crypterjs 0.0.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Fiaz Hussain
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/index.js

@@ -0,0 +1,97 @@
+const crypto = require('crypto');
+
+const algorithm = 'aes-256-gcm';
+const ivLength = 16;
+const tagLength = 16;
+const defaultEncoding = 'hex';
+const defaultSaltLength = 64;
+const defaultPbkdf2Iterations = 100000;
+
+/**
+ * @typedef {Object} CrypterOptions
+ * @property {BufferEncoding} [encoding='hex'] - Encoding format for the output string (default: 'hex').
+ * @property {number} [pbkdf2Iterations=100000] - Number of PBKDF2 iterations for key derivation (default: 100000).
+ * @property {number} [saltLength=64] - Length of the random salt in bytes (default: 64).
+ */
+class Crypterjs {
+  /**
+   * Creates an instance of CryptrService.
+   * @param {string} secret - The secret key used for encryption/decryption.
+   * @param {CrypterOptions} [options={}] - Optional parameters for encryption configuration.
+   */
+  constructor(secret, options = {}) {
+    if (!secret) {
+      throw new Error('Secret key must be provided');
+    }
+    this.secret = secret;
+    this.encoding = options.encoding || defaultEncoding;
+    this.saltLength = options.saltLength || defaultSaltLength;
+    this.pbkdf2Iterations = options.pbkdf2Iterations || defaultPbkdf2Iterations;
+
+    this.tagPosition = this.saltLength + ivLength;
+    this.encryptedPosition = this.tagPosition + tagLength;
+  }
+
+  /**
+   * Derives the encryption key using PBKDF2.
+   * @param {Buffer} salt - The salt value for key derivation.
+   * @returns {Buffer} The derived encryption key.
+   */
+  getKey(salt) {
+    return crypto.pbkdf2Sync(this.secret, salt, this.pbkdf2Iterations, 32, 'sha512');
+  }
+
+  /**
+   * Encrypts the given value.
+   * @param {string|number|null|undefined} value - The value to encrypt.
+   * @returns {string} The encrypted value as a string.
+   * @throws Will throw an error if the value is null or undefined.
+   */
+  encrypt(value) {
+    if (value == null) {
+      throw new Error('value must not be null or undefined');
+    }
+
+    const iv = crypto.randomBytes(ivLength);
+    const salt = crypto.randomBytes(this.saltLength);
+    const key = this.getKey(salt);
+
+    const cipher = crypto.createCipheriv(algorithm, key, iv);
+    const encrypted = Buffer.concat([cipher.update(String(value), 'utf8'), cipher.final()]);
+
+    const tag = cipher.getAuthTag();
+
+    return Buffer.concat([salt, iv, tag, encrypted]).toString(this.encoding);
+  }
+
+   /**
+   * Decrypts the given encrypted value.
+   * @param {string|null|undefined} value - The encrypted value to decrypt.
+   * @returns {string} The decrypted string.
+   * @throws Will throw an error if the value is null or undefined.
+   */
+  decrypt(value) {
+    if (value == null) {
+      throw new Error('value must not be null or undefined');
+    }
+
+    const stringValue = Buffer.from(String(value), this.encoding);
+
+    const salt = stringValue.subarray(0, this.saltLength);
+    const iv = stringValue.subarray(this.saltLength, this.tagPosition);
+    const tag = stringValue.subarray(this.tagPosition, this.encryptedPosition);
+    const encrypted = stringValue.subarray(this.encryptedPosition);
+
+    const key = this.getKey(salt);
+
+    const decipher = crypto.createDecipheriv(algorithm, key, iv);
+    decipher.setAuthTag(tag);
+
+    const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+
+    return decrypted.toString('utf8');
+  }
+}
+
+module.exports = Crypterjs;
+module.exports.default = Crypterjs;

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "crypterjs",
+  "version": "0.0.1",
+  "main": "index.js",
+  "private": false,
+  "keywords": [
+    "crypterjs",
+    "crypter",
+    "encrypt",
+    "decrypt",
+    "encryption",
+    "decryption",
+    "crypto",
+    "cipher",
+    "aes-256",
+    "aes256",
+    "aes-256-ctr",
+    "aes-256-gcm",
+    "hashr",
+    "cryptography",
+    "aes",
+    "jwt",
+    "pbkdf2",
+    "secure",
+    "crypto",
+    "node",
+    "npm",
+    "library",
+    "open-source",
+    "symmetric-encryption",
+    "data-security",
+    "token-encryption"
+  ],
+  "author": "Fiaz Hussain <hussainfiazmlk@gmail.com>",
+  "description": "A simple and secure library for encrypting and decrypting data using AES-256-GCM with PBKDF2 key derivation. Ideal for securing JWT tokens and sensitive information.",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/hussainfiazmlk/crypterjs.git"
+  },
+  "bugs": {
+    "url": "https://github.com/hussainfiazmlk/crypterjs/issues"
+  },
+  "homepage": "https://github.com/hussainfiazmlk/crypterjs"
+}

package/readme.md

@@ -0,0 +1,109 @@
+# Crypterjs
+
+**Crypterjs** is a simple encryption and decryption service built on top of Node.js' `crypto` module. It provides an easy-to-use interface for securely encrypting and decrypting data with AES-256-GCM and PBKDF2 key derivation.
+
+> **⚠️ Important:** This library is **not intended for password hashing**. Use dedicated hashing algorithms (like bcrypt, argon2, etc.) for password hashing, as they are designed for one-way flows. Crypterjs is for two-way encryption and decryption of data such as tokens, strings, or numbers.
+
+## Features
+
+- AES-256-GCM encryption.
+- PBKDF2 key derivation with configurable iterations.
+- Randomized IV (Initialization Vector) and salt for each encryption.
+- Customizable options for encoding, salt length, and iteration count.
+
+## Installation
+
+Install Crypterjs via npm:
+
+```bash
+npm install crypterjs
+```
+## Usage
+You can import Crypterjs in both CommonJS and ESM environments.
+
+#### CommonJS:
+```javascript
+const Crypterjs = require('crypterjs');
+```
+
+#### ES Modules:
+```javascript
+import Crypterjs from 'crypterjs';
+```
+### Use Cases
+
+### 1. Encrypting and Decrypting Strings
+Here’s an example of how to use Crypterjs for encryption and decryption.
+```javascript
+const Crypterjs = require('crypterjs'); // Or use import in ESM
+const crypter = new Crypterjs('your-secret-key'); // Create a new instance of Crypterjs
+const encryptedValue = crypter.encrypt('Hello, world!'); // Encrypt a value
+console.log('Encrypted:', encryptedValue);
+const decryptedValue = crypter.decrypt(encryptedValue); // Decrypt the value
+console.log('Decrypted:', decryptedValue);
+```
+
+#### 2. Encrypting and Decrypting Numbers
+You can also encrypt and decrypt numbers like user IDs, order numbers, or any other numerical data you want to secure:
+```javascript
+const Crypterjs = require('crypterjs'); // Or use import in ESM
+const crypter = new Crypterjs('your-secret-key'); // Create a new instance of Crypterjs
+const encryptedValue = crypter.encrypt(12345); // Encrypt a value
+console.log('Encrypted:', encryptedValue);
+const decryptedValue = crypter.decrypt(encryptedValue); // Decrypt the value
+console.log('Decrypted:', decryptedValue);
+```
+
+#### 3. Encrypting and Decrypting JWT
+When dealing with JWT tokens, you often need to encrypt them before sending or storing them for an extra layer of security. You can use Crypterjs to encrypt and decrypt JWT tokens using a secret key (which may or may not be the same key you use for signing the JWT):
+**Important Note:** Once the JWT token is encrypted using Crypterjs, the resulting encrypted token cannot be decoded or inspected using the [jwt.io](https://jwt.io) website. Therefore, the original payload will not be visible or verifiable without decrypting the token first.
+
+```javascript
+const jwt = require('jsonwebtoken');
+const Crypterjs = require('crypterjs');
+const secretKey = 'your-jwt-secret-key';
+const crypter = new Crypterjs('your-jwt-secret-key'); // Secret key used for both JWT signing and Crypterjs
+const token = jwt.sign({ userId: 123 }, secretKey, { expiresIn: '1h' }); // Sign the JWT token
+const encryptedToken = crypter.encrypt(token); // Encrypt the JWT token before storing or sending
+console.log('Encrypted JWT:', encryptedToken);
+
+const decryptedToken = crypter.decrypt(encryptedToken); // Decrypt the JWT token before verifying
+console.log('Decrypted JWT:', decryptedToken);
+
+const verified = jwt.verify(decryptedToken, secretKey); // Verify the decrypted JWT
+console.log('Verified JWT Payload:', verified);
+```
+
+## Options
+You can customize Crypterjs behavior by passing an options object when initializing:
+
+```javascript
+const options = {
+  encoding: 'base64',         // Default: 'hex'
+  saltLength: 32,             // Default: 64
+  pbkdf2Iterations: 50000     // Default: 100000
+};
+const crypter = new Crypterjs('your-secret-key', options);
+```
+
+## API
+## Constructor
+#### `constructor(secret: string, options?: CrypterOptions)`
+- **secret**: The secret key used for encryption and decryption (required). You should treat this secret similarly to how you handle JWT secret keys or other sensitive keys in your application.
+- **options** (optional): An object to customize encryption:
+  - **encoding** (string): The encoding used for the output string. Default is 'hex'.
+  - **pbkdf2Iterations** (number): Number of iterations for the PBKDF2 key derivation function. Default is 100000.
+  - **saltLength** (number): Length of the random salt in bytes. Default is 64.
+
+## Methods
+#### `encrypt(value: string | number | null | undefined): string`
+Encrypts the provided value.
+- **value**: The value to encrypt (string or number).
+- **Returns**: The encrypted string.
+- **Throws**: An error if value is null or undefined.
+
+#### `decrypt(value: string | null | undefined): string`
+Decrypts the provided encrypted string.
+- **value**: The encrypted string to decrypt.
+- **Returns**: The decrypted value as a string.
+- **Throws**: An error if value is null or undefined.