UNPKG

better-cipher

Version:

A secure encryption library with browser and Node.js support using AES-GCM

github.com/siddharthborderwala/better-cipher

siddharthborderwala/better-cipher

97 lines (79 loc) 2.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
import type { Encrypted, IEncryption, CreateRotator } from "./types"; import { isValidHexKey } from "./util"; const ALGORITHM = "AES-GCM"; const IV_LENGTH = 12; function chunks(str: string, size: number) { const chunks: string[] = []; for (let i = 0; i < str.length; i += size) { chunks.push(str.slice(i, i + size)); } return chunks; } function hexToBytes(hex: string) { return chunks(hex, 2).map((byte) => parseInt(byte, 16)); } function bytesToHex(bytes: number[]) { return bytes.map((byte) => byte.toString(16).padStart(2, "0")).join(""); } export class Cipher implements IEncryption { private secretKeyHex: string; private secretKey: CryptoKey | null; static createRotator: CreateRotator = (oldSecretKey, newSecretKey) => { const oldCipher = new Cipher(oldSecretKey); const newCipher = new Cipher(newSecretKey); const rotator = async (prevEncrypted: Encrypted): Promise<Encrypted> => { const deciphered = await oldCipher.decrypt(prevEncrypted); return await newCipher.encrypt(deciphered); }; return rotator; }; constructor(secretKeyHex: string) { if (!isValidHexKey(secretKeyHex)) { throw new Error("Secret key must be a valid hex string"); } this.secretKeyHex = secretKeyHex; this.secretKey = null; } private async getSecretKey(): Promise<CryptoKey> { if (!this.secretKey) { this.secretKey = await crypto.subtle.importKey( "raw", new TextEncoder().encode(this.secretKeyHex), { name: ALGORITHM }, false, ["encrypt", "decrypt"] ); } return this.secretKey; } async encrypt(text: string): Promise<Encrypted> { const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH)); const encoded = new TextEncoder().encode(text); const encrypted = await crypto.subtle.encrypt( { name: ALGORITHM, iv, }, await this.getSecretKey(), encoded ); return { iv: bytesToHex(Array.from(iv)), content: bytesToHex(Array.from(new Uint8Array(encrypted))), authTag: "", }; } async decrypt(encrypted: Encrypted): Promise<string> { const iv = new Uint8Array(hexToBytes(encrypted.iv)); const content = new Uint8Array(hexToBytes(encrypted.content)); const decrypted = await crypto.subtle.decrypt( { name: ALGORITHM, iv, }, await this.getSecretKey(), content ); return new TextDecoder().decode(decrypted); } }