@socialgouv/aes-gcm-rsa-oaep

Kubeseal aes-gcm-rsa-oaep encryption implementaton in JavaScript

Usage no npm install needed!

<script type="module">
  import socialgouvAesGcmRsaOaep from 'https://cdn.skypack.dev/@socialgouv/aes-gcm-rsa-oaep';
</script>

README

AES-GCM + RSA OAEP encryption

AES-GCM + RSA-OAEP encryption/decryption using WebCrypto API in NodeJS or in the browser

Tests uses @peculiar/webcrypto for polyfilling browser crypto api.

This can be used to replace kubeseal encryption in JavaScript environments.

See demo : http://socialgouv.github.io/webseal

Usage

High level

import { encryptValue, encryptValues, getSealedSecret } from "@socialgouv/aes-gcm-rsa-oaep"

// encrypt single value
const encryptedValue =  encryptValue({
  pemKey: "somekey",
  scope: "cluster",
  namespace: "dev",
  name: "my-secret",
  value: "plain-value";
});

// encrypt multiple values
const encryptedValue =  encryptValues({
  pemKey: "somekey",
  scope: "cluster",
  namespace: "dev",
  name: "my-secret",
  values: {
    value1: "plain1",
    value2: "plain2"
  }
});

// get sealed-secret
const sealedSecret =  getSealedSecret({
  pemKey: "somekey",
  scope: "cluster",
  namespace: "dev",
  name: "my-secret",
  values: {
    value1: "plain1",
    value2: "plain2"
  }
});

Low level

import { pki } from 'node-forge';
import { HybridEncrypt, pemPublicKeyToCryptoKey } from '@socialgouv/aes-gcm-rsa-oaep';

const publicKeyPem = pki.publicKeyToPem(cert.publicKey);
const publicKey = await pemPublicKeyToCryptoKey(publicKeyPem);

const plainText = 'Bonjour le monde';
const label = Buffer.from('');

const result = await HybridEncrypt(publicKey, plainText, label);

const sealedText = Buffer.from(result).toString('base64');