blind-encryption-sodium 2.1.0 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -9
- package/index.d.ts +1 -1
- package/index.js +11 -23
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -10,7 +10,7 @@ const b4a = require('b4a')
|
|
|
10
10
|
|
|
11
11
|
const key = b4a.alloc(32) // 32-byte key
|
|
12
12
|
|
|
13
|
-
const encryption = new BlindEncryptionSodium(
|
|
13
|
+
const encryption = new BlindEncryptionSodium(key)
|
|
14
14
|
|
|
15
15
|
const encrypted = await encryption.encrypt(plaintext)
|
|
16
16
|
// { value: <Buffer>, type: 1 }
|
|
@@ -20,12 +20,11 @@ const { value, rotated } = await encryption.decrypt(encrypted)
|
|
|
20
20
|
// if rotated, it was decrypted with a newer type, and you should encrypt and store
|
|
21
21
|
```
|
|
22
22
|
|
|
23
|
-
Multiple values can be passed in. This enables you to "rotate"
|
|
23
|
+
Multiple values can be passed in. This enables you to "rotate" entropies.
|
|
24
24
|
|
|
25
|
-
- Value encrypted with an
|
|
26
|
-
- Cannot be downgraded
|
|
25
|
+
- Value encrypted with an entropy will be decoded with the old entropy automatically
|
|
27
26
|
- Old types are no longer needed after upgrade
|
|
28
|
-
- Returns if rotated when decrypting. Note: if it was decrypted with a newer
|
|
27
|
+
- Returns if rotated when decrypting. Note: if it was decrypted with a newer entropy, you should encrypt and store to ensure it uses your latest entropy
|
|
29
28
|
|
|
30
29
|
### Usage with Autobase:
|
|
31
30
|
|
|
@@ -34,10 +33,7 @@ const base = new Autobase(store, {
|
|
|
34
33
|
apply,
|
|
35
34
|
open,
|
|
36
35
|
encryptionKey,
|
|
37
|
-
blindEncryption: new BlindEncryptionSodium(
|
|
38
|
-
{ key: oldKey, type: 0 },
|
|
39
|
-
{ key: newKey, type: 1 }
|
|
40
|
-
])
|
|
36
|
+
blindEncryption: new BlindEncryptionSodium(newKey, oldKey)
|
|
41
37
|
})
|
|
42
38
|
```
|
|
43
39
|
|
package/index.d.ts
CHANGED
|
@@ -5,7 +5,7 @@ declare module 'blind-encryption-sodium' {
|
|
|
5
5
|
}
|
|
6
6
|
|
|
7
7
|
declare class BlindEncryptionSodium {
|
|
8
|
-
constructor(entropy
|
|
8
|
+
constructor(entropy: Buffer, oldEntropy?: Buffer)
|
|
9
9
|
encrypt(key: Buffer): Promise<EncryptedData>
|
|
10
10
|
decrypt(data: EncryptedData): Promise<Buffer>
|
|
11
11
|
}
|
package/index.js
CHANGED
|
@@ -2,40 +2,28 @@ const b4a = require('b4a')
|
|
|
2
2
|
const sodium = require('sodium-universal')
|
|
3
3
|
|
|
4
4
|
class BlindEncryptionSodium {
|
|
5
|
-
constructor(
|
|
6
|
-
this._entropies = entropies.sort((a, b) => b.type - a.type)
|
|
7
|
-
|
|
5
|
+
constructor(entropy, oldEntropy) {
|
|
8
6
|
this.encrypt = async (value) => {
|
|
9
|
-
|
|
10
|
-
const entropy = this._entropies[0]
|
|
11
|
-
const buffer = this._encrypt(value, entropy.key)
|
|
7
|
+
const buffer = this._encrypt(value, entropy)
|
|
12
8
|
|
|
13
|
-
return { value: buffer, type:
|
|
9
|
+
return { value: buffer, type: 0 }
|
|
14
10
|
}
|
|
15
11
|
|
|
16
|
-
this.decrypt = async ({ value
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
// no backward compat
|
|
20
|
-
if (type > entropy.type) throw new Error('Encrypted using new type: ' + type)
|
|
21
|
-
|
|
22
|
-
let rotated = false
|
|
12
|
+
this.decrypt = async ({ value }) => {
|
|
13
|
+
const { output, ok } = this._decrypt(value, oldEntropy || entropy)
|
|
23
14
|
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
entropy = this._entropies.find((e) => e.type === type)
|
|
27
|
-
if (!entropy) throw new Error('Missing type: ' + type)
|
|
28
|
-
rotated = true
|
|
15
|
+
if (!ok) {
|
|
16
|
+
throw new Error(`failed to rotate`)
|
|
29
17
|
}
|
|
30
18
|
|
|
31
|
-
return { value:
|
|
19
|
+
return { value: output, rotated: !!oldEntropy }
|
|
32
20
|
}
|
|
33
21
|
}
|
|
34
22
|
|
|
35
23
|
_encrypt(value, entropy) {
|
|
36
24
|
if (!value || !value.byteLength) throw new TypeError('value must be a Uint8Array')
|
|
37
25
|
if (!entropy || entropy.byteLength !== sodium.crypto_secretbox_KEYBYTES) {
|
|
38
|
-
throw new Error('invalid
|
|
26
|
+
throw new Error('invalid entropy length')
|
|
39
27
|
}
|
|
40
28
|
if (value.byteLength < 32) {
|
|
41
29
|
throw new Error('value too short')
|
|
@@ -58,8 +46,8 @@ class BlindEncryptionSodium {
|
|
|
58
46
|
const box = value.subarray(nonce.byteLength)
|
|
59
47
|
const output = b4a.alloc(box.byteLength - sodium.crypto_secretbox_MACBYTES)
|
|
60
48
|
|
|
61
|
-
sodium.crypto_secretbox_open_easy(output, box, nonce, entropy)
|
|
62
|
-
return output
|
|
49
|
+
const ok = sodium.crypto_secretbox_open_easy(output, box, nonce, entropy)
|
|
50
|
+
return { output, ok }
|
|
63
51
|
}
|
|
64
52
|
}
|
|
65
53
|
|