@casual-simulation/crypto - npm Package Compare versions

Comparing version 1.2.2 to 1.4.4

CryptoImpl.js

@@ -0,1 +1,2 @@
+export {};
 //# sourceMappingURL=CryptoImpl.js.map

Encryption.d.ts

@@ -49,13 +49,102 @@ interface DerivedKey {
  * version 1 encryptions use XSalsa20 as the cipher and Poly1305 for authentication in addition to scrypt for password-based key derivation.
+ *
+ * @param password The password to use to decrypt the data.
+ * @param cyphertext The cyphertext produced from encryptV1().
+ */
+export declare function decryptV1(password: string, cyphertext: string): Uint8Array;
+/**
+ * Creates a keypair that can be used for public key authenticated encryption.
+ *
+ * The returned keypair contains a version number at the beginning which determines the format of the following data.
+ *
+ * vEK1 keypairs use x25519 with XSalsa20 and Poly1305.
+ * The output string is formatting as following with periods between the components:
+ * 1. The version number (vEK1) - the EK is for "encryption keypair".
+ * 2. The base64 of the public key.
+ * 3. The base64 of the encrypted private key.
+ *
+ * @param password The password that should be used to encrypt the private key of the keypair.
+ */
+export declare function asymmetricKeypair(password: string): string;
+/**
+ * Creates a version 1 keypair that can be used for public key authenticated encryption.
+ *
+ * The returned keypair contains a version number at the beginning which determines the format of the following data.
+ *
+ * vEK1 keypairs use x25519 with XSalsa20 and Poly1305.
+ * The output string is formatting as following with periods between the components:
+ * 1. The version number (vEK1) - the EK is for "encryption keypair".
+ * 2. The base64 of the public key.
+ * 3. The base64 of the encrypted private key.
+ *
+ * @param password The password that should be used to encrypt the private key of the keypair.
+ */
+export declare function asymmetricKeypairV1(password: string): string;
+/**
+ * Encrypts the given data with the given keypair and returns the resulting cyphertext.
+ *
+ * The returned cyphertext contains a version number at the beginning which determines the format of the following data.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * vA1 encryptions technically use two keypairs for encryption/decryption. One for the local party and one for the remote party.
+ * These two parties are used to calculate a shared key that is then used to encrypt and authenticate the data.
+ * When encrypting, a new keypair is generated and used for the "local" party while the given keypair is used for the remote party.
+ * The secret key is then discarded while the public key is included in the output to make it possible for the other party to decrypt the data.
+ *
  * The output string is formatted as following with periods between the components:
- * 1. The version number (v1)
- * 2. The base64 of the salt used to derive the key from the password. (pseudorandom)
+ * 1. The version number (vA1). The "A" means "asymmetric".
+ * 2. The base64 of the public key of the keypair used to encrypt the data.
  * 3. The base64 of the nonce used by the cipher. (pseudorandom)
  * 4. The base64 of the encrypted data.
  *
- * @param password The password to use to decrypt the data.
- * @param cyphertext The cyphertext produced from encryptV1().
+ * @param keypair The keypair to use to encrypt.
+ * @param data The data to encrypt.
  */
-export declare function decryptV1(password: string, cyphertext: string): Uint8Array;
+export declare function asymmetricEncrypt(keypair: string, data: Uint8Array): string;
+/**
+ * Encrypts the given data with the given keypair and returns the resulting cyphertext.
+ *
+ * The returned cyphertext contains a version number at the beginning which determines the format of the following data.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * vA1 encryptions technically use two keypairs for encryption/decryption. One for the local party and one for the remote party.
+ * These two parties are used to calculate a shared key that is then used to encrypt and authenticate the data.
+ * When encrypting, a new keypair is generated and used for the "local" party while the given keypair is used for the remote party.
+ * The secret key is then discarded while the public key is included in the output to make it possible for the other party to decrypt the data.
+ *
+ * The output string is formatted as following with periods between the components:
+ * 1. The version number (vA1). The "A" means "asymmetric".
+ * 2. The base64 of the public key of the keypair used to encrypt the data.
+ * 3. The base64 of the nonce used by the cipher. (pseudorandom)
+ * 4. The base64 of the encrypted data.
+ *
+ * @param keypair The keypair to use to encrypt.
+ * @param data The data to encrypt.
+ */
+export declare function asymmetricEncryptV1(keypair: string, data: Uint8Array): string;
+/**
+ * Decrypts the given data with the given keypair and returns the resulting plaintext.
+ * Returns null if the data was unable to be decrypted.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * @param keypair The keypair to use to decrypt the data.
+ * @param password The password that should be used to decrypt the keypair's private key.
+ * @param cyphertext The data to decrypt.
+ */
+export declare function asymmetricDecrypt(keypair: string, password: string, cyphertext: string): Uint8Array;
+/**
+ * Decrypts the given data with the given keypair using version 1 of the asymmetric encryption mechanisms in this file and returns the resulting
+ * plaintext. Returns null if the data was unable to be decrypted.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * @param keypair The keypair to use to decrypt the data.
+ * @param password The password that should be used to decrypt the keypair's private key.
+ * @param cyphertext The data to decrypt.
+ */
+export declare function asymmetricDecryptV1(keypair: string, password: string, cyphertext: string): Uint8Array;
 export {};
 //# sourceMappingURL=Encryption.d.ts.map

Encryption.js

@@ -1,2 +0,2 @@
-import { randomBytes, secretbox } from 'tweetnacl';
+import { randomBytes, secretbox, box } from 'tweetnacl';
 import { syncScrypt } from 'scrypt-js';
@@ -86,7 +86,2 @@ import { fromByteArray, toByteArray } from 'base64-js';
  * version 1 encryptions use XSalsa20 as the cipher and Poly1305 for authentication in addition to scrypt for password-based key derivation.
- * The output string is formatted as following with periods between the components:
- * 1. The version number (v1)
- * 2. The base64 of the salt used to derive the key from the password. (pseudorandom)
- * 3. The base64 of the nonce used by the cipher. (pseudorandom)
- * 4. The base64 of the encrypted data.
  *
@@ -130,2 +125,194 @@ * @param password The password to use to decrypt the data.
 }
+/**
+ * Creates a keypair that can be used for public key authenticated encryption.
+ *
+ * The returned keypair contains a version number at the beginning which determines the format of the following data.
+ *
+ * vEK1 keypairs use x25519 with XSalsa20 and Poly1305.
+ * The output string is formatting as following with periods between the components:
+ * 1. The version number (vEK1) - the EK is for "encryption keypair".
+ * 2. The base64 of the public key.
+ * 3. The base64 of the encrypted private key.
+ *
+ * @param password The password that should be used to encrypt the private key of the keypair.
+ */
+export function asymmetricKeypair(password) {
+    return asymmetricKeypairV1(password);
+}
+/**
+ * Creates a version 1 keypair that can be used for public key authenticated encryption.
+ *
+ * The returned keypair contains a version number at the beginning which determines the format of the following data.
+ *
+ * vEK1 keypairs use x25519 with XSalsa20 and Poly1305.
+ * The output string is formatting as following with periods between the components:
+ * 1. The version number (vEK1) - the EK is for "encryption keypair".
+ * 2. The base64 of the public key.
+ * 3. The base64 of the encrypted private key.
+ *
+ * @param password The password that should be used to encrypt the private key of the keypair.
+ */
+export function asymmetricKeypairV1(password) {
+    const pair = box.keyPair();
+    const encryptedPrivateKey = encrypt(password, pair.secretKey);
+    const encoder = new TextEncoder();
+    const privateKeyBytes = encoder.encode(encryptedPrivateKey);
+    return `vEK1.${fromByteArray(pair.publicKey)}.${fromByteArray(privateKeyBytes)}`;
+}
+function decodeAsymmetricKeypairV1(keypair) {
+    const withoutVersion = keypair.slice('vEK1.'.length);
+    let nextPeriod = withoutVersion.indexOf('.');
+    if (nextPeriod < 0) {
+        return [null, null];
+    }
+    const publicKeyBase64 = withoutVersion.slice(0, nextPeriod);
+    const withoutPublicKey = withoutVersion.slice(nextPeriod + 1);
+    const privateKeyBase64 = withoutPublicKey;
+    const publicKey = toByteArray(publicKeyBase64);
+    const privateKeyBytes = toByteArray(privateKeyBase64);
+    const decoder = new TextDecoder();
+    const privateKey = decoder.decode(privateKeyBytes);
+    return [publicKey, privateKey];
+}
+/**
+ * Encrypts the given data with the given keypair and returns the resulting cyphertext.
+ *
+ * The returned cyphertext contains a version number at the beginning which determines the format of the following data.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * vA1 encryptions technically use two keypairs for encryption/decryption. One for the local party and one for the remote party.
+ * These two parties are used to calculate a shared key that is then used to encrypt and authenticate the data.
+ * When encrypting, a new keypair is generated and used for the "local" party while the given keypair is used for the remote party.
+ * The secret key is then discarded while the public key is included in the output to make it possible for the other party to decrypt the data.
+ *
+ * The output string is formatted as following with periods between the components:
+ * 1. The version number (vA1). The "A" means "asymmetric".
+ * 2. The base64 of the public key of the keypair used to encrypt the data.
+ * 3. The base64 of the nonce used by the cipher. (pseudorandom)
+ * 4. The base64 of the encrypted data.
+ *
+ * @param keypair The keypair to use to encrypt.
+ * @param data The data to encrypt.
+ */
+export function asymmetricEncrypt(keypair, data) {
+    return asymmetricEncryptV1(keypair, data);
+}
+/**
+ * Encrypts the given data with the given keypair and returns the resulting cyphertext.
+ *
+ * The returned cyphertext contains a version number at the beginning which determines the format of the following data.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * vA1 encryptions technically use two keypairs for encryption/decryption. One for the local party and one for the remote party.
+ * These two parties are used to calculate a shared key that is then used to encrypt and authenticate the data.
+ * When encrypting, a new keypair is generated and used for the "local" party while the given keypair is used for the remote party.
+ * The secret key is then discarded while the public key is included in the output to make it possible for the other party to decrypt the data.
+ *
+ * The output string is formatted as following with periods between the components:
+ * 1. The version number (vA1). The "A" means "asymmetric".
+ * 2. The base64 of the public key of the keypair used to encrypt the data.
+ * 3. The base64 of the nonce used by the cipher. (pseudorandom)
+ * 4. The base64 of the encrypted data.
+ *
+ * @param keypair The keypair to use to encrypt.
+ * @param data The data to encrypt.
+ */
+export function asymmetricEncryptV1(keypair, data) {
+    if (!keypair) {
+        throw new Error('Invalid keypair. Must not be null or undefined.');
+    }
+    if (!data) {
+        throw new Error('Invalid data. Must not be null or undefined.');
+    }
+    if (!keypair.startsWith('vEK1.')) {
+        throw new Error('Invalid keypair. Must start with "vEK1."');
+    }
+    const [theirPublicKey, theirPrivateKey] = decodeAsymmetricKeypairV1(keypair);
+    if (!theirPublicKey || !theirPrivateKey) {
+        throw new Error('Invalid keypair. Unable to be decoded.');
+    }
+    const localKeypair = box.keyPair();
+    const myPublicKey = localKeypair.publicKey;
+    const myPrivateKey = localKeypair.secretKey;
+    const nonce = randomBytes(box.nonceLength);
+    const cypherBytes = box(data, nonce, theirPublicKey, myPrivateKey);
+    const cyphertext = `vA1.${fromByteArray(myPublicKey)}.${fromByteArray(nonce)}.${fromByteArray(cypherBytes)}`;
+    return cyphertext;
+}
+/**
+ * Decrypts the given data with the given keypair and returns the resulting plaintext.
+ * Returns null if the data was unable to be decrypted.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * @param keypair The keypair to use to decrypt the data.
+ * @param password The password that should be used to decrypt the keypair's private key.
+ * @param cyphertext The data to decrypt.
+ */
+export function asymmetricDecrypt(keypair, password, cyphertext) {
+    if (!keypair) {
+        throw new Error('Invalid keypair. Must not be null or undefined.');
+    }
+    if (!password) {
+        throw new Error('Invalid password. Must not be null or undefined.');
+    }
+    if (cyphertext.startsWith('vA1.')) {
+        return asymmetricDecryptV1(keypair, password, cyphertext);
+    }
+    return null;
+}
+/**
+ * Decrypts the given data with the given keypair using version 1 of the asymmetric encryption mechanisms in this file and returns the resulting
+ * plaintext. Returns null if the data was unable to be decrypted.
+ *
+ * vA1 encryptions use x25519 for key exchange, XSalsa20 as the cipher and Poly1305 for authentication.
+ *
+ * @param keypair The keypair to use to decrypt the data.
+ * @param password The password that should be used to decrypt the keypair's private key.
+ * @param cyphertext The data to decrypt.
+ */
+export function asymmetricDecryptV1(keypair, password, cyphertext) {
+    if (!keypair) {
+        throw new Error('Invalid keypair. Must not be null or undefined.');
+    }
+    if (!password) {
+        throw new Error('Invalid password. Must not be null or undefined.');
+    }
+    if (!keypair.startsWith('vEK1.')) {
+        throw new Error('Invalid keypair. Must start with "vEK1."');
+    }
+    if (!cyphertext.startsWith('vA1.')) {
+        throw new Error('Invalid cyphertext. Must start with "vA1."');
+    }
+    const [myPublicKey, myEncryptedPrivateKey] = decodeAsymmetricKeypairV1(keypair);
+    if (!myPublicKey || !myEncryptedPrivateKey) {
+        throw new Error('Invalid keypair. Unable to be decoded.');
+    }
+    const myPrivateKey = decrypt(password, myEncryptedPrivateKey);
+    if (!myPrivateKey) {
+        throw new Error('Invalid keypair. Unable to decrypt the private key.');
+    }
+    const withoutVersion = cyphertext.slice('vA1.'.length);
+    let nextPeriod = withoutVersion.indexOf('.');
+    if (nextPeriod < 0) {
+        return null;
+    }
+    const theirPublicKeyBase64 = withoutVersion.slice(0, nextPeriod);
+    const withoutPublicKey = withoutVersion.slice(nextPeriod + 1);
+    nextPeriod = withoutPublicKey.indexOf('.');
+    if (nextPeriod < 0) {
+        return null;
+    }
+    const nonceBase64 = withoutPublicKey.slice(0, nextPeriod);
+    const dataBase64 = withoutPublicKey.slice(nextPeriod + 1);
+    if (dataBase64.length <= 0) {
+        return null;
+    }
+    const theirPublicKey = toByteArray(theirPublicKeyBase64);
+    const nonce = toByteArray(nonceBase64);
+    const data = toByteArray(dataBase64);
+    return box.open(data, nonce, theirPublicKey, myPrivateKey);
+}
 //# sourceMappingURL=Encryption.js.map

index.js

@@ -0,1 +1,3 @@
+export * from './SignatureAlgorithm';
+export * from './CryptoImpl';
 export * from './utils';
@@ -2,0 +4,0 @@ export * from './HashHelpers';

package.json

 {
     "name": "@casual-simulation/crypto",
-    "version": "1.2.2",
+    "version": "1.4.4",
     "description": "Crypto helpers used by AUX",
@@ -52,3 +52,3 @@ "keywords": [
     },
-    "gitHead": "f58d0166cde559d0586df3049d977c528a04aee2"
+    "gitHead": "4a5728b6fc1f205f9c2c7b661d45c49232353620"
 }

SignatureAlgorithm.js

@@ -0,1 +1,2 @@
+export {};
 //# sourceMappingURL=SignatureAlgorithm.js.map

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

67787

increased by35.5%

Lines of code

1116

increased by33.49%

No dependency changes