cryptify

File-based encryption utility for Node.js

Usage no npm install needed!

<script type="module">
  import cryptify from 'https://cdn.skypack.dev/cryptify';
</script>

README

cryptify

A dead simple file-based encyrption (FBE) utitily for Node.js.

:heart: CLI or module-based usage
:heart: Implements Node.js crypto
:heart: Licensed with GPLv2


Table of Contents


CLI

Installation

  • $ npm i -g cryptify

Usage

Adheres to http://docopt.org/ via commander.js

$ cryptify encrypt <file>... (-p <password>) [-c <cipher>] [-e <encoding>] [-s]
$ cryptify decrypt <file>... (-p <password>) [-c <cipher>] [-e <encoding>] [-s]

Commands

Command Description
encrypt Encrypt file(s)
decrypt Decrypt file(s)

Command Arguments

Short Long Description Default Required
-p --password Cryptographic key Yes
-c --cipher Cipher algorithm aes-256-cbc No
-e --encoding Character encoding of returned file(s) utf8 No
-s --silent Silence informational display false No
-o --loose Bypass password requirements false No

General Arguments

Short Long Description
-h --help Display help
-v --version Show version
-l --list List available ciphers

Encrypt a file with a password

$ cryptify encrypt ./configuration.props -p mySecretKey

Encrypt some files with a custom cipher

$ cryptify encrypt ./foo.json ./bar.jpg -p mySecretKey -c aes-256-cbc-hmac-sha256

Decrypt some files with a custom cipher

$ cryptify decrypt ./foo.json ./bar.jpg -p mySecretKey -c aes-256-cbc-hmac-sha256

Show general help

$ cryptify help encrypt

Usage: cryptify [options] [command]

Options:
  -v, --version                Display the current version
  -l, --list                   List available ciphers
  -h, --help                   Display help for the command

Commands:
  encrypt [options] <file...>  Encrypt files(s)
  decrypt [options] <file...>  Decrypt files(s)
  help <command>               Display help for the command

Example:
  $ cryptify encrypt file.txt -p 'Secret123!'
  $ cryptify decrypt file.txt -p 'Secret123!'

Password Requirements:
  1. Must contain at least 8 characters
  2. Must contain at least 1 special character
  3. Must contain at least 1 numeric character
  4. Must contain a combination of uppercase and lowercase

Show command help

$ cryptify help encrypt

Usage: cryptify encrypt <file>... (-p <password>) [-c <cipher>] [-e <encoding>] [-s] [-o]

Encrypt files(s)

Options:
  -p, --password <password>  Cryptographic key
  -c, --cipher <cipher>      Cipher algorithm (default: "aes-256-cbc")
  -e, --encoding <encoding>  Character encoding (default: "utf8")
  -s, --silent               Silence informational display (default: false)
  -o, --loose                Bypass password requirements (default: false)
  -h, --help                 Display help for the command

Module

Installation

  • $ npm i -S cryptify

CommonJS

const Cryptify = require('cryptify');

ES2015

import Cryptify from 'cryptify';

Constructor

new Cryptify(files, password[, cipher][, encoding][, silent][, loose])

Encrypt / Decrypt

import Cryptify from 'cryptify';

const filePath = './example.txt'; // This can also be an array of paths.
const password = process.env.ENV_SECRET_KEY;

const instance = new Cryptify(filePath, password);
instance
  .encrypt()
  .then((files) => {
    /* Do stuff */
  })
  .then(() => instance.decrypt())
  .then((files) => {
    /* Do stuff */
  })
  .catch((e) => console.error(e));

Decrypt / Encrypt

import Cryptify from 'cryptify';

const filePath = './example.txt'; // This can also be an array of paths.
const password = process.env.ENV_SECRET_KEY;

const instance = new Cryptify(filePath, password);
instance
  .decrypt()
  .then((files) => {
    /* Do stuff */
  })
  .then(() => instance.encrypt())
  .then((files) => {
    /* Do stuff */
  })
  .catch((e) => console.error(e));

Supported Ciphers

The following ciphers are supported by cryptify:

Running cipher validation tests...

 ✓ Passed: aes-128-cbc
 ✓ Passed: aes-128-cbc-hmac-sha1
 ✓ Passed: aes-128-cbc-hmac-sha256
 ✓ Passed: aes-128-cfb
 ✓ Passed: aes-128-cfb1
 ✓ Passed: aes-128-cfb8
 ✓ Passed: aes-128-ctr
 ✓ Passed: aes-128-ofb
 ✓ Passed: aes-192-cbc
 ✓ Passed: aes-192-cfb
 ✓ Passed: aes-192-cfb1
 ✓ Passed: aes-192-cfb8
 ✓ Passed: aes-192-ctr
 ✓ Passed: aes-192-ofb
 ✓ Passed: aes-256-cbc
 ✓ Passed: aes-256-cbc-hmac-sha1
 ✓ Passed: aes-256-cbc-hmac-sha256
 ✓ Passed: aes-256-cfb
 ✓ Passed: aes-256-cfb1
 ✓ Passed: aes-256-cfb8
 ✓ Passed: aes-256-ctr
 ✓ Passed: aes-256-ofb
 ✓ Passed: aes128
 ✓ Passed: aes192
 ✓ Passed: aes256
 ✓ Passed: aria-128-cbc
 ✓ Passed: aria-128-cfb
 ✓ Passed: aria-128-cfb1
 ✓ Passed: aria-128-cfb8
 ✓ Passed: aria-128-ctr
 ✓ Passed: aria-128-ofb
 ✓ Passed: aria-192-cbc
 ✓ Passed: aria-192-cfb
 ✓ Passed: aria-192-cfb1
 ✓ Passed: aria-192-cfb8
 ✓ Passed: aria-192-ctr
 ✓ Passed: aria-192-ofb
 ✓ Passed: aria-256-cbc
 ✓ Passed: aria-256-cfb
 ✓ Passed: aria-256-cfb1
 ✓ Passed: aria-256-cfb8
 ✓ Passed: aria-256-ctr
 ✓ Passed: aria-256-ofb
 ✓ Passed: aria128
 ✓ Passed: aria192
 ✓ Passed: aria256
 ✓ Passed: camellia-128-cbc
 ✓ Passed: camellia-128-cfb
 ✓ Passed: camellia-128-cfb1
 ✓ Passed: camellia-128-cfb8
 ✓ Passed: camellia-128-ctr
 ✓ Passed: camellia-128-ofb
 ✓ Passed: camellia-192-cbc
 ✓ Passed: camellia-192-cfb
 ✓ Passed: camellia-192-cfb1
 ✓ Passed: camellia-192-cfb8
 ✓ Passed: camellia-192-ctr
 ✓ Passed: camellia-192-ofb
 ✓ Passed: camellia-256-cbc
 ✓ Passed: camellia-256-cfb
 ✓ Passed: camellia-256-cfb1
 ✓ Passed: camellia-256-cfb8
 ✓ Passed: camellia-256-ctr
 ✓ Passed: camellia-256-ofb
 ✓ Passed: camellia128
 ✓ Passed: camellia192
 ✓ Passed: camellia256
 ✓ Passed: chacha20

 ✓ Results: 68 passed, 107 total


Recommendations

Strongly consider clearing your shell's session history of any sensitive information.

Bash

Bash writes the current session history to disk (~/.bash_history) at the end of the session.

  1. Tactical Approach: Clear a specific entry in the current session

    $ history
    666 cryptify --help
    667 cryptify encrypt ./myfile.txt -p mySecretKey
    $ history -d 667
    $ history -w
    
  2. Blunt Approach: Clear the entire current session history (in memory)

    $ history -c
    
  3. Nuclear Approach: Clear current and existing session history (in memory, and on disk)

    $ rm $HISTFILE
    $ history -c
    $ exit
    (open shell)
    $ cat $HISTFILE
    exit
    

Windows Command Prompt

Windows does not store history between command prompt sessions.

  1. However, for safety, consider decreasing the Buffer Size and Number of Buffers in the Properties menu before use.

  2. Per this configuration, Windows will only store the last command in the buffer.

  3. Once work with cryptify is complete, close the command prompt:

    C:\Users\[user]> cryptify encrypt ./myfile.txt -p mySecretKey
    C:\Users\[user]> exit
    

Windows PowerShell

  1. PowerShell's Clear-History command doesn't seem to work as advertised, which is designed to clear the current session's history.

  2. However, deleting PowerShell's history file does do the trick.

    PS C:\Users\[user]> cryptify encrypt ./myfile.txt -p mySecretKey
    PS C:\Users\[user]> del (Get-PSReadlineOption).HistorySavePath
    PS C:\Users\[user]> exit
    

Password Requirements

  1. Must contain at least 8 characters
  2. Must contain at least 1 special character
  3. Must contain at least 1 numeric character
  4. Must contain a combination of uppercase and lowercase