@nfi/crypted
v2.0.2
Published
Simple wrapper for encryption/decryption of V8-serialisable data structures.
Downloads
5
Maintainers
Readme
@nfi/crypted
Simple wrapper for encryption/decryption of V8-serialisable data structures.
Installation
npm install @nfi/crypted
Documentation
API documentation is available here.
Usage Example
const { encrypt, decrypt, keygenSync } = require('@nfi/crypted')
const key = keygenSync('password', 'salt')
const msg = {
foo: 'test',
bar: 123456
}
const enc = encrypt(key, msg)
const dec = decrypt(key, enc)
console.log(enc) // iaeSPY4cCCeLHwyRGeZ4MPsHDTrpkkmV4M8TdB9O4rxJlBaAYYccd5iIVahMRb2S
console.log(dec) // { foo: 'test', bar: 123456 }
Implementation
- Internally,
encrypt
/decrypt
use AES-256-GCM with randomised IVs, andkeygen
/keygenSync
use 100,000 iterations of PBKDF2-HMAC-SHA512. - Payloads are serialised using
v8.serialize
andv8.deserialize
, so any caveats regarding the types of data that will successfully round-trip through those two functions also apply here. - The ciphertexts returned by
encrypt
are a base64-encoded concatenation of the IV, encrypted payload, and authentication tag.
Typescript
When used with Typescript, encrypt
returns a tagged string type called Crypted
, which is
functionally identical to a string but allows type information about the original payload to
be preserved across subsequent calls to decrypt
:
const msg = 12345 // const msg: number
const enc = encrypt(key, msg) // const enc: Crypted<number>
const dec = decrypt(key, enc) // const dec: number
This can be used to provide type safety hints for ciphertexts based on their expected contents:
function example(enc: Crypted<{
val1: boolean
val2: string
}>) {
const dec = decrypt(key, enc)
if (dec.val1) {
console.log(dec.val2)
}
}
example(encrypt(key, { val1: true, val2: 'example' })) // compiles ok
example(encrypt(key, 12345)) // type error