@tigthor/kokocrypt
Version:
Enhanced Fortress Edition - Secure, quantum-resistant, high-performance encryption package
105 lines • 3.89 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.EnvKeyProvider = void 0;
const key_provider_1 = require("./key-provider");
const libsodium_wrappers_1 = __importDefault(require("libsodium-wrappers"));
const crypto = __importStar(require("crypto"));
class EnvKeyProvider extends key_provider_1.KeyProvider {
constructor() {
super(...arguments);
this.currentKey = null;
this.keys = new Map();
}
async getCurrentKey() {
if (this.currentKey)
return this.currentKey;
await libsodium_wrappers_1.default.ready;
const envKey = process.env.KOKO_ENCRYPTION_KEY;
if (!envKey)
throw new Error('KOKO_ENCRYPTION_KEY environment variable not set');
const key = Buffer.from(envKey, 'base64');
if (key.length !== 64)
throw new Error('Invalid key length - must be 64 bytes');
this.currentKey = {
key,
kid: 'env-1',
algorithm: 'XChaCha20-Poly1305',
createdAt: Date.now(),
expiresAt: Date.now() + 7 * 24 * 60 * 60 * 1000,
};
this.keys.set(this.currentKey.kid, key);
return this.currentKey;
}
async getKey(kid) {
if (!this.keys.has(kid)) {
const current = await this.getCurrentKey();
if (kid === current.kid)
return current.key;
return null;
}
return this.keys.get(kid) || null;
}
async rotateKeys() {
await libsodium_wrappers_1.default.ready;
const newKid = `env-${Date.now()}`;
const newKey = Buffer.from(crypto.randomBytes(64));
this.keys.set(newKid, newKey);
this.currentKey = {
key: newKey,
kid: newKid,
algorithm: 'XChaCha20-Poly1305',
createdAt: Date.now(),
expiresAt: Date.now() + 7 * 24 * 60 * 60 * 1000,
};
}
async storeKey(key, algorithm, expiresAt) {
const kid = `custom-${Date.now()}`;
this.keys.set(kid, key);
const keyResult = {
key,
kid,
algorithm,
createdAt: Date.now(),
expiresAt: expiresAt || Date.now() + 7 * 24 * 60 * 60 * 1000,
};
return keyResult;
}
}
exports.EnvKeyProvider = EnvKeyProvider;
//# sourceMappingURL=env.provider.js.map