nestjs-cryptography 2.2.3 → 3.1.0

package/README.md

@@ -1,9 +1,14 @@
 [![codecov](https://codecov.io/github/mjorgegulab/nestjs-cryptography/branch/main/graph/badge.svg?token=I0ZFVZTREB)](https://codecov.io/github/mjorgegulab/nestjs-cryptography)
 [![Codacy Badge](https://app.codacy.com/project/badge/Grade/d4c33e2a77d64f89ba7f6ba54c6d8cb5)](https://app.codacy.com/gh/mjorgegulab/nestjs-cryptography/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade)
 [![CodeQL](https://github.com/mjorgegulab/nestjs-cryptography/actions/workflows/github-code-scanning/codeql/badge.svg?branch=main)](https://github.com/mjorgegulab/nestjs-cryptography/actions/workflows/github-code-scanning/codeql)
+[![Publish Wiki](https://github.com/mjorgegulab/nestjs-cryptography/actions/workflows/deploy-wiki-prod.yaml/badge.svg?branch=main)](https://nestjs-cryptography.thewolfx41.dev)
 
 # NestJS - Cryptography
-## Secure NestJS cryptography module 🔐
+
+<p align="center">
+  <a href="http://nestjs.com/" target="blank"><img src="https://nestjs.com/img/logo-small.svg" width="120" alt="Nest Logo" /></a>
+</p>
+
 
 ## Quick Start
 

package/SECURITY.md

@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 3.x     | :white_check_mark: |
+| 2.x     | :x:                |
+
+## Reporting a Vulnerability
+
+Please report security issues to security@thewolfx41.dev

package/dist/constants.d.ts

@@ -1 +1,16 @@
+import { Argon2Type } from './interfaces';
 export declare const CRYPTOGRAPHY_OPTIONS = "CRYPTOGRAPHY_OPTIONS";
+export declare const DEFAULT_KDF_CRYPTOGRAPHY_OPTIONS: {
+    outputKeyLength: number;
+    argon2Type: Argon2Type;
+    memoryCost: number;
+    timeCost: number;
+};
+export declare const DEFAULT_HASHING_CRYPTOGRAPHY_OPTIONS: {
+    password: {
+        outputKeyLength: number;
+        argon2Type: Argon2Type;
+        memoryCost: number;
+        timeCost: number;
+    };
+};

package/dist/constants.js

@@ -1,4 +1,19 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CRYPTOGRAPHY_OPTIONS = void 0;
+exports.DEFAULT_HASHING_CRYPTOGRAPHY_OPTIONS = exports.DEFAULT_KDF_CRYPTOGRAPHY_OPTIONS = exports.CRYPTOGRAPHY_OPTIONS = void 0;
+const interfaces_1 = require("./interfaces");
 exports.CRYPTOGRAPHY_OPTIONS = 'CRYPTOGRAPHY_OPTIONS';
+exports.DEFAULT_KDF_CRYPTOGRAPHY_OPTIONS = {
+    outputKeyLength: 32,
+    argon2Type: interfaces_1.Argon2Type.argon2i,
+    memoryCost: 65536,
+    timeCost: 3,
+};
+exports.DEFAULT_HASHING_CRYPTOGRAPHY_OPTIONS = {
+    password: {
+        outputKeyLength: 64,
+        argon2Type: interfaces_1.Argon2Type.argon2id,
+        memoryCost: 131072,
+        timeCost: 4,
+    },
+};

package/dist/cryptography.service.d.ts

@@ -1,36 +1,35 @@
-/// <reference types="node" />
-/// <reference types="node" />
 import * as crypto from 'node:crypto';
-import { CryptographyOptionsInterface } from './interfaces';
+import { CryptographyOptionsInterface, GenericOptionsInterface } from './interfaces';
 export declare class CryptographyService {
-    private options;
-    constructor(options: CryptographyOptionsInterface);
-    private convertDataToBuffer;
+    private moduleOptions;
+    constructor(moduleOptions: CryptographyOptionsInterface);
+    private convertInputData;
+    private checkModuleOptions;
     private extractIV;
     private extractAuthTagFromCypheredData;
     private extractCipheredData;
     private extractSalt;
+    private extractSaltFromHmac;
     private extractCipheredDEK;
     private extractCipheredDataWithDEK;
-    private createSaferRandomData;
-    private generateKeyDEK;
+    private createHmacSecureKey;
+    createSafeRandomData(length: number): Buffer;
     genUUID(secure?: boolean): string;
-    genRandomPassword(length: number, encoding: 'base64' | 'hex'): string;
+    genRandomPassword(length: number): string;
     generateSymmetricKey(length?: number): crypto.KeyObject;
-    deriveMasterKey(masterKey: string | Buffer, salt: Buffer, length: number): Promise<Buffer>;
-    createArgonHashFromPassword(data: string | Buffer): Promise<Buffer>;
-    verifyArgonHashFromPassword(hash: string, data: string | Buffer): Promise<boolean>;
-    createCustomHash(algorithm: string, data: string, outputLength?: number): Buffer;
-    verifyCustomHash(algorithm: string, data: string, oldHash: string | Buffer, outputLength?: number): boolean;
-    createSecureHash(data: string): Buffer;
-    verifySecureHash(data: string, oldHash: string | Buffer): boolean;
-    createCustomHmac(algorithm: string, key: Buffer, data: string): Buffer;
-    verifyCustomHmac(algorithm: string, key: Buffer, data: string, oldHmac: string | Buffer): boolean;
-    createSecureHmac(data: string): Buffer;
-    verifySecureHmac(data: string, oldHmac: Buffer | string): boolean;
-    createInsecureFastHash(data: string): Buffer;
-    private symmetricDataEncrypt;
-    private symmetricDataDecrypt;
-    symmetricSecureDataEncrypt(data: string | Buffer): Promise<Buffer>;
-    symmetricSecureDataDecrypt(data: string | Buffer): Promise<Buffer>;
+    deriveMasterKey(masterKey: string | Buffer, salt: Buffer, length?: number): Promise<Buffer>;
+    createArgon2HashFromPassword(data: string | Buffer): Promise<Buffer>;
+    verifyArgon2HashFromPassword(hash: string, data: string | Buffer): Promise<boolean>;
+    createCustomHash(algorithm: string, data: string | Buffer, options?: GenericOptionsInterface): Buffer;
+    verifyCustomHash(algorithm: string, data: string | Buffer, oldHash: string | Buffer, options?: GenericOptionsInterface): boolean;
+    createSecureHash(data: string | Buffer, options?: GenericOptionsInterface): Buffer;
+    verifySecureHash(data: string | Buffer, oldHash: string | Buffer, options?: GenericOptionsInterface): boolean;
+    createCustomHmac(algorithm: string, key: string | Buffer, data: string | Buffer, options?: GenericOptionsInterface): Buffer;
+    verifyCustomHmac(algorithm: string, key: string | Buffer, data: string | Buffer, oldHmac: string | Buffer, options?: GenericOptionsInterface): boolean;
+    createSecureHmac(data: string | Buffer, options?: GenericOptionsInterface): Buffer;
+    verifySecureHmac(data: string | Buffer, oldHmac: string | Buffer, options?: GenericOptionsInterface): boolean;
+    symmetricDataEncrypt(data: string | Buffer, key: string | Buffer, options?: GenericOptionsInterface): Promise<Buffer>;
+    symmetricDataDecrypt(data: string | Buffer, key: string | Buffer, options?: GenericOptionsInterface): Promise<Buffer>;
+    symmetricSecureDataEncrypt(data: string | Buffer, options?: GenericOptionsInterface): Promise<Buffer>;
+    symmetricSecureDataDecrypt(data: string | Buffer, options?: GenericOptionsInterface): Promise<Buffer>;
 }

package/dist/cryptography.service.js

@@ -40,12 +40,30 @@ const crypto = __importStar(require("node:crypto"));
 const argon2 = __importStar(require("argon2"));
 const common_1 = require("@nestjs/common");
 const cryptography_module_definition_1 = require("./cryptography.module-definition");
+const constants_1 = require("./constants");
 let CryptographyService = class CryptographyService {
-    constructor(options) {
-        this.options = options;
+    constructor(moduleOptions) {
+        this.moduleOptions = moduleOptions;
     }
-    convertDataToBuffer(data) {
-        return Buffer.isBuffer(data) ? data : Buffer.from(data, 'hex');
+    convertInputData(data, inputEncoding) {
+        if (Buffer.isBuffer(data)) {
+            return data;
+        }
+        else if (typeof data === 'string') {
+            return Buffer.from(data, inputEncoding ?? 'utf8');
+        }
+        else {
+            throw new Error('Unsupported input type');
+        }
+    }
+    checkModuleOptions(parent, options) {
+        for (const option in options) {
+            if (typeof option === 'object')
+                this.checkModuleOptions(parent, option);
+            if (options[option] === undefined || options[option] === null) {
+                throw new Error(`[CryptographyModule] [${parent}] Option ${option} is not defined on the configuration`);
+            }
+        }
     }
     extractIV(data) {
         return data.subarray(0, 12);
@@ -59,157 +77,209 @@ let CryptographyService = class CryptographyService {
     extractSalt(data) {
         return data.subarray(12, 76);
     }
+    extractSaltFromHmac(data) {
+        return data.subarray(0, 16);
+    }
     extractCipheredDEK(data) {
         return data.subarray(0, 124);
     }
     extractCipheredDataWithDEK(data) {
         return data.subarray(124, data.length);
     }
-    createSaferRandomData(length) {
-        return Buffer.from(crypto.hkdfSync('sha3-256', crypto.createSecretKey(crypto.randomBytes(64)), crypto.randomBytes(64), Buffer.alloc(0), length));
+    createHmacSecureKey(key, salt) {
+        return Buffer.from(crypto.hkdfSync('sha3-256', crypto.createSecretKey(key), salt, Buffer.alloc(0), 64));
     }
-    generateKeyDEK() {
-        return crypto.createSecretKey(this.createSaferRandomData(32));
+    createSafeRandomData(length) {
+        return Buffer.from(crypto.hkdfSync('sha3-256', crypto.createSecretKey(crypto.randomBytes(64)), crypto.randomBytes(64), Buffer.alloc(0), length));
     }
     genUUID(secure = false) {
         return crypto.randomUUID({
             disableEntropyCache: secure,
         });
     }
-    genRandomPassword(length, encoding) {
-        return crypto.randomBytes(length).toString(encoding).slice(0, length);
+    genRandomPassword(length) {
+        return crypto.randomBytes(length).toString('base64').slice(0, length);
     }
     generateSymmetricKey(length = 256) {
         return crypto.generateKeySync('hmac', { length });
     }
     async deriveMasterKey(masterKey, salt, length) {
+        if (!this.moduleOptions?.useDefaultValues) {
+            this.checkModuleOptions('KDF', {
+                ...(!length && {
+                    outputKeyLength: this.moduleOptions?.kdf?.outputKeyLength,
+                }),
+                argon2Type: this.moduleOptions?.kdf?.argon2Type,
+                memoryCost: this.moduleOptions?.kdf?.memoryCost,
+                timeCost: this.moduleOptions?.kdf?.timeCost,
+            });
+        }
+        else {
+            this.moduleOptions.kdf = {
+                ...this.moduleOptions?.kdf,
+            };
+            this.moduleOptions.kdf.outputKeyLength =
+                constants_1.DEFAULT_KDF_CRYPTOGRAPHY_OPTIONS.outputKeyLength;
+            this.moduleOptions.kdf.argon2Type =
+                constants_1.DEFAULT_KDF_CRYPTOGRAPHY_OPTIONS.argon2Type;
+            this.moduleOptions.kdf.memoryCost =
+                constants_1.DEFAULT_KDF_CRYPTOGRAPHY_OPTIONS.memoryCost;
+            this.moduleOptions.kdf.timeCost =
+                constants_1.DEFAULT_KDF_CRYPTOGRAPHY_OPTIONS.timeCost;
+        }
+        console.log(this.moduleOptions.kdf);
         return await argon2.hash(masterKey, {
-            hashLength: length ? length : this.options.kdf.defaultOutputKeyLength,
+            hashLength: length ?? this.moduleOptions.kdf.outputKeyLength,
             salt: salt,
-            type: this.options.kdf.argon2Type,
-            memoryCost: this.options.kdf.memoryCost,
-            timeCost: this.options.kdf.timeCost,
+            type: this.moduleOptions.kdf.argon2Type,
+            memoryCost: this.moduleOptions.kdf.memoryCost,
+            timeCost: this.moduleOptions.kdf.timeCost,
             raw: true,
         });
     }
-    async createArgonHashFromPassword(data) {
+    async createArgon2HashFromPassword(data) {
+        if (!this.moduleOptions?.useDefaultValues) {
+            this.checkModuleOptions('HASHING_PASSWORD', {
+                outputKeyLength: this.moduleOptions?.hashing?.password?.outputKeyLength,
+                argon2Type: this.moduleOptions?.hashing?.password?.argon2Type,
+                memoryCost: this.moduleOptions?.hashing?.password?.memoryCost,
+                timeCost: this.moduleOptions?.hashing?.password?.timeCost,
+            });
+        }
+        else {
+            this.moduleOptions.hashing = {
+                ...this.moduleOptions?.hashing,
+                password: {
+                    ...this.moduleOptions.hashing?.password,
+                },
+            };
+            this.moduleOptions.hashing.password.outputKeyLength =
+                constants_1.DEFAULT_HASHING_CRYPTOGRAPHY_OPTIONS.password.outputKeyLength;
+            this.moduleOptions.hashing.password.argon2Type =
+                constants_1.DEFAULT_HASHING_CRYPTOGRAPHY_OPTIONS.password.argon2Type;
+            this.moduleOptions.hashing.password.memoryCost =
+                constants_1.DEFAULT_HASHING_CRYPTOGRAPHY_OPTIONS.password.memoryCost;
+            this.moduleOptions.hashing.password.timeCost =
+                constants_1.DEFAULT_HASHING_CRYPTOGRAPHY_OPTIONS.password.timeCost;
+        }
         const tmpData = await argon2.hash(data, {
-            hashLength: this.options.hashing.password.outputKeyLength,
-            type: this.options.hashing.password.argon2Type,
-            memoryCost: this.options.hashing.password.memoryCost,
-            timeCost: this.options.hashing.password.timeCost,
+            hashLength: this.moduleOptions.hashing.password.outputKeyLength,
+            type: this.moduleOptions.hashing.password.argon2Type,
+            memoryCost: this.moduleOptions.hashing.password.memoryCost,
+            timeCost: this.moduleOptions.hashing.password.timeCost,
             raw: false,
         });
         return Buffer.isBuffer(tmpData) ? tmpData : Buffer.from(tmpData);
     }
-    async verifyArgonHashFromPassword(hash, data) {
+    async verifyArgon2HashFromPassword(hash, data) {
         return await argon2.verify(hash, data);
     }
-    createCustomHash(algorithm, data, outputLength = 0) {
+    createCustomHash(algorithm, data, options) {
+        const inputData = this.convertInputData(data, options?.inputDataEncoding);
         const hash = crypto.createHash(algorithm, {
-            ...(outputLength && { outputLength }),
+            ...(options?.outputLength && { outputLength: options?.outputLength }),
         });
-        hash.update(data);
+        hash.update(inputData);
         return hash.digest();
     }
-    verifyCustomHash(algorithm, data, oldHash, outputLength = 0) {
-        const hash = this.createCustomHash(algorithm, data, outputLength);
-        if (Buffer.isBuffer(oldHash)) {
-            return crypto.timingSafeEqual(hash, oldHash);
-        }
-        else {
-            return crypto.timingSafeEqual(Buffer.from(oldHash, 'hex'), hash);
-        }
+    verifyCustomHash(algorithm, data, oldHash, options) {
+        const inputOldHashData = this.convertInputData(oldHash, options?.inputDataEncoding);
+        const hash = this.createCustomHash(algorithm, data, options);
+        return crypto.timingSafeEqual(hash, inputOldHashData);
     }
-    createSecureHash(data) {
-        return this.createCustomHash('shake256', data, 48);
+    createSecureHash(data, options) {
+        return this.createCustomHash('shake256', data, {
+            ...options,
+            outputLength: 48,
+        });
     }
-    verifySecureHash(data, oldHash) {
-        const hash = this.createCustomHash('shake256', data, 48);
-        const buffOldHash = Buffer.isBuffer(oldHash)
-            ? oldHash
-            : Buffer.from(oldHash, 'hex');
-        return crypto.timingSafeEqual(hash, buffOldHash);
+    verifySecureHash(data, oldHash, options) {
+        return this.verifyCustomHash('shake256', data, oldHash, {
+            ...options,
+            outputLength: 48,
+        });
     }
-    createCustomHmac(algorithm, key, data) {
-        const hmac = crypto.createHmac(algorithm, crypto.createSecretKey(key));
-        hmac.update(data);
+    createCustomHmac(algorithm, key, data, options) {
+        const inputKey = this.convertInputData(key, options?.inputKeyEncoding);
+        const inputData = this.convertInputData(data, options?.inputDataEncoding);
+        const hmac = crypto.createHmac(algorithm, crypto.createSecretKey(inputKey));
+        hmac.update(inputData);
         key = null;
         return hmac.digest();
     }
-    verifyCustomHmac(algorithm, key, data, oldHmac) {
-        const hmac = this.createCustomHmac(algorithm, key, data);
-        if (Buffer.isBuffer(oldHmac)) {
-            return crypto.timingSafeEqual(hmac, oldHmac);
-        }
-        else {
-            return crypto.timingSafeEqual(Buffer.from(oldHmac, 'hex'), hmac);
-        }
+    verifyCustomHmac(algorithm, key, data, oldHmac, options) {
+        const inputOldHmacData = this.convertInputData(oldHmac, options?.inputDataEncoding);
+        const hmac = this.createCustomHmac(algorithm, key, data, options);
+        return crypto.timingSafeEqual(hmac, inputOldHmacData);
     }
-    createSecureHmac(data) {
-        const key = Buffer.from(this.options.hashing.hmac.masterKey, 'hex');
+    createSecureHmac(data, options) {
+        this.checkModuleOptions('HMAC', {
+            masterKey: this.moduleOptions?.hashing?.hmac?.masterKey,
+        });
+        const key = Buffer.from(this.moduleOptions.hashing.hmac.masterKey, 'hex');
         const salt = crypto.randomBytes(16);
-        const secureKey = Buffer.from(crypto.hkdfSync('sha3-256', crypto.createSecretKey(key), salt, Buffer.alloc(0), 64));
-        const hmac = this.createCustomHmac('sha3-256', secureKey, data);
-        return Buffer.concat([Buffer.from(salt), Buffer.from(hmac)], salt.length + hmac.length);
-    }
-    verifySecureHmac(data, oldHmac) {
-        const key = Buffer.from(this.options.hashing.hmac.masterKey, 'hex');
-        const buffOldHmac = Buffer.isBuffer(oldHmac)
-            ? oldHmac
-            : Buffer.from(oldHmac, 'hex');
-        const saltOldHmac = buffOldHmac.subarray(0, 16);
+        const secureKey = this.createHmacSecureKey(key, salt);
+        const hmac = this.createCustomHmac('sha3-256', secureKey, data, options);
+        return Buffer.concat([salt, hmac], salt.length + hmac.length);
+    }
+    verifySecureHmac(data, oldHmac, options) {
+        this.checkModuleOptions('HMAC', {
+            masterKey: this.moduleOptions?.hashing?.hmac?.masterKey,
+        });
+        const key = Buffer.from(this.moduleOptions.hashing.hmac.masterKey, 'hex');
+        const buffOldHmac = this.convertInputData(oldHmac, options?.inputDataEncoding);
+        const saltOldHmac = this.extractSaltFromHmac(buffOldHmac);
         const hashOldHmac = buffOldHmac.subarray(16, buffOldHmac.length);
-        const secureKey = Buffer.from(crypto.hkdfSync('sha3-256', crypto.createSecretKey(key), saltOldHmac, Buffer.alloc(0), 64));
-        const hmac = this.createCustomHmac('sha3-256', secureKey, data);
+        const secureKey = this.createHmacSecureKey(key, saltOldHmac);
+        const hmac = this.createCustomHmac('sha3-256', secureKey, data, options);
         return crypto.timingSafeEqual(hmac, hashOldHmac);
     }
-    createInsecureFastHash(data) {
-        return crypto.createHash('sha1').update(data).digest();
-    }
-    async symmetricDataEncrypt(data, key) {
-        const iv = this.createSaferRandomData(12);
-        const salt = this.createSaferRandomData(64);
-        const secureEncryptionKey = await this.deriveMasterKey(key, salt, 32);
+    async symmetricDataEncrypt(data, key, options) {
+        const inputData = this.convertInputData(data, options?.inputDataEncoding);
+        const inputKey = this.convertInputData(key, options?.inputKeyEncoding);
+        const iv = this.createSafeRandomData(12);
+        const salt = this.createSafeRandomData(64);
+        const secureEncryptionKey = await this.deriveMasterKey(inputKey, salt, 32);
         const cipher = crypto.createCipheriv('aes-256-gcm', crypto.createSecretKey(secureEncryptionKey), iv, {
             authTagLength: 16,
         });
-        let cipheredData = cipher.update(data);
-        cipheredData = Buffer.concat([
-            Buffer.from(cipheredData),
-            Buffer.from(cipher.final()),
-        ]);
+        let cipheredData = cipher.update(inputData);
+        cipheredData = Buffer.concat([cipheredData, cipher.final()]);
         return Buffer.concat([iv, salt, cipher.getAuthTag(), cipheredData]);
     }
-    async symmetricDataDecrypt(data, key) {
-        data = Buffer.isBuffer(data) ? data : Buffer.from(data, 'hex');
-        const iv = this.extractIV(data);
-        const salt = this.extractSalt(data);
-        const authTag = this.extractAuthTagFromCypheredData(data);
-        const cipheredData = this.extractCipheredData(data);
-        const decryptionKey = await this.deriveMasterKey(key, salt, 32);
+    async symmetricDataDecrypt(data, key, options) {
+        const inputData = this.convertInputData(data, options?.inputDataEncoding);
+        const inputKey = this.convertInputData(key, options?.inputKeyEncoding);
+        const iv = this.extractIV(inputData);
+        const salt = this.extractSalt(inputData);
+        const authTag = this.extractAuthTagFromCypheredData(inputData);
+        const cipheredData = this.extractCipheredData(inputData);
+        const decryptionKey = await this.deriveMasterKey(inputKey, salt, 32);
         const decipher = crypto.createDecipheriv('aes-256-gcm', crypto.createSecretKey(decryptionKey), iv, {
             authTagLength: 16,
         });
         decipher.setAuthTag(authTag);
         let decipheredData = decipher.update(cipheredData);
-        decipheredData = Buffer.concat([
-            Buffer.from(decipheredData),
-            Buffer.from(decipher.final()),
-        ]);
+        decipheredData = Buffer.concat([decipheredData, decipher.final()]);
         return decipheredData;
     }
-    async symmetricSecureDataEncrypt(data) {
-        const dek = this.createSaferRandomData(32);
-        const cipheredData = await this.symmetricDataEncrypt(data, dek);
-        const cipheredDek = await this.symmetricDataEncrypt(dek, this.options.encryption.symmetric.masterKey);
+    async symmetricSecureDataEncrypt(data, options) {
+        this.checkModuleOptions('SYMMETRIC_ENCRYPTION', {
+            masterKey: this.moduleOptions?.encryption?.symmetric?.masterKey,
+        });
+        const dek = this.createSafeRandomData(32);
+        const cipheredData = await this.symmetricDataEncrypt(data, dek, options);
+        const cipheredDek = await this.symmetricDataEncrypt(dek, this.moduleOptions.encryption.symmetric.masterKey);
         return Buffer.concat([cipheredDek, cipheredData]);
     }
-    async symmetricSecureDataDecrypt(data) {
-        data = Buffer.isBuffer(data) ? data : Buffer.from(data, 'hex');
-        const cipheredDek = this.extractCipheredDEK(data);
-        const cipheredData = this.extractCipheredDataWithDEK(data);
-        const decipheredDek = await this.symmetricDataDecrypt(cipheredDek, this.options.encryption.symmetric.masterKey);
+    async symmetricSecureDataDecrypt(data, options) {
+        this.checkModuleOptions('SYMMETRIC_ENCRYPTION', {
+            masterKey: this.moduleOptions?.encryption?.symmetric?.masterKey,
+        });
+        const inputData = this.convertInputData(data, options?.inputDataEncoding);
+        const cipheredDek = this.extractCipheredDEK(inputData);
+        const cipheredData = this.extractCipheredDataWithDEK(inputData);
+        const decipheredDek = await this.symmetricDataDecrypt(cipheredDek, this.moduleOptions.encryption.symmetric.masterKey);
         return await this.symmetricDataDecrypt(cipheredData, decipheredDek);
     }
 };

package/dist/interfaces/cryptography-options.interface.d.ts

@@ -3,27 +3,31 @@ export declare enum Argon2Type {
     argon2i = 1,
     argon2id = 2
 }
-export interface CryptographyOptionsInterface {
-    kdf: {
-        defaultOutputKeyLength: number;
+export interface CryptographyKdfOptions {
+    outputKeyLength: number;
+    argon2Type: Argon2Type;
+    memoryCost: number;
+    timeCost: number;
+}
+export interface CryptographyHashingOptions {
+    password: {
+        outputKeyLength: number;
         argon2Type: Argon2Type;
         memoryCost: number;
         timeCost: number;
     };
-    hashing: {
-        password: {
-            outputKeyLength: number;
-            argon2Type: Argon2Type;
-            memoryCost: number;
-            timeCost: number;
-        };
-        hmac: {
-            masterKey: string;
-        };
+    hmac: {
+        masterKey: string;
     };
-    encryption: {
-        symmetric: {
-            masterKey: string;
-        };
+}
+export interface CryptographyEncryptionOptions {
+    symmetric: {
+        masterKey: string;
     };
 }
+export interface CryptographyOptionsInterface {
+    useDefaultValues?: boolean;
+    kdf?: Partial<CryptographyKdfOptions>;
+    hashing?: Partial<CryptographyHashingOptions>;
+    encryption?: Partial<CryptographyEncryptionOptions>;
+}

package/dist/interfaces/generic-options.interface.d.ts

@@ -0,0 +1,5 @@
+export interface GenericOptionsInterface {
+    outputLength?: number;
+    inputDataEncoding?: BufferEncoding;
+    inputKeyEncoding?: BufferEncoding;
+}

package/dist/interfaces/generic-options.interface.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/interfaces/index.d.ts

@@ -1 +1,2 @@
 export * from './cryptography-options.interface';
+export * from './generic-options.interface';

package/dist/interfaces/index.js

@@ -15,3 +15,4 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./cryptography-options.interface"), exports);
+__exportStar(require("./generic-options.interface"), exports);

package/package.json

@@ -1,15 +1,12 @@
 {
   "name": "nestjs-cryptography",
-  "version": "2.2.3",
+  "version": "3.1.0",
   "author": {
     "name": "Marc Jorge Gonzalez",
     "url": "https://github.com/mjorgegulab"
   },
   "license": "MIT",
   "description": "Secure NestJS cryptography module 🔐",
-  "publishConfig": {
-    "registry": "https://npm.pkg.github.com/"
-  },
   "homepage": "https://nestjs-cryptography.thewolfx41.dev",
   "repository": {
     "type": "git",
@@ -24,59 +21,70 @@
     "lint": "eslint --fix",
     "publish:npm": "npm publish --access=public",
     "prepublish": "yarn run build",
-    "prepack": "yarn run build"
+    "prepack": "yarn run build",
+    "test": "jest",
+    "test:cov": "jest --coverage",
+    "all": "yarn format && yarn lint && yarn test && yarn prepack"
   },
   "dependencies": {
     "argon2": "^0.41.1"
   },
   "devDependencies": {
-    "@nestjs/common": "^10.4.1",
-    "@nestjs/core": "^10.4.1",
     "@nestjs/cli": "^10.4.5",
-    "reflect-metadata": "^0.2.2",
-    "rxjs": "^7.8.1",
-    "@nestjs/platform-express": "^10.4.1",
+    "@nestjs/common": "^10.4.4",
+    "@nestjs/core": "^10.4.4",
+    "@nestjs/platform-express": "^10.4.4",
     "@nestjs/schematics": "^10.1.4",
-    "@nestjs/testing": "^10.4.1",
+    "@nestjs/testing": "^10.4.4",
     "@types/express": "^4.17.21",
-    "@types/jest": "29.5.12",
-    "@types/node": "22.5.4",
+    "@types/jest": "29.5.13",
+    "@types/node": "22.7.5",
     "@types/supertest": "^6.0.2",
     "@typescript-eslint/eslint-plugin": "^7.12.0",
     "@typescript-eslint/parser": "^7.12.0",
     "eslint": "^8.57.0",
     "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-prettier": "^5.1.3",
+    "eslint-plugin-prettier": "^5.2.1",
     "jest": "29.7.0",
     "prettier": "^3.3.3",
+    "reflect-metadata": "^0.2.2",
+    "rimraf": "^6.0.1",
+    "rxjs": "^7.8.1",
     "source-map-support": "^0.5.21",
     "supertest": "^7.0.0",
     "ts-jest": "29.2.5",
     "ts-loader": "^9.5.1",
     "ts-node": "^10.9.2",
     "tsconfig-paths": "4.2.0",
-    "typescript": "^5.4.5",
-    "rimraf": "^5.0.7"
+    "typescript": "^5.6.3"
   },
   "peerDependencies": {
     "@nestjs/common": "^9.0.0 || ^10.0.0",
     "@nestjs/core": "^9.0.0 || ^10.0.0"
   },
   "jest": {
+    "testPathIgnorePatterns": [
+      "/node_modules/",
+      "/wiki/"
+    ],
+    "modulePathIgnorePatterns": [
+      "/wiki/"
+    ],
     "moduleFileExtensions": [
       "js",
       "json",
       "ts"
     ],
-    "rootDir": "src",
-    "testRegex": ".*\\.spec\\.ts$",
+    "rootDir": "./",
+    "testMatch": [
+      "**/test/**/?(*.)+(spec|test).[tj]s?(x)"
+    ],
     "transform": {
       "^.+\\.(t|j)s$": "ts-jest"
     },
     "collectCoverageFrom": [
-      "**/*.(t|j)s"
+      "**/*.service.ts"
     ],
-    "coverageDirectory": "../coverage",
     "testEnvironment": "node"
   }
 }