Package Exports
- @bolttech/encryption
- @bolttech/encryption/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@bolttech/encryption) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
Encryption Module by NodeJS
This library allows you to create key pairs, encrypt, and decrypt data with the same strategy of the Encryption Service.
Adding dependency
npm i @bolttech/encryption
Encryption Service V2
AES Algorithm
Creating key
import {
HashBasedBufferEncodingAllowed,
HMACSecretKeyGenerator,
IHMACKeyGeneratorOptions,
SHAHashBasedAlgorithmsAllowed,
} from '@bolttech/encryption';
const passphrase = 'yourStrongPassphrase';
const keyGeneratorOptions: IHMACKeyGeneratorOptions = {
keySize: 32, // cipher mode bytes divided by 8, example 256 / 8 = 32
algorithm: SHAHashBasedAlgorithmsAllowed.SHA256,
encoding: HashBasedBufferEncodingAllowed.BASE64,
};
const keyGenerator = new HMACSecretKeyGenerator(keyGeneratorOptions);
const { secretKey } = await keyGenerator.generateKey({ passphrase });
const oSecretKey = await keyGenerator.loadEncryptedPrivateKey(
secretKey,
passphrase,
);
Encrypting data
import {
AESEncryptor,
AESCipherModeAllowed,
HashBasedBufferEncodingAllowed,
// HMACSigner,
IAESEncryptorOptions,
// IHMACSignerOptions,
// SHAHashBasedAlgorithmsAllowed,
} from '@bolttech/encryption';
import { Readable } from 'stream';
const data = Buffer.from('Confidential data.');
const stream = Readable.from(data);
const encryptorOptions: IAESEncryptorOptions = {
mode: AESCipherModeAllowed.AES256CBC,
encoding: HashBasedBufferEncodingAllowed.BASE64,
};
const encryptor = new AESEncryptor(encryptorOptions);
const encryptedStream = await encryptor.encrypt(stream, oSecretKey);
// const signerOptions: IHMACSignerOptions = {
// algorithm: SHAHashBasedAlgorithmsAllowed.SHA256,
// encoding: HashBasedBufferEncodingAllowed.BASE64,
// };
// const signer = new HMACSigner(signerOptions);
// const signedStream = await signer.sign(stream, oSigningSecretKey);
Decrypting data
// const verifiedStream = await signer.verifySignature(stream, oSigningSecretKey);
const decryptedStream = await encryptor.decrypt(encryptedStream, oSecretKey);
OpenPGP Algorithm
Creating key pairs
import {
EllipticCurvesAllowed,
IOpenPGPKeyPairGeneratorOptions,
OpenPGPKeyPairGenerator,
OpenPGPTypesAllowed,
} from '@bolttech/encryption';
const passphrase = 'yourStrongPassphrase';
const name = 'Joe Doe';
const email = 'joedoe@test.com';
const keyGeneratorOptions: IOpenPGPKeyPairGeneratorOptions = {
type: OpenPGPTypesAllowed.ECC,
curve: EllipticCurvesAllowed.Curve25519,
};
const keyGenerator = new OpenPGPKeyPairGenerator(keyGeneratorOptions);
const { publicKey, privateKey } = await keyGenerator.generateKey({
passphrase,
name,
email,
});
const oPublicKey = await keyGenerator.loadPublicKey(publicKey);
const oPrivateKey = await keyGenerator.loadEncryptedPrivateKey(
privateKey,
passphrase,
);
Encrypting data
import {
HashBasedBufferEncodingAllowed,
IOpenPGPEncryptorOptions,
// IOpenPGPSignerOptions,
OpenPGPEncryptor,
// OpenPGPSigner,
} from '@bolttech/encryption';
import { Readable } from 'stream';
const data = Buffer.from('Confidential data.');
const stream = Readable.from(data);
const encryptorOptions: IOpenPGPEncryptorOptions = {
armored: true,
};
const encryptor = new OpenPGPEncryptor(encryptorOptions);
const encryptedStream = await encryptor.encrypt(stream, oPublicKey);
// const signerOptions: IOpenPGPSignerOptions = {
// armored: true,
// };
// const signer = new OpenPGPSigner(signerOptions);
// const signedStream = await signer.sign(stream, oSigningPrivateKey);
Decrypting data
// const verifiedStream = await signer.verifySignature(stream, oSigningPublicKey);
const decryptedStream = await encryptor.decrypt(encryptedStream, oPrivateKey);
RSA Algorithm
Creating key pairs
import {
AESCipherModeForRSAAllowed,
IRSAKeyPairGeneratorOptions,
KeyFormatAllowed,
RSAKeyPairGenerator,
RSAModulusLengthAllowed,
RSAPrivateKeyEncodingTypeAllowed,
RSAPublicKeyEncodingTypeAllowed,
} from '@bolttech/encryption';
const passphrase = 'yourStrongPassphrase';
const keyGeneratorOptions: IRSAKeyPairGeneratorOptions = {
modulusLength: RSAModulusLengthAllowed.ML2048,
publicExponent: undefined,
publicKeyEncoding: {
type: RSAPublicKeyEncodingTypeAllowed.SPKI,
format: KeyFormatAllowed.PEM,
},
privateKeyEncoding: {
type: RSAPrivateKeyEncodingTypeAllowed.PKCS8,
format: KeyFormatAllowed.PEM,
cipher: AESCipherModeForRSAAllowed.AES256CBC,
},
};
const keyGenerator = new RSAKeyPairGenerator(keyGeneratorOptions);
const { publicKey, privateKey } = await keyGenerator.generateKey({
passphrase,
});
const oPublicKey = await keyGenerator.loadPublicKey(publicKey);
const oPrivateKey = await keyGenerator.loadEncryptedPrivateKey(
privateKey,
passphrase,
);
Encrypting data
import {
EncryptionPaddingAllowed,
HashBasedBufferEncodingAllowed,
IRSAEncryptorOptions,
// IRSASignerOptions,
SHAHashBasedAlgorithmsAllowed,
RSAEncryptor,
// RSASigner,
RSAModulusLengthAllowed,
} from '@bolttech/encryption';
import { Readable } from 'stream';
const data = Buffer.from('Confidential data.');
const stream = Readable.from(data);
const encryptorOptions: IRSAEncryptorOptions = {
modulusLength: RSAModulusLengthAllowed.ML2048, // same of key pairs
oaepHash: SHAHashBasedAlgorithmsAllowed.SHA384,
padding: EncryptionPaddingAllowed.RSA_PKCS1_OAEP_PADDING,
encoding: HashBasedBufferEncodingAllowed.HEX,
};
const encryptor = new RSAEncryptor(encryptorOptions);
const encryptedStream = await encryptor.encrypt(stream, oPublicKey);
// const signerOptions: IRSASignerOptions = {
// modulusLength: RSAModulusLengthAllowed.ML2048, // same of key pairs
// algorithm: SHAHashBasedAlgorithmsAllowed.SHA384,
// encoding: HashBasedBufferEncodingAllowed.HEX,
// };
// const signer = new RSASigner(signerOptions);
// const signedStream = await signer.sign(stream, oSigningPrivateKey);
Decrypting data
// const verifiedStream = await signer.verifySignature(stream, oSigningPublicKey);
const decryptedStream = await encryptor.decrypt(encryptedStream, oPrivateKey);
Encryption Service V1
AES Algorithm
Creating key pairs
import {
AESCipherModeAllowed,
HashBasedBufferEncodingAllowed,
SHAHashBasedAlgorithmsAllowed,
V1AESEncryption,
} from '@bolttech/encryption';
const passphrase = 'yourStrongPassphrase';
const encryption = new V1AESEncryption(
AESCipherModeAllowed.AES256CBC,
SHAHashBasedAlgorithmsAllowed.SHA512,
HashBasedBufferEncodingAllowed.HEX,
);
const { secretKey } = await encryption.generateKey(passphrase);
Encrypting data
const data = Buffer.from('Confidential data.');
const encryptedData = encryption.encryptData(data, secretKey, passphrase);
// const encryptedAndSignedData = encryption.encryptAndSignData(
// data,
// secretKey,
// passphrase,
// rsaSigningPrivateKey,
// passphraseRsaSigningPrivateKey,
// );
// const signedData = encryption.signData(data, rsaPrivateKey, passphraseRsaPrivateKey);
const iv = encryption.getIV();
Note: Encryption Service v1 does not support manipulation of binary data.
Decrypting data
const decryptedData = encryption.decryptData(
encryptedData,
secretKey,
passphrase,
iv,
);
// const decryptedAndVerifiedData = encryption.decryptAndVerifyData(
// encryptedAndSignedData,
// secretKey,
// passphrase,
// rsaVerificationPublicKey,
// iv,
// );
// const verifiedData = encryption.verifySignatureData(
// signedData,
// rsaPublicKey,
// );
Note: Encryption Service v1 does not support manipulation of binary data.
OpenPGP Algorithm
import { V1OpenPGPEncryption } from '@bolttech/encryption';
const passphrase = 'yourStrongPassphrase';
const name = 'Joe Doe';
const email = 'joedoe@test.com';
const encryption = new V1OpenPGPEncryption(2048);
const { publicKey, privateKey } = await encryption.generateKeyPair(
passphrase,
name,
email,
);
// Save publicKey and privateKey content in a file with extension .pem
Encrypting data
const data = Buffer.from('Confidential data.');
const encryptedData = encryption.encryptData(data, publicKey);
// const encryptedAndSignedData = encryption.encryptAndSignData(
// data,
// publicKey,
// rsaSigningPrivateKey,
// passphraseRsaSigningPrivateKey,
// );
// const signedData = encryption.signData(data, rsaPrivateKey, passphraseRsaPrivateKey);
Note: Encryption Service v1 does not support manipulation of binary data.
Decrypting data
const decryptedData = encryption.decryptData(
encryptedData,
privateKey,
passphrase,
);
// const decryptedAndVerifiedData = encryption.decryptAndVerifyData(
// encryptedAndSignedData,
// privateKey,
// passphrase,
// rsaVerificationPublicKey,
// );
// const verifiedData = encryption.verifySignatureData(
// signedData,
// rsaPublicKey,
// );
Note: Encryption Service v1 does not support manipulation of binary data.
RSA Algorithm
Creating key pairs
import { V1RSAEncryption } from '@bolttech/encryption';
const passphrase = 'yourStrongPassphrase';
const encryption = new V1RSAEncryption(2048);
const { publicKey, privateKey } = await encryption.generateKeyPair(passphrase);
// Save publicKey and privateKey content in a file with extension .pem
Encrypting data
const data = Buffer.from('Confidential data.');
const encryptedData = encryption.encryptData(data, publicKey);
// const encryptedAndSignedData = encryption.encryptAndSignData(
// data,
// publicKey,
// rsaSigningPrivateKey,
// passphraseRsaSigningPrivateKey,
// );
// const signedData = encryption.signData(data, rsaPrivateKey, passphraseRsaPrivateKey);
Note: Encryption Service v1 does not support manipulation of binary data.
Decrypting data
const decryptedData = encryption.decryptData(
encryptedData,
privateKey,
passphrase,
);
// const decryptedAndVerifiedData = encryption.decryptAndVerifyData(
// encryptedAndSignedData,
// privateKey,
// passphrase,
// rsaVerificationPublicKey,
// );
// const verifiedData = encryption.verifySignatureData(
// signedData,
// rsaPublicKey,
// );
Note: Encryption Service v1 does not support manipulation of binary data.
Common
OpenPGP
Generating your key pair with command line
# Pending
Checking your key pair with command line
# Pending
RSA
Generating your key pair with command line
# Generating the private key
openssl genpkey -algorithm RSA -out private_key.pem -aes-256-cbc -pass pass:"yourStrongPassphrase" -pkeyopt rsa_keygen_bits:4096 -outform PEM
# Generating the public key for the private key
openssl pkey -in private_key.pem -passin pass:"yourStrongPassphrase" -pubout -out public_key.pem
Checking your key pair with command line
If you generated your key pairs another way, you can check if it is compatible with the commands below.
# Checking if the algorithm used was RSA
openssl rsa -in private_key.pem -passin pass:"yourStrongPassphrase" -check
# Checking private key size in bits and the format is in PKCS#8
openssl pkey -in private_key.pem -passin pass:"yourStrongPassphrase" -text -noout
# Checking public key size in bits and the format is in SPKI
openssl pkey -in public_key.pem -pubin -text -noout
# Checking private key compatibility with public key (Note: It will be fully compatible if there is no output in the result of this command)
openssl pkey -in private_key.pem -passin pass:"yourStrongPassphrase" -pubout -out public_key_from_private.pem && diff public_key.pem public_key_from_private.pem && rm public_key_from_private.pem
TO DO
Encryption Service v1
- Encryption:
- Support for RSA;
- Support for OpenPGP;
- Support for AES;
- Signature
- Support for JWT;
- Encryption:
Encryption Service v2
- Encryption:
- Support for RSA;
- Support for OpenPGP;
- Support for AES;
- Signature:
- Support for RSA;
- Support for DSA;
- Support for ECDSA;
- Support for OpenPGP;
- Support for HMAC;
- Encryption: