@shogun-sdk/accounts
Version:
Shogun with Turnkey: configs, encryption, authentication with Telegram/Turnkey OIDC, etc.
41 lines • 2.33 kB
TypeScript
/**
* Generate a secure salt from a user ID and a private key.
* @param userId The unique, immutable identifier of the user.
* @returns The generated salt.
*
* IMPORTANT: We use the userId instead of editable fields like username for salt generation.
* This is crucial for maintaining consistent encryption/decryption capabilities:
*
* 1. Immutability: The userId doesn't change, unlike usernames which can be edited.
* If we used the username, changing it would result in a different salt,
* making it impossible to decrypt previously encrypted data.
*
* 2. Consistency: Using the userId ensures that the salt (and thus the derived encryption key)
* remains the same throughout the user's lifetime in the system.
*
* 3. Security: The userId is typically not known to the user, adding an extra layer of security.
*
* Example scenario:
* - User signs up with username "ABC69" and is assigned userId "12345"
* - We generate a salt and encrypt their private key using this salt
* - Later, the user changes their username to "XYZ107"
* - If we had used the username for salt generation, we'd no longer be able to decrypt
* their private key because the new salt would be different
* - By using the unchanging userId, we maintain the ability to decrypt regardless of username changes
*
* This approach ensures that we can always decrypt the user's encrypted data,
* even if they change their editable profile information.
*/
export declare function createSecureSalt(inputString: string, privateKey: string): string;
/**
* Encrypt data using AES with the derived key from the salt.
* @param data The data to encrypt.
* @param salt The salt to use for key derivation.
* @returns The encrypted data in base64 format with IV prepended.
*/
export declare function aesEncrypt(data: string, pwd: string, salt: string): string;
export declare function isBase64(str: string): boolean;
export declare function aesDecrypt(encryptedData: string, pwdHash: string, salt: string): string;
export declare function getSecret(id: string, encryptKey: string, publicOrganizationId: string, dataEncryptionKey: string): string | null;
export declare const createEncryptedValue: (privateKey: string, id: string, publicOrganizationId: string, dataEncryptionKey: string) => string;
//# sourceMappingURL=aes.d.ts.map