Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
micro-aes-gcm
Advanced tools
Readme
Authenticated data encryption with AES-GCM. Allows to encrypt arbitrary data in a cryptographically secure & modern way.
A simple wrapper over node.js and browser aes-gcm implementations. No dependencies.
npm install micro-aes-gcm
import * as aes from "micro-aes-gcm";
const key = Uint8Array.from([
64, 196, 127, 247, 172, 2, 34,
159, 6, 241, 30, 174, 183, 229,
41, 114, 253, 122, 119, 168, 177,
243, 155, 236, 164, 159, 98, 72,
162, 243, 224, 195
]);
const plaintext = "Hello world";
const ciphertext = await aes.encrypt(key, message);
const plaintext = await aes.decrypt(key, ciphertext);
console.log(aes.toUTF8(plaintext) === message);
// Also works in browsers
function encrypt(key: Uint8Array, plaintext: Uint8Array|string): Promise<Uint8Array>;
plaintext
in encrypt
can be either a Uint8Array, or a string. If it's a string,
new TextDecoder().encode(plaintext)
would be executed before passing it further.
function decrypt(key: Uint8Array, ciphertext: Uint8Array): Promise<Uint8Array>;
Note that decrypt
always returns Uint8Array
. If you've encrypted UTF-8 string,
toUTF8(result)
should be enough to get it back.
Secretbox receives one key, and one plaintext.
The output format is: iv + ciphertext + mac
:
iv
is 12 bytes; it's an initialization vector for AES-GCM mode.ciphertext
length depends on plaintextmac
is 16 bytes; AES-GCM calculates this authentication tag for us.To slice through IV and MAC, you can use Uint8Array.prototype.slice()
:
const ciphertext = await encrypt(key, plaintext);
const iv = ciphertext.slice(0, 12);
const mac = ciphertext.slice(-16);
DJB's secretbox uses XSalsa20-Poly1305. We'll use AES-GCM, which is also a good choice. DJB mentioned the AES box in his TODOs.
AES has been selected over Salsa, because it's natively implemented in Node & browsers and doesn't require any 3rd-party libraries.
MIT (c) Paul Miller (https://paulmillr.com), see LICENSE file.
FAQs
0-dep wrapper around webcrypto AES-GCM. Has optional RFC 8452 SIV implementation
The npm package micro-aes-gcm receives a total of 763 weekly downloads. As such, micro-aes-gcm popularity was classified as not popular.
We found that micro-aes-gcm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.