@byearlybird/crypto 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.mjs +12 -14
  2. package/package.json +1 -1
package/dist/index.mjs CHANGED
@@ -99,40 +99,38 @@ async function deriveEncryptionKey(vaultKey, salt) {
99
99
  }, keyMaterial, {
100
100
  name: "AES-GCM",
101
101
  length: 256
102
- }, true, ["encrypt", "decrypt"]),
102
+ }, false, ["wrapKey", "unwrapKey"]),
103
103
  salt: saltBytes
104
104
  };
105
105
  }
106
106
  async function encryptMasterKey(masterKey, vaultKey) {
107
- const masterKeyBytes = await crypto.subtle.exportKey("raw", masterKey);
108
- const { key: encryptionKey, salt } = await deriveEncryptionKey(vaultKey);
107
+ const { key: wrappingKey, salt } = await deriveEncryptionKey(vaultKey);
109
108
  const iv = randomBytes(IV_LENGTH);
110
- const encrypted = await crypto.subtle.encrypt({
109
+ const wrapped = await crypto.subtle.wrapKey("raw", masterKey, wrappingKey, {
111
110
  name: "AES-GCM",
112
111
  iv
113
- }, encryptionKey, masterKeyBytes);
114
- return toBase64(concatBytes(salt, iv, new Uint8Array(encrypted)));
112
+ });
113
+ return toBase64(concatBytes(salt, iv, new Uint8Array(wrapped)));
115
114
  }
116
115
  async function decryptMasterKey(encryptedMasterKey, vaultKey) {
117
116
  const combined = fromBase64(encryptedMasterKey);
118
117
  if (combined.length <= PBKDF2_SALT_LENGTH + IV_LENGTH) throw new Error("Invalid encrypted master key payload");
119
118
  const salt = combined.slice(0, PBKDF2_SALT_LENGTH);
120
119
  const iv = combined.slice(PBKDF2_SALT_LENGTH, PBKDF2_SALT_LENGTH + IV_LENGTH);
121
- const encrypted = combined.slice(PBKDF2_SALT_LENGTH + IV_LENGTH);
122
- const { key: encryptionKey } = await deriveEncryptionKey(vaultKey, salt);
123
- const decrypted = await crypto.subtle.decrypt({
120
+ const wrapped = combined.slice(PBKDF2_SALT_LENGTH + IV_LENGTH);
121
+ const { key: unwrappingKey } = await deriveEncryptionKey(vaultKey, salt);
122
+ return crypto.subtle.unwrapKey("raw", wrapped, unwrappingKey, {
124
123
  name: "AES-GCM",
125
124
  iv
126
- }, encryptionKey, encrypted);
127
- return crypto.subtle.importKey("raw", decrypted, { name: "AES-GCM" }, true, ["encrypt", "decrypt"]);
125
+ }, { name: "AES-GCM" }, false, ["encrypt", "decrypt"]);
128
126
  }
129
127
  async function generateKeys() {
130
128
  const vaultKey = generateVaultKey();
131
- const masterKey = await generateMasterKey();
129
+ const encryptedMasterKey = await encryptMasterKey(await generateMasterKey(), vaultKey);
132
130
  return {
133
131
  vaultKey,
134
- masterKey,
135
- encryptedMasterKey: await encryptMasterKey(masterKey, vaultKey)
132
+ masterKey: await decryptMasterKey(encryptedMasterKey, vaultKey),
133
+ encryptedMasterKey
136
134
  };
137
135
  }
138
136
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@byearlybird/crypto",
3
- "version": "0.0.1",
3
+ "version": "0.0.2",
4
4
  "description": "Lightweight E2EE toolkit for web apps - zero dependencies + vault key security",
5
5
  "type": "module",
6
6
  "license": "MIT",