UNPKG

@sync-in/server

Version:

The secure, open-source platform for file storage, sharing, collaboration, and sync

github.com/Sync-in/server

Sync-in/server

68 lines (67 loc) 2.32 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
/* * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com> * This file is part of Sync-in | The open source file sync and share solution * See the LICENSE file for licensing details */ "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); function _export(target, all) { for(var name in all)Object.defineProperty(target, name, { enumerable: true, get: Object.getOwnPropertyDescriptor(all, name).get }); } _export(exports, { get decryptSecret () { return decryptSecret; }, get encryptSecret () { return encryptSecret; } }); const _crypto = /*#__PURE__*/ _interop_require_default(require("crypto")); function _interop_require_default(obj) { return obj && obj.__esModule ? obj : { default: obj }; } function encryptSecret(plaintext, passphrase) { const salt = _crypto.default.randomBytes(16) // for key derivation (scrypt) ; const iv = _crypto.default.randomBytes(12) // recommended IV length for GCM ; const key = _crypto.default.scryptSync(passphrase, salt, 32); const cipher = _crypto.default.createCipheriv('aes-256-gcm', key, iv); const ciphertext = Buffer.concat([ cipher.update(plaintext, 'utf8'), cipher.final() ]); const tag = cipher.getAuthTag(); // Encode everything in base64 and concatenate: salt.iv.tag.cipher return [ salt.toString('base64'), iv.toString('base64'), tag.toString('base64'), ciphertext.toString('base64') ].join('.'); } function decryptSecret(payload, passphrase) { const [saltB64, ivB64, tagB64, ctB64] = payload.split('.'); if (!saltB64 || !ivB64 || !tagB64 || !ctB64) { throw new Error('Invalid payload format'); } const salt = Buffer.from(saltB64, 'base64'); const iv = Buffer.from(ivB64, 'base64'); const tag = Buffer.from(tagB64, 'base64'); const ct = Buffer.from(ctB64, 'base64'); const key = _crypto.default.scryptSync(passphrase, salt, 32); const decipher = _crypto.default.createDecipheriv('aes-256-gcm', key, iv); decipher.setAuthTag(tag); const plaintext = Buffer.concat([ decipher.update(ct), decipher.final() ]); return plaintext.toString('utf8'); } //# sourceMappingURL=crypt-secret.js.map