UNPKG

@hiprax/crypto

Version:

High-security encryption/decryption library using AES-256-GCM and Argon2id

github.com/Hiprax/crypto

Hiprax/crypto

150 lines 5.96 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
import type { CryptoManagerOptions, EncryptionParameters, EncryptionResult } from './types.js'; import { SecurityLevel } from './types.js'; /** * High-security encryption manager using AES-256-GCM and Argon2id * Implements industry-standard cryptographic practices with improved security */ export declare class CryptoManager { private readonly algorithm; private readonly keyLength; private readonly ivLength; private readonly saltLength; private readonly tagLength; private readonly argon2Options; private readonly aad; private readonly defaultPassphrase?; constructor(options?: CryptoManagerOptions); /** * Generate cryptographically secure random bytes * @param length - Number of bytes to generate * @returns Random bytes * @throws CryptoError if length is invalid */ generateSecureRandom(length: number): Buffer; /** * Derive encryption key from password using Argon2id * @param password - User password * @param salt - Random salt * @returns Derived key * @throws CryptoError if derivation fails */ deriveKey(password: string, salt: Buffer): Promise<Buffer>; /** * Derive encryption key from password using PBKDF2 (synchronous alternative to Argon2id) * @param password - User password * @param salt - Random salt * @returns Derived key * @throws CryptoError if derivation fails */ deriveKeySync(password: string, salt: Buffer): Buffer; /** * Encrypt data using AES-256-GCM * @param data - Data to encrypt * @param key - Encryption key * @param iv - Initialization vector * @returns Encrypted data with auth tag * @throws CryptoError if encryption fails */ encryptData(data: Buffer, key: Buffer, iv: Buffer): EncryptionResult; /** * Decrypt data using AES-256-GCM * @param encryptedData - Encrypted data * @param key - Decryption key * @param iv - Initialization vector * @param tag - Authentication tag * @returns Decrypted data * @throws CryptoError if decryption fails */ decryptData(encryptedData: Buffer, key: Buffer, iv: Buffer, tag: Buffer): Buffer; /** * Encrypt text with password * @param text - Text to encrypt * @param password - Encryption password (optional if default passphrase is set) * @returns Base64 encoded encrypted data * @throws CryptoError if encryption fails */ encryptText(text: string, password?: string): Promise<string>; /** * Decrypt text with password * @param encryptedText - Base64 encoded encrypted text * @param password - Decryption password (optional if default passphrase is set) * @returns Decrypted text * @throws CryptoError if decryption fails */ decryptText(encryptedText: string, password?: string): Promise<string>; /** * Encrypt text with password (synchronous version) * @param text - Text to encrypt * @param password - Encryption password (optional if default passphrase is set) * @returns Base64 encoded encrypted data * @throws CryptoError if encryption fails */ encryptTextSync(text: string, password?: string): string; /** * Decrypt text with password (synchronous version) * @param encryptedText - Base64 encoded encrypted text * @param password - Decryption password (optional if default passphrase is set) * @returns Decrypted text * @throws CryptoError if decryption fails */ decryptTextSync(encryptedText: string, password?: string): string; /** * Encrypt file with password (streaming for large files) * @param inputPath - Input file path * @param outputPath - Output file path * @param password - Encryption password (optional if default passphrase is set) * @throws CryptoError if encryption fails */ encryptFile(inputPath: string, outputPath: string, password?: string): Promise<void>; /** * Decrypt file with password (streaming for large files) * @param inputPath - Input file path * @param outputPath - Output file path * @param password - Decryption password (optional if default passphrase is set) * @throws CryptoError if decryption fails */ decryptFile(inputPath: string, outputPath: string, password?: string): Promise<void>; /** * Encrypt file with password (synchronous version) * @param inputPath - Input file path * @param outputPath - Output file path * @param password - Encryption password (optional if default passphrase is set) * @throws CryptoError if encryption fails */ encryptFileSync(inputPath: string, outputPath: string, password?: string): void; /** * Decrypt file with password (synchronous version) * @param inputPath - Input file path * @param outputPath - Output file path * @param password - Decryption password (optional if default passphrase is set) * @throws CryptoError if decryption fails */ decryptFileSync(inputPath: string, outputPath: string, password?: string): void; /** * Securely clear sensitive data from memory * @param buffer - Buffer to clear */ secureClear(buffer: Buffer): void; /** * Validate password strength * @param password - Password to validate * @returns True if password meets requirements */ validatePassword(password: string): boolean; /** * Get encryption parameters for debugging/info * @returns Current encryption parameters */ getParameters(): EncryptionParameters; /** * Get security level based on current configuration * @returns Security level */ getSecurityLevel(): SecurityLevel; /** * Check if a default passphrase is set * @returns True if default passphrase is configured */ hasDefaultPassphrase(): boolean; } //# sourceMappingURL=crypto-manager.d.ts.map