UNPKG

jose

Version:

Universal 'JSON Web Almost Everything' - JWA, JWS, JWE, JWT, JWK with no dependencies

github.com/panva/jose

panva/jose

45 lines (44 loc) 1.67 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import { promisify } from 'util'; import { KeyObject, pbkdf2 as pbkdf2cb } from 'crypto'; import random from './random.js'; import { p2s as concatSalt } from '../lib/buffer_utils.js'; import { encode as base64url } from './base64url.js'; import { wrap, unwrap } from './aeskw.js'; import checkP2s from '../lib/check_p2s.js'; import { isCryptoKey, getKeyObject } from './webcrypto.js'; const pbkdf2 = promisify(pbkdf2cb); export const encrypt = async (alg, key, cek, p2c = Math.floor(Math.random() * 2049) + 2048, p2s = random(new Uint8Array(16))) => { checkP2s(p2s); const salt = concatSalt(alg, p2s); const keylen = parseInt(alg.substr(13, 3), 10) >> 3; let password; if (isCryptoKey(key)) { password = getKeyObject(key).export(); } else if (key instanceof KeyObject) { password = key.export(); } else { password = key; } const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.substr(8, 3)}`); const encryptedKey = await wrap(alg.substr(-6), derivedKey, cek); return { encryptedKey, p2c, p2s: base64url(p2s) }; }; export const decrypt = async (alg, key, encryptedKey, p2c, p2s) => { checkP2s(p2s); const salt = concatSalt(alg, p2s); const keylen = parseInt(alg.substr(13, 3), 10) >> 3; let password; if (isCryptoKey(key)) { password = getKeyObject(key).export(); } else if (key instanceof KeyObject) { password = key.export(); } else { password = key; } const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.substr(8, 3)}`); return unwrap(alg.substr(-6), derivedKey, encryptedKey); };