Skip to content
/ symmetric-crypto-helper Public

Node.js helper for symmetric cryptography using standard crypto libraries.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

m0wzer/symmetric-crypto-helper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Symmetric Crypto Helper

'symmetric-crypto-helper' is a wrapper around the node 'crypto' + 'pbkdf2' packages that provdes a simple API with a default secure configuration for the AES algorithm using 256 bit key size and GCM block mode of operation.

The motivation for this module is because I have seen a few guides on setting up symmetric crypto that use an insecure configuration. This aims to provide a secure configuration from key generation to message authentication. I also needed to factor out some crypto code on a project I am working on.

My Node/JS isn't perfect so if you see anything wrong feel free to open an issue / PR and let me know. Likewise, if any cryptologists see any mistakes in the configurations, please let me know. The only potential flaw I can currently see is if the same key is used and generateRandomIv returns a duplicate that has already been used with the same key.

Installation

We use the built-in crypto libary, however we currently use the pbkdf2 package for key generation. I belive the built in libary also provides a pbkdf2 implementation, so I need to look into this and potentially remove the external requirment.

Currently the module is not on NPM, but if there is any interest then I will push it up.

Install the dependencies.

$ npm install pbkdf2

Example Usage

var helper = require('./symmetric-crypto-helper');

// Generate a salt and secret 256 bit AES key using PBKDF2
// the salt does not have to be secret and can be stored in cleartext
var salt = helper.generateSalt();
var key = helper.generateSecretKey256("password", salt);

// Generate an IV and pass it and the key + plaintext to the encrypt routine.
// The encrypt routine uses AES 256 bit with 96 bit IV in GCM mode. It is
// critical that the same IV is never reused with the same key!
var iv = helper.generateRandomIv();
var encrypted = helper.encryptAes256Gcm(
    key,
    iv,
    Buffer.from('Input can be string or buffer.')
  );

if (encrypted.error) {
  // An error has occured, see 'error' for more info and dont continue
  console.log("An error occured during the encryption");
  return;
}

var message = helper.decryptAes256Gcm(
    key,
    iv,
    encrypted.ciphertext,
    encrypted.authenticationTag
  );

if (message.error) {
  // An error has occured, see 'error' for more info and dont continue
  console.log("An error occured during the decryption");
  return;
}

console.log(message.plaintext.toString('utf8'));

Todos

  • Add function to increment an IV / counter for initalizing GCM mode
  • Add unit tests
  • Clean up the code

License

MIT

About

Node.js helper for symmetric cryptography using standard crypto libraries.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages