node-crypt

node-crypt

A simple wrapper to handle encryption of strings. To the best of my knowledge, this implements best practices for encryption including:

• aes-256-ctr encryption algorithm
• custom Initialization Vector for each encrypted value
• HMAC/constant time compare to prevent tampering

Getting Started

Install the module with: npm install --save node-crypt

Examples

Using the module is pretty simple. Create an instance of the crypto class with 32bit hex keys for both key and hmacKey.

TIP: You can create some keys using the nodejs crypto library: require('crypto').randomBytes(32).toString('hex');

const Crypto = require('node-crypt');
const crypto = new Crypto({
  key: 'b95d8cb128734ff8821ea634dc34334535afe438524a782152d11a5248e71b01',
  hmacKey: 'dcf8cd2a90b1856c74a9f914abbb5f467c38252b611b138d8eedbe2abb4434fc'
});

// Have some data you want to protect
const unencryptedValue = 'your secret value';

// Encrypt it
const encryptedValue = crypto.encrypt(unencryptedValue);

// Decrypt it
const decryptedValue = crypto.decrypt(encryptedValue);
should(decryptedValue).eql(unencryptedValue);

You can also encrypt binary data using buffers:

const Crypto = require('node-crypt');
const crypto = new Crypto({
  key: 'b95d8cb128734ff8821ea634dc34334535afe438524a782152d11a5248e71b01',
  hmacKey: 'dcf8cd2a90b1856c74a9f914abbb5f467c38252b611b138d8eedbe2abb4434fc'
});

// Have some data you want to protect
const unencryptedValue = Buffer.from([0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f], 'binary');

// Encrypt it
const encryptedValue = crypto.encryptBuffer(unencryptedValue);

// Decrypt it
const decryptedValue = crypto.decryptBuffer(encryptedValue);
should(decryptedValue).eql(unencryptedValue);

### Proof in the Pudding As you can see here; encrypting the same string each time produces an entirely different value:

$ node
> const Crypto = require('./');
undefined
> const crypto = new Crypto({
...   key: 'b95d8cb128734ff8821ea634dc34334535afe438524a782152d11a5248e71b01',
...   hmacKey: 'dcf8cd2a90b1856c74a9f914abbb5f467c38252b611b138d8eedbe2abb4434fc'
... });
undefined
> crypto.encrypt('karl likes security');
'ad81f64f05f3bdcd99a4a173cf135c9a519948|c709a94576a80bdf2f7ac26d21e67d82|00b9012f9dd666c67d55d7010ecfcede8a188e8c0766f0ebdeb2812fc4ac65c6'
> crypto.encrypt('karl likes security');
'9a372f88874ec7632c3a373e3b7e81304a7563|70ee6f46c092909f7c2e366aaad6ed8f|4d40ab24e205a4b334062a95c4a6223a10adbc770c46aa3bb85d05b77fc904f4'
> crypto.encrypt('karl likes security');
'39a1f1472041d2ec13bb7e61bea03c89d43b80|8f8461c17264235dc73bf98ab40cfcc5|2080cd2bcaad6a08f4e0e5b7bb2473c49d626a4197d572fcfbda360ccd5509bd'

Contributing

In lieu of a formal styleguide, take care to maintain the existing coding style. Add unit tests for any new or changed functionality. Lint and test your code using Grunt.

Release History

• 0.1.0 Initial Release
• 0.1.1 Documentation update
• 0.1.2 Tidyup
• 1.0.0 Major changes, totally not backwards compatible in any way. HMAC and IV.
• 1.0.1 README updated
• 1.1.0 Added support for buffers

License

Copyright (c) 2017 Karl Stoney Licensed under the Apache-2.0 license.