UNPKG

browserify-hybrid-crypto

Version:

TypeScript implementation Hybrid encryption and signing library built on Web Crypto (AES + RSA + HMAC).

github.com/vladkucherov/hybrid-crypto-ts

vladkucherov/hybrid-crypto-ts

86 lines (72 loc) 2.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
import { importPublicKey } from "./import-key"; import { HybridEncryption, HybridCryptoOptions } from "./interfaces"; import { getCryptoImpl } from "./utils"; import { getAesParams } from "./aes-params"; export async function hybridEncrypt( publicKeyPEM: string, data: string, options: HybridCryptoOptions = {}, ): Promise<HybridEncryption> { const crypto = getCryptoImpl(); const { aesAlgorithm = "AES-GCM", aesKeyLength = 256, hmacHash = "SHA-256", } = options; // Generate AES key for session encryption const sessionCryptoKey = await crypto.subtle.generateKey( { name: aesAlgorithm, length: aesKeyLength }, true, ["encrypt", "decrypt"], ); // Generate HMAC key for signing const signingCryptoKey = await crypto.subtle.generateKey( { name: "HMAC", hash: hmacHash, }, true, ["sign", "verify"], ); // Get AES params and IV/counter const { aesParams, ivUsed: iv } = getAesParams(aesAlgorithm, options); // Encrypt data with session key using AES const encoder = new TextEncoder(); const encryptedData = await crypto.subtle.encrypt( aesParams, sessionCryptoKey, encoder.encode(data), ); // Sign the encrypted data with the signing key const signature = await crypto.subtle.sign( { name: "HMAC" }, signingCryptoKey, encryptedData, ); // Import public key const publicKey = await importPublicKey(publicKeyPEM); // Export the session key to raw format const sessionKey = await crypto.subtle.exportKey("raw", sessionCryptoKey); // Encrypt the session key with the public key using RSA-OAEP const encryptedSessionKey = await crypto.subtle.encrypt( { name: "RSA-OAEP" }, publicKey, sessionKey, ); // Export the signing key to raw format const signingKey = await crypto.subtle.exportKey("raw", signingCryptoKey); // Encrypt the signing key with the public key using RSA-OAEP const encryptedSigningKey = await crypto.subtle.encrypt( { name: "RSA-OAEP" }, publicKey, signingKey, ); // Return encrypted data and key return { encryptedSessionKey, encryptedSigningKey, encryptedData, signature, iv, }; }