npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

secure-vault

v2.0.0

Published

Secure, password based symetric encryption.

Downloads

15

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

forbeslindesayforbeslindesay

Keywords

Readme

secure-vault

Secure, password based symetric encryption. When you create a "vault" it can be used to encrypt and decrypt multiple messages with a single password.

N.B. server side usage requires at least node.js version 14

Rolling Versions

Installation

yarn add secure-vault

Usage

import {
  createVault,
  unlockVault,
  password,
  secretData,
  secretDataToString,
} from 'secure-vault';

const unlocked = createVault(password('My super secure password'));

// You can encrypt something using the unlocked vault. The resulting cipherText
// safe to share:
const encrypted = unlocked.encrypt(secretData('My secret message'));

// To access the data later, you'll need a way to retrieve the same vault.
// To do this, you can `lock` the vault, which creates a serializable
// copy of the vault that can only be unlocked using the password.
const locked = unlocked.lock();

// Assuming you've saved the `lockedVaultStr` and `cipherTextStr`, and you know
// the secret password, you can unlock the vault and then decrypt your data:
const unlocked2 = unlockVault(locked, password('My super secure password'));

const secret = secretDataToString(unlocked2.decrypt(encrypted));
console.log(secret);
// => 'My secret message'

API

Password

The password is the secret phrase that's used to encrypt the data. Ideally this should be as long as possible, to keep the data secure. You can create a Password from a string using:

import {password} from 'secure-vault';

const pwd = password('My Secret Pass Phrase');

(You can alternatively create one from a Uint8 array by passing the Uint8 array to password)

SecretData

The secret data is the data you want to encrypt, or the data you have decrypted. You can create SecretData from a string using:

import {secretData} from 'secure-vault';

// N.B. "data" here is not yet encrypted
const data = secretData('A secret I want to hide');

You can also convert SecretData back into a string using:

import {secretDataToString} from 'secure-vault';

// N.B. "data" here is not yet encrypted
const str = secretDataToString(data);

(You can alternatively use a Uint8 array by passing the Uint8 array to secretData)

EncryptedData

The encrypted data is safe to share publicly. The only way to decrypt the encrypted data is to have access to either the UnlockedVault or both the LockedVault and the Password. You can directly store the encrypted data as a Uint8Array or you can convert it to and from a string:

import {encryptedData, encryptedDataToString} from 'secure-vault';

const str = encryptedDataToString(encrypted);
const encrypted = encryptedData(str);

LockedVault

A locked vault represents the key used to encrypt and decrypt the data, but it cannot be used until it's unlocked. The only way to unlock it is with the password. The locked vault must be stored somewhere along with the encrypted data, but you can reuse the same vault for many different encrypted values. You can directly store the locked vault as a Uint8Array or you can convert it to and from a string:

import {lockedVault, lockedVaultToString} from 'secure-vault';

const str = lockedVaultToString(locked);
const locked = lockedVault(str);

UnlockedVault

An unlocked vault represents a vault with its associated password. You can use the unlocked vault to encrypt and decrypt any amount of data you need. To store the keys, you should "lock" the vault.

Creating a vault:

import {createVault, password, lockedVaultToString} from 'secure-vault';

const unlocked = createVault(password('My secret password'));
const lockedStr = lockedVaultToString(unlocked.lock());

Unlocking a vault:

import {unlockVault, password, lockedVault} from 'secure-vault';

const unlocked = unlockVault(
  lockedVault(lockedStr),
  password('My secret password'),
);

unlockedVault.encrypt(secretData: SecretData) => Promise<EncryptedData>

You can call unlockedVault.encrypt to encrypt some secret data:

const encryptedStr = encryptedDataToString(
  await unlockedVault.encrypt(secretData('My Secret Message')),
);

unlockedVault.decrypt(encryptedData: EncryptedData) => Promise<SecretData>

You can call unlockedVault.encrypt to decrypt some encrtyped data:

const mySecretMessage = secretDataToString(
  await unlockedVault.decrypt(encryptedData(encryptedStr)),
);

unlockedVault.lock() => LockedVault

You can get a locked vault for storage by calling unlockedVault.lock().

Notes regarding security

  • Secure Vault uses a randomly generated 96 bit IV. This means you should not encrypt more than 2^32 secrets using one vault: https://crypto.stackexchange.com/a/66500/723
  • Secure Vault usese a 128 bit salt. This should be acceptable for most use cases: https://stackoverflow.com/a/5197921/272958
  • Secure Vault uses 200,000 iterations for PBKDF2. At time of writing this is approximately 2x the default for lastpass

These values are not configureable, but the encrypted data from Secure Vault is versioned, so we will be able to change the defaults in a non-breaking way once these defaults no longer provide an appropriate level of security.