@voiceflow/encryption 0.2.0

package/README.md

@@ -0,0 +1,94 @@
+# encryption
+
+Voiceflow encryption library
+
+## Install
+
+```sh
+yarn add @voiceflow/encryption
+```
+
+## Usage
+
+### Basic encryption/decryption
+
+```typescript
+import crypto from 'crypto';
+import { encryptAes256Gcm, decryptAes256Gcm } from '@voiceflow/encryption';
+
+// create a key
+const createAES256Key = () =>
+  new Promise<string>((resolve) => {
+    crypto.generateKey('aes', { length: 256 }, (err, key) => {
+      if (err) throw err;
+      resolve(key.export().toString('base64'));
+    });
+  });
+const encryptionKey = await createAES256Key();
+
+// Encrypt data
+const plaintext = 'sensitive data';
+const encrypted = encryptAes256Gcm(plaintext, encryptionKey);
+
+// Decrypt data
+const decrypted = decryptAes256Gcm(encrypted, encryptionKey);
+console.log(decrypted); // 'sensitive data'
+```
+
+### Using with NestJS
+
+```typescript
+import { Module } from '@nestjs/common';
+import { EncryptionModule } from '@voiceflow/encryption';
+
+@Module({
+  imports: [
+    EncryptionModule.register({
+      encryptionKey: 'your-base64-encoded-key',
+    }),
+  ],
+})
+export class AppModule {}
+```
+
+Or with async configuration:
+
+```typescript
+import { Module } from '@nestjs/common';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { EncryptionModule } from '@voiceflow/encryption';
+
+@Module({
+  imports: [
+    ConfigModule.forRoot(),
+    EncryptionModule.registerAsync({
+      imports: [ConfigModule],
+      inject: [ConfigService],
+      useFactory: (configService: ConfigService) => ({
+        encryptionKey: configService.get('ENCRYPTION_KEY'),
+      }),
+    }),
+  ],
+})
+export class AppModule {}
+```
+
+Then inject and use the service:
+
+```typescript
+import { Injectable } from '@nestjs/common';
+import { EncryptionService } from '@voiceflow/encryption';
+
+@Injectable()
+export class YourService {
+  constructor(private readonly encryptionService: EncryptionService) {}
+
+  encryptSensitiveData(data: string) {
+    return this.encryptionService.encrypt(data);
+  }
+
+  decryptSensitiveData(encryptedData) {
+    return this.encryptionService.decrypt(encryptedData);
+  }
+}
+```

package/build/cjs/aes-256-gcm.d.ts

@@ -0,0 +1,49 @@
+/**
+ * This file implements AES 256 Galois/counter (GCM) encryption. The AES algorithm
+ * is a symmetric-key block cipher that is considered to be a highly secure algorithm
+ * (as of 30 Sep 2024).
+ *
+ * For this implementation, we will use AES-256 with 256-bit keys, which provides the
+ * strongest security of all AES variants.
+ *
+ * GCM mode is the usual recommended mode of operation for encryption. AES 256 features
+ * a variety of modes of operation, such as ECB, CBC, CTR, and GCM. To understand why
+ * GCM is a good choice, we will discuss the weaknesses of each method mentioned.
+ *
+ * 1. ECB is considered insecure as it does not sufficiently scramble patterns in the
+ *    original data, e.g, see the Tux image in
+ *    https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB)
+ *
+ * 2. CBC is stronger than ECB but operates on fixed-length blocks of plaintext, so
+ *    plaintext that does not conform to these requirements require *padding*. The use of
+ *    padding opens CBC to "padding oracle attacks" which allows attackers to decrypt the
+ *    ciphertext without knowing the symmetric key.
+ *
+ * 3. CTR does not suffer from padding oracle attacks as it does not require padding.
+ *    However, it and other methods are vulnerable to attacks on data integrity such as
+ *    "malleability attacks" which allows an attacker to manipulate the ciphertext to
+ *    inject malicious data without knowing the symmetric key.
+ *
+ * GCM uses CTR under the hood, but adds a "message authenticate code" (MAC) to each ciphertext
+ * created. A trusted sender computes a MAC on some text, using the symmetric key. A trusted
+ * receiver will verify the MAC using the symmetric key to ensure that no attacker intercepted
+ * the message and tampered with its underlying contents. This is similar to the concept of
+ * "digital signatures" that is also used in cryptography.
+ *
+ * The MAC guards against malleability attacks, as a symmetric key is required to compute the
+ * exact MAC corresponding to the protected ciphertext. Manipulating the ciphertext without
+ * making the corresponding change in the MAC causes a mismatch which is flagged as an integrity
+ * violation.
+ *
+ * NOTE: While GCM is one of the more secure modes of operation, it is by no means perfect
+ * and requires careful adherence to best practice, e.g, AES-256 should ideally be used
+ * with 96-bit cryptographically secure pseudorandom initialization vectors.
+ */
+export interface GCMEncryptedData {
+    value: string;
+    iv: string;
+    mac: string;
+}
+export declare function encryptAes256Gcm(plaintext: string, symmetricKey: string): GCMEncryptedData;
+export declare function decryptAes256Gcm(data: GCMEncryptedData, symmetricKey: string): string;
+//# sourceMappingURL=aes-256-gcm.d.ts.map

package/build/cjs/aes-256-gcm.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-256-gcm.d.ts","sourceRoot":"","sources":["../../src/aes-256-gcm.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;CACb;AAYD,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,gBAAgB,CAa1F;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,UAU5E"}

package/build/cjs/aes-256-gcm.js

@@ -0,0 +1,34 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encryptAes256Gcm = encryptAes256Gcm;
+exports.decryptAes256Gcm = decryptAes256Gcm;
+const node_crypto_1 = __importDefault(require("node:crypto"));
+const mode = 'aes-256-gcm';
+// 96-bit IV is recommended by section 5.2.1.1 in
+// https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
+const ivLengthBytes = 12;
+const dbEncoding = 'base64';
+const plaintextEncoding = 'utf8';
+function encryptAes256Gcm(plaintext, symmetricKey) {
+    const key = Buffer.from(symmetricKey, dbEncoding);
+    const iv = node_crypto_1.default.randomBytes(ivLengthBytes);
+    const cipher = node_crypto_1.default.createCipheriv(mode, key, iv);
+    const ciphertext = cipher.update(plaintext, plaintextEncoding, dbEncoding) + cipher.final(dbEncoding);
+    return {
+        value: ciphertext,
+        iv: iv.toString(dbEncoding),
+        mac: cipher.getAuthTag().toString(dbEncoding),
+    };
+}
+function decryptAes256Gcm(data, symmetricKey) {
+    const key = Buffer.from(symmetricKey, dbEncoding);
+    const iv = Buffer.from(data.iv, dbEncoding);
+    const decipher = node_crypto_1.default.createDecipheriv(mode, key, iv);
+    const mac = Buffer.from(data.mac, dbEncoding);
+    decipher.setAuthTag(mac);
+    return decipher.update(data.value, dbEncoding, plaintextEncoding) + decipher.final(plaintextEncoding);
+}
+//# sourceMappingURL=aes-256-gcm.js.map

package/build/cjs/aes-256-gcm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-256-gcm.js","sourceRoot":"","sources":["../../src/aes-256-gcm.ts"],"names":[],"mappings":";;;;;AA4DA,4CAaC;AAED,4CAUC;AArFD,8DAAiC;AAkDjC,MAAM,IAAI,GAAG,aAAa,CAAC;AAE3B,iDAAiD;AACjD,gFAAgF;AAChF,MAAM,aAAa,GAAG,EAAE,CAAC;AAEzB,MAAM,UAAU,GAAG,QAAQ,CAAC;AAE5B,MAAM,iBAAiB,GAAG,MAAM,CAAC;AAEjC,SAAgB,gBAAgB,CAAC,SAAiB,EAAE,YAAoB;IACtE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAElD,MAAM,EAAE,GAAG,qBAAM,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,qBAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAEpD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,iBAAiB,EAAE,UAAU,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAEtG,OAAO;QACL,KAAK,EAAE,UAAU;QACjB,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC;QAC3B,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC;KAC9C,CAAC;AACJ,CAAC;AAED,SAAgB,gBAAgB,CAAC,IAAsB,EAAE,YAAoB;IAC3E,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAElD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;IAC5C,MAAM,QAAQ,GAAG,qBAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAExD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAC9C,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAEzB,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,iBAAiB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;AACxG,CAAC"}

package/build/cjs/aes-256-gcm.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=aes-256-gcm.test.d.ts.map

package/build/cjs/aes-256-gcm.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-256-gcm.test.d.ts","sourceRoot":"","sources":["../../src/aes-256-gcm.test.ts"],"names":[],"mappings":""}

package/build/cjs/aes-256-gcm.test.js

@@ -0,0 +1,43 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const crypto_1 = __importDefault(require("crypto"));
+const vitest_1 = require("vitest");
+const aes_256_gcm_1 = require("./aes-256-gcm");
+(0, vitest_1.describe)('AES-256 GCM', async () => {
+    const createAES256Key = () => new Promise((resolve) => {
+        crypto_1.default.generateKey('aes', { length: 256 }, (err, key) => {
+            if (err)
+                throw err;
+            resolve(key.export().toString('base64'));
+        });
+    });
+    const testKey = await createAES256Key();
+    (0, vitest_1.test)('successfully encrypts then decrypts', async () => {
+        const plaintext = 'hello, world!';
+        const cipherdata = await (0, aes_256_gcm_1.encryptAes256Gcm)(plaintext, testKey);
+        const deciphertext = await (0, aes_256_gcm_1.decryptAes256Gcm)(cipherdata, testKey);
+        (0, vitest_1.expect)(deciphertext).to.eq(plaintext);
+    });
+    (0, vitest_1.test)('throws error if decrypted with wrong key', async () => {
+        const plaintext = 'hello, world!';
+        const wrongKey = await createAES256Key();
+        const cipherdata = await (0, aes_256_gcm_1.encryptAes256Gcm)(plaintext, testKey);
+        const decipher = () => (0, aes_256_gcm_1.decryptAes256Gcm)(cipherdata, wrongKey);
+        await (0, vitest_1.expect)(decipher).to.throw('Unsupported state or unable to authenticate data');
+    });
+    (0, vitest_1.test)('throws error if ciphertext is not validated by the mac', async () => {
+        const plaintext = 'hello, world!';
+        const trueCipherdata = await (0, aes_256_gcm_1.encryptAes256Gcm)(plaintext, testKey);
+        const data = await (0, aes_256_gcm_1.encryptAes256Gcm)('malicious payload', testKey);
+        const forgedCipherdata = {
+            ...trueCipherdata,
+            value: data.value,
+        };
+        const decipher = () => (0, aes_256_gcm_1.decryptAes256Gcm)(forgedCipherdata, testKey);
+        await (0, vitest_1.expect)(decipher).to.throw('Unsupported state or unable to authenticate data');
+    });
+});
+//# sourceMappingURL=aes-256-gcm.test.js.map

package/build/cjs/aes-256-gcm.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-256-gcm.test.js","sourceRoot":"","sources":["../../src/aes-256-gcm.test.ts"],"names":[],"mappings":";;;;;AAAA,oDAA4B;AAC5B,mCAAgD;AAEhD,+CAAmE;AAEnE,IAAA,iBAAQ,EAAC,aAAa,EAAE,KAAK,IAAI,EAAE;IACjC,MAAM,eAAe,GAAG,GAAG,EAAE,CAC3B,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;QAC9B,gBAAM,CAAC,WAAW,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACtD,IAAI,GAAG;gBAAE,MAAM,GAAG,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IACL,MAAM,OAAO,GAAG,MAAM,eAAe,EAAE,CAAC;IAExC,IAAA,aAAI,EAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,SAAS,GAAG,eAAe,CAAC;QAElC,MAAM,UAAU,GAAG,MAAM,IAAA,8BAAgB,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,MAAM,IAAA,8BAAgB,EAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAEjE,IAAA,eAAM,EAAC,YAAY,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,IAAA,aAAI,EAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,SAAS,GAAG,eAAe,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAM,eAAe,EAAE,CAAC;QAEzC,MAAM,UAAU,GAAG,MAAM,IAAA,8BAAgB,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAAG,GAAG,EAAE,CAAC,IAAA,8BAAgB,EAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAE9D,MAAM,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF,CAAC,CAAC,CAAC;IAEH,IAAA,aAAI,EAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,SAAS,GAAG,eAAe,CAAC;QAElC,MAAM,cAAc,GAAG,MAAM,IAAA,8BAAgB,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAClE,MAAM,IAAI,GAAG,MAAM,IAAA,8BAAgB,EAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC;QAClE,MAAM,gBAAgB,GAAG;YACvB,GAAG,cAAc;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC;QAEF,MAAM,QAAQ,GAAG,GAAG,EAAE,CAAC,IAAA,8BAAgB,EAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QAEnE,MAAM,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/build/cjs/encryption.const.d.ts

@@ -0,0 +1,2 @@
+export declare const EncryptionModuleOptionsProvide = "ENCRYPTION_MODULE_OPTIONS";
+//# sourceMappingURL=encryption.const.d.ts.map

package/build/cjs/encryption.const.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.const.d.ts","sourceRoot":"","sources":["../../src/encryption.const.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,8BAA8B,8BAA8B,CAAC"}

package/build/cjs/encryption.const.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptionModuleOptionsProvide = void 0;
+exports.EncryptionModuleOptionsProvide = 'ENCRYPTION_MODULE_OPTIONS';
+//# sourceMappingURL=encryption.const.js.map

package/build/cjs/encryption.const.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.const.js","sourceRoot":"","sources":["../../src/encryption.const.ts"],"names":[],"mappings":";;;AAAa,QAAA,8BAA8B,GAAG,2BAA2B,CAAC"}

package/build/cjs/encryption.interface.d.ts

@@ -0,0 +1,9 @@
+import type { ModuleMetadata } from '@nestjs/common';
+export interface EncryptionModuleAsyncOptions extends Pick<ModuleMetadata, 'imports'> {
+    useFactory: (...args: any[]) => Promise<EncryptionModuleOptions> | EncryptionModuleOptions;
+    inject?: any[];
+}
+export interface EncryptionModuleOptions {
+    encryptionKey?: string | null;
+}
+//# sourceMappingURL=encryption.interface.d.ts.map

package/build/cjs/encryption.interface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.interface.d.ts","sourceRoot":"","sources":["../../src/encryption.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAErD,MAAM,WAAW,4BAA6B,SAAQ,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC;IACnF,UAAU,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,uBAAuB,CAAC,GAAG,uBAAuB,CAAC;IAC3F,MAAM,CAAC,EAAE,GAAG,EAAE,CAAC;CAChB;AAED,MAAM,WAAW,uBAAuB;IACtC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B"}

package/build/cjs/encryption.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=encryption.interface.js.map

package/build/cjs/encryption.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.interface.js","sourceRoot":"","sources":["../../src/encryption.interface.ts"],"names":[],"mappings":""}

package/build/cjs/encryption.module.d.ts

@@ -0,0 +1,7 @@
+import { DynamicModule } from '@nestjs/common';
+import { EncryptionModuleAsyncOptions, EncryptionModuleOptions } from './encryption.interface';
+export declare class EncryptionModule {
+    static register(options: EncryptionModuleOptions): DynamicModule;
+    static registerAsync(options: EncryptionModuleAsyncOptions): DynamicModule;
+}
+//# sourceMappingURL=encryption.module.d.ts.map

package/build/cjs/encryption.module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.module.d.ts","sourceRoot":"","sources":["../../src/encryption.module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAU,MAAM,gBAAgB,CAAC;AAGvD,OAAO,EAAE,4BAA4B,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAG/F,qBACa,gBAAgB;IAC3B,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,uBAAuB,GAAG,aAAa;IAahE,MAAM,CAAC,aAAa,CAAC,OAAO,EAAE,4BAA4B,GAAG,aAAa;CAqB3E"}

package/build/cjs/encryption.module.js

@@ -0,0 +1,99 @@
+"use strict";
+var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
+    function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
+    var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
+    var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
+    var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
+    var _, done = false;
+    for (var i = decorators.length - 1; i >= 0; i--) {
+        var context = {};
+        for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
+        for (var p in contextIn.access) context.access[p] = contextIn.access[p];
+        context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
+        var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
+        if (kind === "accessor") {
+            if (result === void 0) continue;
+            if (result === null || typeof result !== "object") throw new TypeError("Object expected");
+            if (_ = accept(result.get)) descriptor.get = _;
+            if (_ = accept(result.set)) descriptor.set = _;
+            if (_ = accept(result.init)) initializers.unshift(_);
+        }
+        else if (_ = accept(result)) {
+            if (kind === "field") initializers.unshift(_);
+            else descriptor[key] = _;
+        }
+    }
+    if (target) Object.defineProperty(target, contextIn.name, descriptor);
+    done = true;
+};
+var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
+    var useValue = arguments.length > 2;
+    for (var i = 0; i < initializers.length; i++) {
+        value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
+    }
+    return useValue ? value : void 0;
+};
+var __setFunctionName = (this && this.__setFunctionName) || function (f, name, prefix) {
+    if (typeof name === "symbol") name = name.description ? "[".concat(name.description, "]") : "";
+    return Object.defineProperty(f, "name", { configurable: true, value: prefix ? "".concat(prefix, " ", name) : name });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptionModule = void 0;
+const common_1 = require("@nestjs/common");
+const encryption_const_1 = require("./encryption.const");
+const encryption_service_1 = __importDefault(require("./encryption.service"));
+let EncryptionModule = (() => {
+    let _classDecorators = [(0, common_1.Module)({})];
+    let _classDescriptor;
+    let _classExtraInitializers = [];
+    let _classThis;
+    var EncryptionModule = _classThis = class {
+        static register(options) {
+            return {
+                module: EncryptionModule,
+                providers: [
+                    {
+                        provide: encryption_service_1.default,
+                        useValue: new encryption_service_1.default(options.encryptionKey),
+                    },
+                ],
+                exports: [encryption_service_1.default],
+            };
+        }
+        static registerAsync(options) {
+            return {
+                module: EncryptionModule,
+                imports: options.imports || [],
+                providers: [
+                    {
+                        provide: encryption_const_1.EncryptionModuleOptionsProvide,
+                        useFactory: options.useFactory,
+                        inject: options.inject || [],
+                    },
+                    {
+                        provide: encryption_service_1.default,
+                        useFactory: (moduleOptions) => {
+                            return new encryption_service_1.default(moduleOptions.encryptionKey);
+                        },
+                        inject: [encryption_const_1.EncryptionModuleOptionsProvide],
+                    },
+                ],
+                exports: [encryption_service_1.default],
+            };
+        }
+    };
+    __setFunctionName(_classThis, "EncryptionModule");
+    (() => {
+        const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(null) : void 0;
+        __esDecorate(null, _classDescriptor = { value: _classThis }, _classDecorators, { kind: "class", name: _classThis.name, metadata: _metadata }, null, _classExtraInitializers);
+        EncryptionModule = _classThis = _classDescriptor.value;
+        if (_metadata) Object.defineProperty(_classThis, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
+        __runInitializers(_classThis, _classExtraInitializers);
+    })();
+    return EncryptionModule = _classThis;
+})();
+exports.EncryptionModule = EncryptionModule;
+//# sourceMappingURL=encryption.module.js.map

package/build/cjs/encryption.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.module.js","sourceRoot":"","sources":["../../src/encryption.module.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAAuD;AAEvD,yDAAoE;AAEpE,8EAAqD;IAGxC,gBAAgB;4BAD5B,IAAA,eAAM,EAAC,EAAE,CAAC;;;;;QAET,MAAM,CAAC,QAAQ,CAAC,OAAgC;YAC9C,OAAO;gBACL,MAAM,EAAE,gBAAgB;gBACxB,SAAS,EAAE;oBACT;wBACE,OAAO,EAAE,4BAAiB;wBAC1B,QAAQ,EAAE,IAAI,4BAAiB,CAAC,OAAO,CAAC,aAAa,CAAC;qBACvD;iBACF;gBACD,OAAO,EAAE,CAAC,4BAAiB,CAAC;aAC7B,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,aAAa,CAAC,OAAqC;YACxD,OAAO;gBACL,MAAM,EAAE,gBAAgB;gBACxB,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,EAAE;gBAC9B,SAAS,EAAE;oBACT;wBACE,OAAO,EAAE,iDAA8B;wBACvC,UAAU,EAAE,OAAO,CAAC,UAAU;wBAC9B,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;qBAC7B;oBACD;wBACE,OAAO,EAAE,4BAAiB;wBAC1B,UAAU,EAAE,CAAC,aAAsC,EAAE,EAAE;4BACrD,OAAO,IAAI,4BAAiB,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;wBAC5D,CAAC;wBACD,MAAM,EAAE,CAAC,iDAA8B,CAAC;qBACzC;iBACF;gBACD,OAAO,EAAE,CAAC,4BAAiB,CAAC;aAC7B,CAAC;QACJ,CAAC;;;;;QAlCH,6KAmCC;;;QAnCY,uDAAgB;;;;AAAhB,4CAAgB"}

package/build/cjs/encryption.service.d.ts

@@ -0,0 +1,10 @@
+import type { GCMEncryptedData } from './aes-256-gcm';
+declare class EncryptionService {
+    private readonly _encryptionKey?;
+    constructor(_encryptionKey?: (string | null) | undefined);
+    private get encryptionKey();
+    encrypt(plaintext: string): GCMEncryptedData;
+    decrypt(data: GCMEncryptedData): string;
+}
+export default EncryptionService;
+//# sourceMappingURL=encryption.service.d.ts.map

package/build/cjs/encryption.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.service.d.ts","sourceRoot":"","sources":["../../src/encryption.service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAGtD,cACM,iBAAiB;IACT,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;gBAAf,cAAc,CAAC,GAAE,MAAM,GAAG,IAAI,aAAA;IAE3D,OAAO,KAAK,aAAa,GAMxB;IAEM,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,gBAAgB;IAI5C,OAAO,CAAC,IAAI,EAAE,gBAAgB,GAAG,MAAM;CAG/C;AAED,eAAe,iBAAiB,CAAC"}

package/build/cjs/encryption.service.js

@@ -0,0 +1,76 @@
+"use strict";
+var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
+    function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
+    var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
+    var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
+    var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
+    var _, done = false;
+    for (var i = decorators.length - 1; i >= 0; i--) {
+        var context = {};
+        for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
+        for (var p in contextIn.access) context.access[p] = contextIn.access[p];
+        context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
+        var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
+        if (kind === "accessor") {
+            if (result === void 0) continue;
+            if (result === null || typeof result !== "object") throw new TypeError("Object expected");
+            if (_ = accept(result.get)) descriptor.get = _;
+            if (_ = accept(result.set)) descriptor.set = _;
+            if (_ = accept(result.init)) initializers.unshift(_);
+        }
+        else if (_ = accept(result)) {
+            if (kind === "field") initializers.unshift(_);
+            else descriptor[key] = _;
+        }
+    }
+    if (target) Object.defineProperty(target, contextIn.name, descriptor);
+    done = true;
+};
+var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
+    var useValue = arguments.length > 2;
+    for (var i = 0; i < initializers.length; i++) {
+        value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
+    }
+    return useValue ? value : void 0;
+};
+var __setFunctionName = (this && this.__setFunctionName) || function (f, name, prefix) {
+    if (typeof name === "symbol") name = name.description ? "[".concat(name.description, "]") : "";
+    return Object.defineProperty(f, "name", { configurable: true, value: prefix ? "".concat(prefix, " ", name) : name });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const common_1 = require("@nestjs/common");
+const aes_256_gcm_1 = require("./aes-256-gcm");
+let EncryptionService = (() => {
+    let _classDecorators = [(0, common_1.Injectable)()];
+    let _classDescriptor;
+    let _classExtraInitializers = [];
+    let _classThis;
+    var EncryptionService = _classThis = class {
+        constructor(_encryptionKey) {
+            this._encryptionKey = _encryptionKey;
+        }
+        get encryptionKey() {
+            if (!this._encryptionKey) {
+                throw new Error('Encryption key is required');
+            }
+            return this._encryptionKey;
+        }
+        encrypt(plaintext) {
+            return (0, aes_256_gcm_1.encryptAes256Gcm)(plaintext, this.encryptionKey);
+        }
+        decrypt(data) {
+            return (0, aes_256_gcm_1.decryptAes256Gcm)(data, this.encryptionKey);
+        }
+    };
+    __setFunctionName(_classThis, "EncryptionService");
+    (() => {
+        const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(null) : void 0;
+        __esDecorate(null, _classDescriptor = { value: _classThis }, _classDecorators, { kind: "class", name: _classThis.name, metadata: _metadata }, null, _classExtraInitializers);
+        EncryptionService = _classThis = _classDescriptor.value;
+        if (_metadata) Object.defineProperty(_classThis, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
+        __runInitializers(_classThis, _classExtraInitializers);
+    })();
+    return EncryptionService = _classThis;
+})();
+exports.default = EncryptionService;
+//# sourceMappingURL=encryption.service.js.map

package/build/cjs/encryption.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.service.js","sourceRoot":"","sources":["../../src/encryption.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA4C;AAG5C,+CAAmE;IAG7D,iBAAiB;4BADtB,IAAA,mBAAU,GAAE;;;;;QAEX,YAA6B,cAA8B;YAA9B,mBAAc,GAAd,cAAc,CAAgB;QAAG,CAAC;QAE/D,IAAY,aAAa;YACvB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAChD,CAAC;YAED,OAAO,IAAI,CAAC,cAAc,CAAC;QAC7B,CAAC;QAEM,OAAO,CAAC,SAAiB;YAC9B,OAAO,IAAA,8BAAgB,EAAC,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QACzD,CAAC;QAEM,OAAO,CAAC,IAAsB;YACnC,OAAO,IAAA,8BAAgB,EAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QACpD,CAAC;;;;;QAjBH,6KAkBC;;;QAlBK,uDAAiB;;;;AAoBvB,kBAAe,iBAAiB,CAAC"}

package/build/cjs/main.d.ts

@@ -0,0 +1,7 @@
+export type { GCMEncryptedData } from './aes-256-gcm';
+export { decryptAes256Gcm, encryptAes256Gcm } from './aes-256-gcm';
+export { EncryptionModuleOptionsProvide } from './encryption.const';
+export type { EncryptionModuleAsyncOptions, EncryptionModuleOptions } from './encryption.interface';
+export { EncryptionModule } from './encryption.module';
+export { default as EncryptionService } from './encryption.service';
+//# sourceMappingURL=main.d.ts.map

package/build/cjs/main.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"main.d.ts","sourceRoot":"","sources":["../../src/main.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACnE,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AACpE,YAAY,EAAE,4BAA4B,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACpG,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,sBAAsB,CAAC"}

package/build/cjs/main.js

@@ -0,0 +1,16 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptionService = exports.EncryptionModule = exports.EncryptionModuleOptionsProvide = exports.encryptAes256Gcm = exports.decryptAes256Gcm = void 0;
+var aes_256_gcm_1 = require("./aes-256-gcm");
+Object.defineProperty(exports, "decryptAes256Gcm", { enumerable: true, get: function () { return aes_256_gcm_1.decryptAes256Gcm; } });
+Object.defineProperty(exports, "encryptAes256Gcm", { enumerable: true, get: function () { return aes_256_gcm_1.encryptAes256Gcm; } });
+var encryption_const_1 = require("./encryption.const");
+Object.defineProperty(exports, "EncryptionModuleOptionsProvide", { enumerable: true, get: function () { return encryption_const_1.EncryptionModuleOptionsProvide; } });
+var encryption_module_1 = require("./encryption.module");
+Object.defineProperty(exports, "EncryptionModule", { enumerable: true, get: function () { return encryption_module_1.EncryptionModule; } });
+var encryption_service_1 = require("./encryption.service");
+Object.defineProperty(exports, "EncryptionService", { enumerable: true, get: function () { return __importDefault(encryption_service_1).default; } });
+//# sourceMappingURL=main.js.map

package/build/cjs/main.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"main.js","sourceRoot":"","sources":["../../src/main.ts"],"names":[],"mappings":";;;;;;AACA,6CAAmE;AAA1D,+GAAA,gBAAgB,OAAA;AAAE,+GAAA,gBAAgB,OAAA;AAC3C,uDAAoE;AAA3D,kIAAA,8BAA8B,OAAA;AAEvC,yDAAuD;AAA9C,qHAAA,gBAAgB,OAAA;AACzB,2DAAoE;AAA3D,wIAAA,OAAO,OAAqB"}

package/build/cjs/package.json

@@ -0,0 +1 @@
+{ "type": "commonjs" }

package/build/esm/aes-256-gcm.d.ts

@@ -0,0 +1,49 @@
+/**
+ * This file implements AES 256 Galois/counter (GCM) encryption. The AES algorithm
+ * is a symmetric-key block cipher that is considered to be a highly secure algorithm
+ * (as of 30 Sep 2024).
+ *
+ * For this implementation, we will use AES-256 with 256-bit keys, which provides the
+ * strongest security of all AES variants.
+ *
+ * GCM mode is the usual recommended mode of operation for encryption. AES 256 features
+ * a variety of modes of operation, such as ECB, CBC, CTR, and GCM. To understand why
+ * GCM is a good choice, we will discuss the weaknesses of each method mentioned.
+ *
+ * 1. ECB is considered insecure as it does not sufficiently scramble patterns in the
+ *    original data, e.g, see the Tux image in
+ *    https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB)
+ *
+ * 2. CBC is stronger than ECB but operates on fixed-length blocks of plaintext, so
+ *    plaintext that does not conform to these requirements require *padding*. The use of
+ *    padding opens CBC to "padding oracle attacks" which allows attackers to decrypt the
+ *    ciphertext without knowing the symmetric key.
+ *
+ * 3. CTR does not suffer from padding oracle attacks as it does not require padding.
+ *    However, it and other methods are vulnerable to attacks on data integrity such as
+ *    "malleability attacks" which allows an attacker to manipulate the ciphertext to
+ *    inject malicious data without knowing the symmetric key.
+ *
+ * GCM uses CTR under the hood, but adds a "message authenticate code" (MAC) to each ciphertext
+ * created. A trusted sender computes a MAC on some text, using the symmetric key. A trusted
+ * receiver will verify the MAC using the symmetric key to ensure that no attacker intercepted
+ * the message and tampered with its underlying contents. This is similar to the concept of
+ * "digital signatures" that is also used in cryptography.
+ *
+ * The MAC guards against malleability attacks, as a symmetric key is required to compute the
+ * exact MAC corresponding to the protected ciphertext. Manipulating the ciphertext without
+ * making the corresponding change in the MAC causes a mismatch which is flagged as an integrity
+ * violation.
+ *
+ * NOTE: While GCM is one of the more secure modes of operation, it is by no means perfect
+ * and requires careful adherence to best practice, e.g, AES-256 should ideally be used
+ * with 96-bit cryptographically secure pseudorandom initialization vectors.
+ */
+export interface GCMEncryptedData {
+    value: string;
+    iv: string;
+    mac: string;
+}
+export declare function encryptAes256Gcm(plaintext: string, symmetricKey: string): GCMEncryptedData;
+export declare function decryptAes256Gcm(data: GCMEncryptedData, symmetricKey: string): string;
+//# sourceMappingURL=aes-256-gcm.d.ts.map

package/build/esm/aes-256-gcm.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-256-gcm.d.ts","sourceRoot":"","sources":["../../src/aes-256-gcm.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;CACb;AAYD,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,gBAAgB,CAa1F;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,UAU5E"}

package/build/esm/aes-256-gcm.js

@@ -0,0 +1,27 @@
+import crypto from 'node:crypto';
+const mode = 'aes-256-gcm';
+// 96-bit IV is recommended by section 5.2.1.1 in
+// https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
+const ivLengthBytes = 12;
+const dbEncoding = 'base64';
+const plaintextEncoding = 'utf8';
+export function encryptAes256Gcm(plaintext, symmetricKey) {
+    const key = Buffer.from(symmetricKey, dbEncoding);
+    const iv = crypto.randomBytes(ivLengthBytes);
+    const cipher = crypto.createCipheriv(mode, key, iv);
+    const ciphertext = cipher.update(plaintext, plaintextEncoding, dbEncoding) + cipher.final(dbEncoding);
+    return {
+        value: ciphertext,
+        iv: iv.toString(dbEncoding),
+        mac: cipher.getAuthTag().toString(dbEncoding),
+    };
+}
+export function decryptAes256Gcm(data, symmetricKey) {
+    const key = Buffer.from(symmetricKey, dbEncoding);
+    const iv = Buffer.from(data.iv, dbEncoding);
+    const decipher = crypto.createDecipheriv(mode, key, iv);
+    const mac = Buffer.from(data.mac, dbEncoding);
+    decipher.setAuthTag(mac);
+    return decipher.update(data.value, dbEncoding, plaintextEncoding) + decipher.final(plaintextEncoding);
+}
+//# sourceMappingURL=aes-256-gcm.js.map

package/build/esm/aes-256-gcm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-256-gcm.js","sourceRoot":"","sources":["../../src/aes-256-gcm.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAkDjC,MAAM,IAAI,GAAG,aAAa,CAAC;AAE3B,iDAAiD;AACjD,gFAAgF;AAChF,MAAM,aAAa,GAAG,EAAE,CAAC;AAEzB,MAAM,UAAU,GAAG,QAAQ,CAAC;AAE5B,MAAM,iBAAiB,GAAG,MAAM,CAAC;AAEjC,MAAM,UAAU,gBAAgB,CAAC,SAAiB,EAAE,YAAoB;IACtE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAElD,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAEpD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,iBAAiB,EAAE,UAAU,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAEtG,OAAO;QACL,KAAK,EAAE,UAAU;QACjB,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC;QAC3B,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC;KAC9C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAsB,EAAE,YAAoB;IAC3E,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAElD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;IAC5C,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAExD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAC9C,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAEzB,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,iBAAiB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;AACxG,CAAC"}

package/build/esm/aes-256-gcm.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=aes-256-gcm.test.d.ts.map

package/build/esm/aes-256-gcm.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-256-gcm.test.d.ts","sourceRoot":"","sources":["../../src/aes-256-gcm.test.ts"],"names":[],"mappings":""}

package/build/esm/aes-256-gcm.test.js

@@ -0,0 +1,38 @@
+import crypto from 'crypto';
+import { describe, expect, test } from 'vitest';
+import { decryptAes256Gcm, encryptAes256Gcm } from './aes-256-gcm.js';
+describe('AES-256 GCM', async () => {
+    const createAES256Key = () => new Promise((resolve) => {
+        crypto.generateKey('aes', { length: 256 }, (err, key) => {
+            if (err)
+                throw err;
+            resolve(key.export().toString('base64'));
+        });
+    });
+    const testKey = await createAES256Key();
+    test('successfully encrypts then decrypts', async () => {
+        const plaintext = 'hello, world!';
+        const cipherdata = await encryptAes256Gcm(plaintext, testKey);
+        const deciphertext = await decryptAes256Gcm(cipherdata, testKey);
+        expect(deciphertext).to.eq(plaintext);
+    });
+    test('throws error if decrypted with wrong key', async () => {
+        const plaintext = 'hello, world!';
+        const wrongKey = await createAES256Key();
+        const cipherdata = await encryptAes256Gcm(plaintext, testKey);
+        const decipher = () => decryptAes256Gcm(cipherdata, wrongKey);
+        await expect(decipher).to.throw('Unsupported state or unable to authenticate data');
+    });
+    test('throws error if ciphertext is not validated by the mac', async () => {
+        const plaintext = 'hello, world!';
+        const trueCipherdata = await encryptAes256Gcm(plaintext, testKey);
+        const data = await encryptAes256Gcm('malicious payload', testKey);
+        const forgedCipherdata = {
+            ...trueCipherdata,
+            value: data.value,
+        };
+        const decipher = () => decryptAes256Gcm(forgedCipherdata, testKey);
+        await expect(decipher).to.throw('Unsupported state or unable to authenticate data');
+    });
+});
+//# sourceMappingURL=aes-256-gcm.test.js.map

package/build/esm/aes-256-gcm.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-256-gcm.test.js","sourceRoot":"","sources":["../../src/aes-256-gcm.test.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAEhD,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAEnE,QAAQ,CAAC,aAAa,EAAE,KAAK,IAAI,EAAE;IACjC,MAAM,eAAe,GAAG,GAAG,EAAE,CAC3B,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;QAC9B,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACtD,IAAI,GAAG;gBAAE,MAAM,GAAG,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IACL,MAAM,OAAO,GAAG,MAAM,eAAe,EAAE,CAAC;IAExC,IAAI,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,SAAS,GAAG,eAAe,CAAC;QAElC,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAEjE,MAAM,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,SAAS,GAAG,eAAe,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAM,eAAe,EAAE,CAAC;QAEzC,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAAG,GAAG,EAAE,CAAC,gBAAgB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAE9D,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,SAAS,GAAG,eAAe,CAAC;QAElC,MAAM,cAAc,GAAG,MAAM,gBAAgB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAClE,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC;QAClE,MAAM,gBAAgB,GAAG;YACvB,GAAG,cAAc;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC;QAEF,MAAM,QAAQ,GAAG,GAAG,EAAE,CAAC,gBAAgB,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QAEnE,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/build/esm/encryption.const.d.ts

@@ -0,0 +1,2 @@
+export declare const EncryptionModuleOptionsProvide = "ENCRYPTION_MODULE_OPTIONS";
+//# sourceMappingURL=encryption.const.d.ts.map

package/build/esm/encryption.const.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.const.d.ts","sourceRoot":"","sources":["../../src/encryption.const.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,8BAA8B,8BAA8B,CAAC"}

package/build/esm/encryption.const.js

@@ -0,0 +1,2 @@
+export const EncryptionModuleOptionsProvide = 'ENCRYPTION_MODULE_OPTIONS';
+//# sourceMappingURL=encryption.const.js.map

package/build/esm/encryption.const.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.const.js","sourceRoot":"","sources":["../../src/encryption.const.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,8BAA8B,GAAG,2BAA2B,CAAC"}

package/build/esm/encryption.interface.d.ts

@@ -0,0 +1,9 @@
+import type { ModuleMetadata } from '@nestjs/common';
+export interface EncryptionModuleAsyncOptions extends Pick<ModuleMetadata, 'imports'> {
+    useFactory: (...args: any[]) => Promise<EncryptionModuleOptions> | EncryptionModuleOptions;
+    inject?: any[];
+}
+export interface EncryptionModuleOptions {
+    encryptionKey?: string | null;
+}
+//# sourceMappingURL=encryption.interface.d.ts.map

package/build/esm/encryption.interface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.interface.d.ts","sourceRoot":"","sources":["../../src/encryption.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAErD,MAAM,WAAW,4BAA6B,SAAQ,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC;IACnF,UAAU,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,uBAAuB,CAAC,GAAG,uBAAuB,CAAC;IAC3F,MAAM,CAAC,EAAE,GAAG,EAAE,CAAC;CAChB;AAED,MAAM,WAAW,uBAAuB;IACtC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B"}

package/build/esm/encryption.interface.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=encryption.interface.js.map

package/build/esm/encryption.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.interface.js","sourceRoot":"","sources":["../../src/encryption.interface.ts"],"names":[],"mappings":""}

package/build/esm/encryption.module.d.ts

@@ -0,0 +1,7 @@
+import { DynamicModule } from '@nestjs/common';
+import { EncryptionModuleAsyncOptions, EncryptionModuleOptions } from './encryption.interface.js';
+export declare class EncryptionModule {
+    static register(options: EncryptionModuleOptions): DynamicModule;
+    static registerAsync(options: EncryptionModuleAsyncOptions): DynamicModule;
+}
+//# sourceMappingURL=encryption.module.d.ts.map

package/build/esm/encryption.module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.module.d.ts","sourceRoot":"","sources":["../../src/encryption.module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAU,MAAM,gBAAgB,CAAC;AAGvD,OAAO,EAAE,4BAA4B,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAG/F,qBACa,gBAAgB;IAC3B,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,uBAAuB,GAAG,aAAa;IAahE,MAAM,CAAC,aAAa,CAAC,OAAO,EAAE,4BAA4B,GAAG,aAAa;CAqB3E"}

package/build/esm/encryption.module.js

@@ -0,0 +1,93 @@
+var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
+    function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
+    var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
+    var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
+    var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
+    var _, done = false;
+    for (var i = decorators.length - 1; i >= 0; i--) {
+        var context = {};
+        for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
+        for (var p in contextIn.access) context.access[p] = contextIn.access[p];
+        context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
+        var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
+        if (kind === "accessor") {
+            if (result === void 0) continue;
+            if (result === null || typeof result !== "object") throw new TypeError("Object expected");
+            if (_ = accept(result.get)) descriptor.get = _;
+            if (_ = accept(result.set)) descriptor.set = _;
+            if (_ = accept(result.init)) initializers.unshift(_);
+        }
+        else if (_ = accept(result)) {
+            if (kind === "field") initializers.unshift(_);
+            else descriptor[key] = _;
+        }
+    }
+    if (target) Object.defineProperty(target, contextIn.name, descriptor);
+    done = true;
+};
+var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
+    var useValue = arguments.length > 2;
+    for (var i = 0; i < initializers.length; i++) {
+        value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
+    }
+    return useValue ? value : void 0;
+};
+var __setFunctionName = (this && this.__setFunctionName) || function (f, name, prefix) {
+    if (typeof name === "symbol") name = name.description ? "[".concat(name.description, "]") : "";
+    return Object.defineProperty(f, "name", { configurable: true, value: prefix ? "".concat(prefix, " ", name) : name });
+};
+import { Module } from '@nestjs/common';
+import { EncryptionModuleOptionsProvide } from './encryption.const.js';
+import EncryptionService from './encryption.service.js';
+let EncryptionModule = (() => {
+    let _classDecorators = [Module({})];
+    let _classDescriptor;
+    let _classExtraInitializers = [];
+    let _classThis;
+    var EncryptionModule = _classThis = class {
+        static register(options) {
+            return {
+                module: EncryptionModule,
+                providers: [
+                    {
+                        provide: EncryptionService,
+                        useValue: new EncryptionService(options.encryptionKey),
+                    },
+                ],
+                exports: [EncryptionService],
+            };
+        }
+        static registerAsync(options) {
+            return {
+                module: EncryptionModule,
+                imports: options.imports || [],
+                providers: [
+                    {
+                        provide: EncryptionModuleOptionsProvide,
+                        useFactory: options.useFactory,
+                        inject: options.inject || [],
+                    },
+                    {
+                        provide: EncryptionService,
+                        useFactory: (moduleOptions) => {
+                            return new EncryptionService(moduleOptions.encryptionKey);
+                        },
+                        inject: [EncryptionModuleOptionsProvide],
+                    },
+                ],
+                exports: [EncryptionService],
+            };
+        }
+    };
+    __setFunctionName(_classThis, "EncryptionModule");
+    (() => {
+        const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(null) : void 0;
+        __esDecorate(null, _classDescriptor = { value: _classThis }, _classDecorators, { kind: "class", name: _classThis.name, metadata: _metadata }, null, _classExtraInitializers);
+        EncryptionModule = _classThis = _classDescriptor.value;
+        if (_metadata) Object.defineProperty(_classThis, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
+        __runInitializers(_classThis, _classExtraInitializers);
+    })();
+    return EncryptionModule = _classThis;
+})();
+export { EncryptionModule };
+//# sourceMappingURL=encryption.module.js.map

package/build/esm/encryption.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.module.js","sourceRoot":"","sources":["../../src/encryption.module.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAiB,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAEvD,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AAEpE,OAAO,iBAAiB,MAAM,sBAAsB,CAAC;IAGxC,gBAAgB;4BAD5B,MAAM,CAAC,EAAE,CAAC;;;;;QAET,MAAM,CAAC,QAAQ,CAAC,OAAgC;YAC9C,OAAO;gBACL,MAAM,EAAE,gBAAgB;gBACxB,SAAS,EAAE;oBACT;wBACE,OAAO,EAAE,iBAAiB;wBAC1B,QAAQ,EAAE,IAAI,iBAAiB,CAAC,OAAO,CAAC,aAAa,CAAC;qBACvD;iBACF;gBACD,OAAO,EAAE,CAAC,iBAAiB,CAAC;aAC7B,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,aAAa,CAAC,OAAqC;YACxD,OAAO;gBACL,MAAM,EAAE,gBAAgB;gBACxB,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,EAAE;gBAC9B,SAAS,EAAE;oBACT;wBACE,OAAO,EAAE,8BAA8B;wBACvC,UAAU,EAAE,OAAO,CAAC,UAAU;wBAC9B,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;qBAC7B;oBACD;wBACE,OAAO,EAAE,iBAAiB;wBAC1B,UAAU,EAAE,CAAC,aAAsC,EAAE,EAAE;4BACrD,OAAO,IAAI,iBAAiB,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;wBAC5D,CAAC;wBACD,MAAM,EAAE,CAAC,8BAA8B,CAAC;qBACzC;iBACF;gBACD,OAAO,EAAE,CAAC,iBAAiB,CAAC;aAC7B,CAAC;QACJ,CAAC;;;;;QAlCH,6KAmCC;;;QAnCY,uDAAgB;;;;SAAhB,gBAAgB"}

package/build/esm/encryption.service.d.ts

@@ -0,0 +1,10 @@
+import type { GCMEncryptedData } from './aes-256-gcm.js';
+declare class EncryptionService {
+    private readonly _encryptionKey?;
+    constructor(_encryptionKey?: (string | null) | undefined);
+    private get encryptionKey();
+    encrypt(plaintext: string): GCMEncryptedData;
+    decrypt(data: GCMEncryptedData): string;
+}
+export default EncryptionService;
+//# sourceMappingURL=encryption.service.d.ts.map

package/build/esm/encryption.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.service.d.ts","sourceRoot":"","sources":["../../src/encryption.service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAGtD,cACM,iBAAiB;IACT,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;gBAAf,cAAc,CAAC,GAAE,MAAM,GAAG,IAAI,aAAA;IAE3D,OAAO,KAAK,aAAa,GAMxB;IAEM,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,gBAAgB;IAI5C,OAAO,CAAC,IAAI,EAAE,gBAAgB,GAAG,MAAM;CAG/C;AAED,eAAe,iBAAiB,CAAC"}

package/build/esm/encryption.service.js

@@ -0,0 +1,74 @@
+var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
+    function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
+    var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
+    var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
+    var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
+    var _, done = false;
+    for (var i = decorators.length - 1; i >= 0; i--) {
+        var context = {};
+        for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
+        for (var p in contextIn.access) context.access[p] = contextIn.access[p];
+        context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
+        var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
+        if (kind === "accessor") {
+            if (result === void 0) continue;
+            if (result === null || typeof result !== "object") throw new TypeError("Object expected");
+            if (_ = accept(result.get)) descriptor.get = _;
+            if (_ = accept(result.set)) descriptor.set = _;
+            if (_ = accept(result.init)) initializers.unshift(_);
+        }
+        else if (_ = accept(result)) {
+            if (kind === "field") initializers.unshift(_);
+            else descriptor[key] = _;
+        }
+    }
+    if (target) Object.defineProperty(target, contextIn.name, descriptor);
+    done = true;
+};
+var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
+    var useValue = arguments.length > 2;
+    for (var i = 0; i < initializers.length; i++) {
+        value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
+    }
+    return useValue ? value : void 0;
+};
+var __setFunctionName = (this && this.__setFunctionName) || function (f, name, prefix) {
+    if (typeof name === "symbol") name = name.description ? "[".concat(name.description, "]") : "";
+    return Object.defineProperty(f, "name", { configurable: true, value: prefix ? "".concat(prefix, " ", name) : name });
+};
+import { Injectable } from '@nestjs/common';
+import { decryptAes256Gcm, encryptAes256Gcm } from './aes-256-gcm.js';
+let EncryptionService = (() => {
+    let _classDecorators = [Injectable()];
+    let _classDescriptor;
+    let _classExtraInitializers = [];
+    let _classThis;
+    var EncryptionService = _classThis = class {
+        constructor(_encryptionKey) {
+            this._encryptionKey = _encryptionKey;
+        }
+        get encryptionKey() {
+            if (!this._encryptionKey) {
+                throw new Error('Encryption key is required');
+            }
+            return this._encryptionKey;
+        }
+        encrypt(plaintext) {
+            return encryptAes256Gcm(plaintext, this.encryptionKey);
+        }
+        decrypt(data) {
+            return decryptAes256Gcm(data, this.encryptionKey);
+        }
+    };
+    __setFunctionName(_classThis, "EncryptionService");
+    (() => {
+        const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(null) : void 0;
+        __esDecorate(null, _classDescriptor = { value: _classThis }, _classDecorators, { kind: "class", name: _classThis.name, metadata: _metadata }, null, _classExtraInitializers);
+        EncryptionService = _classThis = _classDescriptor.value;
+        if (_metadata) Object.defineProperty(_classThis, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
+        __runInitializers(_classThis, _classExtraInitializers);
+    })();
+    return EncryptionService = _classThis;
+})();
+export default EncryptionService;
+//# sourceMappingURL=encryption.service.js.map

package/build/esm/encryption.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.service.js","sourceRoot":"","sources":["../../src/encryption.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAG5C,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;IAG7D,iBAAiB;4BADtB,UAAU,EAAE;;;;;QAEX,YAA6B,cAA8B;YAA9B,mBAAc,GAAd,cAAc,CAAgB;QAAG,CAAC;QAE/D,IAAY,aAAa;YACvB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAChD,CAAC;YAED,OAAO,IAAI,CAAC,cAAc,CAAC;QAC7B,CAAC;QAEM,OAAO,CAAC,SAAiB;YAC9B,OAAO,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QACzD,CAAC;QAEM,OAAO,CAAC,IAAsB;YACnC,OAAO,gBAAgB,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QACpD,CAAC;;;;;QAjBH,6KAkBC;;;QAlBK,uDAAiB;;;;AAoBvB,eAAe,iBAAiB,CAAC"}

package/build/esm/main.d.ts

@@ -0,0 +1,7 @@
+export type { GCMEncryptedData } from './aes-256-gcm.js';
+export { decryptAes256Gcm, encryptAes256Gcm } from './aes-256-gcm.js';
+export { EncryptionModuleOptionsProvide } from './encryption.const.js';
+export type { EncryptionModuleAsyncOptions, EncryptionModuleOptions } from './encryption.interface.js';
+export { EncryptionModule } from './encryption.module.js';
+export { default as EncryptionService } from './encryption.service.js';
+//# sourceMappingURL=main.d.ts.map

package/build/esm/main.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"main.d.ts","sourceRoot":"","sources":["../../src/main.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACnE,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AACpE,YAAY,EAAE,4BAA4B,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACpG,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,sBAAsB,CAAC"}

package/build/esm/main.js

@@ -0,0 +1,5 @@
+export { decryptAes256Gcm, encryptAes256Gcm } from './aes-256-gcm.js';
+export { EncryptionModuleOptionsProvide } from './encryption.const.js';
+export { EncryptionModule } from './encryption.module.js';
+export { default as EncryptionService } from './encryption.service.js';
+//# sourceMappingURL=main.js.map

package/build/esm/main.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"main.js","sourceRoot":"","sources":["../../src/main.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACnE,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AAEpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,sBAAsB,CAAC"}

package/build/esm/package.json

@@ -0,0 +1 @@
+{ "type": "module" }

package/package.json

@@ -0,0 +1,34 @@
+{
+  "name": "@voiceflow/encryption",
+  "version": "0.2.0",
+  "description": "Voiceflow encryption library",
+  "license": "ISC",
+  "main": "build/cjs/main.js",
+  "module": "build/esm/main.js",
+  "types": "build/cjs/main.d.ts",
+  "files": [
+    "build"
+  ],
+  "scripts": {
+    "build": "yarn g:turbo run build:cmd --filter=@voiceflow/encryption...",
+    "build:cjs": "yarn g:build:pkg cjs",
+    "build:cmd": "yarn g:run-p build:cjs build:esm",
+    "build:esm": "yarn g:build:pkg esm",
+    "clean": "yarn g:rimraf build",
+    "lint": "yarn g:run-p -c lint:eslint lint:prettier",
+    "lint:eslint": "yarn g:eslint",
+    "lint:fix": "yarn g:run-p -c \"lint:eslint --fix\" \"lint:prettier --write\"",
+    "lint:prettier": "yarn g:prettier --check",
+    "test": "yarn g:run-p -c test:dependencies test:types test:unit",
+    "test:dependencies": "yarn g:depcruise",
+    "test:types": "yarn g:tsc --noEmit",
+    "test:unit": "yarn g:vitest run --coverage"
+  },
+  "volta": {
+    "extends": "../../package.json"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "gitHead": "c71920a42998c80a09029b70724a39fb84f8df74"
+}