cryptaculous

Cryptaculous

A crypt utility with zero dependencies to encrypt and decrypt data ​​by abstracting the native crypto module.

Supported Algorithms

Algorithm	Secure
AES_128_CBC	🟢 Yes
AES_192_CBC	🟢 Yes
AES_256_CBC	🟢 Yes
AES_128_CFB	🟢 Yes
AES_192_CFB	🟢 Yes
AES_256_CFB	🟢 Yes
AES_128_CTR	🟢 Yes
AES_192_CTR	🟢 Yes
AES_256_CTR	🟢 Yes
AES_128_ECB	🔴 No
AES_192_ECB	🔴 No
AES_256_ECB	🔴 No
AES_128_OFB	🟢 Yes
AES_192_OFB	🟢 Yes
AES_256_OFB	🟢 Yes
CHACHA20_POLY_1305	🟢 Yes
RSA	🟢 Yes

Examples

Try to use secure algorythms but the most important is how you protect the keys.

Usage

Factory method

Using the factory method

import { EncryptionFactory, Algorithm } from 'cryptaculous';

const crypt = EncryptionFactory.createEncryption(Algorithm.AES_256_CBC, {
    key: "1c5b2bc5789a0f9b0c576950aaf049b6",
    iv: "704a59f3d523c765",
});

const cryptedSecret = crypt.encrypt("secret");        // -> EV2YEWJZcpLdBrkqdDij3Q==
const decryptedSecret = crypt.decrypt(cryptedSecret); // -> secret

Strategy pattern

Using a strategies to change the strategy in execution time

import { Encryption, Aes256Cbc } from 'cryptaculous';

const crypt = new Encryption();

if (config.encryptionAlgorith === Algorithm.AES_256_CBC) {
    crypt.setStrategy(new Aes256Cbc({
      key: "1c5b2bc5789a0f9b0c576950aaf049b6",
      iv: "704a59f3d523c765",
    }))
}

const secret = "secret";
const crypted = crypt.encrypt(secret);    // -> EV2YEWJZcpLdBrkqdDij3Q==
const decrypted = crypt.decrypt(crypted); // -> secret

Note: If no strategy set throws MissingStrategyException

Random encryption is a secure way to use different key and initial vector without defining them each time.

It allows you to generate encryption by passing only the value to be encrypted, and it will generate the key and the vector, returning them as a keychain for future use.

The decrypt method receives that keychain and returns the original value.

RandomEncryption

Note: Only compatible with Symmetric algorythms

import { RandomEncryption, Algorithm } from 'cryptaculous';

const cryptedValue = RandomEncryption.encrypt(Algorithm.AES_256_CBC, "secret");

/*
  cryptedValue {
    payload: 'sSnpCXqFnB+Q1VIf4bL0Fw==',
    algorithm: 'aes-256-cbc',
    key: '3668f7a00c5b762c14f2792b0fa866e3',
    iv: '5f5806eca2eceae3'
  }
*/

const decryptedValue = RandomEncryption.decrypt(cryptedValue) // -> secret

RSA

import { Encryption, RsaEncryption } from 'cryptaculous';

const encryption = new Encryption();
const rsaStrategy = new RsaEncryption();

const { privateKey, publicKey } = RsaEncryption.generateKeyPairSync('rsa', {
    modulusLength: 2048,
    publicKeyEncoding: { type: 'spki', format: 'pem' },
    privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
});

encryption.setStrategy(rsaStrategy);
rsaStrategy.setKeys({ privateKey, publicKey });

const secret = 'secret';
const crypted = encryption.encrypt(secret); 

/*
cryped:
G8r816lSY0MVBcxq4EY14SeaoU4oIAK9I2PP8bksLt3KpVzkr7Ncnt4g9517noffn9P1dHbdwxvw9EIMjD4JtuR2okL4TK0BjgMlAoN07SikHmucmcoVF9IdFAK7FcT6LiEveVktSN+Wfu/nOQLH3t032Tk2aaS9vOVGo8j6LFSf5zZcJpgs4/mLh7Z25SUden47CFc2X18I+BUx6ufKfGulq3CLO4oyXGQ+Pw0BNLH5ZRr564kaJcrKx4Dr/ZxxdMVEj8N6K39MonVGebTlNCHbkJdFh0z/bklJXRaGeMke6homSD3yKvb7O45LOlz+fKme2MvCWl+8LLt4SB/cUQ==
*/

const decrypted = encryption.decrypt(crypted);

const decryptedValue = RandomEncryption.decrypt(cryptedValue) // -> secret

// You could use compare method
rsa.compare("secret", crypted) // -> true

Exceptions

name
UnsupportedAlgorithmException
MissingStrategyException
InvalidKeyLengthException
InvalidIVLengthException
DecryptionFailedException
EncryptionFailedException
MissingPrivateKeyException
MissingPublicKeyException