@authenio/xml-encryption
Advanced tools
@authenio/xml-encryption - npm Package Compare versions
Comparing version 1.3.0 to 2.0.0
@@ -5,3 +5,2 @@ var crypto = require('crypto'); | ||
| var utils = require('./utils'); | ||
| var pki = require('node-forge').pki; | ||
@@ -13,7 +12,13 @@ const insecureAlgorithms = [ | ||
| 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc']; | ||
| function encryptKeyInfoWithScheme(symmetricKey, options, scheme, callback) { | ||
| const padding = scheme === 'RSA-OAEP' ? crypto.constants.RSA_PKCS1_OAEP_PADDING : crypto.constants.RSA_PKCS1_PADDING; | ||
| const symmetricKeyBuffer = Buffer.isBuffer(symmetricKey) ? symmetricKey : Buffer.from(symmetricKey, 'utf-8'); | ||
| try { | ||
| var rsa_pub = pki.publicKeyFromPem(options.rsa_pub); | ||
| var encrypted = rsa_pub.encrypt(symmetricKey.toString('binary'), scheme); | ||
| var base64EncodedEncryptedKey = Buffer.from(encrypted, 'binary').toString('base64'); | ||
| var encrypted = crypto.publicEncrypt({ | ||
| key: options.rsa_pub, | ||
| padding: padding | ||
| }, symmetricKeyBuffer); | ||
| var base64EncodedEncryptedKey = encrypted.toString('base64'); | ||
@@ -253,5 +258,5 @@ var params = { | ||
| function decryptKeyInfoWithScheme(encryptedKey, options, scheme) { | ||
| var key = Buffer.from(encryptedKey.textContent, 'base64').toString('binary'); | ||
| var private_key = pki.privateKeyFromPem(options.key); | ||
| var decrypted = private_key.decrypt(key, scheme); | ||
| var padding = scheme === 'RSA-OAEP' ? crypto.constants.RSA_PKCS1_OAEP_PADDING : crypto.constants.RSA_PKCS1_PADDING; | ||
| var key = Buffer.from(encryptedKey.textContent, 'base64'); | ||
| var decrypted = crypto.privateDecrypt({ key: options.key, padding: padding}, key); | ||
| return Buffer.from(decrypted, 'binary'); | ||
@@ -258,0 +263,0 @@ } |
| { | ||
| "name": "@authenio/xml-encryption", | ||
| "version": "1.3.0", | ||
| "version": "2.0.0", | ||
| "devDependencies": { | ||
@@ -25,3 +25,2 @@ "mocha": "^7.1.2", | ||
| "escape-html": "^1.0.3", | ||
| "node-forge": "^0.10.0", | ||
| "xpath": "0.0.32" | ||
@@ -37,4 +36,4 @@ }, | ||
| "engines": { | ||
| "node": ">=8" | ||
| "node": ">=12" | ||
| } | ||
| } |
@@ -5,3 +5,3 @@ [](https://travis-ci.org/auth0/node-xml-encryption) | ||
| Supports node >= 8 | ||
| Supports node >= 12 | ||
@@ -8,0 +8,0 @@ ## Usage |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Dependency count
- decreased by-25%
3
Worsened metrics
- Total package byte prevSize
- decreased by-67.2%
21205
- Number of package files
- decreased by-11.11%
8
- Lines of code
- decreased by-78.07%
320
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
- Removednode-forge@^0.10.0
- Removednode-forge@0.10.0(transitive)