Advanced Usage
March 13, 2026 ยท View on GitHub
import { randomInt } from 'node:crypto';
import { createChallenge, solveChallenge, verifySolution } from 'altcha-lib';
import { deriveKey } from 'altcha-lib/algorithms/pbkdf2';
// HMAC secret used to sign and verify challenges
const HMAC_SIGNATURE_SECRET = 'secret.key';
// Optional: a separate HMAC secret for signing the derived key.
// Enables faster verification in deterministic mode (HMAC check instead of full key derivation).
const HMAC_KEY_SIGNATURE_SECRET = 'different.secret.key';
// 1. Create a challenge
const challenge = await createChallenge({
algorithm: 'PBKDF2/SHA-256',
cost: 5000,
counter: randomInt(5_000, 10_000), // Deterministic mode; use random integer from selected range
deriveKey,
expiresAt: new Date(Date.now() + 600_000), // expires in 10 minutes
hmacSignatureSecret: HMAC_SIGNATURE_SECRET,
hmacKeySignatureSecret: HMAC_KEY_SIGNATURE_SECRET,
});
// 2. Solve the challenge (client-side)
const solution = await solveChallenge({
challenge,
deriveKey,
});
if (!solution) {
throw new Error('No solution found for the challenge');
}
// 3. Verify the solution (server-side), the solution is verified when `result.verified === true`
const result = await verifySolution({
challenge,
deriveKey,
solution,
hmacSignatureSecret: HMAC_SIGNATURE_SECRET,
hmacKeySignatureSecret: HMAC_KEY_SIGNATURE_SECRET,
});
console.log(result);
// {
// expired: false,
// invalidSignature: false,
// invalidSolution: false,
// time: 0.8,
// verified: true,
// }