wilcocrypt 2.2.0 → 2.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/ISSUE_TEMPLATE/bug.md +58 -64
- package/CHANGELOG.md +38 -0
- package/DOCS.md +286 -94
- package/README.md +15 -14
- package/SECURITY.md +12 -12
- package/package.json +11 -8
- package/src/cli.js +40 -37
- package/src/wilcocrypt.js +260 -53
- package/types/wilcocrypt.d.ts +189 -18
package/types/wilcocrypt.d.ts
CHANGED
|
@@ -39,26 +39,45 @@ export interface InternalNamespace {
|
|
|
39
39
|
|
|
40
40
|
/**
|
|
41
41
|
* Validates AES-256-GCM key and IV.
|
|
42
|
+
*
|
|
43
|
+
* @param key AES-256 encryption key (32-byte Buffer)
|
|
44
|
+
* @param iv GCM initialization vector (12-byte Buffer)
|
|
45
|
+
*
|
|
46
|
+
* @throws WilcoCryptError
|
|
42
47
|
*/
|
|
43
48
|
assertKeyAndIv(key: Buffer, iv: Buffer): void;
|
|
44
49
|
|
|
45
50
|
/**
|
|
46
51
|
* Validates password strength.
|
|
52
|
+
*
|
|
53
|
+
* @param password Password to validate
|
|
54
|
+
*
|
|
55
|
+
* @throws WilcoCryptError
|
|
47
56
|
*/
|
|
48
57
|
assertPassword(password: string): void;
|
|
49
58
|
|
|
50
59
|
/**
|
|
51
60
|
* Constant-time buffer comparison.
|
|
61
|
+
* Reserved for future extensions.
|
|
62
|
+
*
|
|
63
|
+
* @param a First buffer
|
|
64
|
+
* @param b Second buffer
|
|
65
|
+
* @returns True if both buffers are identical
|
|
52
66
|
*/
|
|
53
67
|
constantTimeEqual(a: Buffer, b: Buffer): boolean;
|
|
54
68
|
|
|
55
69
|
/**
|
|
56
70
|
* Encrypts raw data using AES-256-GCM.
|
|
71
|
+
*
|
|
72
|
+
* @param plainData Raw data to encrypt
|
|
73
|
+
* @param key AES-256 encryption key
|
|
74
|
+
* @param iv GCM initialization vector
|
|
75
|
+
* @returns Ciphertext and authentication tag
|
|
57
76
|
*/
|
|
58
77
|
encryptData(
|
|
59
78
|
plainData: Buffer,
|
|
60
79
|
key: Buffer,
|
|
61
|
-
iv: Buffer
|
|
80
|
+
iv: Buffer,
|
|
62
81
|
): {
|
|
63
82
|
ciphertext: Buffer;
|
|
64
83
|
authTag: Buffer;
|
|
@@ -66,12 +85,20 @@ export interface InternalNamespace {
|
|
|
66
85
|
|
|
67
86
|
/**
|
|
68
87
|
* Decrypts AES-256-GCM encrypted data.
|
|
88
|
+
*
|
|
89
|
+
* @param cipherBuffer Encrypted ciphertext
|
|
90
|
+
* @param authTagBuffer AES-GCM authentication tag
|
|
91
|
+
* @param key AES-256 encryption key
|
|
92
|
+
* @param iv GCM initialization vector
|
|
93
|
+
* @returns Decrypted raw data
|
|
94
|
+
*
|
|
95
|
+
* @throws WilcoCryptError
|
|
69
96
|
*/
|
|
70
97
|
decryptData(
|
|
71
98
|
cipherBuffer: Buffer,
|
|
72
99
|
authTagBuffer: Buffer,
|
|
73
100
|
key: Buffer,
|
|
74
|
-
iv: Buffer
|
|
101
|
+
iv: Buffer,
|
|
75
102
|
): Buffer;
|
|
76
103
|
}
|
|
77
104
|
|
|
@@ -91,15 +118,108 @@ export interface WilcoCrypt {
|
|
|
91
118
|
* @param password Password used for key derivation
|
|
92
119
|
* @param gzip Whether to compress data before encryption (default: true)
|
|
93
120
|
* @returns Binary-encoded encrypted payload
|
|
121
|
+
*
|
|
122
|
+
* @throws WilcoCryptError If password is invalid
|
|
94
123
|
*/
|
|
95
|
-
encryptData(
|
|
124
|
+
encryptData(plaindata: Buffer, password: string, gzip?: boolean): Buffer;
|
|
125
|
+
|
|
126
|
+
/**
|
|
127
|
+
* Decrypts encrypted data using password-based AES-256-GCM.
|
|
128
|
+
*
|
|
129
|
+
* Validates internal header and version, then extracts:
|
|
130
|
+
* salt, iv, authTag and ciphertext from the binary payload.
|
|
131
|
+
*
|
|
132
|
+
* @param encryptedData Binary-encoded encrypted payload
|
|
133
|
+
* @param password Password used for decryption
|
|
134
|
+
* @param gzip Whether to decompress after decryption (default: true)
|
|
135
|
+
* @returns Decrypted raw data
|
|
136
|
+
*
|
|
137
|
+
* @throws WilcoCryptError on:
|
|
138
|
+
* - invalid header
|
|
139
|
+
* - version mismatch
|
|
140
|
+
* - wrong password
|
|
141
|
+
* - corrupted data
|
|
142
|
+
*/
|
|
143
|
+
decryptData(encryptedData: Buffer, password: string, gzip?: boolean): Buffer;
|
|
144
|
+
|
|
145
|
+
/**
|
|
146
|
+
* Encrypts a file and writes the result to `<filePath>.enc`.
|
|
147
|
+
*
|
|
148
|
+
* @param filePath Path to the file to encrypt
|
|
149
|
+
* @param password Password used for encryption
|
|
150
|
+
* @param gzip Whether to compress before encryption (default: true)
|
|
151
|
+
*
|
|
152
|
+
* @throws WilcoCryptError If password is invalid
|
|
153
|
+
*/
|
|
154
|
+
encryptFile(filePath: string, password: string, gzip?: boolean): void;
|
|
155
|
+
|
|
156
|
+
/**
|
|
157
|
+
* Decrypts an encrypted `.enc` file.
|
|
158
|
+
*
|
|
159
|
+
* If `outputPath` is provided, the decrypted data is written to that file
|
|
160
|
+
* and `undefined` is returned. Otherwise the decrypted Buffer is returned.
|
|
161
|
+
*
|
|
162
|
+
* @param filePath Path to the `.enc` file
|
|
163
|
+
* @param password Password used for decryption
|
|
164
|
+
* @param outputPath Optional path to write decrypted output to.
|
|
165
|
+
* If omitted, the function returns the decrypted Buffer instead.
|
|
166
|
+
* @param gzip Whether to decompress after decryption (default: true)
|
|
167
|
+
* @returns Undefined when outputPath is provided
|
|
168
|
+
*
|
|
169
|
+
* @throws WilcoCryptError on:
|
|
170
|
+
* - invalid file extension
|
|
171
|
+
* - invalid header
|
|
172
|
+
* - version mismatch
|
|
173
|
+
* - wrong password
|
|
174
|
+
* - corrupted data
|
|
175
|
+
*/
|
|
176
|
+
decryptFile(
|
|
177
|
+
filePath: string,
|
|
178
|
+
password: string,
|
|
179
|
+
outputPath: string,
|
|
180
|
+
gzip?: boolean,
|
|
181
|
+
): undefined;
|
|
182
|
+
|
|
183
|
+
/**
|
|
184
|
+
* Decrypts an encrypted `.enc` file.
|
|
185
|
+
*
|
|
186
|
+
* If `outputPath` is omitted, the decrypted Buffer is returned.
|
|
187
|
+
*
|
|
188
|
+
* @param filePath Path to the `.enc` file
|
|
189
|
+
* @param password Password used for decryption
|
|
190
|
+
* @param gzip Whether to decompress after decryption (default: true)
|
|
191
|
+
* @returns Decrypted file contents
|
|
192
|
+
*
|
|
193
|
+
* @throws WilcoCryptError on:
|
|
194
|
+
* - invalid file extension
|
|
195
|
+
* - invalid header
|
|
196
|
+
* - version mismatch
|
|
197
|
+
* - wrong password
|
|
198
|
+
* - corrupted data
|
|
199
|
+
*/
|
|
200
|
+
decryptFile(filePath: string, password: string, gzip?: boolean): Buffer;
|
|
201
|
+
|
|
202
|
+
/**
|
|
203
|
+
* Encrypts data asynchronously using password-based AES-256-GCM.
|
|
204
|
+
*
|
|
205
|
+
* Output format:
|
|
206
|
+
* [HEADER (10 bytes)] + [VERSION (dynamic)] + [salt (16)] + [iv (12)] + [ciphertext] + [authTag (16)]
|
|
207
|
+
*
|
|
208
|
+
* @param plaindata Raw data to encrypt
|
|
209
|
+
* @param password Password used for key derivation
|
|
210
|
+
* @param gzip Whether to compress data before encryption (default: true)
|
|
211
|
+
* @returns Binary-encoded encrypted payload
|
|
212
|
+
*
|
|
213
|
+
* @throws WilcoCryptError If password is invalid
|
|
214
|
+
*/
|
|
215
|
+
encryptDataAsync(
|
|
96
216
|
plaindata: Buffer,
|
|
97
217
|
password: string,
|
|
98
|
-
gzip?: boolean
|
|
99
|
-
): Buffer
|
|
218
|
+
gzip?: boolean,
|
|
219
|
+
): Promise<Buffer>;
|
|
100
220
|
|
|
101
221
|
/**
|
|
102
|
-
* Decrypts encrypted data using password-based AES-256-GCM.
|
|
222
|
+
* Decrypts encrypted data asynchronously using password-based AES-256-GCM.
|
|
103
223
|
*
|
|
104
224
|
* Validates internal header and version, then extracts:
|
|
105
225
|
* salt, iv, authTag and ciphertext from the binary payload.
|
|
@@ -115,44 +235,95 @@ export interface WilcoCrypt {
|
|
|
115
235
|
* - wrong password
|
|
116
236
|
* - corrupted data
|
|
117
237
|
*/
|
|
118
|
-
|
|
238
|
+
decryptDataAsync(
|
|
119
239
|
encryptedData: Buffer,
|
|
120
240
|
password: string,
|
|
121
|
-
gzip?: boolean
|
|
122
|
-
): Buffer
|
|
241
|
+
gzip?: boolean,
|
|
242
|
+
): Promise<Buffer>;
|
|
123
243
|
|
|
124
244
|
/**
|
|
125
|
-
* Encrypts a file and writes `<filePath>.enc`.
|
|
245
|
+
* Encrypts a file asynchronously and writes the result to `<filePath>.enc`.
|
|
246
|
+
*
|
|
247
|
+
* @param filePath Path to the file to encrypt
|
|
248
|
+
* @param password Password used for encryption
|
|
249
|
+
* @param gzip Whether to compress before encryption (default: true)
|
|
250
|
+
*
|
|
251
|
+
* @throws WilcoCryptError If password is invalid
|
|
126
252
|
*/
|
|
127
|
-
|
|
253
|
+
encryptFileAsync(
|
|
128
254
|
filePath: string,
|
|
129
255
|
password: string,
|
|
130
|
-
gzip?: boolean
|
|
131
|
-
): void
|
|
256
|
+
gzip?: boolean,
|
|
257
|
+
): Promise<void>;
|
|
132
258
|
|
|
133
259
|
/**
|
|
134
|
-
* Decrypts a `.enc` file.
|
|
260
|
+
* Decrypts a `.enc` file asynchronously.
|
|
135
261
|
*
|
|
136
262
|
* If `outputPath` is provided, the decrypted data is written to that file
|
|
137
263
|
* and `undefined` is returned. Otherwise the decrypted Buffer is returned.
|
|
264
|
+
*
|
|
265
|
+
* @param filePath Path to the `.enc` file
|
|
266
|
+
* @param password Password used for decryption
|
|
267
|
+
* @param outputPath Optional path to write decrypted output to
|
|
268
|
+
* @param gzip Whether to decompress after decryption (default: true)
|
|
269
|
+
* @returns Undefined when outputPath is provided
|
|
270
|
+
*
|
|
271
|
+
* @throws WilcoCryptError on:
|
|
272
|
+
* - invalid file extension
|
|
273
|
+
* - invalid header
|
|
274
|
+
* - version mismatch
|
|
275
|
+
* - wrong password
|
|
276
|
+
* - corrupted data
|
|
138
277
|
*/
|
|
139
|
-
|
|
140
|
-
|
|
278
|
+
decryptFileAsync(
|
|
279
|
+
filePath: string,
|
|
280
|
+
password: string,
|
|
281
|
+
outputPath: string,
|
|
282
|
+
gzip?: boolean,
|
|
283
|
+
): Promise<undefined>;
|
|
284
|
+
|
|
285
|
+
/**
|
|
286
|
+
* Decrypts an encrypted `.enc` file asynchronously.
|
|
287
|
+
*
|
|
288
|
+
* If `outputPath` is omitted, the decrypted Buffer is returned.
|
|
289
|
+
*
|
|
290
|
+
* @param filePath Path to the `.enc` file
|
|
291
|
+
* @param password Password used for decryption
|
|
292
|
+
* @param gzip Whether to decompress after decryption (default: true)
|
|
293
|
+
* @returns Decrypted file contents
|
|
294
|
+
*
|
|
295
|
+
* @throws WilcoCryptError on:
|
|
296
|
+
* - invalid file extension
|
|
297
|
+
* - invalid header
|
|
298
|
+
* - version mismatch
|
|
299
|
+
* - wrong password
|
|
300
|
+
* - corrupted data
|
|
301
|
+
*/
|
|
302
|
+
decryptFileAsync(
|
|
303
|
+
filePath: string,
|
|
304
|
+
password: string,
|
|
305
|
+
gzip?: boolean,
|
|
306
|
+
): Promise<Buffer>;
|
|
141
307
|
|
|
142
308
|
/**
|
|
143
309
|
* Encrypts a file using streams and writes the result to `outputPath`.
|
|
144
310
|
* Memory-efficient alternative to `encryptFile` for large files.
|
|
145
311
|
*
|
|
312
|
+
* Output format:
|
|
313
|
+
* [HEADER] + [VERSION] + [salt (16)] + [iv (12)] + [ciphertext] + [authTag (16)]
|
|
314
|
+
*
|
|
146
315
|
* @param inputPath Path to the file to encrypt
|
|
147
316
|
* @param outputPath Path to write the encrypted output to
|
|
148
317
|
* @param password Password used for key derivation
|
|
149
318
|
* @param gzip Whether to compress data before encryption (default: true)
|
|
319
|
+
*
|
|
320
|
+
* @throws WilcoCryptError If password is invalid
|
|
150
321
|
*/
|
|
151
322
|
encryptFileStream(
|
|
152
323
|
inputPath: string,
|
|
153
324
|
outputPath: string,
|
|
154
325
|
password: string,
|
|
155
|
-
gzip?: boolean
|
|
326
|
+
gzip?: boolean,
|
|
156
327
|
): Promise<void>;
|
|
157
328
|
|
|
158
329
|
/**
|
|
@@ -174,7 +345,7 @@ export interface WilcoCrypt {
|
|
|
174
345
|
inputPath: string,
|
|
175
346
|
outputPath: string,
|
|
176
347
|
password: string,
|
|
177
|
-
gzip?: boolean
|
|
348
|
+
gzip?: boolean,
|
|
178
349
|
): Promise<void>;
|
|
179
350
|
}
|
|
180
351
|
|