ephem 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +24 -2
  2. package/package.json +2 -2
package/README.md CHANGED
@@ -42,12 +42,32 @@ Ephem is also suitable for **Server-to-Server** communication for high-security
42
42
 
43
43
  ---
44
44
 
45
+ ## Cryptography
46
+
47
+ Ephem relies on standard, proven algorithms:
48
+
49
+ - **Asymmetric**: RSA-OAEP (2048-bit, SHA-256)
50
+ - **Symmetric**: AES-256-GCM
51
+ - **Randomness**: `crypto.getRandomValues` (Browser) / `node:crypto` (Server)
52
+ - **Integrity**: Authenticated encryption (AEAD) via AES-GCM (CID is used as Additional Authenticated Data)
53
+
54
+ ---
55
+
45
56
  ## Installation
46
57
 
47
58
  ```bash
48
59
  npm install ephem
49
60
  ```
50
61
 
62
+ ## Browser Support
63
+
64
+ Ephem Client relies on the **Web Crypto API**.
65
+
66
+ - **Works in**: All modern browsers (Chrome, Firefox, Safari, Edge).
67
+ - **Requirements**: Secure Context (HTTPS or `localhost`).
68
+ - **Legacy**: Does **not** work in IE11.
69
+
70
+
51
71
  ---
52
72
 
53
73
  ## Quick Start
@@ -147,7 +167,7 @@ For projects without a bundler, you can use the pre-built unpkg/CDN version. Thi
147
167
 
148
168
  ```html
149
169
  <!-- Load Ephem client from CDN -->
150
- <script src="https://unpkg.com/ephem/dist/client/index.global.js"></script>
170
+ <script src="https://unpkg.com/ephem/dist/index.global.js"></script>
151
171
 
152
172
  <script>
153
173
  "use strict";
@@ -278,12 +298,14 @@ await fetch('/checkout', { body: JSON.stringify({ sealedCC, sealedCVV, sealedSSN
278
298
  * **Man-in-the-Middle (MITM)**: If a corporate proxy or malicious actor intercepts the request (even with a trusted root CA), they cannot read the payload because they lack the ephemeral private key, which never leaves your app server's memory.
279
299
  * **Replay Attacks**: Because capsules have `maxOpens` (default: 1), a captured valid request cannot be replayed to trigger a second action (e.g., duplicate payment).
280
300
  * **Accidental Logging**: If you accidentally log the raw request body, you are only logging ciphertext.
301
+ * **Accidental Data Persistence**: If sensitive data is accidentally written to disk (swap files, core dumps, or persistent logs), it remains encrypted.
281
302
 
282
303
  ### What Ephem Does NOT Protect Against
283
304
 
284
305
  * **XSS (Cross-Site Scripting)**: If an attacker can run JS on your page, they can hook the `seal()` function or read the input before it is sealed.
285
306
  * **Compromised Server**: If the attacker controls your server, they can access the memory where private keys are stored (temporarily).
286
307
  * **Compromised Client Device**: Keyloggers or malware on the user's machine.
308
+ * **Weak Application Authentication**: Ephem encrypts the payload, but it does not authenticate the user. You still need strong session management (cookies, JWTs) to ensure *who* submitted the capsule.
287
309
 
288
310
  ---
289
311
 
@@ -478,4 +500,4 @@ const ephem = new Ephem({
478
500
  Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
479
501
 
480
502
  ## License
481
- [ISC](/LICENSE)
503
+ [ISC](https://github.com/newben420/ephem/blob/main/LICENSE)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "ephem",
3
- "version": "1.0.0",
3
+ "version": "1.0.2",
4
4
  "description": "Robust, Ephemeral End-to-End Encryption for the Application Layer. Secure data-in-transit with disposable capsules.",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",
@@ -57,4 +57,4 @@
57
57
  "README.md",
58
58
  "LICENSE"
59
59
  ]
60
- }
60
+ }