
Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
@doctormckay/crypto
Advanced tools
As with everything in the @doctormckay namespace on npm, this is mostly for my own usage. If you want to use it that's fine, but don't expect any support. I'll respect semver so you don't need to worry about breaking changes if you pin your dependencies properly.
This is just a module that uses node's built-in crypto
module. The idea is to make it easier to encrypt stuff
and store it on disk or send it over the wire securely.
See here for the supported ciphers.
buffer
- A Buffer
objectReturns true
if the input buffer is a well-formed blob which can be decrypted by this module.
cipher
- One of the Cipher constantskey
- Either a string or a Buffer
containing your encryption keydata
- Either a string (interpreted as UTF-8) or a Buffer
containing the plaintext you want to encryptReturns a Buffer
containing the encrypted contents. The output should be interpreted as a black box, but for reference
here is the structure:
magic
- A 2-byte magic valueflags
- A 1-byte bitstring of flagscipher
- A 1-byte value containing the cipher constantAll remaining data is left up to the specific cipher.
AES256CTRWithHMAC
ivLength
- A 1-byte value containing the length of the IViv
- The randomly-generated binary IV (length given by ivLength
)ciphertext
- The encrypted ciphertexthmac
- The HMAC (20 bytes)The key
may be interpreted differently depending on the cipher.
AES256CTRWithHMAC
- The key is hashed with SHA256 and the binary hash is used as the keykey
- Either a string or a Buffer
containing your encryption key (should match what was given to encrypt())data
- A Buffer
containing your encrypted data (should be identical to what was returned by encrypt())expectAuthentication
- Optional. If true
, this will throw an Error
if the data is not authenticated (e.g. with HMAC)Decrypts a buffer and returns the plaintext. If you originally passed a string to encrypt()
, this will return a
UTF-8 string. Otherwise, it will return a Buffer
.
FAQs
An implementation of Node's crypto
We found that @doctormckay/crypto demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.