README
kruptein
crypto; from kruptein
to hide or conceal.
Install
To install npm install kruptein
Methods
.set(secret, plaintext, [aad], callback)
.get(secret, ciphertext, [{at: auth_tag, aad: aad}], callback)
Options
Industry standards are used for the algorithm, hashing algorithm, key & IV sizes. The default key derivation is pbkdf2, however use of the scrypt derivation function can be enabled.
algorithm
: (Optional) Cipher algorithm fromcrypto.getCiphers()
. Default:aes-256-gcm
.hashing
: (Optional) Hash algorithm fromcrypto.getHashes()
. Default:sha512
.encodeas
: (Optional) Output encoding. Currently supportsbinary
,hex
, &base64
. Default:base64
.key_size
: (Optional) Key size bytes (should match block size of algorithm). Default:32
iv_size
: (Optional) IV size bytes. Default:16
.at_size
: (Optional) Authentication tag size. Applicable togcm
&ocb
cipher modes. Default:128
.use_scrypt
: (Optional) Use.scrypt()
to derive a key. Requires node > v10. Default/Fallback:.pbkdf2()
.use_asn1
: (Optional) Disable the default ASN.1 encoding. Default: true
Usage
When selecting an algorithm from crypto.getCiphers()
the
iv
and key_size
values are calculated auto-magically to make implementation
easy.
You can always define your own if the defaults per algorithm and mode
aren't what you would like; see the options
section above.
Create ciphertext from plaintext
To create a new ciphertext object.
const kruptein = require("kruptein")(opts);
let secret = "squirrel";
kruptein.set(secret, "Operation mincemeat was an example of deception", (err, ct) => {
if (err)
throw err;
console.log(ct);
});
Get plaintext from ciphertext
To retrieve plaintext from a ciphertext object.
const kruptein = require("kruptein")(opts);
let ciphertext, secret = "squirrel";
kruptein.get(secret, ciphertext, (err, pt) => {
if (err)
throw err;
console.log(pt);
});
Output
The .set()
method output depends on three factors; the encodeas
,
algorithm
and use_asn1
.
For any algorithm that supports authentication (AEAD), the object
structure includes the Authentication Tag
and the Additional Authentication Data
attribute and value.
When the use_asn1
option is enabled (default is true), the result is an ASN.1
value using the encodeas
value. While this is a more complex
encoding option, it helps standardize & minimize the resulting
ciphertext output.
ASN.1 Encoding
When the use_asn1
option is enabled an ASN.1
value encoded with the format specifed with encodeas
option is returned regardless of the cipher mode. This
return type will ensure compatibility with various database engines and the character set encoding available
for them.
Examples:
# enocdeas = binary
0\u0001n\u0004\u0019Âû ìÃ#$Ãôý\u001d(a6'P>\u00042éUÃÃ2è©kÂdkçEö«\"°ÂÂLI,ý<\rñI»\b\u0004\u0010N6K±ü\u001eC\nÃî.E\u0004À¿K¼nO¶%ÂÂÃÃ&jc6_ê.Wû}Ãy`1KCZiÂÃ'QHï\rÂqæà ô\u0011÷ÂFfÂë\\`\u0015º§ÂÂÂ\u000fÂÃÂ\u0014TÂÂPå¸Ãô}ý\u0002°1¡Ã¯ðÂÃ\u0015%j