@socialgouv/aes-gcm-rsa-oaep
Advanced tools
Kubeseal aes-gcm-rsa-oaep encryption implementaton in JavaScript
Readme
AES-GCM + RSA-OAEP encryption/decryption using WebCrypto API in NodeJS or in the browser
Tests uses @peculiar/webcrypto for polyfilling browser crypto api.
This can be used to replace kubeseal encryption in JavaScript environments.
See demo : http://socialgouv.github.io/webseal
import { encryptValue, encryptValues, getSealedSecret } from "@socialgouv/aes-gcm-rsa-oaep"
// encrypt single value
const encryptedValue = encryptValue({
pemKey: "somekey",
scope: "cluster",
namespace: "dev",
name: "my-secret",
value: "plain-value";
});
// encrypt multiple values
const encryptedValue = encryptValues({
pemKey: "somekey",
scope: "cluster",
namespace: "dev",
name: "my-secret",
values: {
value1: "plain1",
value2: "plain2"
}
});
// get sealed-secret
const sealedSecret = getSealedSecret({
pemKey: "somekey",
scope: "cluster",
namespace: "dev",
name: "my-secret",
values: {
value1: "plain1",
value2: "plain2"
}
});
import { pki } from 'node-forge';
import { HybridEncrypt, pemPublicKeyToCryptoKey } from '@socialgouv/aes-gcm-rsa-oaep';
const publicKeyPem = pki.publicKeyToPem(cert.publicKey);
const publicKey = await pemPublicKeyToCryptoKey(publicKeyPem);
const plainText = 'Bonjour le monde';
const label = Buffer.from('');
const result = await HybridEncrypt(publicKey, plainText, label);
const sealedText = Buffer.from(result).toString('base64');
To encrypt content, we go through the following steps :
Generate a 128 bits AES key
Encrypt the payload using the AES-GCM algorithm (with the previously generated key). We use a 12 bits of 0 as IV, because the key is only used once.
Encrypt the AES key using the RSA-OAEP algorithm (using the provided public key).
Generate the output payload this way : (RSA payload length as 2 bytes integer) || (RSA encrypted aes key) || (AES encrypted payload)
FAQs
Kubeseal aes-gcm-rsa-oaep encryption implementaton in JavaScript
The npm package @socialgouv/aes-gcm-rsa-oaep receives a total of 33 weekly downloads. As such, @socialgouv/aes-gcm-rsa-oaep popularity was classified as not popular.
We found that @socialgouv/aes-gcm-rsa-oaep demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.