crypto (krip-toh); from kruptein to hide or conceal.
While this started out as an exercise in understanding, it is now a solution that helps ensure best practices for all aspects of symmetric encryption is performed. Handles key derivation, eliminates weak algorithms, key sizes and modes, handles tampering and supports encoding types and languages (unicode).
Here you can experiment with the module to ensure it will suit your needs. kruptein
To install npm install kruptein
.set(secret, plaintext, [aad], callback).get(secret, ciphertext, [{at: auth_tag, aad: aad}], callback)Industry standards are used for the algorithm, hashing algorithm, key & IV sizes. The default key derivation is pbkdf2, however use of the scrypt derivation function can be enabled.
algorithm: (Optional) Cipher algorithm from crypto.getCiphers(). Default: aes-256-gcm.hashing: (Optional) Hash algorithm from crypto.getHashes(). Default: sha384.encodeas: (Optional) Output encoding. Currently supports binary, hex, & base64. Default: base64.key_size: (Optional) Key size bytes (should match block size of algorithm). Default: 32iv_size: (Optional) IV size bytes. Default: 16.at_size: (Optional) Authentication tag size. Applicable to gcm & ocb cipher modes. Default: 128.use_scrypt: (Optional) Use .scrypt() to derive a key. Requires node > v10. Default/Fallback: .pbkdf2().use_argon2: (Optional) Use .argon2id() to derive a key. Requires node > v24. Default/Fallback: .pbkdf2().use_asn1: (Optional) Disable the default ASN.1 encoding. Default: trueWhen selecting an algorithm from crypto.getCiphers() the
iv and key_size values are calculated auto-magically to make implementation
easy.
You can always define your own if the defaults per algorithm and mode
aren't what you would like; see the options section above.
An example of creating a new ciphertext object.
const kruptein = require("kruptein")(opts);
let secret = "A$tr0nGp@$S";
kruptein.set(secret, "Some kind of wonderfully private message", (err, ct) => {
if (err)
throw err;
console.log(ct);
});
An example of retrieveing plaintext from a ciphertext object.
const kruptein = require("kruptein")(opts);
let ciphertext, secret = "A$tr0nGp@$S";
kruptein.get(secret, ciphertext, (err, pt) => {
if (err)
throw err;
console.log(pt);
});
The .set() method output depends on three factors; the encodeas,
algorithm and use_asn1.
For any algorithm that supports authentication (AEAD), the object
structure includes the Authentication Tag and the Additional Authentication Data attribute and value.
When the use_asn1 option is enabled (default is true), the result
is an ASN.1
value using the encodeas value. While this is a more complex
encoding option, it helps standardize & minimize the size of the
resulting ciphertext output.
The included test harness, invoked with npm test, makes every
attempt to trap and handle errors. Some of which come from side
channel or possible malability of the resultant ciphertext.
This can be seen within the test/index.js CI test harness under
the HMAC, AT & AAD validation test cases.
This module conforms to industry recommendations regarding algorithm type, mode, key size, iv size & implementation, digests, key derivation & management etc. References used provided here:
RFC:
NIST:
FIPS:
Contributions are welcome & appreciated!
Refer to the contributing document to help facilitate pull requests.
This software is licensed under the MIT License.
Copyright Jason Gerfen, 2019.
FAQs
crypto; from kruptein to hide or conceal
The npm package kruptein receives a total of 130,940 weekly downloads. As such, kruptein popularity was classified as popular.
We found that kruptein demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Claude Opus 4.6 has uncovered more than 500 open source vulnerabilities, raising new considerations for disclosure, triage, and patching at scale.
Research
/Security News
Malicious dYdX client packages were published to npm and PyPI after a maintainer compromise, enabling wallet credential theft and remote code execution.
Security News
gem.coop is testing registry-level dependency cooldowns to limit exposure during the brief window when malicious gems are most likely to spread.