Timo/crypto-helper
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add encryption

Browse Source
This commit is contained in:
Timo Hocker 2020-03-04 14:51:22 +01:00
parent 6649dd23fd
commit 850515cc42
3 changed files with 100 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Jenkinsfile vendored
View File

@ -5,7 +5,7 @@ pipeline {
VERSION = VersionNumber([ VERSION = VersionNumber([
versionNumberString: versionNumberString:
'${BUILDS_ALL_TIME}', '${BUILDS_ALL_TIME}',
versionPrefix: '1.0.', versionPrefix: '1.1.',
worstResultForIncrement: 'SUCCESS' worstResultForIncrement: 'SUCCESS'
]) ])
} }

78
index.js
View File

@ -9,6 +9,16 @@
const crypto = require ('crypto'); const crypto = require ('crypto');
const encoding = require ('@scode/encoding-helper'); const encoding = require ('@scode/encoding-helper');
const encryption = {
algorithm: 'aes-256-gcm',
nonce_size: 12,
tag_size: 16,
key_size: 16,
hash: 'sha256',
salt_size: 16,
iterations: 32767
};
/** /**
* creates a random string * creates a random string
* *
@ -134,10 +144,78 @@ function checksum (data) {
return md.digest ('hex'); return md.digest ('hex');
} }
/**
* encrypt plain text with aes
*
* @param {string} text plaintext
* @param {string} pass password
* @returns {string} encrypted
*/
function encrypt_aes (text, pass) {
const salt = crypto.randomBytes (16);
// eslint-disable-next-line no-sync
const key = crypto.pbkdf2Sync (
Buffer.from (pass, 'utf-8'),
salt,
32767,
32,
'sha256'
);
const nonce = crypto.randomBytes (12);
const cipher = crypto.createCipheriv ('aes-256-gcm', key, nonce);
return Buffer.concat ([
salt,
nonce,
cipher.update (Buffer.from (text)),
cipher.final (),
cipher.getAuthTag ()
])
.toString ('base64');
}
/**
* decrypt an aes string
*
* @param {string} ciphertext encrypted text
* @param {string} pass password
* @returns {string} plaintext
*/
function decrypt_aes (ciphertext, pass) {
const buf = Buffer.from (ciphertext, 'base64');
const salt = buf.slice (0, encryption.salt_size);
// eslint-disable-next-line no-sync
const key = crypto.pbkdf2Sync (
Buffer.from (pass, 'utf-8'),
salt,
encryption.iterations,
encryption.key_size,
encryption.hash
);
const nonce = buf.slice (encryption.salt_size, encryption.nonce_size);
const enc = buf.slice (
encryption.salt_size + encryption.nonce_size,
buf.length - encryption.salt_size - encryption.tag_size
);
const tag = buf.slice (
encryption.salt_size
+ encryption.nonce_size
+ enc.length
);
const cipher = crypto.createDecipheriv (encryption.algorithm, key, nonce);
cipher.setAuthTag (tag);
return Buffer.concat ([
cipher.update (enc),
cipher.final ()
])
.toString ('utf-8');
}
module.exports = { module.exports = {
checksum, checksum,
create_salt, create_salt,
decode_signed, decode_signed,
decrypt_aes,
encrypt_aes,
get_signature_info, get_signature_info,
hash_sha512, hash_sha512,
random_hex, random_hex,

21
test/encryption.js Normal file
View File

@ -0,0 +1,21 @@
'use strict';
const test = require ('ava');
const crypto = require ('../index');
test ('encryption', (t) => {
const enc = crypto.encrypt_aes ('foo', 'bar');
t.is (typeof enc, 'string');
});
test ('decryption', (t) => {
const enc = crypto.encrypt_aes ('foo', 'bar');
const dec = crypto.decrypt_aes (enc, 'bar');
t.is (dec, 'foo');
});
test ('fail decryption', (t) => {
const enc = crypto.encrypt_aes ('foo', 'bar');
const dec = crypto.decrypt_aes (enc, 'baz');
t.is (dec, null);
});