JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 47
  • Score
    100M100P100Q63470F
  • License ISC

Encryption Module allows you to create key pairs, encrypt, and decrypt data with the same strategy of the Encryption Service.

Package Exports

  • @bolttech/encryption
  • @bolttech/encryption/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@bolttech/encryption) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Encryption Module by NodeJS

This library allows you to create key pairs, encrypt, and decrypt data with the same strategy of the Encryption Service.

Adding dependency

npm i @bolttech/encryption

Encryption Service V2

AES Algorithm

Creating key

import {
  HashBasedBufferEncodingAllowed,
  HMACSecretKeyGenerator,
  IHMACKeyGeneratorOptions,
  SHAHashBasedAlgorithmsAllowed,
} from '@bolttech/encryption';

const passphrase = 'yourStrongPassphrase';

const keyGeneratorOptions: IHMACKeyGeneratorOptions = {
  keySize: 32, // cipher mode bytes divided by 8, example 256 / 8 = 32
  algorithm: SHAHashBasedAlgorithmsAllowed.SHA256,
  encoding: HashBasedBufferEncodingAllowed.BASE64,
};

const keyGenerator = new HMACSecretKeyGenerator(keyGeneratorOptions);
const { secretKey } = await keyGenerator.generateKey({ passphrase });

const oSecretKey = await keyGenerator.loadEncryptedPrivateKey(
  secretKey,
  passphrase,
);

Encrypting data

import {
  AESEncryptor,
  AESCipherModeAllowed,
  HashBasedBufferEncodingAllowed,
  // HMACSigner,
  IAESEncryptorOptions,
  // IHMACSignerOptions,
  // SHAHashBasedAlgorithmsAllowed,
} from '@bolttech/encryption';
import { Readable } from 'stream';

const data = Buffer.from('Confidential data.');
const stream = Readable.from(data);

const encryptorOptions: IAESEncryptorOptions = {
  mode: AESCipherModeAllowed.AES256CBC,
  encoding: HashBasedBufferEncodingAllowed.BASE64,
};

const encryptor = new AESEncryptor(encryptorOptions);
const encryptedStream = await encryptor.encrypt(stream, oSecretKey);

// const signerOptions: IHMACSignerOptions = {
//   algorithm: SHAHashBasedAlgorithmsAllowed.SHA256,
//   encoding: HashBasedBufferEncodingAllowed.BASE64,
// };
// const signer = new HMACSigner(signerOptions);
// const signedStream = await signer.sign(stream, oSigningSecretKey);

Decrypting data

// const verifiedStream = await signer.verifySignature(stream, oSigningSecretKey);
const decryptedStream = await encryptor.decrypt(encryptedStream, oSecretKey);

OpenPGP Algorithm

Creating key pairs

import {
  EllipticCurvesAllowed,
  IOpenPGPKeyPairGeneratorOptions,
  OpenPGPKeyPairGenerator,
  OpenPGPTypesAllowed,
} from '@bolttech/encryption';

const passphrase = 'yourStrongPassphrase';
const name = 'Joe Doe';
const email = 'joedoe@test.com';

const keyGeneratorOptions: IOpenPGPKeyPairGeneratorOptions = {
  type: OpenPGPTypesAllowed.ECC,
  curve: EllipticCurvesAllowed.Curve25519,
};

const keyGenerator = new OpenPGPKeyPairGenerator(keyGeneratorOptions);
const { publicKey, privateKey } = await keyGenerator.generateKey({
  passphrase,
  name,
  email,
});

const oPublicKey = await keyGenerator.loadPublicKey(publicKey);
const oPrivateKey = await keyGenerator.loadEncryptedPrivateKey(
  privateKey,
  passphrase,
);

Encrypting data

import {
  HashBasedBufferEncodingAllowed,
  IOpenPGPEncryptorOptions,
  // IOpenPGPSignerOptions,
  OpenPGPEncryptor,
  // OpenPGPSigner,
} from '@bolttech/encryption';
import { Readable } from 'stream';

const data = Buffer.from('Confidential data.');
const stream = Readable.from(data);

const encryptorOptions: IOpenPGPEncryptorOptions = {
  armored: true,
};

const encryptor = new OpenPGPEncryptor(encryptorOptions);
const encryptedStream = await encryptor.encrypt(stream, oPublicKey);

// const signerOptions: IOpenPGPSignerOptions = {
//   armored: true,
// };
// const signer = new OpenPGPSigner(signerOptions);
// const signedStream = await signer.sign(stream, oSigningPrivateKey);

Decrypting data

// const verifiedStream = await signer.verifySignature(stream, oSigningPublicKey);
const decryptedStream = await encryptor.decrypt(encryptedStream, oPrivateKey);

RSA Algorithm

Creating key pairs

import {
  AESCipherModeForRSAAllowed,
  IRSAKeyPairGeneratorOptions,
  KeyFormatAllowed,
  RSAKeyPairGenerator,
  RSAModulusLengthAllowed,
  RSAPrivateKeyEncodingTypeAllowed,
  RSAPublicKeyEncodingTypeAllowed,
} from '@bolttech/encryption';

const passphrase = 'yourStrongPassphrase';

const keyGeneratorOptions: IRSAKeyPairGeneratorOptions = {
  modulusLength: RSAModulusLengthAllowed.ML2048,
  publicExponent: undefined,
  publicKeyEncoding: {
    type: RSAPublicKeyEncodingTypeAllowed.SPKI,
    format: KeyFormatAllowed.PEM,
  },
  privateKeyEncoding: {
    type: RSAPrivateKeyEncodingTypeAllowed.PKCS8,
    format: KeyFormatAllowed.PEM,
    cipher: AESCipherModeForRSAAllowed.AES256CBC,
  },
};

const keyGenerator = new RSAKeyPairGenerator(keyGeneratorOptions);
const { publicKey, privateKey } = await keyGenerator.generateKey({
  passphrase,
});

const oPublicKey = await keyGenerator.loadPublicKey(publicKey);
const oPrivateKey = await keyGenerator.loadEncryptedPrivateKey(
  privateKey,
  passphrase,
);

Encrypting data

import {
  EncryptionPaddingAllowed,
  HashBasedBufferEncodingAllowed,
  IRSAEncryptorOptions,
  // IRSASignerOptions,
  SHAHashBasedAlgorithmsAllowed,
  RSAEncryptor,
  // RSASigner,
  RSAModulusLengthAllowed,
} from '@bolttech/encryption';
import { Readable } from 'stream';

const data = Buffer.from('Confidential data.');
const stream = Readable.from(data);

const encryptorOptions: IRSAEncryptorOptions = {
  modulusLength: RSAModulusLengthAllowed.ML2048, // same of key pairs
  oaepHash: SHAHashBasedAlgorithmsAllowed.SHA384,
  padding: EncryptionPaddingAllowed.RSA_PKCS1_OAEP_PADDING,
  encoding: HashBasedBufferEncodingAllowed.HEX,
};

const encryptor = new RSAEncryptor(encryptorOptions);
const encryptedStream = await encryptor.encrypt(stream, oPublicKey);

// const signerOptions: IRSASignerOptions = {
//   modulusLength: RSAModulusLengthAllowed.ML2048, // same of key pairs
//   algorithm: SHAHashBasedAlgorithmsAllowed.SHA384,
//   encoding: HashBasedBufferEncodingAllowed.HEX,
// };
// const signer = new RSASigner(signerOptions);
// const signedStream = await signer.sign(stream, oSigningPrivateKey);

Decrypting data

// const verifiedStream = await signer.verifySignature(stream, oSigningPublicKey);
const decryptedStream = await encryptor.decrypt(encryptedStream, oPrivateKey);

Encryption Service V1

AES Algorithm

Creating key pairs

import {
  AESCipherModeAllowed,
  HashBasedBufferEncodingAllowed,
  SHAHashBasedAlgorithmsAllowed,
  V1AESEncryption,
} from '@bolttech/encryption';

const passphrase = 'yourStrongPassphrase';

const encryption = new V1AESEncryption(
  AESCipherModeAllowed.AES256CBC,
  SHAHashBasedAlgorithmsAllowed.SHA512,
  HashBasedBufferEncodingAllowed.HEX,
);
const { secretKey } = await encryption.generateKey(passphrase);

Encrypting data

const data = Buffer.from('Confidential data.');

const encryptedData = encryption.encryptData(data, secretKey, passphrase);
// const encryptedAndSignedData = encryption.encryptAndSignData(
//   data,
//   secretKey,
//   passphrase,
//   rsaSigningPrivateKey,
//   passphraseRsaSigningPrivateKey,
// );
// const signedData = encryption.signData(data, rsaPrivateKey, passphraseRsaPrivateKey);
const iv = encryption.getIV();

Note: Encryption Service v1 does not support manipulation of binary data.

Decrypting data

const decryptedData = encryption.decryptData(
  encryptedData,
  secretKey,
  passphrase,
  iv,
);
// const decryptedAndVerifiedData = encryption.decryptAndVerifyData(
//   encryptedAndSignedData,
//   secretKey,
//   passphrase,
//   rsaVerificationPublicKey,
//   iv,
// );
// const verifiedData = encryption.verifySignatureData(
//   signedData,
//   rsaPublicKey,
// );

Note: Encryption Service v1 does not support manipulation of binary data.

OpenPGP Algorithm

import { V1OpenPGPEncryption } from '@bolttech/encryption';

const passphrase = 'yourStrongPassphrase';
const name = 'Joe Doe';
const email = 'joedoe@test.com';

const encryption = new V1OpenPGPEncryption(2048);
const { publicKey, privateKey } = await encryption.generateKeyPair(
  passphrase,
  name,
  email,
);

// Save publicKey and privateKey content in a file with extension .pem

Encrypting data

const data = Buffer.from('Confidential data.');

const encryptedData = encryption.encryptData(data, publicKey);
// const encryptedAndSignedData = encryption.encryptAndSignData(
//   data,
//   publicKey,
//   rsaSigningPrivateKey,
//   passphraseRsaSigningPrivateKey,
// );
// const signedData = encryption.signData(data, rsaPrivateKey, passphraseRsaPrivateKey);

Note: Encryption Service v1 does not support manipulation of binary data.

Decrypting data

const decryptedData = encryption.decryptData(
  encryptedData,
  privateKey,
  passphrase,
);
// const decryptedAndVerifiedData = encryption.decryptAndVerifyData(
//   encryptedAndSignedData,
//   privateKey,
//   passphrase,
//   rsaVerificationPublicKey,
// );
// const verifiedData = encryption.verifySignatureData(
//   signedData,
//   rsaPublicKey,
// );

Note: Encryption Service v1 does not support manipulation of binary data.

RSA Algorithm

Creating key pairs

import { V1RSAEncryption } from '@bolttech/encryption';

const passphrase = 'yourStrongPassphrase';

const encryption = new V1RSAEncryption(2048);
const { publicKey, privateKey } = await encryption.generateKeyPair(passphrase);

// Save publicKey and privateKey content in a file with extension .pem

Encrypting data

const data = Buffer.from('Confidential data.');

const encryptedData = encryption.encryptData(data, publicKey);
// const encryptedAndSignedData = encryption.encryptAndSignData(
//   data,
//   publicKey,
//   rsaSigningPrivateKey,
//   passphraseRsaSigningPrivateKey,
// );
// const signedData = encryption.signData(data, rsaPrivateKey, passphraseRsaPrivateKey);

Note: Encryption Service v1 does not support manipulation of binary data.

Decrypting data

const decryptedData = encryption.decryptData(
  encryptedData,
  privateKey,
  passphrase,
);
// const decryptedAndVerifiedData = encryption.decryptAndVerifyData(
//   encryptedAndSignedData,
//   privateKey,
//   passphrase,
//   rsaVerificationPublicKey,
// );
// const verifiedData = encryption.verifySignatureData(
//   signedData,
//   rsaPublicKey,
// );

Note: Encryption Service v1 does not support manipulation of binary data.

Common

OpenPGP

Generating your key pair with command line

# Pending

Checking your key pair with command line

# Pending

RSA

Generating your key pair with command line

# Generating the private key
openssl genpkey -algorithm RSA -out private_key.pem -aes-256-cbc -pass pass:"yourStrongPassphrase" -pkeyopt rsa_keygen_bits:4096 -outform PEM

# Generating the public key for the private key
openssl pkey -in private_key.pem -passin pass:"yourStrongPassphrase" -pubout -out public_key.pem

Checking your key pair with command line

If you generated your key pairs another way, you can check if it is compatible with the commands below.

# Checking if the algorithm used was RSA
openssl rsa -in private_key.pem -passin pass:"yourStrongPassphrase" -check

# Checking private key size in bits and the format is in PKCS#8
openssl pkey -in private_key.pem -passin pass:"yourStrongPassphrase" -text -noout

# Checking public key size in bits and the format is in SPKI
openssl pkey -in public_key.pem -pubin -text -noout

# Checking private key compatibility with public key (Note: It will be fully compatible if there is no output in the result of this command)
openssl pkey -in private_key.pem -passin pass:"yourStrongPassphrase" -pubout -out public_key_from_private.pem && diff public_key.pem public_key_from_private.pem && rm public_key_from_private.pem

TO DO

  • Encryption Service v1

    • Encryption:
      • Support for RSA;
      • Support for OpenPGP;
      • Support for AES;
    • Signature
      • Support for JWT;

  • Encryption Service v2

    • Encryption:
      • Support for RSA;
      • Support for OpenPGP;
      • Support for AES;
    • Signature:
      • Support for RSA;
      • Support for DSA;
      • Support for ECDSA;
      • Support for OpenPGP;
      • Support for HMAC;