UNPKG

aes-256-gcm

Version:

Simplifies encryption/decryption using the AES 256 GCM algorithm.

59 lines (49 loc) 1.76 kB
/** * @fileoverview Provides easy encryption/decryption methods using AES 256 GCM. */ 'use strict'; const crypto = require('crypto'); const ALGORITHM = 'aes-256-gcm'; const BLOCK_SIZE_BYTES = 16; // 128 bit /** * Provides easy encryption/decryption methods using AES 256 GCM. */ class Aes256Gcm { /** * No need to run the constructor. The class only has static methods. */ constructor() { } /** * Encrypts text with AES 256 GCM. * @param {string} text - Cleartext to encode. * @param {string} secret - Shared secret key, must be 32 bytes. * @returns {object} */ static encrypt(text, secret) { const iv = crypto.randomBytes(BLOCK_SIZE_BYTES); const cipher = crypto.createCipheriv(ALGORITHM, secret, iv); let ciphertext = cipher.update(text, 'utf8', 'base64'); ciphertext += cipher.final('base64'); return { ciphertext, iv: iv.toString('base64'), tag: cipher.getAuthTag().toString('base64'), }; } /** * Decrypts AES 256 CGM encrypted text. * @param {string} ciphertext - Base64-encoded ciphertext. * @param {string} iv - The base64-encoded initialization vector. * @param {string} tag - The base64-encoded authentication tag generated by getAuthTag(). * @param {string} secret - Shared secret key, must be 32 bytes. * @returns {string} */ static decrypt(ciphertext, iv, tag, secret) { const decipher = crypto.createDecipheriv(ALGORITHM, secret, Buffer.from(iv, 'base64')); decipher.setAuthTag(Buffer.from(tag, 'base64')); let cleartext = decipher.update(ciphertext, 'base64', 'utf8'); cleartext += decipher.final('utf8'); return cleartext; } } module.exports = Aes256Gcm;