@rahulxsh/secure-server
v1.1.0
Published
Node.js hybrid encryption (RSA-OAEP + AES-256-GCM) for backend services
Maintainers
rahulxshReadme
@rahulxsh/secure-server
Node.js hybrid encryption (RSA-OAEP + AES-256-GCM) for backend services. Decrypt requests from the client and encrypt responses. Uses node:crypto only.
Install
npm install @rahulxsh/secure-server @rahulxsh/secure-coreNode.js 18+
Quick example (RSA)
import {
decryptRequest,
encryptResponse,
generateEphemeralKeyPair,
exportPublicKeySpki,
importRsaPublicKey,
importRsaPrivateKey,
} from "@rahulxsh/secure-server";
// 1. Generate server key pair once
const keyPair = await generateEphemeralKeyPair();
const publicKeyPem = await exportPublicKeySpki(keyPair.publicKey);
// Expose publicKeyPem to clients (e.g. GET /api/public-key).
// 2. In your API: decrypt incoming request body
app.post("/api/secure", async (req, res) => {
const payload = req.body; // EncryptedPayload from client
try {
const data = await decryptRequest(payload, keyPair.privateKey);
// Use data (e.g. { userId, action })...
const result = { success: true };
const encrypted = await encryptResponse(result, clientPublicKey, "key-v1");
res.json(encrypted);
} catch (e) {
if (e.name === "DecryptionError") return res.status(400).json({ error: "Decryption failed" });
throw e;
}
});ECDH and X25519
import {
generateEcdhKeyPair,
decryptRequestEcdh,
encryptResponseEcdh,
} from "@rahulxsh/secure-server";
const ecdhPair = await generateEcdhKeyPair();
const data = await decryptRequestEcdh(payload, ecdhPair.privateKey);
const encrypted = await encryptResponseEcdh(responseData, clientEcdhPublicKey, "ecdh-v1");import {
generateX25519KeyPair,
decryptRequestX25519,
encryptResponseX25519,
} from "@rahulxsh/secure-server";
const x25519Pair = await generateX25519KeyPair();
const data = await decryptRequestX25519(payload, x25519Pair.privateKey);
const encrypted = await encryptResponseX25519(responseData, clientX25519PublicKey, "x25519-v1");Multi-key (key rotation)
Use the kid in the payload to choose the right private key:
const keys = { "key-v1": privateKey1, "key-v2": privateKey2 };
const data = await decryptRequest(payload, keys[payload.kid]);License
MIT