basic-crypto - npm Package Compare versions

Comparing version 1.0.0 to 1.0.1

helpers.js

		@@ -37,3 +37,3 @@ 'use strict'
		// pbkdf2, bcrypt, scrypt, etc.
		return newBuffer(truncateTo(len)(crypto.createHash('sha256').update(key).digest('hex')))
		return newBuffer(truncateTo(len)(crypto.createHash('sha256').update(key).digest('base64')))
		}
		@@ -40,0 +40,0 @@

package.json

		{
		"name": "basic-crypto",
		"version": "1.0.0",
		"version": "1.0.1",
		"description": "basic crypto wrapper, with sensible defaults",
		@@ -5,0 +5,0 @@ "main": "index.js",

README.md

		@@ -5,3 +5,3 @@ # basic-crypto

		Basic, high-level, opnionated crypto suite. <sup id="a1">[1](#f1)</sup>
		Basic, high-level, opnionated crypto suite. <sup name="anchor0">[0](#footnote0)</sup>

		@@ -14,12 +14,12 @@ This module lets you encrypt and decrypt strings in your Node.js application.

		- [x] dependency-free -- except node's internal `crypto` module <sup id="a1">[1](#f1)</sup>
		- [x] dependency-free -- except node's internal `crypto` module <sup name="anchor1">[1](#footnote1)</sup>
		- [x] simple api -- `encrypt(plaintext)` & `decrypt(cypherText)`
		- [x] message authentication -- turn on by setting `{integrity: true}`
		- [x] encryption and hash keys pinning, or generating them on-the-fly
		- [x] tested -- my first atempt at a _"decently tested"_ module <sup id="a2">[2](#f2)</sup>
		- [x] tested -- my first atempt at a _"decently tested"_ module <sup name="anchor2">[2](#footnote2)</sup>
		- [x] secure -- protected against HMAC timing attack, uses PRNG IV, etc
		- [x] convenient useage -- methods provides both sync and async signatures
		- [x] very small codebase -- easy to examine
		- [ ] proper key stretching -- safe to handle user provided criptographic keys <sup id="a3">[3](#f3)</sup>
		- [ ] truly async methods -- leverage streaming crypto functions <sup id="a4">[4](#f4)</sup>
		- [ ] proper key stretching -- safe to handle user provided criptographic keys <sup name="anchor3">[3](#footnote3)</sup>
		- [ ] truly async methods -- leverage streaming crypto functions <sup name="anchor4">[4](#footnote4)</sup>

		@@ -57,3 +57,3 @@
		syncronous:
		accepts only one argument. <sup id="a5">[5](#f5)</sup>
		accepts only one argument. <sup name="anchor5">[5](#footnote5)</sup>
		```javascript
		@@ -92,3 +92,3 @@ var plainText = 'any string, multibyte support, etc'
		valid options:
		- `key:` `[string, optional]` Set a fixed cryptographic key. <sup id="a6">[6](#f6)</sup>
		- `key:` `[string, optional]` Set a fixed cryptographic key. <sup name="anchor6">[6](#footnote6)</sup>

		@@ -103,5 +103,5 @@ #### Encrypt then sign
		valid options:
		- `key:` `[string, optional]` Set a fixed cryptographic key. <sup id="a6">[6](#f6)</sup>
		- `key:` `[string, optional]` Set a fixed cryptographic key. <sup name="anchor6">[6](#footnote6)</sup>
		- `integrity:` `[boolean, required]` To enable signing this property must be `true`.
		- `hmacKey:` `[string, optional]` set a fixed signing key. <sup id="a6">[6](#f6)</sup>
		- `hmacKey:` `[string, optional]` set a fixed signing key. <sup name="anchor6">[6](#footnote6)</sup>
		- `hmacSize:` `[integer, optional]` truncate signature to this length.
		@@ -145,8 +145,8 @@

		<span id="f0">`0`</span> As usual, everything is provided "AS-IS", no liability, but I might be using this code in production. Shhhh. [↩](#a0) <br/>
		<span id="f1">`1`</span> And some usual test module, as dev-dependency. [↩](#a1) <br/>
		<span id="f2">`2`</span> Accepting pull requests of unit tests for the helper library. [↩](#a2) <br/>
		<span id="f3">`3`</span> Accepting pull requests of a method implementing pbkdf2. [↩](#a3) <br/>
		<span id="f4">`4`</span> Unfortunelly this leads to code duplication, as the sync methods can't support it. [↩](#a4) <br/>
		<span id="f5">`5`</span> Syncronous code should be always wraped inside a try-catch block, as any erros are thrown. [↩](#a5) <br/>
		<span id="f6">`6`</span> A fixed key is useful when talking to other processes, or storing the key for later. When not provided a key will be generated randomly on the fly, but it's not possible to access this value, and it's unique in each instantiation. [↩](#a6)
		<sup name="footnote0">`0`</sup> As usual, everything is provided "AS-IS", no liability, but I might be using this code in production. Shhhh. [↩](#anchor0) <br/>
		<sup name="footnote1">`1`</sup> And some usual test module, as dev-dependency. [↩](#anchor1) <br/>
		<sup name="footnote2">`2`</sup> Accepting pull requests of unit tests for the helper library. [↩](#anchor2) <br/>
		<sup name="footnote3">`3`</sup> Accepting pull requests of a method implementing pbkdf2. [↩](#anchor3) <br/>
		<sup name="footnote4">`4`</sup> Unfortunelly this leads to code duplication, as the sync methods can't support it. [↩](#anchor4) <br/>
		<sup name="footnote5">`5`</sup> Syncronous code should be always wraped inside a try-catch block, as any erros are thrown. [↩](#anchor5) <br/>
		<sup name="footnote6">`6`</sup> A fixed key is useful when talking to other processes, or storing the key for later. When not provided a key will be generated randomly on the fly, but it's not possible to access this value, and it's unique in each instantiation. [↩](#anchor6)

basic-crypto - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics