npm - express-jcrypt - Versions diffs - 1.0.1 - Mend

express-jcrypt 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md ADDED Viewed

File without changes

package/index.js ADDED Viewed

@@ -0,0 +1,18 @@
+const keyPair = require('../keyPair');
+const cipher = require('../cipher');
+const authTag = require('../authtag');
+const generateIV = require('../iv');
+const { encode, decode } = require('../base64url');
+module.exports = {
+    keyPair,
+    cipher,
+    authTag,
+    generateIV,
+    encode,
+    decode,
+    undecipher,
+    encryptCEK,
+    decryptCEK,
+}

package/package.json ADDED Viewed

@@ -0,0 +1,36 @@
+{
+  "name": "express-jcrypt",
+  "version": "1.0.1",
+  "description": "jwe",
+  "keywords": [],
+  "homepage": "https://github.com/pdotexe/Jcrypt#readme",
+  "bugs": {
+    "url": "https://github.com/pdotexe/Jcrypt/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/pdotexe/Jcrypt.git"
+  },
+  "license": "MIT",
+  "author": "prestigiouss",
+  "type": "module",
+  "main": "index.js",
+  "scripts": {
+    "start": "node index.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "dependencies": {
+    "acorn": "^8.16.0",
+    "acorn-walk": "^8.3.5",
+    "arg": "^4.1.3",
+    "create-require": "^1.1.1",
+    "diff": "^4.0.4",
+    "make-error": "^1.3.6",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.3",
+    "undici-types": "^6.21.0",
+    "v8-compile-cache-lib": "^3.0.1",
+    "yn": "^3.1.1"
+  },
+  "devDependencies": {}
+}

package/src/authtag.js ADDED Viewed

@@ -0,0 +1,15 @@
+const crypto = require('crypto');
+/**
+ *
+ * @param {*} cipher
+ * @returns - Authentication tag of whichever cipher used to ensure integrity of data.
+ */
+const authTag = (cipher) => {
+    if (!cipher || typeof cipher.getAuthTag !== 'function') throw new Error(" Invalid cipher object");
+    return cipher.getAuthTag();
+}
+module.exports = authTag;

package/src/base64url.js ADDED Viewed

@@ -0,0 +1,28 @@
+// concise function call for base64url encoding and decoding
+/**
+* @description - Converts buffer to URL safe string
+* @param {Buffer | string} buffer - The input buffer to be encoded.
+* @returns {string | null} - Encoded buffer string if buffer exists.
+*/
+const encode = (buffer) => {
+    if (!buffer) return null;
+    return Buffer.from(buffer).toString('base64url');
+};
+/**
+* @param {Buffer | string} encoded - Input string to decode
+* @returns {Buffer | null} - Decoded buffer if input exists.
+*/
+const decode = (encoded) => {
+    if (!encoded) return null;
+    return Buffer.from(encoded, 'base64url');
+};
+module.exports = { encode, decode };

package/src/cipher.js ADDED Viewed

@@ -0,0 +1,46 @@
+import generateIV from './iv.js';
+const crypto = require('crypto');
+const authTag = require('./authtag.js');
+/**
+ * @description - literal encryption function that takes plaintext and public key, generates random IV, CEK, and encrypts using AES-256-GCM.
+ * @param {string} plaintext - The data to be encrypted
+ */
+const generateCEK = () => crypto.randomBytes(32);
+const encryptCEK = (contentEncKey, publicKey) => {
+    const cekEncrypt = crypto.publicEncrypt(publicKey, contentEncKey);
+    return cekEncrypt;
+};
+const decryptCEK = (encryptedCEK, privateKey, secretPassphrase) => {
+    const cekDecrypt = crypto.privateDecrypt(privateKey, encryptedCEK);
+    return cekDecrypt;
+}
+const cipher = (plaintext) => {
+  const cek = generateCEK();
+  const iv = generateIV(); // initialization vector
+  const enc = crypto.createCipheriv('aes-256-gcm', cek, iv); // actual encryption
+  const ciphertext = Buffer.concat([enc.update(plaintext, 'utf8'), enc.final()]); // convert to utf8 and concatenate
+  const tag = authTag(enc);
+  return { ciphertext, iv, tag, cek };
+}
+const decipher = (ciphertext, iv, tag, cek) => {
+    const undecipher = crypto.createDecipheriv('aes-256-gcm', cek, iv);
+    const deciphertag = authTag(undecipher);
+    if (deciphertag.equals(tag)) {
+        const decrypted = Buffer.concat([undecipher.update(ciphertext), undecipher.final()]);
+        return decrypted.toString('utf8');
+    }
+    else {
+        throw new Error('Invalid authentication tag');
+    }
+}
+module.exports = { cipher, encryptCEK, decryptCEK, decipher };

package/src/iv.js ADDED Viewed

@@ -0,0 +1,25 @@
+import crypto from 'crypto';
+/**
+* @description - Generates random initialization vector for AES-256-GCM to add unique encryption values each time.
+* @property {number} iv - IV value
+* @returns {Buffer} - Randomly generated IV buffer
+*/
+const generateIV = () => {
+const length = 12; // AES256GCM nonce size
+const iv = crypto.randomBytes(length);
+return iv;
+}
+module.exports = generateIV;

package/src/key.js ADDED Viewed

@@ -0,0 +1,78 @@
+import { generateKeyPair } from 'crypto';
+import { writeFileSync } from 'fs';
+ /**
+*  @typedef {Object} KeyPairOptions
+ * @property {number} modulusLength - RSA key length in bits
+ * @property {'spki'} publicKeyType - Public key encoding type
+ * @property {'pkcs8'} privateKeyType - Private key encoding type
+ * @property {string} [passphrase] - Optional passphrase for private key
+ * @property {Function} generateKeys - Instant key generation upon object instantiation
+    */
+ class keyPair {
+    /**
+     * @param {KeyPairOptions} options
+     */
+    constructor(options) {
+        if(!options || typeof options !== 'object') throw new Error();
+        this.modulusLength = Number(options.modulusLength || 2048);
+        if(this.modulusLength < 2048) throw new Error("Modulus length must be at least 2048 bits");
+        this.publicKeyType = 'spki';
+        this.privateKeyType = String(options.privateKeyType || 'pkcs8');
+        this.passphrase = options.passphrase ? String(options.passphrase) : undefined;
+    }
+    /**
+    * @description - Generates RSA key pair using crypto module's generateKeyPair function
+    * @throws Error if key generation fails
+    * @returns {Promise<{publicKey, privateKey}>} - Resolves generated key pair
+    */
+    generateKeys()  {
+        return new Promise((resolve, reject) =>  {
+        const privateKeyEncoding = {
+            type: this.privateKeyType,
+            format: 'pem',
+            }
+        if (this.passphrase){
+            privateKeyEncoding.cipher = 'aes-256-cbc';
+            privateKeyEncoding.passphrase = this.passphrase;
+        }
+        const publicKeyEncoding = {
+            type: this.publicKeyType,
+            format: 'pem',
+        }
+        generateKeyPair(
+        'rsa',
+        {
+        modulusLength: this.modulusLength,
+        publicKeyEncoding: publicKeyEncoding,
+        publicExponent: 0x10001,
+        privateKeyEncoding: privateKeyEncoding,
+    }, (err, publicKey, privateKey) => {
+    if (err) return reject(err);
+    /*
+    @description: Logs keys to console for readability and verification
+    */
+    resolve({publicKey, privateKey});
+    });
+});
+    }
+}
+module.exports = keyPair;

package/src/protectedHeader.js ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * @description - metadata containing algorithm and encryption method for JWE header.
+ * @returns {Buffer} - Buffer with JSON stringified protected JWE header.
+ */
+const protectedHeader = (alg = "RSA-OAEP-256", enc = "AES-256-GCM", type = "JWE", kid) => {
+    const header = {alg, enc};
+    if (type) header.typ = type;
+    if (kid) header.kid = kid;
+    stringifyHeader = JSON.stringify(header);
+    return Buffer.from(stringifyHeader);
+}
+module.exports = protectedHeader;