API Reference

json‑seal exposes a small, explicit API for generating signing keys, canonicalizing values, sealing payloads, and verifying signed envelopes. All operations use the RFC 8785 JSON Canonicalization Scheme and RSA‑PSS signatures.

generateKeyPair()

Generates a new RSA‑PSS key pair suitable for signing and verifying JSON envelopes. Keys are returned as WebCrypto CryptoKey objects. 

import { generateKeyPair } from "json-seal";

const { publicKey, privateKey } = await generateKeyPair();

Returns

signPayload(value, privateKey, publicKey)

Canonicalizes the value using RFC 8785 and signs it using RSA‑PSS with SHA‑256. Returns a sealed JSON envelope containing the original payload, a timestamp, the signature, and the embedded public key. 

import { signPayload } from "json-seal";

const sealed = await signPayload(
  { message: "hello" },
  privateKey,
  publicKey
);

Parameters

Returns

A sealed JSON envelope containing:

verifyBackup(sealed)

Verifies the authenticity and integrity of a sealed envelope. The embedded public key is used to validate the RSA‑PSS signature. 

import { verifyBackup } from "json-seal";

const result = await verifyBackup(sealed);

if (result.valid) {
  console.log("Authentic:", result.payload);
} else {
  console.error("Verification failed");
}

Returns

canonicalize(value)

Converts a JavaScript value into a deterministic canonical representation using the RFC 8785 JSON Canonicalization Scheme. Used internally by signPayload and verifyBackup. 

import { canonicalize } from "json-seal";

const text = canonicalize({ b: 2, a: 1 });
// {"a":1,"b":2}

← Back