fix: replace node buffers with uint8arrays (#180)

* fix: replace node buffers with uint8arrays All usage of node buffers have been replaced with uint8arrays. BREAKING CHANGES: - Where node Buffers were returned, now Uint8Arrays are * chore: remove commented code
2025-03-15 06:31:01 +00:00 · 2020-08-07 15:23:02 +01:00 · 2020-08-07 15:23:02 +01:00 · a0f387aeab
commit a0f387aeab
parent 8b3dc56dc2
35 changed files with 344 additions and 349 deletions
--- a/README.md
+++ b/README.md
@ -20,10 +20,12 @@ This repo contains the JavaScript implementation of the crypto primitives needed
 ## Table of Contents
 - [js-libp2p-crypto](#js-libp2p-crypto)
-  - [Lead Maintainer](#Lead-Maintainer)
+  - [Lead Maintainer](#lead-maintainer)
-  - [Table of Contents](#Table-of-Contents)
+  - [Table of Contents](#table-of-contents)
-  - [Install](#Install)
+  - [Install](#install)
-  - [API](#API)
+  - [Usage](#usage)
    - [Web Crypto API](#web-crypto-api)
  - [API](#api)
    - [`crypto.aes`](#cryptoaes)
      - [`crypto.aes.create(key, iv)`](#cryptoaescreatekey-iv)
        - [`decrypt(data)`](#decryptdata)
@ -32,18 +34,19 @@ This repo contains the JavaScript implementation of the crypto primitives needed
      - [`crypto.hmac.create(hash, secret)`](#cryptohmaccreatehash-secret)
        - [`digest(data)`](#digestdata)
    - [`crypto.keys`](#cryptokeys)
-    - [`crypto.keys.generateKeyPair(type, bits)`](#cryptokeysgenerateKeyPairtype-bits)
+    - [`crypto.keys.generateKeyPair(type, bits)`](#cryptokeysgeneratekeypairtype-bits)
-    - [`crypto.keys.generateEphemeralKeyPair(curve)`](#cryptokeysgenerateEphemeralKeyPaircurve)
+    - [`crypto.keys.generateEphemeralKeyPair(curve)`](#cryptokeysgenerateephemeralkeypaircurve)
-    - [`crypto.keys.keyStretcher(cipherType, hashType, secret)`](#cryptokeyskeyStretchercipherType-hashType-secret)
+    - [`crypto.keys.keyStretcher(cipherType, hashType, secret)`](#cryptokeyskeystretcherciphertype-hashtype-secret)
-    - [`crypto.keys.marshalPublicKey(key, [type])`](#cryptokeysmarshalPublicKeykey-type)
+    - [`crypto.keys.marshalPublicKey(key, [type])`](#cryptokeysmarshalpublickeykey-type)
-    - [`crypto.keys.unmarshalPublicKey(buf)`](#cryptokeysunmarshalPublicKeybuf)
+    - [`crypto.keys.unmarshalPublicKey(buf)`](#cryptokeysunmarshalpublickeybuf)
-    - [`crypto.keys.marshalPrivateKey(key, [type])`](#cryptokeysmarshalPrivateKeykey-type)
+    - [`crypto.keys.marshalPrivateKey(key, [type])`](#cryptokeysmarshalprivatekeykey-type)
-    - [`crypto.keys.unmarshalPrivateKey(buf)`](#cryptokeysunmarshalPrivateKeybuf)
+    - [`crypto.keys.unmarshalPrivateKey(buf)`](#cryptokeysunmarshalprivatekeybuf)
-    - [`crypto.keys.import(pem, password)`](#cryptokeysimportpem-password)
+    - [`crypto.keys.import(encryptedKey, password)`](#cryptokeysimportencryptedkey-password)
-    - [`crypto.randomBytes(number)`](#cryptorandomBytesnumber)
+    - [`privateKey.export(password, format)`](#privatekeyexportpassword-format)
-    - [`crypto.pbkdf2(password, salt, iterations, keySize, hash)`](#cryptopbkdf2password-salt-iterations-keySize-hash)
+    - [`crypto.randomBytes(number)`](#cryptorandombytesnumber)
-  - [Contribute](#Contribute)
+    - [`crypto.pbkdf2(password, salt, iterations, keySize, hash)`](#cryptopbkdf2password-salt-iterations-keysize-hash)
-  - [License](#License)
+  - [Contribute](#contribute)
  - [License](#license)
 ## Install
@ -82,22 +85,22 @@ This uses `CTR` mode.
 #### `crypto.aes.create(key, iv)`
- `key: Buffer` The key, if length `16` then `AES 128` is used. For length `32`, `AES 256` is used.
+- `key: Uint8Array` The key, if length `16` then `AES 128` is used. For length `32`, `AES 256` is used.
- `iv: Buffer` Must have length `16`.
+- `iv: Uint8Array` Must have length `16`.
 Returns `Promise<{decrypt<Function>, encrypt<Function>}>`
 ##### `decrypt(data)`
- `data: Buffer`
+- `data: Uint8Array`
-Returns `Promise<Buffer>`
+Returns `Promise<Uint8Array>`
 ##### `encrypt(data)`
- `data: Buffer`
+- `data: Uint8Array`
-Returns `Promise<Buffer>`
+Returns `Promise<Uint8Array>`
 ```js
 const crypto = require('libp2p-crypto')
@ -105,26 +108,26 @@ const crypto = require('libp2p-crypto')
 // Setting up Key and IV
 // A 16 bytes array, 128 Bits, AES-128 is chosen
-const key128 = Buffer.from([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
+const key128 = Uint8Array.from([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
 // A 16 bytes array, 128 Bits,
-const IV = Buffer.from([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
+const IV = Uint8Array.from([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
 async function main () {
  const decryptedMessage = 'Hello, world!'
  // Encrypting
  const cipher = await crypto.aes.create(key128, IV)
-  const encryptedBuffer = await cipher.encrypt(Buffer.from(decryptedMessage))
+  const encryptedBuffer = await cipher.encrypt(Uint8Array.from(decryptedMessage))
  console.log(encryptedBuffer)
-  // prints: <Buffer 42 f1 67 d9 2e 42 d0 32 9e b1 f8 3c>
+  // prints: <Uint8Array 42 f1 67 d9 2e 42 d0 32 9e b1 f8 3c>
  // Decrypting
  const decipher = await crypto.aes.create(key128, IV)
  const decryptedBuffer = await cipher.decrypt(encryptedBuffer)
  console.log(decryptedBuffer)
-  // prints: <Buffer 42 f1 67 d9 2e 42 d0 32 9e b1 f8 3c>
+  // prints: <Uint8Array 42 f1 67 d9 2e 42 d0 32 9e b1 f8 3c>
  console.log(decryptedBuffer.toString('utf-8'))
  // prints: Hello, world!
@ -140,15 +143,15 @@ Exposes an interface to the Keyed-Hash Message Authentication Code (HMAC) as def
 #### `crypto.hmac.create(hash, secret)`
 - `hash: String`
- `secret: Buffer`
+- `secret: Uint8Array`
 Returns `Promise<{digest<Function>}>`
 ##### `digest(data)`
- `data: Buffer`
+- `data: Uint8Array`
-Returns `Promise<Buffer>`
+Returns `Promise<Uint8Array>`
 Example:
@ -157,8 +160,8 @@ const crypto = require('libp2p-crypto')
 async function main () {
  const hash = 'SHA1' // 'SHA256' || 'SHA512'
-  const hmac = await crypto.hmac.create(hash, Buffer.from('secret'))
+  const hmac = await crypto.hmac.create(hash, uint8ArrayFromString('secret'))
-  const sig = await hmac.digest(Buffer.from('hello world'))
+  const sig = await hmac.digest(uint8ArrayFromString('hello world'))
  console.log(sig)
 }
@ -178,7 +181,7 @@ Currently the `'RSA'`, `'ed25519'`, and `secp256k1` types are supported, althoug
 - `type: String`, see [Supported Key Types](#supported-key-types) above.
 - `bits: Number` Minimum of 1024
-Returns `Promise<{privateKey<Buffer>, publicKey<Buffer>}>`
+Returns `Promise<{privateKey<Uint8Array>, publicKey<Uint8Array>}>`
 Generates a keypair of the given type and bitsize.
@ -196,7 +199,7 @@ Resolves to an object of the form:
 ```js
 {
-  key: Buffer,
+  key: Uint8Array,
  genSharedKey: Function
 }
 ```
@ -205,7 +208,7 @@ Resolves to an object of the form:
 - `cipherType: String`, one of `'AES-128'`, `'AES-256'`, `'Blowfish'`
 - `hashType: String`, one of `'SHA1'`, `SHA256`, `SHA512`
- `secret: Buffer`
+- `secret: Uint8Array`
 Returns `Promise`
@ -216,14 +219,14 @@ Resolves to an object of the form:
 ```js
 {
  k1: {
-    iv: Buffer,
+    iv: Uint8Array,
-    cipherKey: Buffer,
+    cipherKey: Uint8Array,
-    macKey: Buffer
+    macKey: Uint8Array
  },
  k2: {
-    iv: Buffer,
+    iv: Uint8Array,
-    cipherKey: Buffer,
+    cipherKey: Uint8Array,
-    macKey: Buffer
+    macKey: Uint8Array
  }
 }
 ```
@ -233,13 +236,13 @@ Resolves to an object of the form:
 - `key: keys.rsa.RsaPublicKey | keys.ed25519.Ed25519PublicKey | keys.secp256k1.Secp256k1PublicKey`
 - `type: String`, see [Supported Key Types](#supported-key-types) above.  Defaults to 'rsa'.
-Returns `Buffer`
+Returns `Uint8Array`
 Converts a public key object into a protobuf serialized public key.
 ### `crypto.keys.unmarshalPublicKey(buf)`
- `buf: Buffer`
+- `buf: Uint8Array`
 Returns `RsaPublicKey|Ed25519PublicKey|Secp256k1PublicKey`
@ -250,13 +253,13 @@ Converts a protobuf serialized public key into its representative object.
 - `key: keys.rsa.RsaPrivateKey | keys.ed25519.Ed25519PrivateKey | keys.secp256k1.Secp256k1PrivateKey`
 - `type: String`, see [Supported Key Types](#supported-key-types) above.
-Returns `Buffer`
+Returns `Uint8Array`
 Converts a private key object into a protobuf serialized private key.
 ### `crypto.keys.unmarshalPrivateKey(buf)`
- `buf: Buffer`
+- `buf: Uint8Array`
 Returns `Promise<RsaPrivateKey|Ed25519PrivateKey|Secp256k1PrivateKey>`
@ -284,9 +287,9 @@ Exports the password protected `PrivateKey`. RSA keys will be exported as passwo
 - `number: Number`
-Returns `Buffer`
+Returns `Uint8Array`
-Generates a Buffer with length `number` populated by random bytes.
+Generates a Uint8Array with length `number` populated by random bytes.
 ### `crypto.pbkdf2(password, salt, iterations, keySize, hash)`
--- a/package.json
+++ b/package.json
@ -39,19 +39,18 @@
  ],
  "license": "MIT",
  "dependencies": {
    "buffer": "^5.5.0",
    "err-code": "^2.0.0",
    "is-typedarray": "^1.0.0",
    "iso-random-stream": "^1.1.0",
    "keypair": "^1.0.1",
-    "multibase": "^1.0.1",
+    "multibase": "^3.0.0",
-    "multicodec": "^1.0.4",
+    "multicodec": "^2.0.0",
-    "multihashing-async": "^0.8.1",
+    "multihashing-async": "^2.0.1",
    "node-forge": "^0.9.1",
    "pem-jwk": "^2.0.0",
-    "protons": "^1.2.1",
+    "protons": "^2.0.0",
    "secp256k1": "^4.0.0",
-    "uint8arrays": "^1.0.0",
+    "uint8arrays": "^1.1.0",
    "ursa-optional": "^0.10.1"
  },
  "devDependencies": {
--- a/src/aes/ciphers-browser.js
+++ b/src/aes/ciphers-browser.js
@ -1,26 +1,28 @@
 'use strict'
-const { Buffer } = require('buffer')
+
 require('node-forge/lib/aes')
 const forge = require('node-forge/lib/forge')
 const uint8ArrayToString = require('uint8arrays/to-string')
 const uint8ArrayFromString = require('uint8arrays/from-string')
 module.exports = {
  createCipheriv: (mode, key, iv) => {
-    const cipher2 = forge.cipher.createCipher('AES-CTR', key.toString('binary'))
+    const cipher2 = forge.cipher.createCipher('AES-CTR', uint8ArrayToString(key, 'ascii'))
-    cipher2.start({ iv: iv.toString('binary') })
+    cipher2.start({ iv: uint8ArrayToString(iv, 'ascii') })
    return {
      update: (data) => {
-        cipher2.update(forge.util.createBuffer(data.toString('binary')))
+        cipher2.update(forge.util.createBuffer(uint8ArrayToString(data, 'ascii')))
-        return Buffer.from(cipher2.output.getBytes(), 'binary')
+        return uint8ArrayFromString(cipher2.output.getBytes(), 'ascii')
      }
    }
  },
  createDecipheriv: (mode, key, iv) => {
-    const cipher2 = forge.cipher.createDecipher('AES-CTR', key.toString('binary'))
+    const cipher2 = forge.cipher.createDecipher('AES-CTR', uint8ArrayToString(key, 'ascii'))
-    cipher2.start({ iv: iv.toString('binary') })
+    cipher2.start({ iv: uint8ArrayToString(iv, 'ascii') })
    return {
      update: (data) => {
-        cipher2.update(forge.util.createBuffer(data.toString('binary')))
+        cipher2.update(forge.util.createBuffer(uint8ArrayToString(data, 'ascii')))
-        return Buffer.from(cipher2.output.getBytes(), 'binary')
+        return uint8ArrayFromString(cipher2.output.getBytes(), 'ascii')
      }
    }
  }
--- a/src/ciphers/aes-gcm.js
+++ b/src/ciphers/aes-gcm.js
@ -1,6 +1,8 @@
 'use strict'
 const crypto = require('crypto')
 const uint8ArrayConcat = require('uint8arrays/concat')
 const uint8ArrayFromString = require('uint8arrays/from-string')
 // Based off of code from https://github.com/luke-park/SecureCompatibleEncryptionExamples
@ -27,9 +29,9 @@ function create ({
  /**
   *
   * @private
-   * @param {Buffer} data
+   * @param {Uint8Array} data
-   * @param {Buffer} key
+   * @param {Uint8Array} key
-   * @returns {Promise<Buffer>}
+   * @returns {Promise<Uint8Array>}
   */
  async function encryptWithKey (data, key) { // eslint-disable-line require-await
    const nonce = crypto.randomBytes(nonceLength)
@ -38,28 +40,32 @@ function create ({
    const cipher = crypto.createCipheriv(algorithm, key, nonce)
    // Encrypt and prepend nonce.
-    const ciphertext = Buffer.concat([cipher.update(data), cipher.final()])
+    const ciphertext = uint8ArrayConcat([cipher.update(data), cipher.final()])
-    return Buffer.concat([nonce, ciphertext, cipher.getAuthTag()])
+    return uint8ArrayConcat([nonce, ciphertext, cipher.getAuthTag()])
  }
  /**
   * Uses the provided password to derive a pbkdf2 key. The key
   * will then be used to encrypt the data.
   *
-   * @param {Buffer} data The data to decrypt
+   * @param {Uint8Array} data The data to decrypt
-   * @param {string|Buffer} password A plain password
+   * @param {string|Uint8Array} password A plain password
-   * @returns {Promise<Buffer>}
+   * @returns {Promise<Uint8Array>}
   */
  async function encrypt (data, password) { // eslint-disable-line require-await
    // Generate a 128-bit salt using a CSPRNG.
    const salt = crypto.randomBytes(saltLength)
    if (typeof password === 'string' || password instanceof String) {
      password = uint8ArrayFromString(password)
    }
    // Derive a key using PBKDF2.
-    const key = crypto.pbkdf2Sync(Buffer.from(password), salt, iterations, keyLength, digest)
+    const key = crypto.pbkdf2Sync(password, salt, iterations, keyLength, digest)
    // Encrypt and prepend salt.
-    return Buffer.concat([salt, await encryptWithKey(Buffer.from(data), key)])
+    return uint8ArrayConcat([salt, await encryptWithKey(Uint8Array.from(data), key)])
  }
  /**
@ -70,12 +76,12 @@ function create ({
   * the encryption cipher.
   *
   * @private
-   * @param {Buffer} ciphertextAndNonce The data to decrypt
+   * @param {Uint8Array} ciphertextAndNonce The data to decrypt
-   * @param {Buffer} key
+   * @param {Uint8Array} key
-   * @returns {Promise<Buffer>}
+   * @returns {Promise<Uint8Array>}
   */
  async function decryptWithKey (ciphertextAndNonce, key) { // eslint-disable-line require-await
-    // Create buffers of nonce, ciphertext and tag.
+    // Create Uint8Arrays of nonce, ciphertext and tag.
    const nonce = ciphertextAndNonce.slice(0, nonceLength)
    const ciphertext = ciphertextAndNonce.slice(nonceLength, ciphertextAndNonce.length - algorithmTagLength)
    const tag = ciphertextAndNonce.slice(ciphertext.length + nonceLength)
@ -85,7 +91,7 @@ function create ({
    // Decrypt and return result.
    cipher.setAuthTag(tag)
-    return Buffer.concat([cipher.update(ciphertext), cipher.final()])
+    return uint8ArrayConcat([cipher.update(ciphertext), cipher.final()])
  }
  /**
@ -94,16 +100,20 @@ function create ({
   * this decryption cipher must be the same as those used to create
   * the encryption cipher.
   *
-   * @param {Buffer} data The data to decrypt
+   * @param {Uint8Array} data The data to decrypt
-   * @param {string|Buffer} password A plain password
+   * @param {string|Uint8Array} password A plain password
   */
  async function decrypt (data, password) { // eslint-disable-line require-await
-    // Create buffers of salt and ciphertextAndNonce.
+    // Create Uint8Arrays of salt and ciphertextAndNonce.
    const salt = data.slice(0, saltLength)
    const ciphertextAndNonce = data.slice(saltLength)
    if (typeof password === 'string' || password instanceof String) {
      password = uint8ArrayFromString(password)
    }
    // Derive the key using PBKDF2.
-    const key = crypto.pbkdf2Sync(Buffer.from(password), salt, iterations, keyLength, digest)
+    const key = crypto.pbkdf2Sync(password, salt, iterations, keyLength, digest)
    // Decrypt and return result.
    return decryptWithKey(ciphertextAndNonce, key)
--- a/src/hmac/index-browser.js
+++ b/src/hmac/index-browser.js
@ -1,5 +1,5 @@
 'use strict'
-const { Buffer } = require('buffer')
+
 const webcrypto = require('../webcrypto')
 const lengths = require('./lengths')
@ -10,7 +10,8 @@ const hashTypes = {
 }
 const sign = async (key, data) => {
-  return Buffer.from(await webcrypto.get().subtle.sign({ name: 'HMAC' }, key, data))
+  const buf = await webcrypto.get().subtle.sign({ name: 'HMAC' }, key, data)
  return new Uint8Array(buf, buf.byteOffset, buf.byteLength)
 }
 exports.create = async function (hashType, secret) {
--- a/src/index.d.ts
+++ b/src/index.d.ts
@ -31,15 +31,15 @@ export namespace aes {
   * AES Cipher in CTR mode.
   */
  interface Cipher {
-    encrypt(data: Buffer): Promise<Buffer>;
+    encrypt(data: Uint8Array): Promise<Uint8Array>;
-    decrypt(data: Buffer): Promise<Buffer>;
+    decrypt(data: Uint8Array): Promise<Uint8Array>;
  }
  /**
   * Create a new AES Cipher.
   * @param key The key, if length 16 then AES 128 is used. For length 32, AES 256 is used.
   * @param iv Must have length 16.
   */
-  function create(key: Buffer, iv: Buffer): Promise<Cipher>;
+  function create(key: Uint8Array, iv: Uint8Array): Promise<Cipher>;
 }
 /**
@ -53,7 +53,7 @@ export namespace hmac {
   * HMAC Digest.
   */
  interface Digest {
-    digest(data: Buffer): Promise<Buffer>;
+    digest(data: Uint8Array): Promise<Uint8Array>;
    length: 20 | 32 | 64 | number;
  }
  /**
@ -61,7 +61,7 @@ export namespace hmac {
   */
  function create(
    hash: "SHA1" | "SHA256" | "SHA512" | string,
-    secret: Buffer
+    secret: Uint8Array
  ): Promise<Digest>;
 }
@ -69,11 +69,11 @@ export namespace hmac {
 * Generic public key interface.
 */
 export interface PublicKey {
-  readonly bytes: Buffer;
+  readonly bytes: Uint8Array;
-  verify(data: Buffer, sig: Buffer): Promise<boolean>;
+  verify(data: Uint8Array, sig: Uint8Array): Promise<boolean>;
-  marshal(): Buffer;
+  marshal(): Uint8Array;
  equals(key: PublicKey): boolean;
-  hash(): Promise<Buffer>;
+  hash(): Promise<Uint8Array>;
 }
 /**
@ -81,11 +81,11 @@ export interface PublicKey {
 */
 export interface PrivateKey {
  readonly public: PublicKey;
-  readonly bytes: Buffer;
+  readonly bytes: Uint8Array;
-  sign(data: Buffer): Promise<Buffer>;
+  sign(data: Uint8Array): Promise<Uint8Array>;
-  marshal(): Buffer;
+  marshal(): Uint8Array;
  equals(key: PrivateKey): boolean;
-  hash(): Promise<Buffer>;
+  hash(): Promise<Uint8Array>;
  /**
   * Gets the ID of the key.
   *
@ -101,10 +101,10 @@ export interface PrivateKey {
 }
 export interface Keystretcher {
-  (res: Buffer): Keystretcher;
+  (res: Uint8Array): Keystretcher;
-  iv: Buffer;
+  iv: Uint8Array;
-  cipherKey: Buffer;
+  cipherKey: Uint8Array;
-  macKey: Buffer;
+  macKey: Uint8Array;
 }
 export interface StretchPair {
@ -127,94 +127,94 @@ export namespace keys {
  export namespace supportedKeys {
    namespace rsa {
      class RsaPublicKey implements PublicKey {
-        constructor(key: Buffer);
+        constructor(key: Uint8Array);
-        readonly bytes: Buffer;
+        readonly bytes: Uint8Array;
-        verify(data: Buffer, sig: Buffer): Promise<boolean>;
+        verify(data: Uint8Array, sig: Uint8Array): Promise<boolean>;
-        marshal(): Buffer;
+        marshal(): Uint8Array;
-        encrypt(bytes: Buffer): Buffer;
+        encrypt(bytes: Uint8Array): Uint8Array;
        equals(key: PublicKey): boolean;
-        hash(): Promise<Buffer>;
+        hash(): Promise<Uint8Array>;
      }
      class RsaPrivateKey implements PrivateKey {
-        constructor(key: any, publicKey: Buffer);
+        constructor(key: any, publicKey: Uint8Array);
        readonly public: RsaPublicKey;
-        readonly bytes: Buffer;
+        readonly bytes: Uint8Array;
-        genSecret(): Buffer;
+        genSecret(): Uint8Array;
-        sign(data: Buffer): Promise<Buffer>;
+        sign(data: Uint8Array): Promise<Uint8Array>;
-        decrypt(bytes: Buffer): Buffer;
+        decrypt(bytes: Uint8Array): Uint8Array;
-        marshal(): Buffer;
+        marshal(): Uint8Array;
        equals(key: PrivateKey): boolean;
-        hash(): Promise<Buffer>;
+        hash(): Promise<Uint8Array>;
        id(): Promise<string>;
        export(password: string, format?: string): Promise<string>;
      }
-      function unmarshalRsaPublicKey(buf: Buffer): RsaPublicKey;
+      function unmarshalRsaPublicKey(buf: Uint8Array): RsaPublicKey;
-      function unmarshalRsaPrivateKey(buf: Buffer): Promise<RsaPrivateKey>;
+      function unmarshalRsaPrivateKey(buf: Uint8Array): Promise<RsaPrivateKey>;
      function generateKeyPair(bits: number): Promise<RsaPrivateKey>;
-      function fromJwk(jwk: Buffer): Promise<RsaPrivateKey>;
+      function fromJwk(jwk: Uint8Array): Promise<RsaPrivateKey>;
    }
    namespace ed25519 {
      class Ed25519PublicKey implements PublicKey {
-        constructor(key: Buffer);
+        constructor(key: Uint8Array);
-        readonly bytes: Buffer;
+        readonly bytes: Uint8Array;
-        verify(data: Buffer, sig: Buffer): Promise<boolean>;
+        verify(data: Uint8Array, sig: Uint8Array): Promise<boolean>;
-        marshal(): Buffer;
+        marshal(): Uint8Array;
-        encrypt(bytes: Buffer): Buffer;
+        encrypt(bytes: Uint8Array): Uint8Array;
        equals(key: PublicKey): boolean;
-        hash(): Promise<Buffer>;
+        hash(): Promise<Uint8Array>;
      }
      class Ed25519PrivateKey implements PrivateKey {
-        constructor(key: Buffer, publicKey: Buffer);
+        constructor(key: Uint8Array, publicKey: Uint8Array);
        readonly public: Ed25519PublicKey;
-        readonly bytes: Buffer;
+        readonly bytes: Uint8Array;
-        sign(data: Buffer): Promise<Buffer>;
+        sign(data: Uint8Array): Promise<Uint8Array>;
-        marshal(): Buffer;
+        marshal(): Uint8Array;
        equals(key: PrivateKey): boolean;
-        hash(): Promise<Buffer>;
+        hash(): Promise<Uint8Array>;
        id(): Promise<string>;
        export(password: string, format?: string): Promise<string>;
      }
      function unmarshalEd25519PrivateKey(
-        buf: Buffer
+        buf: Uint8Array
      ): Promise<Ed25519PrivateKey>;
-      function unmarshalEd25519PublicKey(buf: Buffer): Ed25519PublicKey;
+      function unmarshalEd25519PublicKey(buf: Uint8Array): Ed25519PublicKey;
      function generateKeyPair(): Promise<Ed25519PrivateKey>;
      function generateKeyPairFromSeed(
-        seed: Buffer
+        seed: Uint8Array
      ): Promise<Ed25519PrivateKey>;
    }
    namespace secp256k1 {
      class Secp256k1PublicKey implements PublicKey {
-        constructor(key: Buffer);
+        constructor(key: Uint8Array);
-        readonly bytes: Buffer;
+        readonly bytes: Uint8Array;
-        verify(data: Buffer, sig: Buffer): Promise<boolean>;
+        verify(data: Uint8Array, sig: Uint8Array): Promise<boolean>;
-        marshal(): Buffer;
+        marshal(): Uint8Array;
-        encrypt(bytes: Buffer): Buffer;
+        encrypt(bytes: Uint8Array): Uint8Array;
        equals(key: PublicKey): boolean;
-        hash(): Promise<Buffer>;
+        hash(): Promise<Uint8Array>;
      }
      class Secp256k1PrivateKey implements PrivateKey {
-        constructor(key: Uint8Array | Buffer, publicKey: Uint8Array | Buffer);
+        constructor(key: Uint8Array, publicKey: Uint8Array);
        readonly public: Secp256k1PublicKey;
-        readonly bytes: Buffer;
+        readonly bytes: Uint8Array;
-        sign(data: Buffer): Promise<Buffer>;
+        sign(data: Uint8Array): Promise<Uint8Array>;
-        marshal(): Buffer;
+        marshal(): Uint8Array;
        equals(key: PrivateKey): boolean;
-        hash(): Promise<Buffer>;
+        hash(): Promise<Uint8Array>;
        id(): Promise<string>;
        export(password: string, format?: string): Promise<string>;
      }
      function unmarshalSecp256k1PrivateKey(
-        bytes: Buffer
+        bytes: Uint8Array
      ): Promise<Secp256k1PrivateKey>;
-      function unmarshalSecp256k1PublicKey(bytes: Buffer): Secp256k1PublicKey;
+      function unmarshalSecp256k1PublicKey(bytes: Uint8Array): Secp256k1PublicKey;
      function generateKeyPair(): Promise<Secp256k1PrivateKey>;
    }
  }
@ -266,8 +266,8 @@ export namespace keys {
  export function generateEphemeralKeyPair(
    curve: CurveType | string
  ): Promise<{
-    key: Buffer;
+    key: Uint8Array;
-    genSharedKey: (theirPub: Buffer, forcePrivate?: any) => Promise<Buffer>;
+    genSharedKey: (theirPub: Uint8Array, forcePrivate?: any) => Promise<Uint8Array>;
  }>;
  /**
@ -279,34 +279,34 @@ export namespace keys {
  export function keyStretcher(
    cipherType: CipherType | string,
    hashType: HashType | string,
-    secret: Buffer | string
+    secret: Uint8Array | string
  ): Promise<StretchPair>;
  /**
   * Converts a protobuf serialized public key into its representative object.
   * @param buf The protobuf serialized public key.
   */
-  export function unmarshalPublicKey(buf: Buffer): PublicKey;
+  export function unmarshalPublicKey(buf: Uint8Array): PublicKey;
  /**
   * Converts a public key object into a protobuf serialized public key.
   * @param key An RSA, Ed25519, or Secp256k1 public key object.
   * @param type One of the supported key types.
   */
-  export function marshalPublicKey(key: PublicKey, type?: KeyType | string): Buffer;
+  export function marshalPublicKey(key: PublicKey, type?: KeyType | string): Uint8Array;
  /**
   * Converts a protobuf serialized private key into its representative object.
   * @param buf The protobuf serialized private key.
   */
-  export function unmarshalPrivateKey(buf: Buffer): Promise<PrivateKey>;
+  export function unmarshalPrivateKey(buf: Uint8Array): Promise<PrivateKey>;
  /**
   * Converts a private key object into a protobuf serialized private key.
   * @param key An RSA, Ed25519, or Secp256k1 private key object.
   * @param type One of the supported key types.
   */
-  export function marshalPrivateKey(key: PrivateKey, type?: KeyType | string): Buffer;
+  export function marshalPrivateKey(key: PrivateKey, type?: KeyType | string): Uint8Array;
  /**
   * Converts a PEM password protected private key into its representative object.
@ -318,10 +318,10 @@ export namespace keys {
 }
 /**
- * Generates a Buffer populated by random bytes.
+ * Generates a Uint8Array populated by random bytes.
- * @param The size of the random bytes Buffer.
+ * @param The size of the random bytes Uint8Array.
 */
-export function randomBytes(number: number): Buffer;
+export function randomBytes(number: number): Uint8Array;
 /**
 * Computes the Password-Based Key Derivation Function 2.
@ -332,9 +332,9 @@ export function randomBytes(number: number): Buffer;
 * @param hash The hash name ('sha1', 'sha2-512, ...)
 */
 export function pbkdf2(
-  password: string | Buffer,
+  password: string | Uint8Array,
-  salt: string | Buffer,
+  salt: string | Uint8Array,
  iterations: number,
  keySize: number,
  hash: string
-): Buffer;
+): Uint8Array;
--- a/src/keys/ecdh-browser.js
+++ b/src/keys/ecdh-browser.js
@ -1,10 +1,12 @@
 'use strict'
 const errcode = require('err-code')
 const { Buffer } = require('buffer')
 const webcrypto = require('../webcrypto')
-const { bufferToBase64url, base64urlToBuffer } = require('../util')
+const { base64urlToBuffer } = require('../util')
 const validateCurveType = require('./validate-curve-type')
 const uint8ArrayToString = require('uint8arrays/to-string')
 const uint8ArrayConcat = require('uint8arrays/concat')
 const uint8ArrayEquals = require('uint8arrays/equals')
 const bits = {
  'P-256': 256,
@ -56,7 +58,7 @@ exports.generateEphmeralKeyPair = async function (curve) {
      privateKey
    ]
-    return Buffer.from(await webcrypto.get().subtle.deriveBits(
+    const buffer = await webcrypto.get().subtle.deriveBits(
      {
        name: 'ECDH',
        namedCurve: curve,
@ -64,7 +66,9 @@ exports.generateEphmeralKeyPair = async function (curve) {
      },
      keys[1],
      bits[curve]
-    ))
+    )
    return new Uint8Array(buffer, buffer.byteOffset, buffer.byteLength)
  }
  const publicKey = await webcrypto.get().subtle.exportKey('jwk', pair.publicKey)
@ -87,8 +91,8 @@ const curveLengths = {
 function marshalPublicKey (jwk) {
  const byteLen = curveLengths[jwk.crv]
-  return Buffer.concat([
+  return uint8ArrayConcat([
-    Buffer.from([4]), // uncompressed point
+    Uint8Array.from([4]), // uncompressed point
    base64urlToBuffer(jwk.x, byteLen),
    base64urlToBuffer(jwk.y, byteLen)
  ], 1 + byteLen * 2)
@ -98,20 +102,20 @@ function marshalPublicKey (jwk) {
 function unmarshalPublicKey (curve, key) {
  const byteLen = curveLengths[curve]
-  if (!key.slice(0, 1).equals(Buffer.from([4]))) {
+  if (uint8ArrayEquals(!key.slice(0, 1), Uint8Array.from([4]))) {
    throw errcode(new Error('Cannot unmarshal public key - invalid key format'), 'ERR_INVALID_KEY_FORMAT')
  }
  return {
    kty: 'EC',
    crv: curve,
-    x: bufferToBase64url(key.slice(1, byteLen + 1), byteLen),
+    x: uint8ArrayToString(key.slice(1, byteLen + 1), 'base64url'),
-    y: bufferToBase64url(key.slice(1 + byteLen), byteLen),
+    y: uint8ArrayToString(key.slice(1 + byteLen), 'base64url'),
    ext: true
  }
 }
 const unmarshalPrivateKey = (curve, key) => ({
  ...unmarshalPublicKey(curve, key.public),
-  d: bufferToBase64url(key.private)
+  d: uint8ArrayToString(key.private, 'base64url')
 })
--- a/src/keys/ed25519-class.js
+++ b/src/keys/ed25519-class.js
@ -1,10 +1,11 @@
 'use strict'
 const { Buffer } = require('buffer')
 const sha = require('multihashing-async/src/sha')
 const protobuf = require('protons')
 const multibase = require('multibase')
 const errcode = require('err-code')
 const uint8ArrayEquals = require('uint8arrays/equals')
 const uint8ArrayConcat = require('uint8arrays/concat')
 const crypto = require('./ed25519')
 const pbm = protobuf(require('./keys.proto'))
@ -20,7 +21,7 @@ class Ed25519PublicKey {
  }
  marshal () {
-    return Buffer.from(this._key)
+    return this._key
  }
  get bytes () {
@ -31,7 +32,7 @@ class Ed25519PublicKey {
  }
  equals (key) {
-    return this.bytes.equals(key.bytes)
+    return uint8ArrayEquals(this.bytes, key.bytes)
  }
  async hash () { // eslint-disable-line require-await
@ -40,8 +41,8 @@ class Ed25519PublicKey {
 }
 class Ed25519PrivateKey {
-  // key       - 64 byte Uint8Array or Buffer containing private key
+  // key       - 64 byte Uint8Array containing private key
-  // publicKey - 32 byte Uint8Array or Buffer containing public key
+  // publicKey - 32 byte Uint8Array containing public key
  constructor (key, publicKey) {
    this._key = ensureKey(key, crypto.privateKeyLength)
    this._publicKey = ensureKey(publicKey, crypto.publicKeyLength)
@ -56,7 +57,7 @@ class Ed25519PrivateKey {
  }
  marshal () {
-    return Buffer.concat([Buffer.from(this._key), Buffer.from(this._publicKey)])
+    return uint8ArrayConcat([this._key, this._publicKey])
  }
  get bytes () {
@ -67,7 +68,7 @@ class Ed25519PrivateKey {
  }
  equals (key) {
-    return this.bytes.equals(key.bytes)
+    return uint8ArrayEquals(this.bytes, key.bytes)
  }
  async hash () { // eslint-disable-line require-await
@ -93,7 +94,7 @@ class Ed25519PrivateKey {
   *
   * @param {string} password - The password to encrypt the key
   * @param {string} [format=libp2p-key] - The format in which to export as
-   * @returns {Promise<Buffer>} The encrypted private key
+   * @returns {Promise<Uint8Array>} The encrypted private key
   */
  async export (password, format = 'libp2p-key') { // eslint-disable-line require-await
    if (format === 'libp2p-key') {
@ -137,7 +138,7 @@ async function generateKeyPairFromSeed (seed) {
 function ensureKey (key, length) {
  key = Uint8Array.from(key || [])
  if (key.length !== length) {
-    throw errcode(new Error(`Key must be a Uint8Array or Buffer of length ${length}, got ${key.length}`), 'ERR_INVALID_KEY_TYPE')
+    throw errcode(new Error(`Key must be a Uint8Array of length ${length}, got ${key.length}`), 'ERR_INVALID_KEY_TYPE')
  }
  return key
 }
--- a/src/keys/ed25519.js
+++ b/src/keys/ed25519.js
@ -16,7 +16,7 @@ exports.generateKeyFromSeed = async function (seed) { // eslint-disable-line req
 exports.hashAndSign = async function (key, msg) { // eslint-disable-line require-await
  return forge.pki.ed25519.sign({ message: msg, privateKey: key })
-  // return Buffer.from(nacl.sign.detached(msg, key))
+  // return Uint8Array.from(nacl.sign.detached(msg, key))
 }
 exports.hashAndVerify = async function (key, sig, msg) { // eslint-disable-line require-await
--- a/src/keys/exporter.js
+++ b/src/keys/exporter.js
@ -9,7 +9,7 @@ module.exports = {
   * The PrivateKey is encrypted via a password derived PBKDF2 key
   * leveraging the aes-gcm cipher algorithm.
   *
-   * @param {Buffer} privateKey The PrivateKey protobuf buffer
+   * @param {Uint8Array} privateKey The PrivateKey protobuf
   * @param {string} password
   * @returns {Promise<string>} A base64 encoded string
   */
--- a/src/keys/importer.js
+++ b/src/keys/importer.js
@ -11,7 +11,7 @@ module.exports = {
   *
   * @param {string} privateKey A base64 encoded encrypted key
   * @param {string} password
-   * @returns {Promise<Buffer>} The private key protobuf buffer
+   * @returns {Promise<Uint8Array>} The private key protobuf
   */
  import: async function (privateKey, password) {
    const base64 = multibase.names.base64
--- a/src/keys/index.js
+++ b/src/keys/index.js
@ -1,12 +1,12 @@
 'use strict'
 const { Buffer } = require('buffer')
 const protobuf = require('protons')
 const keysPBM = protobuf(require('./keys.proto'))
 require('node-forge/lib/asn1')
 require('node-forge/lib/pbe')
 const forge = require('node-forge/lib/forge')
 const errcode = require('err-code')
 const uint8ArrayFromString = require('uint8arrays/from-string')
 const importer = require('./importer')
@ -130,6 +130,6 @@ exports.import = async (encryptedKey, password) => { // eslint-disable-line requ
    throw errcode(new Error('Cannot read the key, most likely the password is wrong or not a RSA key'), 'ERR_CANNOT_DECRYPT_PEM')
  }
  let der = forge.asn1.toDer(forge.pki.privateKeyToAsn1(key))
-  der = Buffer.from(der.getBytes(), 'binary')
+  der = uint8ArrayFromString(der.getBytes(), 'ascii')
  return supportedKeys.rsa.unmarshalRsaPrivateKey(der)
 }
--- a/src/keys/key-stretcher.js
+++ b/src/keys/key-stretcher.js
@ -1,6 +1,8 @@
 'use strict'
-const { Buffer } = require('buffer')
+
 const errcode = require('err-code')
 const uint8ArrayConcat = require('uint8arrays/concat')
 const uint8ArrayFromString = require('uint8arrays/from-string')
 const hmac = require('../hmac')
 const cipherMap = {
@ -35,7 +37,7 @@ module.exports = async (cipherType, hash, secret) => {
  const cipherKeySize = cipher.keySize
  const ivSize = cipher.ivSize
  const hmacKeySize = 20
-  const seed = Buffer.from('key expansion')
+  const seed = uint8ArrayFromString('key expansion')
  const resultLength = 2 * (ivSize + cipherKeySize + hmacKeySize)
  const m = await hmac.create(hash, secret)
@ -45,7 +47,7 @@ module.exports = async (cipherType, hash, secret) => {
  let j = 0
  while (j < resultLength) {
-    const b = await m.digest(Buffer.concat([a, seed]))
+    const b = await m.digest(uint8ArrayConcat([a, seed]))
    let todo = b.length
    if (j + todo > resultLength) {
@ -58,7 +60,7 @@ module.exports = async (cipherType, hash, secret) => {
  }
  const half = resultLength / 2
-  const resultBuffer = Buffer.concat(result)
+  const resultBuffer = uint8ArrayConcat(result)
  const r1 = resultBuffer.slice(0, half)
  const r2 = resultBuffer.slice(half, resultLength)
--- a/src/keys/rsa-browser.js
+++ b/src/keys/rsa-browser.js
@ -1,8 +1,9 @@
 'use strict'
 const { Buffer } = require('buffer')
 const webcrypto = require('../webcrypto')
 const randomBytes = require('../random-bytes')
 const uint8ArrayToString = require('uint8arrays/to-string')
 const uint8ArrayFromString = require('uint8arrays/from-string')
 exports.utils = require('./rsa-utils')
@ -75,7 +76,7 @@ exports.hashAndSign = async function (key, msg) {
    Uint8Array.from(msg)
  )
-  return Buffer.from(sig)
+  return new Uint8Array(sig, sig.byteOffset, sig.byteLength)
 }
 exports.hashAndVerify = async function (key, sig, msg) {
@ -129,8 +130,8 @@ RSA encryption/decryption for the browser with webcrypto workarround
 Explanation:
  - Convert JWK to nodeForge
-  - Convert msg buffer to nodeForge buffer: ByteBuffer is a "binary-string backed buffer", so let's make our buffer a binary string
+  - Convert msg Uint8Array to nodeForge buffer: ByteBuffer is a "binary-string backed buffer", so let's make our Uint8Array a binary string
-  - Convert resulting nodeForge buffer to buffer: it returns a binary string, turn that into a uint8array(buffer)
+  - Convert resulting nodeForge buffer to Uint8Array: it returns a binary string, turn that into a Uint8Array
 */
@ -138,9 +139,9 @@ const { jwk2pub, jwk2priv } = require('./jwk2pem')
 function convertKey (key, pub, msg, handle) {
  const fkey = pub ? jwk2pub(key) : jwk2priv(key)
-  const fmsg = Buffer.from(msg).toString('binary')
+  const fmsg = uint8ArrayToString(Uint8Array.from(msg), 'ascii')
  const fomsg = handle(fmsg, fkey)
-  return Buffer.from(fomsg, 'binary')
+  return uint8ArrayFromString(fomsg, 'ascii')
 }
 exports.encrypt = function (key, msg) {
--- a/src/keys/rsa-class.js
+++ b/src/keys/rsa-class.js
@ -2,8 +2,9 @@
 const sha = require('multihashing-async/src/sha')
 const protobuf = require('protons')
 const multibase = require('multibase')
 const errcode = require('err-code')
 const uint8ArrayEquals = require('uint8arrays/equals')
 const uint8ArrayToString = require('uint8arrays/to-string')
 require('node-forge/lib/sha512')
 require('node-forge/lib/ed25519')
@ -38,7 +39,7 @@ class RsaPublicKey {
  }
  equals (key) {
-    return this.bytes.equals(key.bytes)
+    return uint8ArrayEquals(this.bytes, key.bytes)
  }
  async hash () { // eslint-disable-line require-await
@ -48,7 +49,7 @@ class RsaPublicKey {
 class RsaPrivateKey {
  // key       - Object of the jwk format
-  // publicKey - Buffer of the spki format
+  // publicKey - Uint8Array of the spki format
  constructor (key, publicKey) {
    this._key = key
    this._publicKey = publicKey
@ -86,7 +87,7 @@ class RsaPrivateKey {
  }
  equals (key) {
-    return this.bytes.equals(key.bytes)
+    return uint8ArrayEquals(this.bytes, key.bytes)
  }
  async hash () { // eslint-disable-line require-await
@ -104,7 +105,7 @@ class RsaPrivateKey {
   */
  async id () {
    const hash = await this.public.hash()
-    return multibase.encode('base58btc', hash).toString().slice(1)
+    return uint8ArrayToString(hash, 'base58btc')
  }
  /**
--- a/src/keys/rsa-utils.js
+++ b/src/keys/rsa-utils.js
@ -1,15 +1,15 @@
 'use strict'
 const { Buffer } = require('buffer')
 require('node-forge/lib/asn1')
 require('node-forge/lib/rsa')
 const forge = require('node-forge/lib/forge')
 const { bigIntegerToUintBase64url, base64urlToBigInteger } = require('./../util')
 const uint8ArrayFromString = require('uint8arrays/from-string')
 const uint8ArrayToString = require('uint8arrays/to-string')
 // Convert a PKCS#1 in ASN1 DER format to a JWK key
 exports.pkcs1ToJwk = function (bytes) {
-  bytes = Buffer.from(bytes) // convert Uint8Arrays
+  const asn1 = forge.asn1.fromDer(uint8ArrayToString(bytes, 'ascii'))
  const asn1 = forge.asn1.fromDer(bytes.toString('binary'))
  const privateKey = forge.pki.privateKeyFromAsn1(asn1)
  // https://tools.ietf.org/html/rfc7518#section-6.3.1
@ -41,12 +41,12 @@ exports.jwkToPkcs1 = function (jwk) {
    qInv: base64urlToBigInteger(jwk.qi)
  })
-  return Buffer.from(forge.asn1.toDer(asn1).getBytes(), 'binary')
+  return uint8ArrayFromString(forge.asn1.toDer(asn1).getBytes(), 'ascii')
 }
 // Convert a PKCIX in ASN1 DER format to a JWK key
 exports.pkixToJwk = function (bytes) {
-  const asn1 = forge.asn1.fromDer(bytes.toString('binary'))
+  const asn1 = forge.asn1.fromDer(uint8ArrayToString(bytes, 'ascii'))
  const publicKey = forge.pki.publicKeyFromAsn1(asn1)
  return {
@ -65,5 +65,5 @@ exports.jwkToPkix = function (jwk) {
    e: base64urlToBigInteger(jwk.e)
  })
-  return Buffer.from(forge.asn1.toDer(asn1).getBytes(), 'binary')
+  return uint8ArrayFromString(forge.asn1.toDer(asn1).getBytes(), 'ascii')
 }
--- a/src/keys/secp256k1-class.js
+++ b/src/keys/secp256k1-class.js
@ -1,8 +1,9 @@
 'use strict'
 const multibase = require('multibase')
 const sha = require('multihashing-async/src/sha')
 const errcode = require('err-code')
 const uint8ArrayEquals = require('uint8arrays/equals')
 const uint8ArrayToString = require('uint8arrays/to-string')
 const exporter = require('./exporter')
@ -31,7 +32,7 @@ module.exports = (keysProtobuf, randomBytes, crypto) => {
    }
    equals (key) {
-      return this.bytes.equals(key.bytes)
+      return uint8ArrayEquals(this.bytes, key.bytes)
    }
    hash () {
@ -67,7 +68,7 @@ module.exports = (keysProtobuf, randomBytes, crypto) => {
    }
    equals (key) {
-      return this.bytes.equals(key.bytes)
+      return uint8ArrayEquals(this.bytes, key.bytes)
    }
    hash () {
@ -85,7 +86,7 @@ module.exports = (keysProtobuf, randomBytes, crypto) => {
     */
    async id () {
      const hash = await this.public.hash()
-      return multibase.encode('base58btc', hash).toString().slice(1)
+      return uint8ArrayToString(hash, 'base58btc')
    }
    /**
--- a/src/keys/secp256k1.js
+++ b/src/keys/secp256k1.js
@ -1,26 +1,9 @@
 'use strict'
 const { Buffer } = require('buffer')
 var isTypedArray = require('is-typedarray').strict
 const secp256k1 = require('secp256k1')
 const sha = require('multihashing-async/src/sha')
 const HASH_ALGORITHM = 'sha2-256'
 function typedArrayTobuffer (arr) {
  if (isTypedArray(arr)) {
    // To avoid a copy, use the typed array's underlying ArrayBuffer to back new Buffer
    var buf = Buffer.from(arr.buffer)
    if (arr.byteLength !== arr.buffer.byteLength) {
      // Respect the "view", i.e. byteOffset and byteLength, without doing a copy
      buf = buf.slice(arr.byteOffset, arr.byteOffset + arr.byteLength)
    }
    return buf
  } else {
    // Pass through all other types to `Buffer.from`
    return Buffer.from(arr)
  }
 }
 module.exports = (randomBytes) => {
  const privateKeyLength = 32
@ -35,12 +18,12 @@ module.exports = (randomBytes) => {
  async function hashAndSign (key, msg) {
    const digest = await sha.digest(msg, HASH_ALGORITHM)
    const sig = secp256k1.ecdsaSign(digest, key)
-    return typedArrayTobuffer(secp256k1.signatureExport(sig.signature))
+    return secp256k1.signatureExport(sig.signature)
  }
  async function hashAndVerify (key, sig, msg) {
    const digest = await sha.digest(msg, HASH_ALGORITHM)
-    sig = typedArrayTobuffer(secp256k1.signatureImport(sig))
+    sig = secp256k1.signatureImport(sig)
    return secp256k1.ecdsaVerify(sig, digest, key)
  }
@ -48,11 +31,11 @@ module.exports = (randomBytes) => {
    if (!secp256k1.publicKeyVerify(key)) {
      throw new Error('Invalid public key')
    }
-    return typedArrayTobuffer(secp256k1.publicKeyConvert(key, true))
+    return secp256k1.publicKeyConvert(key, true)
  }
  function decompressPublicKey (key) {
-    return typedArrayTobuffer(secp256k1.publicKeyConvert(key, false))
+    return secp256k1.publicKeyConvert(key, false)
  }
  function validatePrivateKey (key) {
@ -69,7 +52,7 @@ module.exports = (randomBytes) => {
  function computePublicKey (privateKey) {
    validatePrivateKey(privateKey)
-    return typedArrayTobuffer(secp256k1.publicKeyCreate(privateKey))
+    return secp256k1.publicKeyCreate(privateKey)
  }
  return {
--- a/src/util.js
+++ b/src/util.js
@ -1,13 +1,15 @@
 'use strict'
 const { Buffer } = require('buffer')
 require('node-forge/lib/util')
 require('node-forge/lib/jsbn')
 const forge = require('node-forge/lib/forge')
 const uint8ArrayFromString = require('uint8arrays/from-string')
 const uint8ArrayToString = require('uint8arrays/to-string')
 const uint8ArrayConcat = require('uint8arrays/concat')
 exports.bigIntegerToUintBase64url = (num, len) => {
  // Call `.abs()` to convert to unsigned
-  let buf = Buffer.from(num.abs().toByteArray()) // toByteArray converts to big endian
+  let buf = Uint8Array.from(num.abs().toByteArray()) // toByteArray converts to big endian
  // toByteArray() gives us back a signed array, which will include a leading 0
  // byte if the most significant bit of the number is 1:
@ -17,38 +19,24 @@ exports.bigIntegerToUintBase64url = (num, len) => {
  if (len != null) {
    if (buf.length > len) throw new Error('byte array longer than desired length')
-    buf = Buffer.concat([Buffer.alloc(len - buf.length), buf])
+    buf = uint8ArrayConcat([new Uint8Array(len - buf.length), buf])
  }
-  return exports.bufferToBase64url(buf)
+  return uint8ArrayToString(buf, 'base64url')
 }
 // Convert a Buffer to a base64 encoded string without padding
 // Adapted from https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#appendix-C
 exports.bufferToBase64url = buf => {
  return buf
    .toString('base64')
    .split('=')[0] // Remove any trailing '='s
    .replace(/\+/g, '-') // 62nd char of encoding
    .replace(/\//g, '_') // 63rd char of encoding
 }
 // Convert a base64url encoded string to a BigInteger
 exports.base64urlToBigInteger = str => {
  const buf = exports.base64urlToBuffer(str)
-  return new forge.jsbn.BigInteger(buf.toString('hex'), 16)
+  return new forge.jsbn.BigInteger(uint8ArrayToString(buf, 'base16'), 16)
 }
 exports.base64urlToBuffer = (str, len) => {
-  str = (str + '==='.slice((str.length + 3) % 4))
+  let buf = uint8ArrayFromString(str, 'base64urlpad')
    .replace(/-/g, '+')
    .replace(/_/g, '/')
  let buf = Buffer.from(str, 'base64')
  if (len != null) {
    if (buf.length > len) throw new Error('byte array longer than desired length')
-    buf = Buffer.concat([Buffer.alloc(len - buf.length), buf])
+    buf = uint8ArrayConcat([new Uint8Array(len - buf.length), buf])
  }
  return buf
--- a/test/aes/aes.spec.js
+++ b/test/aes/aes.spec.js
@ -2,7 +2,7 @@
 /* eslint-disable valid-jsdoc */
 /* eslint-env mocha */
 'use strict'
-const { Buffer } = require('buffer')
+
 const chai = require('chai')
 const dirtyChai = require('dirty-chai')
 const expect = chai.expect
@ -23,10 +23,10 @@ const bytes = {
 describe('AES-CTR', () => {
  Object.keys(bytes).forEach((byte) => {
    it(`${bytes[byte]} - encrypt and decrypt`, async () => {
-      const key = Buffer.alloc(parseInt(byte, 10))
+      const key = new Uint8Array(parseInt(byte, 10))
      key.fill(5)
-      const iv = Buffer.alloc(16)
+      const iv = new Uint8Array(16)
      iv.fill(1)
      const cipher = await crypto.aes.create(key, iv)
@ -41,18 +41,18 @@ describe('AES-CTR', () => {
  Object.keys(bytes).forEach((byte) => {
    it(`${bytes[byte]} - fixed - encrypt and decrypt`, async () => {
-      const key = Buffer.alloc(parseInt(byte, 10))
+      const key = new Uint8Array(parseInt(byte, 10))
      key.fill(5)
-      const iv = Buffer.alloc(16)
+      const iv = new Uint8Array(16)
      iv.fill(1)
      const cipher = await crypto.aes.create(key, iv)
      for (let i = 0; i < fixtures[byte].inputs.length; i++) {
        const rawIn = fixtures[byte].inputs[i]
-        const input = Buffer.from(rawIn)
+        const input = Uint8Array.from(rawIn.data)
-        const output = Buffer.from(fixtures[byte].outputs[i])
+        const output = Uint8Array.from(fixtures[byte].outputs[i].data)
        const encrypted = await cipher.encrypt(input)
        expect(encrypted).to.have.length(output.length)
        expect(encrypted).to.eql(output)
@ -68,18 +68,18 @@ describe('AES-CTR', () => {
    }
    it(`${bytes[byte]} - go interop - encrypt and decrypt`, async () => {
-      const key = Buffer.alloc(parseInt(byte, 10))
+      const key = new Uint8Array(parseInt(byte, 10))
      key.fill(5)
-      const iv = Buffer.alloc(16)
+      const iv = new Uint8Array(16)
      iv.fill(1)
      const cipher = await crypto.aes.create(key, iv)
      for (let i = 0; i < goFixtures[byte].inputs.length; i++) {
        const rawIn = goFixtures[byte].inputs[i]
-        const input = Buffer.from(rawIn)
+        const input = Uint8Array.from(rawIn)
-        const output = Buffer.from(goFixtures[byte].outputs[i])
+        const output = Uint8Array.from(goFixtures[byte].outputs[i])
        const encrypted = await cipher.encrypt(input)
        expect(encrypted).to.have.length(output.length)
        expect(encrypted).to.eql(output)
@ -90,8 +90,8 @@ describe('AES-CTR', () => {
  })
  it('checks key length', () => {
-    const key = Buffer.alloc(5)
+    const key = new Uint8Array(5)
-    const iv = Buffer.alloc(16)
+    const iv = new Uint8Array(16)
    return expectErrCode(crypto.aes.create(key, iv), 'ERR_INVALID_KEY_LENGTH')
  })
 })
@ -101,7 +101,7 @@ describe('AES-CTR', () => {
 * @type {function(Cipher): Promise<void>}
 */
 async function encryptAndDecrypt (cipher) {
-  const data = Buffer.alloc(100)
+  const data = new Uint8Array(100)
  data.fill(Math.ceil(Math.random() * 100))
  const encrypted = await cipher.encrypt(data)
--- a/test/browser.js
+++ b/test/browser.js
@ -4,8 +4,7 @@
 const chai = require('chai')
 chai.use(require('dirty-chai'))
 const expect = chai.expect
-
+const uint8ArrayFromString = require('uint8arrays/from-string')
 const { Buffer } = require('buffer')
 const crypto = require('../')
 const webcrypto = require('../src/webcrypto')
@ -38,7 +37,7 @@ describe('Missing web crypto', () => {
  })
  it('should error for hmac create when web crypto is missing', () => {
-    return expectMissingWebCrypto(() => crypto.hmac.create('SHA256', Buffer.from('secret')))
+    return expectMissingWebCrypto(() => crypto.hmac.create('SHA256', uint8ArrayFromString('secret')))
  })
  it('should error for generate ephemeral key pair when web crypto is missing', () => {
@ -54,10 +53,10 @@ describe('Missing web crypto', () => {
  })
  it('should error for sign RSA private key when web crypto is missing', () => {
-    return expectMissingWebCrypto(() => rsaPrivateKey.sign(Buffer.from('test')))
+    return expectMissingWebCrypto(() => rsaPrivateKey.sign(uint8ArrayFromString('test')))
  })
  it('should error for verify RSA public key when web crypto is missing', () => {
-    return expectMissingWebCrypto(() => rsaPrivateKey.public.verify(Buffer.from('test'), Buffer.from('test')))
+    return expectMissingWebCrypto(() => rsaPrivateKey.public.verify(uint8ArrayFromString('test'), uint8ArrayFromString('test')))
  })
 })
--- a/test/crypto.spec.js
+++ b/test/crypto.spec.js
@ -9,6 +9,7 @@ chai.use(dirtyChai)
 const crypto = require('../src')
 const fixtures = require('./fixtures/go-key-rsa')
 const { expectErrCode } = require('./util')
 const uint8ArrayEquals = require('uint8arrays/equals')
 /** @typedef {import("libp2p-crypto").PrivateKey} PrivateKey */
@ -83,7 +84,7 @@ describe('libp2p-crypto', function () {
    it('unmarshal -> marshal, public key', () => {
      const key = crypto.keys.unmarshalPublicKey(fixtures.public.key)
      const marshalled = crypto.keys.marshalPublicKey(key)
-      expect(fixtures.public.key.equals(marshalled)).to.eql(true)
+      expect(uint8ArrayEquals(fixtures.public.key, marshalled)).to.eql(true)
    })
  })
--- a/test/fixtures/go-elliptic-key.js
+++ b/test/fixtures/go-elliptic-key.js
@ -1,13 +1,12 @@
 'use strict'
 const { Buffer } = require('buffer')
 module.exports = {
  curve: 'P-256',
  bob: {
-    private: Buffer.from([
+    private: Uint8Array.from([
      181, 217, 162, 151, 225, 36, 53, 253, 107, 66, 27, 27, 232, 72, 0, 0, 103, 167, 84, 62, 203, 91, 97, 137, 131, 193, 230, 126, 98, 242, 216, 170
    ]),
-    public: Buffer.from([
+    public: Uint8Array.from([
      4, 53, 59, 128, 56, 162, 250, 72, 141, 206, 117, 232, 57, 96, 39, 39, 247, 7, 27, 57, 251, 232, 120, 186, 21, 239, 176, 139, 195, 129, 125, 85, 11, 188, 191, 32, 227, 0, 6, 163, 101, 68, 208, 1, 43, 131, 124, 112, 102, 91, 104, 79, 16, 119, 152, 208, 4, 147, 155, 83, 20, 146, 104, 55, 90
    ])
  }
--- a/test/fixtures/go-key-ed25519.js
+++ b/test/fixtures/go-key-ed25519.js
@ -1,5 +1,4 @@
 'use strict'
 const { Buffer } = require('buffer')
 module.exports = {
  // Generation code from https://github.com/libp2p/js-libp2p-crypto/issues/175#issuecomment-634467463
@ -20,24 +19,24 @@ module.exports = {
  //   privkeyBytes, _ := priv.Bytes()
  //   data := []byte("hello! and welcome to some awesome crypto primitives")
  //   sig, _ := priv.Sign(data)
-  //   fmt.Println("{\n  publicKey: Buffer.from(", strings.Replace(fmt.Sprint(pubkeyBytes), " ", ",", -1), "),")
+  //   fmt.Println("{\n  publicKey: Uint8Array.from(", strings.Replace(fmt.Sprint(pubkeyBytes), " ", ",", -1), "),")
-  //   fmt.Println("  privateKey: Buffer.from(", strings.Replace(fmt.Sprint(privkeyBytes), " ", ",", -1), "),")
+  //   fmt.Println("  privateKey: Uint8Array.from(", strings.Replace(fmt.Sprint(privkeyBytes), " ", ",", -1), "),")
-  //   fmt.Println("  data: Buffer.from(", strings.Replace(fmt.Sprint(data), " ", ",", -1), "),")
+  //   fmt.Println("  data: Uint8Array.from(", strings.Replace(fmt.Sprint(data), " ", ",", -1), "),")
-  //   fmt.Println("  signature: Buffer.from(", strings.Replace(fmt.Sprint(sig), " ", ",", -1), ")\n}")
+  //   fmt.Println("  signature: Uint8Array.from(", strings.Replace(fmt.Sprint(sig), " ", ",", -1), ")\n}")
  // }
  //
  // The legacy key unnecessarily appends the publickey. (It's already included) See https://github.com/libp2p/js-libp2p-crypto/issues/175
  redundantPubKey: {
-    privateKey: Buffer.from([8, 1, 18, 96, 201, 208, 1, 110, 176, 16, 230, 37, 66, 184, 149, 252, 78, 56, 206, 136, 2, 38, 118, 152, 226, 197, 117, 200, 54, 189, 156, 218, 184, 7, 118, 57, 233, 49, 221, 97, 164, 158, 241, 129, 73, 166, 225, 255, 193, 118, 22, 84, 55, 15, 249, 168, 225, 180, 198, 191, 14, 75, 187, 243, 150, 91, 232, 37, 233, 49, 221, 97, 164, 158, 241, 129, 73, 166, 225, 255, 193, 118, 22, 84, 55, 15, 249, 168, 225, 180, 198, 191, 14, 75, 187, 243, 150, 91, 232, 37]),
+    privateKey: Uint8Array.from([8, 1, 18, 96, 201, 208, 1, 110, 176, 16, 230, 37, 66, 184, 149, 252, 78, 56, 206, 136, 2, 38, 118, 152, 226, 197, 117, 200, 54, 189, 156, 218, 184, 7, 118, 57, 233, 49, 221, 97, 164, 158, 241, 129, 73, 166, 225, 255, 193, 118, 22, 84, 55, 15, 249, 168, 225, 180, 198, 191, 14, 75, 187, 243, 150, 91, 232, 37, 233, 49, 221, 97, 164, 158, 241, 129, 73, 166, 225, 255, 193, 118, 22, 84, 55, 15, 249, 168, 225, 180, 198, 191, 14, 75, 187, 243, 150, 91, 232, 37]),
-    publicKey: Buffer.from([8, 1, 18, 32, 233, 49, 221, 97, 164, 158, 241, 129, 73, 166, 225, 255, 193, 118, 22, 84, 55, 15, 249, 168, 225, 180, 198, 191, 14, 75, 187, 243, 150, 91, 232, 37]),
+    publicKey: Uint8Array.from([8, 1, 18, 32, 233, 49, 221, 97, 164, 158, 241, 129, 73, 166, 225, 255, 193, 118, 22, 84, 55, 15, 249, 168, 225, 180, 198, 191, 14, 75, 187, 243, 150, 91, 232, 37]),
-    data: Buffer.from([104, 101, 108, 108, 111, 33, 32, 97, 110, 100, 32, 119, 101, 108, 99, 111, 109, 101, 32, 116, 111, 32, 115, 111, 109, 101, 32, 97, 119, 101, 115, 111, 109, 101, 32, 99, 114, 121, 112, 116, 111, 32, 112, 114, 105, 109, 105, 116, 105, 118, 101, 115]),
+    data: Uint8Array.from([104, 101, 108, 108, 111, 33, 32, 97, 110, 100, 32, 119, 101, 108, 99, 111, 109, 101, 32, 116, 111, 32, 115, 111, 109, 101, 32, 97, 119, 101, 115, 111, 109, 101, 32, 99, 114, 121, 112, 116, 111, 32, 112, 114, 105, 109, 105, 116, 105, 118, 101, 115]),
-    signature: Buffer.from([7, 230, 175, 164, 228, 58, 78, 208, 62, 243, 73, 142, 83, 195, 176, 217, 166, 62, 41, 165, 168, 164, 75, 179, 163, 86, 102, 32, 18, 84, 150, 237, 39, 207, 213, 20, 134, 237, 50, 41, 176, 183, 229, 133, 38, 255, 42, 228, 68, 186, 100, 14, 175, 156, 243, 118, 125, 125, 120, 212, 124, 103, 252, 12])
+    signature: Uint8Array.from([7, 230, 175, 164, 228, 58, 78, 208, 62, 243, 73, 142, 83, 195, 176, 217, 166, 62, 41, 165, 168, 164, 75, 179, 163, 86, 102, 32, 18, 84, 150, 237, 39, 207, 213, 20, 134, 237, 50, 41, 176, 183, 229, 133, 38, 255, 42, 228, 68, 186, 100, 14, 175, 156, 243, 118, 125, 125, 120, 212, 124, 103, 252, 12])
  },
  verify: {
-    publicKey: Buffer.from([8, 1, 18, 32, 163, 176, 195, 47, 254, 208, 49, 5, 192, 102, 32, 63, 58, 202, 171, 153, 146, 164, 25, 212, 25, 91, 146, 26, 117, 165, 148, 6, 207, 90, 217, 126]),
+    publicKey: Uint8Array.from([8, 1, 18, 32, 163, 176, 195, 47, 254, 208, 49, 5, 192, 102, 32, 63, 58, 202, 171, 153, 146, 164, 25, 212, 25, 91, 146, 26, 117, 165, 148, 6, 207, 90, 217, 126]),
-    privateKey: Buffer.from([8, 1, 18, 64, 232, 56, 175, 20, 240, 160, 19, 47, 92, 88, 115, 221, 164, 13, 36, 162, 158, 136, 247, 31, 29, 231, 76, 143, 12, 91, 193, 4, 88, 33, 67, 23, 163, 176, 195, 47, 254, 208, 49, 5, 192, 102, 32, 63, 58, 202, 171, 153, 146, 164, 25, 212, 25, 91, 146, 26, 117, 165, 148, 6, 207, 90, 217, 126]),
+    privateKey: Uint8Array.from([8, 1, 18, 64, 232, 56, 175, 20, 240, 160, 19, 47, 92, 88, 115, 221, 164, 13, 36, 162, 158, 136, 247, 31, 29, 231, 76, 143, 12, 91, 193, 4, 88, 33, 67, 23, 163, 176, 195, 47, 254, 208, 49, 5, 192, 102, 32, 63, 58, 202, 171, 153, 146, 164, 25, 212, 25, 91, 146, 26, 117, 165, 148, 6, 207, 90, 217, 126]),
-    data: Buffer.from([104, 101, 108, 108, 111, 33, 32, 97, 110, 100, 32, 119, 101, 108, 99, 111, 109, 101, 32, 116, 111, 32, 115, 111, 109, 101, 32, 97, 119, 101, 115, 111, 109, 101, 32, 99, 114, 121, 112, 116, 111, 32, 112, 114, 105, 109, 105, 116, 105, 118, 101, 115]),
+    data: Uint8Array.from([104, 101, 108, 108, 111, 33, 32, 97, 110, 100, 32, 119, 101, 108, 99, 111, 109, 101, 32, 116, 111, 32, 115, 111, 109, 101, 32, 97, 119, 101, 115, 111, 109, 101, 32, 99, 114, 121, 112, 116, 111, 32, 112, 114, 105, 109, 105, 116, 105, 118, 101, 115]),
-    signature: Buffer.from([160, 125, 30, 62, 213, 189, 239, 92, 87, 76, 205, 169, 251, 149, 187, 57, 96, 85, 175, 213, 22, 132, 229, 60, 196, 18, 117, 194, 12, 174, 135, 31, 39, 168, 174, 103, 78, 55, 37, 222, 37, 172, 222, 239, 153, 63, 197, 152, 67, 167, 191, 215, 161, 212, 216, 163, 81, 77, 45, 228, 151, 79, 101, 1])
+    signature: Uint8Array.from([160, 125, 30, 62, 213, 189, 239, 92, 87, 76, 205, 169, 251, 149, 187, 57, 96, 85, 175, 213, 22, 132, 229, 60, 196, 18, 117, 194, 12, 174, 135, 31, 39, 168, 174, 103, 78, 55, 37, 222, 37, 172, 222, 239, 153, 63, 197, 152, 67, 167, 191, 215, 161, 212, 216, 163, 81, 77, 45, 228, 151, 79, 101, 1])
  }
 }
--- a/test/fixtures/go-key-rsa.js
+++ b/test/fixtures/go-key-rsa.js
@ -1,30 +1,30 @@
 'use strict'
-const { Buffer } = require('buffer')
+
 module.exports = {
  private: {
-    hash: Buffer.from([
+    hash: Uint8Array.from([
      18, 32, 168, 125, 165, 65, 34, 157, 209, 4, 24, 158, 80, 196, 125, 86, 103, 0, 228, 145, 109, 252, 153, 7, 189, 9, 16, 37, 239, 36, 48, 78, 214, 212
    ]),
-    key: Buffer.from([
+    key: Uint8Array.from([
      8, 0, 18, 192, 2, 48, 130, 1, 60, 2, 1, 0, 2, 65, 0, 230, 157, 160, 242, 74, 222, 87, 0, 77, 180, 91, 175, 217, 166, 2, 95, 193, 239, 195, 140, 224, 57, 84, 207, 46, 172, 113, 196, 20, 133, 117, 205, 45, 7, 224, 41, 40, 195, 254, 124, 14, 84, 223, 147, 67, 198, 48, 36, 53, 161, 112, 46, 153, 90, 19, 123, 94, 247, 5, 116, 1, 238, 32, 15, 2, 3, 1, 0, 1, 2, 65, 0, 191, 59, 140, 255, 254, 23, 123, 91, 148, 19, 240, 71, 213, 26, 181, 51, 68, 181, 150, 153, 214, 65, 148, 83, 45, 103, 239, 250, 225, 237, 125, 173, 111, 244, 37, 124, 87, 178, 86, 10, 14, 207, 63, 105, 213, 37, 81, 23, 230, 4, 222, 179, 144, 40, 252, 163, 190, 7, 241, 221, 28, 54, 225, 209, 2, 33, 0, 235, 132, 229, 150, 99, 182, 176, 194, 198, 65, 210, 160, 184, 70, 82, 49, 235, 199, 14, 11, 92, 66, 237, 45, 220, 72, 235, 1, 244, 145, 205, 57, 2, 33, 0, 250, 171, 146, 180, 188, 194, 14, 152, 52, 64, 38, 52, 158, 86, 46, 109, 66, 100, 122, 43, 88, 167, 143, 98, 104, 143, 160, 60, 171, 185, 31, 135, 2, 33, 0, 206, 47, 255, 203, 100, 170, 137, 31, 75, 240, 78, 84, 212, 95, 4, 16, 158, 73, 27, 27, 136, 255, 50, 163, 166, 169, 211, 204, 87, 111, 217, 201, 2, 33, 0, 177, 51, 194, 213, 3, 175, 7, 84, 47, 115, 189, 206, 106, 180, 47, 195, 203, 48, 110, 112, 224, 14, 43, 189, 124, 127, 51, 222, 79, 226, 225, 87, 2, 32, 67, 23, 190, 222, 106, 22, 115, 139, 217, 244, 178, 53, 153, 99, 5, 176, 72, 77, 193, 61, 67, 134, 37, 238, 69, 66, 159, 28, 39, 5, 238, 125
    ])
  },
  public: {
-    hash: Buffer.from([
+    hash: Uint8Array.from([
      18, 32, 112, 151, 163, 167, 204, 243, 175, 123, 208, 162, 90, 84, 199, 174, 202, 110, 0, 119, 27, 202, 7, 149, 161, 251, 215, 168, 163, 54, 93, 54, 195, 20
    ]),
-    key: Buffer.from([
+    key: Uint8Array.from([
      8, 0, 18, 94, 48, 92, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65, 0, 230, 157, 160, 242, 74, 222, 87, 0, 77, 180, 91, 175, 217, 166, 2, 95, 193, 239, 195, 140, 224, 57, 84, 207, 46, 172, 113, 196, 20, 133, 117, 205, 45, 7, 224, 41, 40, 195, 254, 124, 14, 84, 223, 147, 67, 198, 48, 36, 53, 161, 112, 46, 153, 90, 19, 123, 94, 247, 5, 116, 1, 238, 32, 15, 2, 3, 1, 0, 1
    ])
  },
  verify: {
-    signature: Buffer.from([
+    signature: Uint8Array.from([
      3, 116, 81, 57, 91, 194, 7, 1, 230, 236, 229, 142, 36, 209, 208, 107, 47, 52, 164, 236, 139, 35, 155, 97, 43, 64, 145, 91, 19, 218, 149, 63, 99, 164, 191, 110, 145, 37, 18, 7, 98, 112, 144, 35, 29, 186, 169, 150, 165, 88, 145, 170, 197, 110, 42, 163, 188, 10, 42, 63, 34, 93, 91, 94, 199, 110, 10, 82, 238, 80, 93, 93, 77, 130, 22, 216, 229, 172, 36, 229, 82, 162, 20, 78, 19, 46, 82, 243, 43, 80, 115, 125, 145, 231, 194, 224, 30, 187, 55, 228, 74, 52, 203, 191, 254, 148, 136, 218, 62, 147, 171, 130, 251, 181, 105, 29, 238, 207, 197, 249, 61, 105, 202, 172, 160, 174, 43, 124, 115, 130, 169, 30, 76, 41, 52, 200, 2, 26, 53, 190, 43, 20, 203, 10, 217, 250, 47, 102, 92, 103, 197, 22, 108, 184, 74, 218, 82, 202, 180, 98, 13, 114, 12, 92, 1, 139, 150, 170, 8, 92, 32, 116, 168, 219, 157, 162, 28, 77, 29, 29, 74, 136, 144, 49, 173, 245, 253, 76, 167, 200, 169, 163, 7, 49, 133, 120, 99, 191, 53, 10, 66, 26, 234, 240, 139, 235, 134, 30, 55, 248, 150, 100, 242, 150, 159, 198, 44, 78, 150, 7, 133, 139, 59, 76, 3, 225, 94, 13, 89, 122, 34, 95, 95, 107, 74, 169, 171, 169, 222, 25, 191, 182, 148, 116, 66, 67, 102, 12, 193, 217, 247, 243, 148, 233, 161, 157
    ]),
-    data: Buffer.from([
+    data: Uint8Array.from([
      10, 16, 27, 128, 228, 220, 147, 176, 53, 105, 175, 171, 32, 213, 35, 236, 203, 60, 18, 171, 2, 8, 0, 18, 166, 2, 48, 130, 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 130, 1, 10, 2, 130, 1, 1, 0, 181, 113, 138, 108, 208, 103, 166, 102, 37, 36, 204, 250, 228, 165, 44, 64, 176, 210, 205, 141, 241, 55, 200, 110, 98, 68, 85, 199, 254, 19, 86, 204, 63, 250, 167, 38, 59, 249, 146, 228, 73, 171, 63, 18, 96, 104, 191, 137, 186, 244, 255, 90, 16, 119, 195, 52, 177, 213, 254, 187, 174, 84, 174, 173, 12, 236, 53, 234, 3, 209, 82, 37, 78, 111, 214, 135, 76, 195, 9, 242, 134, 188, 153, 84, 139, 231, 51, 146, 177, 60, 12, 25, 158, 91, 215, 152, 7, 0, 84, 35, 36, 230, 227, 67, 198, 72, 50, 110, 37, 209, 98, 193, 65, 93, 173, 199, 4, 198, 102, 99, 148, 144, 224, 217, 114, 53, 144, 245, 251, 114, 211, 20, 82, 163, 123, 75, 16, 192, 106, 213, 128, 2, 11, 200, 203, 84, 41, 199, 224, 155, 171, 217, 64, 109, 116, 188, 151, 183, 173, 52, 205, 164, 93, 13, 251, 65, 182, 160, 154, 185, 239, 33, 184, 84, 159, 105, 101, 173, 194, 251, 123, 84, 92, 66, 61, 180, 45, 104, 162, 224, 214, 233, 64, 220, 165, 2, 104, 116, 150, 2, 234, 203, 112, 21, 124, 23, 48, 66, 30, 63, 30, 36, 246, 135, 203, 218, 115, 22, 189, 39, 39, 125, 205, 65, 222, 220, 77, 18, 84, 121, 161, 153, 125, 25, 139, 137, 170, 239, 150, 106, 119, 168, 216, 140, 113, 121, 26, 53, 118, 110, 53, 192, 244, 252, 145, 85, 2, 3, 1, 0, 1, 26, 17, 80, 45, 50, 53, 54, 44, 80, 45, 51, 56, 52, 44, 80, 45, 53, 50, 49, 34, 24, 65, 69, 83, 45, 50, 53, 54, 44, 65, 69, 83, 45, 49, 50, 56, 44, 66, 108, 111, 119, 102, 105, 115, 104, 42, 13, 83, 72, 65, 50, 53, 54, 44, 83, 72, 65, 53, 49, 50, 10, 16, 220, 83, 240, 105, 6, 203, 78, 83, 210, 115, 6, 106, 98, 82, 1, 161, 18, 171, 2, 8, 0, 18, 166, 2, 48, 130, 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 130, 1, 10, 2, 130, 1, 1, 0, 185, 234, 19, 191, 164, 33, 65, 94, 87, 42, 74, 83, 224, 25, 142, 44, 26, 7, 92, 242, 189, 42, 170, 197, 178, 92, 45, 240, 107, 141, 128, 59, 122, 252, 48, 140, 4, 85, 85, 203, 3, 197, 8, 127, 120, 98, 44, 169, 135, 196, 70, 137, 117, 180, 177, 134, 170, 35, 165, 88, 105, 30, 114, 138, 11, 96, 68, 99, 18, 149, 223, 166, 105, 12, 176, 77, 48, 214, 22, 236, 17, 154, 213, 209, 158, 169, 202, 5, 100, 210, 83, 90, 201, 38, 205, 246, 231, 106, 63, 86, 222, 143, 157, 173, 62, 4, 85, 232, 20, 188, 6, 209, 186, 132, 192, 117, 146, 181, 233, 26, 0, 240, 138, 206, 91, 170, 114, 137, 217, 132, 139, 242, 144, 213, 103, 101, 190, 146, 188, 250, 188, 134, 255, 70, 125, 78, 65, 136, 239, 190, 206, 139, 155, 140, 163, 233, 170, 247, 205, 87, 209, 19, 29, 173, 10, 147, 43, 28, 90, 46, 6, 197, 217, 186, 66, 68, 126, 76, 64, 184, 8, 170, 23, 79, 243, 223, 119, 133, 118, 50, 226, 44, 246, 176, 10, 161, 219, 83, 54, 68, 248, 5, 14, 177, 114, 54, 63, 11, 71, 136, 142, 56, 151, 123, 230, 61, 80, 15, 180, 42, 49, 220, 148, 99, 231, 20, 230, 220, 85, 207, 187, 37, 210, 137, 171, 125, 71, 14, 53, 100, 91, 83, 209, 50, 132, 165, 253, 25, 161, 5, 97, 164, 163, 83, 95, 53, 2, 3, 1, 0, 1, 26, 17, 80, 45, 50, 53, 54, 44, 80, 45, 51, 56, 52, 44, 80, 45, 53, 50, 49, 34, 15, 65, 69, 83, 45, 50, 53, 54, 44, 65, 69, 83, 45, 49, 50, 56, 42, 13, 83, 72, 65, 50, 53, 54, 44, 83, 72, 65, 53, 49, 50, 4, 97, 54, 203, 112, 136, 34, 231, 162, 19, 154, 131, 27, 105, 26, 121, 238, 120, 25, 203, 66, 232, 53, 198, 20, 19, 96, 119, 218, 90, 64, 170, 3, 132, 116, 1, 87, 116, 232, 165, 161, 198, 117, 167, 60, 145, 1, 253, 108, 50, 150, 117, 8, 140, 133, 48, 30, 236, 36, 84, 186, 22, 144, 87, 101
    ]),
-    publicKey: Buffer.from([
+    publicKey: Uint8Array.from([
      8, 0, 18, 166, 2, 48, 130, 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 130, 1, 10, 2, 130, 1, 1, 0, 181, 113, 138, 108, 208, 103, 166, 102, 37, 36, 204, 250, 228, 165, 44, 64, 176, 210, 205, 141, 241, 55, 200, 110, 98, 68, 85, 199, 254, 19, 86, 204, 63, 250, 167, 38, 59, 249, 146, 228, 73, 171, 63, 18, 96, 104, 191, 137, 186, 244, 255, 90, 16, 119, 195, 52, 177, 213, 254, 187, 174, 84, 174, 173, 12, 236, 53, 234, 3, 209, 82, 37, 78, 111, 214, 135, 76, 195, 9, 242, 134, 188, 153, 84, 139, 231, 51, 146, 177, 60, 12, 25, 158, 91, 215, 152, 7, 0, 84, 35, 36, 230, 227, 67, 198, 72, 50, 110, 37, 209, 98, 193, 65, 93, 173, 199, 4, 198, 102, 99, 148, 144, 224, 217, 114, 53, 144, 245, 251, 114, 211, 20, 82, 163, 123, 75, 16, 192, 106, 213, 128, 2, 11, 200, 203, 84, 41, 199, 224, 155, 171, 217, 64, 109, 116, 188, 151, 183, 173, 52, 205, 164, 93, 13, 251, 65, 182, 160, 154, 185, 239, 33, 184, 84, 159, 105, 101, 173, 194, 251, 123, 84, 92, 66, 61, 180, 45, 104, 162, 224, 214, 233, 64, 220, 165, 2, 104, 116, 150, 2, 234, 203, 112, 21, 124, 23, 48, 66, 30, 63, 30, 36, 246, 135, 203, 218, 115, 22, 189, 39, 39, 125, 205, 65, 222, 220, 77, 18, 84, 121, 161, 153, 125, 25, 139, 137, 170, 239, 150, 106, 119, 168, 216, 140, 113, 121, 26, 53, 118, 110, 53, 192, 244, 252, 145, 85, 2, 3, 1, 0, 1
    ])
  }
--- a/test/fixtures/go-key-secp256k1.js
+++ b/test/fixtures/go-key-secp256k1.js
@ -1,6 +1,6 @@
 'use strict'
-const { Buffer } = require('buffer')
+const uint8ArrayFromString = require('uint8arrays/from-string')
 // The keypair and signature below were generated in a gore repl session (https://github.com/motemen/gore)
 // using the secp256k1 fork of go-libp2p-crypto by github user @vyzo
@ -24,8 +24,8 @@ const { Buffer } = require('buffer')
 // and the results copy/pasted in here
 module.exports = {
-  privateKey: Buffer.from('08021220358f15db8c2014d570e8e3a622454e2273975a3cca443ec0c45375b13d381d18', 'hex'),
+  privateKey: uint8ArrayFromString('08021220358f15db8c2014d570e8e3a622454e2273975a3cca443ec0c45375b13d381d18', 'base16'),
-  publicKey: Buffer.from('08021221029c0ce5d53646ed47112560297a3e59b78b8cbd4bae37c7a0c236eeb91d0fbeaf', 'hex'),
+  publicKey: uint8ArrayFromString('08021221029c0ce5d53646ed47112560297a3e59b78b8cbd4bae37c7a0c236eeb91d0fbeaf', 'base16'),
-  message: Buffer.from('hello! and welcome to some awesome crypto primitives', 'utf-8'),
+  message: uint8ArrayFromString('hello! and welcome to some awesome crypto primitives'),
-  signature: Buffer.from('304402200e4c629e9f5d99439115e60989cd40087f6978c36078b0b50cf3d30af5c38d4102204110342c8e7f0809897c1c7a66e49e1c6b7cb0a6ed6993640ec2fe742c1899a9', 'hex')
+  signature: uint8ArrayFromString('304402200e4c629e9f5d99439115e60989cd40087f6978c36078b0b50cf3d30af5c38d4102204110342c8e7f0809897c1c7a66e49e1c6b7cb0a6ed6993640ec2fe742c1899a9', 'base16')
 }
--- a/test/fixtures/go-stretch-key.js
+++ b/test/fixtures/go-stretch-key.js
@ -1,30 +1,30 @@
 'use strict'
-const { Buffer } = require('buffer')
+
 module.exports = [{
  cipher: 'AES-256',
  hash: 'SHA256',
-  secret: Buffer.from([
+  secret: Uint8Array.from([
    195, 191, 209, 165, 209, 201, 127, 122, 136, 111, 31, 66, 111, 68, 38, 155, 216, 204, 46, 181, 200, 188, 170, 204, 104, 74, 239, 251, 173, 114, 222, 234
  ]),
  k1: {
-    iv: Buffer.from([
+    iv: Uint8Array.from([
      208, 132, 203, 169, 253, 52, 40, 83, 161, 91, 17, 71, 33, 136, 67, 96
    ]),
-    cipherKey: Buffer.from([
+    cipherKey: Uint8Array.from([
      156, 48, 241, 157, 92, 248, 153, 186, 114, 127, 195, 114, 106, 104, 215, 133, 35, 11, 131, 137, 123, 70, 74, 26, 15, 60, 189, 32, 67, 221, 115, 137
    ]),
-    macKey: Buffer.from([
+    macKey: Uint8Array.from([
      6, 179, 91, 245, 224, 56, 153, 120, 77, 140, 29, 5, 15, 213, 187, 65, 137, 230, 202, 120
    ])
  },
  k2: {
-    iv: Buffer.from([
+    iv: Uint8Array.from([
      236, 17, 34, 141, 90, 106, 197, 56, 197, 184, 157, 135, 91, 88, 112, 19
    ]),
-    cipherKey: Buffer.from([
+    cipherKey: Uint8Array.from([
      151, 145, 195, 219, 76, 195, 102, 109, 187, 231, 100, 150, 132, 245, 251, 130, 254, 37, 178, 55, 227, 34, 114, 39, 238, 34, 2, 193, 107, 130, 32, 87
    ]),
-    macKey: Buffer.from([
+    macKey: Uint8Array.from([
      3, 229, 77, 212, 241, 217, 23, 113, 220, 126, 38, 255, 18, 117, 108, 205, 198, 89, 1, 236
    ])
  }
--- a/test/fixtures/secp256k1.js
+++ b/test/fixtures/secp256k1.js
@ -1,9 +1,10 @@
 'use strict'
-const { Buffer } = require('buffer')
+const uint8ArrayFromString = require('uint8arrays/from-string')
 module.exports = {
  // protobuf marshaled key pair generated with libp2p-crypto-secp256k1
  // and marshaled with libp2p-crypto.marshalPublicKey / marshalPrivateKey
-  pbmPrivateKey: Buffer.from('08021220e0600103010000000100000000000000be1dc82c2e000000e8d6030301000000', 'hex'),
+  pbmPrivateKey: uint8ArrayFromString('08021220e0600103010000000100000000000000be1dc82c2e000000e8d6030301000000', 'base16'),
-  pbmPublicKey: Buffer.from('0802122103a9a7272a726fa083abf31ba44037f8347fbc5e5d3113d62a7c6bc26752fd8ee1', 'hex')
+  pbmPublicKey: uint8ArrayFromString('0802122103a9a7272a726fa083abf31ba44037f8347fbc5e5d3113d62a7c6bc26752fd8ee1', 'base16')
 }
--- a/test/helpers/test-garbage-error-handling.js
+++ b/test/helpers/test-garbage-error-handling.js
@ -1,9 +1,9 @@
 /* eslint-env mocha */
 'use strict'
-const { Buffer } = require('buffer')
+const uint8ArrayFromString = require('uint8arrays/from-string')
 const util = require('util')
-const garbage = [Buffer.from('00010203040506070809', 'hex'), {}, null, false, undefined, true, 1, 0, Buffer.from(''), 'aGVsbG93b3JsZA==', 'helloworld', '']
+const garbage = [uint8ArrayFromString('00010203040506070809', 'base16'), {}, null, false, undefined, true, 1, 0, uint8ArrayFromString(''), 'aGVsbG93b3JsZA==', 'helloworld', '']
 function doTests (fncName, fnc, num, skipBuffersAndStrings) {
  if (!num) {
@ -11,8 +11,8 @@ function doTests (fncName, fnc, num, skipBuffersAndStrings) {
  }
  garbage.forEach((garbage) => {
-    if (skipBuffersAndStrings && (Buffer.isBuffer(garbage) || (typeof garbage) === 'string')) {
+    if (skipBuffersAndStrings && (garbage instanceof Uint8Array || (typeof garbage) === 'string')) {
-      // skip this garbage because it's a buffer or a string and we were told do do that
+      // skip this garbage because it's a Uint8Array or a String and we were told do do that
      return
    }
    const args = []
--- a/test/hmac/hmac.spec.js
+++ b/test/hmac/hmac.spec.js
@ -1,11 +1,12 @@
 /* eslint max-nested-callbacks: ["error", 8] */
 /* eslint-env mocha */
 'use strict'
-const { Buffer } = require('buffer')
+
 const chai = require('chai')
 const dirtyChai = require('dirty-chai')
 const expect = chai.expect
 chai.use(dirtyChai)
 const uint8ArrayFromString = require('uint8arrays/from-string')
 const crypto = require('../../src')
@ -14,8 +15,8 @@ const hashes = ['SHA1', 'SHA256', 'SHA512']
 describe('HMAC', () => {
  hashes.forEach((hash) => {
    it(`${hash} - sign and verify`, async () => {
-      const hmac = await crypto.hmac.create(hash, Buffer.from('secret'))
+      const hmac = await crypto.hmac.create(hash, uint8ArrayFromString('secret'))
-      const sig = await hmac.digest(Buffer.from('hello world'))
+      const sig = await hmac.digest(uint8ArrayFromString('hello world'))
      expect(sig).to.have.length(hmac.length)
    })
  })
--- a/test/keys/ed25519.spec.js
+++ b/test/keys/ed25519.spec.js
@ -1,11 +1,11 @@
 /* eslint-env mocha */
 'use strict'
 const { Buffer } = require('buffer')
 const chai = require('chai')
 const dirtyChai = require('dirty-chai')
 const expect = chai.expect
 chai.use(dirtyChai)
 const uint8ArrayFromString = require('uint8arrays/from-string')
 const crypto = require('../../src')
 const ed25519 = crypto.keys.supportedKeys.ed25519
@ -130,16 +130,16 @@ describe('ed25519', function () {
  })
  it('sign and verify', async () => {
-    const data = Buffer.from('hello world')
+    const data = uint8ArrayFromString('hello world')
    const sig = await key.sign(data)
    const valid = await key.public.verify(data, sig)
    expect(valid).to.eql(true)
  })
  it('fails to verify for different data', async () => {
-    const data = Buffer.from('hello world')
+    const data = uint8ArrayFromString('hello world')
    const sig = await key.sign(data)
-    const valid = await key.public.verify(Buffer.from('hello'), sig)
+    const valid = await key.public.verify(uint8ArrayFromString('hello'), sig)
    expect(valid).to.be.eql(false)
  })
--- a/test/keys/key-stretcher.spec.js
+++ b/test/keys/key-stretcher.spec.js
@ -17,7 +17,7 @@ describe('keyStretcher', () => {
    let res
    // @ts-check
    /**
-     * @type {Buffer}
+     * @type {Uint8Array}
     */
    let secret
--- a/test/keys/rsa.spec.js
+++ b/test/keys/rsa.spec.js
@ -2,13 +2,13 @@
 /* eslint-env mocha */
 'use strict'
 const { Buffer } = require('buffer')
 const chai = require('chai')
 const dirtyChai = require('dirty-chai')
 const expect = chai.expect
 chai.use(dirtyChai)
 chai.use(require('chai-string'))
 const { expectErrCode } = require('../util')
 const uint8ArrayFromString = require('uint8arrays/from-string')
 const crypto = require('../../src')
 const rsa = crypto.keys.supportedKeys.rsa
@ -81,14 +81,14 @@ describe('RSA', function () {
  })
  it('sign and verify', async () => {
-    const data = Buffer.from('hello world')
+    const data = uint8ArrayFromString('hello world')
    const sig = await key.sign(data)
    const valid = await key.public.verify(data, sig)
    expect(valid).to.be.eql(true)
  })
  it('encrypt and decrypt', async () => {
-    const data = Buffer.from('hello world')
+    const data = uint8ArrayFromString('hello world')
    const enc = await key.public.encrypt(data)
    const dec = await key.decrypt(enc)
    expect(dec).to.be.eql(data)
@ -99,22 +99,22 @@ describe('RSA', function () {
    /**
     * @type {any}
     */
-    const id = await crypto.keys.unmarshalPrivateKey(Buffer.from('CAASqAkwggSkAgEAAoIBAQCk0O+6oNRxhcdZe2GxEDrFBkDV4TZFZnp2ly/dL1cGMBql/8oXPZgei6h7+P5zzfDq2YCfwbjbf0IVY1AshRl6B5VGE1WS+9p1y1OZxJf5os6V1ENnTi6FTcyuBl4BN8dmIKOif0hqgqflaT5OhfYZDXfbJyVQj4vb2+Stu2Xpph3nwqAnTw/7GC/7jrt2Cq6Tu1PoZi36wSwEPYW3eQ1HAYxZjTYYDXl2iyHygnTcbkGRwAQ7vjk+mW7u60zyoolCm9f6Y7c/orJ33DDUocbaGJLlHcfd8bioBwaZy/2m7q43X8pQs0Q1/iwUt0HHZj1YARmHKbh0zR31ciFiV37dAgMBAAECggEADtJBNKnA4QKURj47r0YT2uLwkqtBi6UnDyISalQXAdXyl4n0nPlrhBewC5H9I+HZr+zmTbeIjaiYgz7el1pSy7AB4v7bG7AtWZlyx6mvtwHGjR+8/f3AXjl8Vgv5iSeAdXUq8fJ7SyS7v3wi38HZOzCEXj9bci6ud5ODMYJgLE4gZD0+i1+/V9cpuYfGpS/gLTLEMQLiw/9o8NSZ7sAnxg0UlYhotqaQY23hvXPBOe+0oa95zl2n6XTxCafa3dQl/B6CD1tUq9dhbQew4bxqMq/mhRO9pREEqZ083Uh+u4PTc1BeHgIQaS864pHPb+AY1F7KDvPtHhdojnghp8d70QKBgQDeRYFxo6sd04ohY86Z/i9icVYIyCvfXAKnaMKeGUjK7ou6sDJwFX8W97+CzXpZ/vffsk/l5GGhC50KqrITxHAy/h5IjyDODfps7NMIp0Dm9sO4PWibbw3OOVBRc8w3b3i7I8MrUUA1nLHE1T1HA1rKOTz5jYhE0fi9XKiT1ciKOQKBgQC903w+n9y7M7eaMW7Z5/13kZ7PS3HlM681eaPrk8J4J+c6miFF40/8HOsmarS38v0fgTeKkriPz5A7aLzRHhSiOnp350JNM6c3sLwPEs2qx/CRuWWx1rMERatfDdUH6mvlK6QHu0QgSfQR27EO6a6XvVSJXbvFmimjmtIaz/IpxQKBgQDWJ9HYVAGC81abZTaiWK3/A4QJYhQjWNuVwPICsgnYvI4Uib+PDqcs0ffLZ38DRw48kek5bxpBuJbOuDhro1EXUJCNCJpq7jzixituovd9kTRyR3iKii2bDM2+LPwOTXDdnk9lZRugjCEbrPkleq33Ob7uEtfAty4aBTTHe6uEwQKBgQCB+2q8RyMSXNuADhFlzOFXGrOwJm0bEUUMTPrduRQUyt4e1qOqA3klnXe3mqGcxBpnlEe/76/JacvNom6Ikxx16a0qpYRU8OWz0KU1fR6vrrEgV98241k5t6sdL4+MGA1Bo5xyXtzLb1hdUh3vpDwVU2OrnC+To3iXus/b5EBiMQKBgEI1OaBcFiyjgLGEyFKoZbtzH1mdatTExfrAQqCjOVjQByoMpGhHTXwEaosvyYu63Pa8AJPT7juSGaiKYEJFcXO9BiNyVfmQiqSHJcYeuh+fmO9IlHRHgy5xaIIC00AHS2vC/gXwmXAdPis6BZqDJeiCuOLWJ94QXn8JBT8IgGAI', 'base64'))
+    const id = await crypto.keys.unmarshalPrivateKey(uint8ArrayFromString('CAASqAkwggSkAgEAAoIBAQCk0O+6oNRxhcdZe2GxEDrFBkDV4TZFZnp2ly/dL1cGMBql/8oXPZgei6h7+P5zzfDq2YCfwbjbf0IVY1AshRl6B5VGE1WS+9p1y1OZxJf5os6V1ENnTi6FTcyuBl4BN8dmIKOif0hqgqflaT5OhfYZDXfbJyVQj4vb2+Stu2Xpph3nwqAnTw/7GC/7jrt2Cq6Tu1PoZi36wSwEPYW3eQ1HAYxZjTYYDXl2iyHygnTcbkGRwAQ7vjk+mW7u60zyoolCm9f6Y7c/orJ33DDUocbaGJLlHcfd8bioBwaZy/2m7q43X8pQs0Q1/iwUt0HHZj1YARmHKbh0zR31ciFiV37dAgMBAAECggEADtJBNKnA4QKURj47r0YT2uLwkqtBi6UnDyISalQXAdXyl4n0nPlrhBewC5H9I+HZr+zmTbeIjaiYgz7el1pSy7AB4v7bG7AtWZlyx6mvtwHGjR+8/f3AXjl8Vgv5iSeAdXUq8fJ7SyS7v3wi38HZOzCEXj9bci6ud5ODMYJgLE4gZD0+i1+/V9cpuYfGpS/gLTLEMQLiw/9o8NSZ7sAnxg0UlYhotqaQY23hvXPBOe+0oa95zl2n6XTxCafa3dQl/B6CD1tUq9dhbQew4bxqMq/mhRO9pREEqZ083Uh+u4PTc1BeHgIQaS864pHPb+AY1F7KDvPtHhdojnghp8d70QKBgQDeRYFxo6sd04ohY86Z/i9icVYIyCvfXAKnaMKeGUjK7ou6sDJwFX8W97+CzXpZ/vffsk/l5GGhC50KqrITxHAy/h5IjyDODfps7NMIp0Dm9sO4PWibbw3OOVBRc8w3b3i7I8MrUUA1nLHE1T1HA1rKOTz5jYhE0fi9XKiT1ciKOQKBgQC903w+n9y7M7eaMW7Z5/13kZ7PS3HlM681eaPrk8J4J+c6miFF40/8HOsmarS38v0fgTeKkriPz5A7aLzRHhSiOnp350JNM6c3sLwPEs2qx/CRuWWx1rMERatfDdUH6mvlK6QHu0QgSfQR27EO6a6XvVSJXbvFmimjmtIaz/IpxQKBgQDWJ9HYVAGC81abZTaiWK3/A4QJYhQjWNuVwPICsgnYvI4Uib+PDqcs0ffLZ38DRw48kek5bxpBuJbOuDhro1EXUJCNCJpq7jzixituovd9kTRyR3iKii2bDM2+LPwOTXDdnk9lZRugjCEbrPkleq33Ob7uEtfAty4aBTTHe6uEwQKBgQCB+2q8RyMSXNuADhFlzOFXGrOwJm0bEUUMTPrduRQUyt4e1qOqA3klnXe3mqGcxBpnlEe/76/JacvNom6Ikxx16a0qpYRU8OWz0KU1fR6vrrEgV98241k5t6sdL4+MGA1Bo5xyXtzLb1hdUh3vpDwVU2OrnC+To3iXus/b5EBiMQKBgEI1OaBcFiyjgLGEyFKoZbtzH1mdatTExfrAQqCjOVjQByoMpGhHTXwEaosvyYu63Pa8AJPT7juSGaiKYEJFcXO9BiNyVfmQiqSHJcYeuh+fmO9IlHRHgy5xaIIC00AHS2vC/gXwmXAdPis6BZqDJeiCuOLWJ94QXn8JBT8IgGAI', 'base64pad'))
-    const msg = Buffer.from('hello')
+    const msg = uint8ArrayFromString('hello')
    // browser
-    const dec1 = id.decrypt(Buffer.from('YRFUDx8UjbWSfDS84cDA4WowaaOmd1qFNAv5QutodCKYb9uPtU/tDiAvJzOGu5DCJRo2J0l/35P2weiB4/C2Cb1aZgXKMx/QQC+2jSJiymhqcZaYerjTvkCFwkjCaqthoVo/YXxsaFZ1q7bdTZUDH1TaJR7hWfSyzyPcA8c0w43MIsw16pY8ZaPSclvnCwhoTg1JGjMk6te3we7+wR8QU7VrPhs54mZWxrpu3NQ8xZ6xQqIedsEiNhBUccrCSzYghgsP0Ae/8iKyGyl3U6IegsJNn8jcocvzOJrmU03rgIFPjvuBdaqB38xDSTjbA123KadB28jNoSZh18q/yH3ZIg==', 'base64'))
+    const dec1 = id.decrypt(uint8ArrayFromString('YRFUDx8UjbWSfDS84cDA4WowaaOmd1qFNAv5QutodCKYb9uPtU/tDiAvJzOGu5DCJRo2J0l/35P2weiB4/C2Cb1aZgXKMx/QQC+2jSJiymhqcZaYerjTvkCFwkjCaqthoVo/YXxsaFZ1q7bdTZUDH1TaJR7hWfSyzyPcA8c0w43MIsw16pY8ZaPSclvnCwhoTg1JGjMk6te3we7+wR8QU7VrPhs54mZWxrpu3NQ8xZ6xQqIedsEiNhBUccrCSzYghgsP0Ae/8iKyGyl3U6IegsJNn8jcocvzOJrmU03rgIFPjvuBdaqB38xDSTjbA123KadB28jNoSZh18q/yH3ZIg==', 'base64pad'))
    expect(dec1).to.be.eql(msg)
    // node
-    const dec2 = id.decrypt(Buffer.from('e6yxssqXsWc27ozDy0PGKtMkCS28KwFyES2Ijz89yiz+w6bSFkNOhHPKplpPzgQEuNoUGdbseKlJFyRYHjIT8FQFBHZM8UgSkgoimbY5on4xSxXs7E5/+twjqKdB7oNveTaTf7JCwaeUYnKSjbiYFEawtMiQE91F8sTT7TmSzOZ48tUhnddAAZ3Ac/O3Z9MSAKOCDipi+JdZtXRT8KimGt36/7hjjosYmPuHR1Xy/yMTL6SMbXtBM3yAuEgbQgP+q/7kHMHji3/JvTpYdIUU+LVtkMusXNasRA+UWG2zAht18vqjFMsm9JTiihZw9jRHD4vxAhf75M992tnC+0ZuQg==', 'base64'))
+    const dec2 = id.decrypt(uint8ArrayFromString('e6yxssqXsWc27ozDy0PGKtMkCS28KwFyES2Ijz89yiz+w6bSFkNOhHPKplpPzgQEuNoUGdbseKlJFyRYHjIT8FQFBHZM8UgSkgoimbY5on4xSxXs7E5/+twjqKdB7oNveTaTf7JCwaeUYnKSjbiYFEawtMiQE91F8sTT7TmSzOZ48tUhnddAAZ3Ac/O3Z9MSAKOCDipi+JdZtXRT8KimGt36/7hjjosYmPuHR1Xy/yMTL6SMbXtBM3yAuEgbQgP+q/7kHMHji3/JvTpYdIUU+LVtkMusXNasRA+UWG2zAht18vqjFMsm9JTiihZw9jRHD4vxAhf75M992tnC+0ZuQg==', 'base64pad'))
    expect(dec2).to.be.eql(msg)
  })
  it('fails to verify for different data', async () => {
-    const data = Buffer.from('hello world')
+    const data = uint8ArrayFromString('hello world')
    const sig = await key.sign(data)
-    const valid = await key.public.verify(Buffer.from('hello'), sig)
+    const valid = await key.public.verify(uint8ArrayFromString('hello'), sig)
    expect(valid).to.be.eql(false)
  })
--- a/test/keys/secp256k1.spec.js
+++ b/test/keys/secp256k1.spec.js
@ -1,7 +1,6 @@
 /* eslint-env mocha */
 'use strict'
 const { Buffer } = require('buffer')
 const chai = require('chai')
 const dirtyChai = require('dirty-chai')
 const expect = chai.expect
@ -11,6 +10,7 @@ const secp256k1 = crypto.keys.supportedKeys.secp256k1
 const keysPBM = crypto.keys.keysPBM
 const randomBytes = crypto.randomBytes
 const secp256k1Crypto = require('../../src/keys/secp256k1')(randomBytes)
 const uint8ArrayFromString = require('uint8arrays/from-string')
 describe('secp256k1 keys', () => {
  let key
@ -100,16 +100,16 @@ describe('secp256k1 keys', () => {
  })
  it('sign and verify', async () => {
-    const data = Buffer.from('hello world')
+    const data = uint8ArrayFromString('hello world')
    const sig = await key.sign(data)
    const valid = await key.public.verify(data, sig)
    expect(valid).to.eql(true)
  })
  it('fails to verify for different data', async () => {
-    const data = Buffer.from('hello world')
+    const data = uint8ArrayFromString('hello world')
    const sig = await key.sign(data)
-    const valid = await key.public.verify(Buffer.from('hello'), sig)
+    const valid = await key.public.verify(uint8ArrayFromString('hello'), sig)
    expect(valid).to.eql(false)
  })
 })
@ -145,7 +145,7 @@ describe('handles generation of invalid key', () => {
  before(() => {
    generateKey = secp256k1Crypto.generateKey
    secp256k1 = require('../../src/keys/secp256k1-class')(keysPBM, randomBytes, secp256k1Crypto)
-    secp256k1Crypto.generateKey = () => Buffer.from('not a real key')
+    secp256k1Crypto.generateKey = () => uint8ArrayFromString('not a real key')
  })
  after(() => {
@ -179,17 +179,17 @@ describe('crypto functions', () => {
  })
  it('does not validate an invalid key', () => {
-    expect(() => secp256k1Crypto.validatePublicKey(Buffer.from('42'))).to.throw()
+    expect(() => secp256k1Crypto.validatePublicKey(uint8ArrayFromString('42'))).to.throw()
-    expect(() => secp256k1Crypto.validatePrivateKey(Buffer.from('42'))).to.throw()
+    expect(() => secp256k1Crypto.validatePrivateKey(uint8ArrayFromString('42'))).to.throw()
  })
  it('validates a correct signature', async () => {
-    const sig = await secp256k1Crypto.hashAndSign(privKey, Buffer.from('hello'))
+    const sig = await secp256k1Crypto.hashAndSign(privKey, uint8ArrayFromString('hello'))
-    const valid = await secp256k1Crypto.hashAndVerify(pubKey, sig, Buffer.from('hello'))
+    const valid = await secp256k1Crypto.hashAndVerify(pubKey, sig, uint8ArrayFromString('hello'))
    expect(valid).to.equal(true)
  })
-  it('errors if given a null buffer to sign', async () => {
+  it('errors if given a null Uint8Array to sign', async () => {
    try {
      await secp256k1Crypto.hashAndSign(privKey, null)
    } catch (err) {
@ -200,15 +200,15 @@ describe('crypto functions', () => {
  it('errors when signing with an invalid key', async () => {
    try {
-      await secp256k1Crypto.hashAndSign(Buffer.from('42'), Buffer.from('Hello'))
+      await secp256k1Crypto.hashAndSign(uint8ArrayFromString('42'), uint8ArrayFromString('Hello'))
    } catch (err) {
      return expect(err.message).to.equal('Expected private key to be an Uint8Array with length 32')
    }
    throw new Error('Expected error to be thrown')
  })
-  it('errors if given a null buffer to validate', async () => {
+  it('errors if given a null Uint8Array to validate', async () => {
-    const sig = await secp256k1Crypto.hashAndSign(privKey, Buffer.from('hello'))
+    const sig = await secp256k1Crypto.hashAndSign(privKey, uint8ArrayFromString('hello'))
    try {
      await secp256k1Crypto.hashAndVerify(privKey, sig, null)
@ -220,7 +220,7 @@ describe('crypto functions', () => {
  it('errors when validating a message with an invalid signature', async () => {
    try {
-      await secp256k1Crypto.hashAndVerify(pubKey, Buffer.from('invalid-sig'), Buffer.from('hello'))
+      await secp256k1Crypto.hashAndVerify(pubKey, uint8ArrayFromString('invalid-sig'), uint8ArrayFromString('hello'))
    } catch (err) {
      return expect(err.message).to.equal('Signature could not be parsed')
    }
@ -229,7 +229,7 @@ describe('crypto functions', () => {
  it('errors when signing with an invalid key', async () => {
    try {
-      await secp256k1Crypto.hashAndSign(Buffer.from('42'), Buffer.from('Hello'))
+      await secp256k1Crypto.hashAndSign(uint8ArrayFromString('42'), uint8ArrayFromString('Hello'))
    } catch (err) {
      return expect(err.message).to.equal('Expected private key to be an Uint8Array with length 32')
    }
@ -237,11 +237,11 @@ describe('crypto functions', () => {
  })
  it('throws when compressing an invalid public key', () => {
-    expect(() => secp256k1Crypto.compressPublicKey(Buffer.from('42'))).to.throw()
+    expect(() => secp256k1Crypto.compressPublicKey(uint8ArrayFromString('42'))).to.throw()
  })
  it('throws when decompressing an invalid public key', () => {
-    expect(() => secp256k1Crypto.decompressPublicKey(Buffer.from('42'))).to.throw()
+    expect(() => secp256k1Crypto.decompressPublicKey(uint8ArrayFromString('42'))).to.throw()
  })
  it('compresses/decompresses a valid public key', () => {
--- a/test/util.spec.js
+++ b/test/util.spec.js
@ -3,7 +3,6 @@
 'use strict'
 const chai = require('chai')
 const { Buffer } = require('buffer')
 const dirtyChai = require('dirty-chai')
 const expect = chai.expect
 chai.use(dirtyChai)
@ -32,8 +31,8 @@ describe('Util', () => {
    expect(num.equals(bn)).to.be.true()
  })
-  it('should convert base64url encoded string to Buffer with padding', () => {
+  it('should convert base64url encoded string to Uint8Array with padding', () => {
    const buf = util.base64urlToBuffer('AP8', 2)
-    expect(Buffer.from([0, 255])).to.eql(buf)
+    expect(Uint8Array.from([0, 255])).to.eql(buf)
  })
 })