UNPKG

@atomist/sdm

Version:

Atomist Software Delivery Machine SDK

github.com/atomist/sdm

atomist/sdm

73 lines (67 loc) 2.87 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/* * Copyright © 2020 Atomist, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ import * as crypto from "crypto"; import { promisify } from "util"; const algo = "aes-256-cbc"; const algoKeyLength = 32; const algoIvLength = 16; /** * Encrypt a text string and return is base64 encoded. The key is * used to derive a suitable key and initialization vector. * * @param text String to be encrypted * @param key Secrey key/passphrase to use to encrypt * @return Base64 encoded string of encrypted text */ export async function encrypt(text: string, key: string): Promise<string> { const derivedKey = await deriveKey(key); const iv = await deriveKey(derivedKey.toString("base64"), algoIvLength); const cipher = crypto.createCipheriv(algo, derivedKey, iv); let encrypted = cipher.update(text); encrypted = Buffer.concat([encrypted, cipher.final()]); return encrypted.toString("base64"); } /** * Decrypt a base64 encoded text string. * * @param text Base64 encoded string to be decrypted * @param key Secrey key/passphrase to use to decrypt, must be the same as the one used to encrypt * @return UTF8 encoded string of decrypted text */ export async function decrypt(text: string, key: string): Promise<string> { const derivedKey = await deriveKey(key); const iv = await deriveKey(derivedKey.toString("base64"), algoIvLength); const decipher = crypto.createDecipheriv(algo, derivedKey, iv); const encryptedText = Buffer.from(text, "base64"); let decrypted = decipher.update(encryptedText); decrypted = Buffer.concat([decrypted, decipher.final()]); return decrypted.toString("utf8"); } /** * Create an encryption key of length `length` derived using a CPU and * memory intensive algorithm. The `key` is used directly and hashed * to generate the salt for the derivation process. * * @param key Key used to derive encryption key * @param length Length of derived key * @return Encryption key of length `length` */ async function deriveKey(key: string, length: number = algoKeyLength): Promise<Buffer> { const pScrypt: (k: string, s: string, l: number) => Promise<Buffer> = promisify(crypto.scrypt); const preSalt = Buffer.from(key).toString("base64"); const salt = crypto.createHash("sha256").update(preSalt).digest("hex"); return pScrypt(key, salt, length); }