UNPKG

@bryopsida/crypto

Version:

A crypto library utilizing @bryopsida/key-store to protect data using data encryption keys

github.com/bryopsida/crypto

bryopsida/crypto

73 lines (64 loc) 3.04 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# Crypto [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=bryopsida_crypto&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=bryopsida_crypto) [![Coverage](https://sonarcloud.io/api/project_badges/measure?project=bryopsida_crypto&metric=coverage)](https://sonarcloud.io/summary/new_code?id=bryopsida_crypto) [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=bryopsida_crypto&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=bryopsida_crypto) [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=bryopsida_crypto&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=bryopsida_crypto) [![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=bryopsida_crypto&metric=code_smells)](https://sonarcloud.io/summary/new_code?id=bryopsida_crypto) [![Bugs](https://sonarcloud.io/api/project_badges/measure?project=bryopsida_crypto&metric=bugs)](https://sonarcloud.io/summary/new_code?id=bryopsida_crypto) ## What is this? A library to faciliate using data encryption keys as well as do some light encryption/decryption. ## How do I use this? ```typescript import { randomBytes, randomUUID } from 'crypto' import { tmpdir } from 'os' import { FileKeyStore, IKeyStore } from '@bryopsida/key-store' import { IDataEncryptor, EncryptOpts, Crypto } from '../src/crypto' import { writeFile } from 'fs/promises' import { describe, expect, it, beforeEach } from '@jest/globals' //setup a key store, in this case on the file system const key = randomBytes(32) const salt = randomBytes(16) const context = randomBytes(32) const masterKey = randomBytes(32).toString('base64') const masterSalt = randomBytes(16).toString('base64') const masterKeyFile = randomUUID() const masterSaltFile = randomUUID() const storeDir = tmpdir() const keyStoreDir = randomUUID() await writeFile(`${storeDir}/${masterKeyFile}`, masterKey) await writeFile(`${storeDir}/${masterSaltFile}`, masterSalt) keyStore = new FileKeyStore( `${storeDir}/${keyStoreDir}`, () => Promise.resolve(key), () => Promise.resolve(salt), () => Promise.resolve(context) ) // now we can make the crypto instance crypto = new Crypto( keyStore, `${storeDir}/${masterKeyFile}`, `${storeDir}/${masterSaltFile}` ) // an example of encrypting to a encoded value and decrypting it('can encrypt and decrypted encoded text', async () => { const rootKeyId = await crypto.generateRootKey(32, 'encoded-test') const dek = await crypto.generateDataEncKey( 32, rootKeyId, 'encoded-test', 'dek' ) const encryptedData = await crypto.encryptAndEncode({ plaintext: Buffer.from('test-data'), keyId: dek, rootKeyId, rootKeyContext: 'encoded-test', dekContext: 'dek', context: Buffer.from('data-context'), }) const plainText = ( await crypto.decryptEncoded( encryptedData, 'encoded-test', 'dek', 'data-context' ) ).toString('utf8') expect(plainText).toEqual('test-data') }) ```