UNPKG

@bryopsida/crypto

Version:

A crypto library utilizing @bryopsida/key-store to protect data using data encryption keys

github.com/bryopsida/crypto

bryopsida/crypto

77 lines (76 loc) 3.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
/// <reference types="node" /> /// <reference types="node" /> import { Stream } from 'stream'; import { IUsableClosable } from './using.js'; import { IKeyStore } from '@bryopsida/key-store'; export type Data = string | Buffer; export type DataOrStream = Data | Stream; export interface KeyOpts { keyId: string; rootKeyId: string; dekContext?: string; rootKeyContext?: string; } export interface CipherText extends KeyOpts { ciphertext: DataOrStream; iv: Buffer; authTag?: Buffer; algorithm: string; context?: string; } export interface EncryptOpts extends KeyOpts { plaintext: DataOrStream; keyId: string; iv?: Buffer; algorithm?: string; context?: Buffer; } export type DecryptOpts = CipherText; export interface SealedKey { keyId: string; rootKeyId?: string; iv: Buffer; authTag?: Buffer; keyCipherText: Buffer; } export interface IDataEncryptor { generateRootKey(size: number, context: string | undefined): Promise<string>; generateDataEncKey(size: number, rootKeyId: string, rootKeyContext: string | undefined, context: string | undefined): Promise<string>; hasDataEncKey(keyId: string): Promise<boolean>; hasRootKey(rootKeyId: string): Promise<boolean>; validate(keyOpts: KeyOpts, message: Buffer, digest: Buffer): Promise<boolean>; mac(keyOpts: KeyOpts, message: Buffer): Promise<Buffer>; destroyDataEncKey(keyId: string): Promise<void>; destroyRootKey(rootKeyId: string): Promise<void>; encrypt(encryptRequest: EncryptOpts): Promise<CipherText>; decrypt(decryptOpts: DecryptOpts): Promise<Buffer | Stream | string>; encodeCipherText(cipherTxt: CipherText): Promise<string>; encryptAndEncode(encryptOpts: EncryptOpts): Promise<string>; decryptEncoded(encodedCipherText: string, rootKeyContext: string, dekContext: string, context: string): Promise<Buffer>; } export declare class Crypto implements IDataEncryptor, IUsableClosable { private readonly masterKeyPath; private readonly masterKeyContext; private readonly keyStore; constructor(keyStore: IKeyStore, masterKeyPath: string, masterKeyContext: string); encodeCipherText(cipherTxt: CipherText): Promise<string>; encryptAndEncode(encryptOpts: EncryptOpts): Promise<string>; decryptEncoded(encodedCipherText: string, rootKeyContext: string, dekContext: string, context: string): Promise<Buffer>; private readFileFromPath; private unsealRootKey; private unsealDekKey; private seal; private saveSealedKey; private saveSealedRootKey; generateRootKey(size: number, context: string | undefined): Promise<string>; generateDataEncKey(size: number, rootKeyId: string, rootKeyContext: string | undefined, dekContext: string | undefined): Promise<string>; destroyDataEncKey(keyId: string): Promise<void>; destroyRootKey(rootKeyId: string): Promise<void>; encrypt(encryptRequest: EncryptOpts): Promise<CipherText>; decrypt(decryptOpts: CipherText): Promise<string | Buffer | Stream>; close(): Promise<void>; hasDataEncKey(keyId: string): Promise<boolean>; hasRootKey(rootKeyId: string): Promise<boolean>; mac(keyOpts: KeyOpts, message: Buffer): Promise<Buffer>; validate(opts: KeyOpts, message: Buffer, digest: Buffer): Promise<boolean>; }