_cryptography/secret-key_authentication#usage |
SHA2Hash(msg: string, type?: number) | SHA-2 (SHA 256/512). The value of type will be either 256 or 512 |
https://libsodium.gitbook.io/doc/advanced/sha-2_hash_function |
binTohex(binary: any) | Hexadecimal encoding | https://libsodium.gitbook.io/doc/helpers#hexadecimal-encoding-decoding |
hexTobin(hex: string) | Hexadecimal decoding | https://libsodium.gitbook.io/doc/helpers#hexadecimal-encoding-decoding |
bytesToBase64(data: any, variant?: Base64Variant) | Base64 encoding | https://libsodium.gitbook.io/doc/helpers#base64-encoding-decoding. |
base64Tobytes(base64String: string, variant?: Base64Variant) | Base64 decoding | https://libsodium.gitbook.io/doc/helpers#base64-encoding-decoding |
stringTodata(text: string) | String text to Binary | Native Implementation |
dataTostring(data: any) | Binary to text | Native Implementation |
Note: You can add more methods or API from core sodium package to your project easily.
Android:
let simpleLibsodium = new SimpleLibsodium();
let sodium = simpleLibsodium.sodium
// now you can call any method/api from core sodium package.
sodium.crypto_secretbox_keygen();
iOS:
// From iOS you will be able to call the methods directly.
crypto_secretbox_keygen();
For getting typescript typings support you can add following lines in you references.d.ts
file:
/// <reference path="./node_modules/nativescript-simple-libsodium/typingz/android.d.ts" />
/// <reference path="./node_modules/nativescript-simple-libsodium/typingz/objc!sodium.d.ts" />
Apache License Version 2.0, January 2004