UNPKG

tiny-crypto-suite

Version:

Tiny tools, big crypto β€” seamless encryption and certificate handling for modern web and Node apps.

github.com/JasminDreasond/Tiny-Crypto-Suite

JasminDreasond/Tiny-Crypto-Suite

274 lines (167 loc) β€’ 8.98 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
# πŸ” TinyOlm IndexedDB Encryption Mode This tutorial provides a info around the TinyOlm API to perform secure encryption and decryption using only **IndexedDB**. It includes support for both **individual Olm sessions** and **group Megolm sessions**, with all cryptographic sessions serialized and retrieved directly from `indexedDB`. ## πŸ” Local Storage Mode To use the IndexedDB-based encryption mode, make sure to **disable the default local memory session system**: ```js tinyOlm.setUseLocal(false); ``` This is required so that all session operations (such as loading or saving sessions) will exclusively use IndexedDB instead of in-memory storage. This ensures persistence across browser reloads and isolates the module for more consistent and stateful encryption behavior. --- ## πŸ“¦ Features This module offers the following methods for secure messaging and data exchange: ### 🧍 One-to-One Communication - `encryptMessageV2(toUsername, plaintext)` - Encrypts a plaintext string for a specific user using an existing Olm session from IndexedDB. - `decryptMessageV2(fromUsername, messageType, ciphertext)` - Decrypts an encrypted message received from a specific user. - `encryptV2(toUsername, data)` - Encrypts any content (object, number, etc.) to a user. - `decryptV2(fromUsername, messageType, plaintext, expectedType?)` - Decrypts content and optionally verifies the data type after deserialization. ### πŸ‘₯ Group Communication (Megolm) - `encryptGroupMessageV2(roomId, plaintext)` - Encrypts a plaintext string using the outbound group session for a room. - `decryptGroupMessageV2(roomId, userId, encryptedMessage)` - Decrypts a group message using the appropriate inbound session from IndexedDB. - `encryptGroupContentV2(roomId, data)` - Encrypts any structured content (not just strings) for a group session. - `decryptGroupContentV2(roomId, userId, encryptedMessage, expectedType?)` - Decrypts and optionally verifies the type of decrypted group content. --- ## ⚠️ Requirements Before calling any of the encryption/decryption methods: - You **must** already have a pickled session stored in IndexedDB. - This module assumes session management (creation and storage) has been done ahead of time. --- ## 🧠 Note All encryption and decryption operations internally: - Retrieve the session from IndexedDB - Unpickle the session with a password - Free the session memory securely after use --- ## πŸ’¬ Example ```js await tinyOlm.setUseLocal(false); // Required const encrypted = await myModule.encryptMessageV2('user123', 'Hello there!'); const decrypted = await myModule.decryptMessageV2('user123', 1, encrypted.body); ``` --- ### πŸ”„ `setUseLocal(value: boolean): void` Enables or disables **in-memory storage**. When set to `true`, operations will run using volatile memory with persistent storage. Ideal for tests πŸ§ͺ or temporary sessions that don't need to be saved. - **Parameter**: - `value` (`boolean`): `true` to enable memory mode 🧠, `false` to disable it. --- ### ❓ `isUseLocal(): boolean` Checks whether the system is currently using **in-memory storage**. - **Returns**: `boolean` β€” `true` if memory mode is active 🟒, `false` otherwise πŸ”΄. --- ### πŸ“¦ `exportDbSession(userId: string): Promise<string>` Exports a specific **Olm session** πŸ” from `indexedDb` for a given user. - **Parameter**: - `userId` (`string`): The remote device’s user ID πŸ‘€. - **Returns**: `Promise<string>` β€” The serialized (pickled) session 🧴. - **Throws**: `Error` if the session cannot be found ❌. --- ### πŸ§‘β€πŸ€β€πŸ§‘ `exportDbGroupSession(roomId: string): Promise<string>` Exports an **outbound group session** πŸ“€ from `indexedDb` for a specific room. - **Parameter**: - `roomId` (`string`): The room’s unique ID 🏠. - **Returns**: `Promise<string>` β€” The pickled outbound group session. - **Throws**: `Error` if the session does not exist ❗. --- ### πŸ” `exportDbInboundGroupSession(roomId: string, userId: string): Promise<string>` Exports an **inbound group session** πŸ“₯ from `indexedDb`, filtered by room and sender. - **Parameters**: - `roomId` (`string`): The room ID 🏠. - `userId` (`string`): The sender’s user ID πŸ‘€. - **Returns**: `Promise<string>` β€” The serialized inbound group session. - **Throws**: `Error` if the session is missing ⚠️. --- ### πŸ“€ `exportDbInstance(): Promise<ExportedOlmInstance>` Exports the entire Olm data instance πŸ“š from `indexedDb`, including: - Account - Sessions - Outbound group sessions - Inbound group sessions - **Returns**: `Promise<ExportedOlmInstance>` β€” A full export of the Olm structure 🧩. --- ### πŸ—οΈ `exportDbGroupSessionId(roomId: string): Promise<string>` Retrieves the **session key** πŸ”‘ of the current outbound group session for a room in the `indexedDb`. - **Parameter**: - `roomId` (`string`): The room’s ID 🏠. - **Returns**: `Promise<string>` β€” The active session key. - **Throws**: `Error` if no outbound session exists for the room πŸ›‘. --- ### πŸ” `encryptMessageV2(toUsername: string, plaintext: string): Promise<EncryptedMessage>` Encrypts a **plaintext message** πŸ“ to a specific user using their stored session. - **Parameters**: - `toUsername` (`string`): Recipient’s user ID πŸ‘€ - `plaintext` (`string`): The message content to encrypt βœ‰οΈ - **Returns**: `Promise<EncryptedMessage>` β€” Encrypted message object πŸ”’ - **Throws**: `Error` if session with the user does not exist ❌ --- ### πŸ”“ `decryptMessageV2(fromUsername: string, messageType: number, ciphertext: string): Promise<string>` Decrypts a **received message** 🧾 from a specific user. - **Parameters**: - `fromUsername` (`string`): Sender’s user ID πŸ‘€ - `messageType` (`number`): `0` for pre-key πŸ”‘, `1` for message πŸ’¬ - `ciphertext` (`string`): Encrypted message πŸ” - **Returns**: `Promise<string>` β€” Decrypted message πŸ“¬ - **Throws**: `Error` if session with the user is missing 🚫 --- ### πŸ“¦ `encryptV2(toUsername: string, data: any): Promise<EncryptedMessage>` Encrypts **any data** 🧠 to a specific user. - **Parameters**: - `toUsername` (`string`): Recipient’s user ID πŸ‘€ - `data` (`any`): Serializable data to encrypt πŸ—ƒοΈ - **Returns**: `Promise<EncryptedMessage>` β€” Encrypted package πŸ”’ - **Throws**: `Error` if no session is found ❗ --- ### πŸ§ͺ `decryptV2(fromUsername: string, messageType: number, plaintext: string, expectedType?: string|null): Promise<any>` Decrypts serialized content πŸ“„ and optionally checks its type. - **Parameters**: - `fromUsername` (`string`): Sender’s user ID πŸ‘€ - `messageType` (`number`): 0 (pre-key) or 1 (message) πŸ› οΈ - `plaintext` (`string`): Encrypted payload πŸ” - `expectedType` (`string|null`, optional): Validates expected object type 🧩 - **Returns**: `Promise<any>` β€” Decrypted value πŸ“¦ - **Throws**: `Error` if type mismatch or session missing ⚠️ --- ### 🏠 `encryptGroupMessageV2(roomId: string, plaintext: string): Promise<EncryptedData>` Encrypts a plaintext message πŸ“§ for a room using its outbound group session. - **Parameters**: - `roomId` (`string`): The target room ID 🏠 - `plaintext` (`string`): Message to encrypt πŸ“ - **Returns**: `Promise<EncryptedData>` β€” Encrypted message πŸ”’ - **Throws**: `Error` if no group session exists 🚫 --- ### πŸ—£οΈ `decryptGroupMessageV2(roomId: string, userId: string, encryptedMessage: EncryptedData): Promise<DecryptedGroupMessage>` Decrypts a **group message** πŸ“¬ using an inbound session. - **Parameters**: - `roomId` (`string`): Room ID 🏠 - `userId` (`string`): Sender’s user ID πŸ‘€ - `encryptedMessage` (`EncryptedData`): Encrypted payload πŸ” - **Returns**: `Promise<DecryptedGroupMessage>` β€” Decrypted group message πŸ“­ - **Throws**: `Error` if inbound session is not found ❌ --- ### πŸ—ƒοΈ `encryptGroupContentV2(roomId: string, data: any): Promise<EncryptedData>` Encrypts content πŸ”§ for a room using group encryption. - **Parameters**: - `roomId` (`string`): Room ID 🏠 - `data` (`any`): Serializable data πŸ“„ - **Returns**: `Promise<EncryptedData>` β€” Encrypted data string πŸ”’ - **Throws**: `Error` if outbound session is missing ❗ --- ### πŸ“₯ `decryptGroupContentV2(roomId: string, userId: string, encryptedMessage: EncryptedData, expectedType?: string|null): Promise<DecryptedGroupContent>` Decrypts serialized group content 🧾 with optional type checking. - **Parameters**: - `roomId` (`string`): Room ID 🏠 - `userId` (`string`): Sender ID πŸ‘€ - `encryptedMessage` (`EncryptedData`): Encrypted input πŸ” - `expectedType` (`string|null`, optional): Validate expected object type 🎯 - **Returns**: `Promise<DecryptedGroupContent>` β€” Decrypted and validated content βœ… - **Throws**: `Error` if session missing or type mismatch πŸ›‘