npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

node-aes256-encrypt

v1.1.12

Published

A package that will allow you to easily encrypt and decrypt text using aes256 encryption algorithm.

Downloads

33

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

edgartoleteedgartolete

Keywords

node-aes256-encryptencryptionaes256aes256 encryptionnode aes256 encryption

Readme

node-aes256-encrypt

This library uses aes256 encryption algorithm and CBC (Cipher Block Chaining) or GCM (Galois/Counter Mode) modes of operation for encryption only for now.

Installation

npm install node-aes256-encrypt

Sample

const { gcm } = require("node-aes256-encrypt");

cbc.setKey(process.env.ENCRYPTION_AES256_KEY);
const encryptedText = gcm.encrypt("Text to be encrypted");
const decryptedText = gcm.decrypt(encryptedText);

Usage

1. Import Module:

import the module to your project.

//for CBC method
const { cbc } = require("node-aes256-encrypt");
//for GCM method
const { gcm } = require("node-aes256-encrypt");

2.Set Encryption Key:

Set the encryption key as it is required for encryption. The encryption key should be 256 bits long, or 32 bytes. It is important to generate a key with sufficient entropy and randomness to ensure its strength.

//for CBC method
cbc.setKey("enter your key here...");
//for GCM method
gcm.setKey("enter your key here...");

If you don't have a key yet, you can generate using the keyGen function of this library.

include keyGen to your file.

const { keyGen } = require("node-aes256-encrypt");

Generate a key and save it as the encryption key. This key should be kept intensively as it can be used to decrypt all encrypted data.

NOTE: You can create a key for production only, and a separate key for development that you can share with other developers.

const encryptionKey = keyGen();

Create a .env file to the root directory of your project, or save it as an environment variable on your server.

ENCRYPTION_AES256_KEY="place your key here..."

install dotenv dependency to your project

## npm
npm install dotenv

then include it to your main js file.

require("dotenv").config();

Use the environment variable instead in the setKey parameter.

//for CBC method
cbc.setKey(process.env.ENCRYPTION_AES256_KEY);
//for GCM method
gcm.setKey(process.env.ENCRYPTION_AES256_KEY);

3. Encrypt:

//for CBC method
const { iv: cbcIv, text: cbcText } = cbc.encryptLong("Text to be encrypted");
//or for Long CBC method
const encryptedCbc = cbc.encrypt("Text to be encrypted");

you can not store the iv using cbcIv variable, and the encrypted text using cbcText variable

IV (Initialization Vector): It is a random or unique value that is used as the initial input for the encryption algorithm. The IV ensures that even if the same plaintext is encrypted multiple times, the resulting ciphertext will be different. It adds randomness and prevents patterns from emerging in the encrypted data. The IV is typically required for symmetric encryption algorithms like AES in modes such as CBC or GCM.

//for GCM method

const {
  iv: gcmIv,
  text: gcmText,
  tag: gcmTag,
} = gcm.encrypt("Text to be encrypted");
//or for Quick GCM method
const encryptedGcm = gcm.encrypt("Text to be encrypted");

you can now store the iv using gcmIv variable, the encrypted text using gcmText variable, and the tag using gcmTag variable.

Tag: In the context of authenticated encryption modes like GCM (Galois/Counter Mode), a tag is a piece of data generated during the encryption process. The tag provides integrity and authenticity checks for the ciphertext. It is used to verify that the ciphertext has not been tampered with or modified during transmission or storage. The tag is generated using the encryption key, IV, and additional authentication data, if provided.

4. Decrypt:

To decrypt the encrypted text, you will need to set the same encryption key that you set before encrypting it, as well as the iv if you use the cbc method,

//for CBC method
const cbcDecrypted = cbc.decrypt(cbcIv, cbcText);
//or for Quick CBC method
const decryptedCbc = cbc.decrypt(encryptedCbc);

And iv plus tag if you used the gcm method.

//for GCM method
const gcmDecrypted = gcm.decryptLong(gcmIv, gcmText, gcmTag);
//or for Quick GCM method
const decryptedGcm = gcm.decrypt(encryptedGcm);

Tips:

It is recommended to follow established practices for storing IV and tag securely. Here are some common approaches:

  • Prepend or append the IV and tag: Instead of concatenating them directly with the encrypted text, you can prepend or append the IV and tag as separate values. For example, you can store them as separate fields or use a delimiter to distinguish them from the encrypted text.

  • Store IV and tag separately: You can store the IV and tag in a separate storage or metadata associated with the encrypted data. This keeps them distinct and allows for proper retrieval and usage during decryption.

  • Encrypt the IV and tag: To enhance security, you can encrypt the IV and tag themselves before storing them. This can provide an additional layer of protection against potential attacks targeting the stored IV and tag values.

By following these practices, you can maintain the integrity and security of the IV and tag, ensuring the proper decryption of encrypted data while reducing the risk of exposing sensitive information.