A crypt utility with zero dependencies to encrypt and decrypt data by abstracting the native crypto module.
| Algorithm | Secure |
|---|---|
| AES_128_CBC | 🟢 Yes |
| AES_192_CBC | 🟢 Yes |
| AES_256_CBC | 🟢 Yes |
| AES_128_CFB | 🟢 Yes |
| AES_192_CFB | 🟢 Yes |
| AES_256_CFB | 🟢 Yes |
| AES_128_CTR | 🟢 Yes |
| AES_192_CTR | 🟢 Yes |
| AES_256_CTR | 🟢 Yes |
| AES_128_ECB | 🔴 No |
| AES_192_ECB | 🔴 No |
| AES_256_ECB | 🔴 No |
| AES_128_OFB | 🟢 Yes |
| AES_192_OFB | 🟢 Yes |
| AES_256_OFB | 🟢 Yes |
| CHACHA20_POLY_1305 | 🟢 Yes |
| RSA | 🟢 Yes |
Try to use secure algorythms but the most important is how you protect the keys.
Using the factory method
import { EncryptionFactory, Algorithm } from 'cryptaculous';
const crypt = EncryptionFactory.createEncryption(Algorithm.AES_256_CBC, {
key: "1c5b2bc5789a0f9b0c576950aaf049b6",
iv: "704a59f3d523c765",
});
const cryptedSecret = crypt.encrypt("secret"); // -> EV2YEWJZcpLdBrkqdDij3Q==
const decryptedSecret = crypt.decrypt(cryptedSecret); // -> secretUsing a strategies to change the strategy in execution time
import { Encryption, Aes256Cbc } from 'cryptaculous';
const crypt = new Encryption();
if (config.encryptionAlgorith === Algorithm.AES_256_CBC) {
crypt.setStrategy(new Aes256Cbc({
key: "1c5b2bc5789a0f9b0c576950aaf049b6",
iv: "704a59f3d523c765",
}))
}
const secret = "secret";
const crypted = crypt.encrypt(secret); // -> EV2YEWJZcpLdBrkqdDij3Q==
const decrypted = crypt.decrypt(crypted); // -> secretNote: If no strategy set throws MissingStrategyException
Random encryption is a secure way to use different key and initial vector without defining them each time.
It allows you to generate encryption by passing only the value to be encrypted, and it will generate the key and the vector, returning them as a keychain for future use.
The decrypt method receives that keychain and returns the original value.
Note: Only compatible with Symmetric algorythms
import { RandomEncryption, Algorithm } from 'cryptaculous';
const cryptedValue = RandomEncryption.encrypt(Algorithm.AES_256_CBC, "secret");
/*
cryptedValue {
payload: 'sSnpCXqFnB+Q1VIf4bL0Fw==',
algorithm: 'aes-256-cbc',
key: '3668f7a00c5b762c14f2792b0fa866e3',
iv: '5f5806eca2eceae3'
}
*/
const decryptedValue = RandomEncryption.decrypt(cryptedValue) // -> secretimport { Encryption, RsaEncryption } from 'cryptaculous';
const encryption = new Encryption();
const rsaStrategy = new RsaEncryption();
const { privateKey, publicKey } = RsaEncryption.generateKeyPairSync('rsa', {
modulusLength: 2048,
publicKeyEncoding: { type: 'spki', format: 'pem' },
privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
});
encryption.setStrategy(rsaStrategy);
rsaStrategy.setKeys({ privateKey, publicKey });
const secret = 'secret';
const crypted = encryption.encrypt(secret);
/*
cryped:
G8r816lSY0MVBcxq4EY14SeaoU4oIAK9I2PP8bksLt3KpVzkr7Ncnt4g9517noffn9P1dHbdwxvw9EIMjD4JtuR2okL4TK0BjgMlAoN07SikHmucmcoVF9IdFAK7FcT6LiEveVktSN+Wfu/nOQLH3t032Tk2aaS9vOVGo8j6LFSf5zZcJpgs4/mLh7Z25SUden47CFc2X18I+BUx6ufKfGulq3CLO4oyXGQ+Pw0BNLH5ZRr564kaJcrKx4Dr/ZxxdMVEj8N6K39MonVGebTlNCHbkJdFh0z/bklJXRaGeMke6homSD3yKvb7O45LOlz+fKme2MvCWl+8LLt4SB/cUQ==
*/
const decrypted = encryption.decrypt(crypted);
const decryptedValue = RandomEncryption.decrypt(cryptedValue) // -> secret
// You could use compare method
rsa.compare("secret", crypted) // -> true| name |
|---|
| UnsupportedAlgorithmException |
| MissingStrategyException |
| InvalidKeyLengthException |
| InvalidIVLengthException |
| DecryptionFailedException |
| EncryptionFailedException |
| MissingPrivateKeyException |
| MissingPublicKeyException |
