json-seal + json-record

json-seal provides authenticity. json-record provides chronological integrity. Together, they form a signed, tamper-evident, hash-linked log entry.

npm: json-seal

Example

import { generateKeyPair, signPayload, canonicalize } from "json-seal";
import { createBlock } from "json-record";

const { privateKey, publicKey } = await generateKeyPair();

const sealed = await signPayload({ foo: 123 }, privateKey, publicKey);

// canonical, deterministic bytes for the block
const canonical = canonicalize(sealed);
const block = await createBlock(new TextEncoder().encode(canonical));

Using canonicalize ensures that the bytes passed into createBlock are deterministic. json-seal produces a stable, canonical representation of the sealed envelope, so hashing it with json-record yields consistent results across platforms and runtimes.

Verification flow

• verifyBackup(sealed) checks authenticity
• verifyBlock(block) checks integrity
• verifyChain([...]) checks ordering