Show HN: Node.js port of WhisperSystem's libsignal
github.comOne of the nice things about JS versions of stuff is being able to run it everywhere. With that being said, I'd be skeptical of using this since it doesn't appear to have any tests at all. How do we know it's actually compatible with libsignal?
> One of the nice things about JS versions of stuff is being able to run it everywhere.
To my knowledge node does not run on SPARC processors (because V8 doesn't).
I remember reading that they made it engine-agnostic a while ago.
That doesn't (yet) work with native libraries though.
yep. example: https://github.com/nodejs/node-chakracore
This has a native part written in c and only runs on node.js v8 and up, according to the package.json.
So it is "bindings", but not a "port"?
The C components are just a few emscripten compiled curve25519-donna and ed25519 functions for elliptic curve routines. It comes directly from the web library without any alteration. Honestly I was surprised at how well it works and the performance isn't too shabby. I did several investigations of replacing it with libsodium and others but the the emscripten builds have been pretty reliable for us..
The original version is written in Java, which sorta invented "run-it-everywhere"
Meh, I personally prefer "complie-it-everywhere" since you gain all the speed benefits of running it native.
Well, to be fair, with Java you are compiling bytecode everywhere before and while you run. So, you're not wrong.
Still in the JVM, though. I was thinking more bare metal.
How much is this based on the libsignal-protocol-JavaScript code? Where does it differ from it? Where are the tests to test protocol steps?
I actually love seeing things like this, but it’d be nice if there was some more documentation on the project. Crypto libraries generally aren’t the kind of thing you want to pick up when they’re new unless they are both heavily audited and developed by those with backgrounds in crypto work.
It's ported directly from the javascript lib so most of the interfaces are exactly the same (async differences in some cases and a couple storage interface differences, see: <https://github.com/ForstaLabs/libsignal-node/issues/1>). The commit history is intact as well. Haven't had enough time to port tests but she works.. We use it for various bots in our signal based message platform.
What disturbs me about this port is that they did not use Typescript. I would have expected that they would use a strongly typesafe language in the ideal case.
Many checks still need to be done in runtime. Bindings to C code can cause the program to exit if you pass incorrect input.