jstudio-token
v0.1.0
Published
JWT helper that signs a JWT and encrypts it (AES-256-GCM) for confidential transport
Maintainers
Readme
jstudio-token
Lightweight helper to create a signed JWT and then encrypt it with AES-256-GCM for confidential transport.
Usage
Install:
npm install jstudio-tokenExample:
const { signAndEncrypt, decryptAndVerify, generateEncryptionKeyHex } = require('jstudio-token');
const encKey = generateEncryptionKeyHex(); // store securely, 32 bytes hex
const jwtSecret = 'your-jwt-secret';
const payload = { sub: 'user123', role: 'admin' };
const encrypted = signAndEncrypt(payload, jwtSecret, encKey, { expiresIn: '1h' });
// send `encrypted` over network; on server receive:
const decoded = decryptAndVerify(encrypted, jwtSecret, encKey);
console.log(decoded);Notes
- The library signs JWTs (JWS) using the provided
jwtSecretand then encrypts the signed token using AES-256-GCM. - Use a 32-byte (256-bit) random encryption key encoded as hex for
encryptionKeyHex. - This approach provides both signature verification and confidentiality (via AES-GCM authentication tag).
