spd-lib 1.0.0

package/index.js

@@ -0,0 +1,126 @@
+const fs = require('fs');
+const zlib = require('zlib');
+const sodium = require('libsodium-wrappers');
+const crypto = require('crypto');
+
+class SPD {
+    constructor(userKey) {
+        this.data = [];
+        this.keyPair = sodium.crypto_box_keypair(); // Generate a key pair for encryption/decryption
+        this.userKey = userKey; // Symmetric key provided by the user
+    }
+
+    async addData(name, data) {
+        if (!name || typeof name !== 'string' || !name.trim() || !data || typeof data !== 'string' || !data.trim()) {
+            throw new Error('Invalid name or data. Both must be non-empty strings.');
+        }
+
+        await sodium.ready;
+        const dat = Buffer.from(data);
+        const compressedData = zlib.deflateSync(dat);
+        const nonce = sodium.randombytes_buf(sodium.crypto_box_NONCEBYTES);
+        const encryptedData = sodium.crypto_secretbox_easy(compressedData, nonce, this.userKey);
+        const hash = crypto.createHash('sha256').update(encryptedData).digest('hex');
+        this.data.push({ dataName: name, nonce: Array.from(nonce), data: Array.from(encryptedData), hash });
+    }
+
+    saveToFile(outputPath, salt) {
+        if (!outputPath || typeof outputPath !== 'string' || !outputPath.trim() || !salt || !(salt instanceof Uint8Array) || salt.length !== 16) {
+            throw new Error('Invalid output path or salt.');
+        }
+
+        const keyPair = {
+            publicKey: Array.from(this.keyPair.publicKey),
+            privateKey: Array.from(this.keyPair.privateKey)
+        };
+        const spdData = JSON.stringify({ keyPair, data: this.data, salt: Array.from(salt) });
+        const compressedSpdData = zlib.deflateSync(spdData);
+        fs.writeFileSync(outputPath, compressedSpdData, { mode: 0o600 });
+    }
+
+
+    static async loadFromFile(spdPath, passcode) {
+        if (!spdPath || typeof spdPath !== 'string' || !spdPath.trim() || !passcode || typeof passcode !== 'string' || !passcode.trim()) {
+            throw new Error('Invalid SPD path or passcode.');
+        }
+
+        await sodium.ready;
+        const compressedSpdData = fs.readFileSync(spdPath);
+        const spdData = zlib.inflateSync(compressedSpdData).toString('utf8');
+        const { keyPair, data, salt } = JSON.parse(spdData);
+
+        const { pqcKey } = await new SPD().convertPasscodeToPQCKeySalted(passcode, new Uint8Array(salt));
+        const pbk = pqcKey.publicKey;
+        const spd = new SPD(pbk);
+        spd.keyPair = {
+            publicKey: Buffer.from(keyPair.publicKey),
+            privateKey: Buffer.from(keyPair.privateKey)
+        };
+        spd.data = data.map(dat => ({
+            dataName: dat.dataName,
+            nonce: Buffer.from(dat.nonce),
+            data: Buffer.from(dat.data),
+            hash: dat.hash
+        }));
+        spd.data.forEach(dat => {
+            const calculatedHash = crypto.createHash('sha256').update(Buffer.from(dat.data)).digest('hex');
+            if (calculatedHash !== dat.hash) {
+                throw new Error(`Data integrity check failed for ${dat.dataName}`);
+            }
+        });
+        return spd;
+    }
+
+    async extractFiles() {
+        await sodium.ready;
+        let extractedFiles = {};
+        this.data.forEach(dat => {
+            const decryptedData = sodium.crypto_secretbox_open_easy(dat.data, dat.nonce, this.userKey);
+            const decompressedData = zlib.inflateSync(decryptedData);
+            extractedFiles[dat.dataName] = decompressedData.toString('utf8');
+        });
+        return extractedFiles;
+    }
+
+
+
+    static async derivePBK(passcode, salt) {
+        if (!passcode || typeof passcode !== 'string' || !passcode.trim() || !salt || !(salt instanceof Uint8Array) || salt.length !== 16) {
+            throw new Error('Invalid passcode or salt.');
+        }
+        
+        return new Promise((resolve, reject) => {
+            crypto.pbkdf2(passcode, salt, 100000, 32, 'sha256', (err, derivedKey) => {
+                if (err) {
+                    reject(err);
+                } else {
+                    resolve({ pbk: derivedKey, salt: salt });
+                }
+            });
+        });
+    }
+
+    async convertPasscodeToPQCKeySalted(passcode, salt) {
+        if (!passcode || typeof passcode !== 'string' || !passcode.trim() || passcode.length < 8 || !salt || !(salt instanceof Uint8Array) || salt.length !== 16) {
+            throw new Error('Invalid passcode or salt.');
+        }
+
+        const { pbk } = await SPD.derivePBK(passcode, salt);
+        await sodium.ready;
+        const keyPair = sodium.crypto_kx_seed_keypair(pbk.slice(0, sodium.crypto_kx_SEEDBYTES));
+        return { pqcKey: { publicKey: keyPair.publicKey, privateKey: keyPair.privateKey }, salt };
+    }
+
+    async convertPasscodeToPQCKey(passcode) {
+        if (!passcode || typeof passcode !== 'string' || !passcode.trim() || passcode.length < 8) {
+            throw new Error('Invalid passcode.');
+        }
+
+        const { pbk, salt } = await SPD.derivePBK(passcode, crypto.getRandomValues(new Uint8Array(16)));
+        await sodium.ready;
+        const keyPair = sodium.crypto_kx_seed_keypair(pbk.slice(0, sodium.crypto_kx_SEEDBYTES));
+        return { pqcKey: { publicKey: keyPair.publicKey, privateKey: keyPair.privateKey }, salt };
+    }
+}
+
+export default SPD;

package/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "spd-lib",
+  "version": "1.0.0",
+  "description": "SPD or Secure Packaged Data is a compress PQC protected file format to sotre sensitive data localy",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [
+    "security",
+    "encryption",
+    "data-storage",
+    "persistent",
+    "crypto",
+    "compression",
+    "file",
+    "nodejs",
+    "libsodium",
+    "zlib"
+  ],
+  "type": "module",
+  "author": "ALS-OPSS",
+  "license": "ISC",
+  "dependencies": {
+    "crypto": "^1.0.1",
+    "fs": "^0.0.1-security",
+    "libsodium-wrappers": "^0.7.13"
+  },
+  "devDependencies": {}
+}

package/readme.md

@@ -0,0 +1,46 @@
+```markdown
+# Secure Packaged Data (SPD)
+
+Secure Packaged Data (SPD) is a Node.js package for securely storing and retrieving sensitive data persistently. It utilizes encryption, hashing, and compression techniques to ensure the confidentiality, integrity, and efficiency of data storage.
+
+## Installation
+
+You can install SPD via npm:
+
+```bash
+npm install spd-packager
+```
+
+## Usage
+
+```javascript
+const SPD = require('spd-packager');
+
+// Example usage
+(async () => {
+    await sodium.ready;
+
+    const passcode = 'your-secure-passcode';
+    const { pqcKey, salt } = await new SPD().convertPasscodeToPQCKey(passcode);
+    const userKey = pqcKey.publicKey; // For this example, use the public key as the symmetric key
+    const spd = new SPD(userKey); // Create a new SPD object
+    await spd.addData('settings', '{"theme":"dark"}'); // Add a file to the SPD object
+    await spd.addData('tabs', '[{"title":"Home","url":"https://example.com"},{"title":"About","url":"https://example.com/about"}]'); // Add another file to the SPD object
+    spd.saveToFile('output.spd', salt); // Save SPD file to disk with the salt
+    const loadedSpd = await SPD.loadFromFile('output.spd', passcode); // Load SPD file with the passcode
+    const extractedFiles = await loadedSpd.extractFiles(); // Extract files to memory
+    console.log(extractedFiles); // Print extracted files to console
+})();
+```
+
+## Features
+
+- **Encryption**: Data is encrypted using a symmetric key derived from a user-provided passcode.
+- **Compression**: Data is compressed before encryption to reduce storage size.
+- **Data Integrity**: Hashing techniques ensure the integrity of stored data.
+- **Asynchronous Operations**: Utilizes asynchronous programming for file I/O and cryptographic operations.
+
+## License
+
+This project is licensed under the [MIT License](https://opensource.org/licenses/MIT).
+```