UNPKG

easy-cipher-mate

Version:

A CLI and programmatic tool for encryption/decryption supporting AES-GCM and ChaCha20-Poly1305 algorithms, with text encoding options and line-by-line text file processing.

github.com/piperliu/easy-cipher-mate

piperliu/easy-cipher-mate

117 lines (116 loc) 5.74 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.AESGCMEncryptionConfig = exports.AESGCMEncryption = void 0; const encodingUtils_1 = require("../utils/encodingUtils"); /** * AES-GCM encryption implementation with automatic salt and IV generation. * * @remarks * This class provides secure AES-GCM encryption with the following security features: * - Automatic random salt generation (16 bytes) for each encryption * - Automatic random IV generation (12 bytes) for each encryption * - PBKDF2 key derivation with 100,000 iterations * - Authenticated encryption with built-in integrity protection * - Secure data format: [salt | iv | ciphertext] * * @example * ```typescript * const encryption = new AESGCMEncryption(); * const config = new AESGCMEncryptionConfig('my-password'); * * const encrypted = await encryption.encryptText('Hello World', config); * const decrypted = await encryption.decryptText(encrypted.data, config); * ``` */ class AESGCMEncryption { /** * Encrypts a plaintext string using AES-GCM with automatic salt and IV generation. * * @param plaintext - The string to encrypt * @param configuration - The encryption configuration containing password and encoding * @param encoding - Optional text encoding override * @returns Promise resolving to encrypted data in format: [salt | iv | ciphertext] * * @remarks * Each call generates new random salt and IV, ensuring unique ciphertext even for identical plaintext. * The output format is: 16-byte salt + 12-byte IV + AES-GCM ciphertext (includes auth tag). */ async encryptText(plaintext, configuration, encoding) { const { password, textEncoding = 'utf-8' } = configuration; // Generate random salt and IV for each encryption operation const salt = crypto.getRandomValues(new Uint8Array(16)); const iv = crypto.getRandomValues(new Uint8Array(12)); const key = await deriveKey(password, salt); const data = (0, encodingUtils_1.encodeText)(plaintext, encoding !== null && encoding !== void 0 ? encoding : textEncoding); const ciphertext = await crypto.subtle.encrypt({ name: "AES-GCM", iv }, key, data); // Package salt + iv + ciphertext together const saltBuffer = salt.buffer; const ivBuffer = iv.buffer; const result = new ArrayBuffer(saltBuffer.byteLength + ivBuffer.byteLength + ciphertext.byteLength); const resultView = new Uint8Array(result); resultView.set(new Uint8Array(saltBuffer), 0); resultView.set(new Uint8Array(ivBuffer), saltBuffer.byteLength); resultView.set(new Uint8Array(ciphertext), saltBuffer.byteLength + ivBuffer.byteLength); return { data: result, }; } async decryptText(encryptedData, configuration, encoding) { const { password, textEncoding = 'utf-8' } = configuration; // Parse salt + iv + ciphertext from the packaged data const dataView = new Uint8Array(encryptedData); const salt = dataView.slice(0, 16); const iv = dataView.slice(16, 28); const ciphertext = dataView.slice(28); const key = await deriveKey(password, salt); const decrypted = await crypto.subtle.decrypt({ name: "AES-GCM", iv }, key, ciphertext); return (0, encodingUtils_1.decodeText)(decrypted, encoding !== null && encoding !== void 0 ? encoding : textEncoding); } async encryptFile(fileBuffer, configuration) { const { password } = configuration; // Generate random salt and IV for each encryption operation const salt = crypto.getRandomValues(new Uint8Array(16)); const iv = crypto.getRandomValues(new Uint8Array(12)); const key = await deriveKey(password, salt); const ciphertext = await crypto.subtle.encrypt({ name: "AES-GCM", iv }, key, fileBuffer); // Package salt + iv + ciphertext together const saltBuffer = salt.buffer; const ivBuffer = iv.buffer; const result = new ArrayBuffer(saltBuffer.byteLength + ivBuffer.byteLength + ciphertext.byteLength); const resultView = new Uint8Array(result); resultView.set(new Uint8Array(saltBuffer), 0); resultView.set(new Uint8Array(ivBuffer), saltBuffer.byteLength); resultView.set(new Uint8Array(ciphertext), saltBuffer.byteLength + ivBuffer.byteLength); return { data: result, }; } async decryptFile(encryptedBuffer, configuration) { const { password } = configuration; // Parse salt + iv + ciphertext from the packaged data const dataView = new Uint8Array(encryptedBuffer); const salt = dataView.slice(0, 16); const iv = dataView.slice(16, 28); const ciphertext = dataView.slice(28); const key = await deriveKey(password, salt); return await crypto.subtle.decrypt({ name: "AES-GCM", iv }, key, ciphertext); } } exports.AESGCMEncryption = AESGCMEncryption; class AESGCMEncryptionConfig { constructor(password, textEncoding) { this.password = password; this.textEncoding = textEncoding !== null && textEncoding !== void 0 ? textEncoding : 'utf-8'; } } exports.AESGCMEncryptionConfig = AESGCMEncryptionConfig; async function deriveKey(password, salt) { const encoder = new TextEncoder(); const keyMaterial = await crypto.subtle.importKey("raw", encoder.encode(password), "PBKDF2", false, ["deriveKey"]); return crypto.subtle.deriveKey({ name: "PBKDF2", salt, iterations: 100000, hash: "SHA-256" }, keyMaterial, { name: "AES-GCM", length: 256 }, false, ["encrypt", "decrypt"]); }