Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

node-scr

Package Overview
Dependencies
Maintainers
2
Versions
4
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node-scr

JavaScript library to work with Secure Content Resource (SCR) objects

  • 0.3.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
6.6K
decreased by-19.94%
Maintainers
2
Weekly downloads
 
Created
Source

node-scr

A JavaScript implementation of Secure Content Resource (SCR) for current web browsers and node.js-based servers. An SCR provides enough information to find and decrypt large protected content (e.g., shared file).

Installing

To install the latest from NPM:

  npm install node-scr

Or to install a specific release:

  npm install node-scr@0.2.0

Alternatively, the latest unpublished code can be installed directly from the repository:

  npm install git+ssh://git@github.com:cisco/node-scr.git

Basics

Require the library as normal:

var SCR = require("node-scr");

This library uses Promises for most operations.

This library supports Browserify. To use in a web browser, require('node-scr') and bundle with the rest of your app.

The content to be encrypted or returned from being decrypted are Buffer objects.

Creating

To create an empty SCR:

var scrObject;
SCR.create().
    then(function(result) {
      // {result} is a SRC object
      scrObject = result;
    });

The SCR object has the following properties:

  • "enc" - The Content Encryption Algorithm (from JWA)
  • "key" - The raw content encryption key (as a 'node-jose' jose.JWK.Key object)
  • "iv" - The initialization vector (as a Buffer)
  • "aad" - The additional authenticated data (as a String)
  • "loc" - The location (usually a URI) where the encrypted content is published
  • "tag" - The authentication tag (as a Buffer)

SCR.create() populates the cryptographic input factors (key, IV, additional authentication data).

The "loc" member is set by the API user, and the "tag" member is set by scrObject.encrypt().

Dealing with Content

To encrypt content:

// {input} is one of:
// -  a node.js Buffer
// -  an ArrayBuffer
// -  a TypedArray
scrObject.encrypt(input).
    then(function(output) {
      // {output} is *just* the encrypted content, as a Buffer
      // "tag" member of {scrObject} is populated with authentication tag
      ....
    });

The result from encrypt()'s resolved Promise can be passed directly to a WebSocket, XMLHttpRequest, or other processor.

To decrypt content:

// *NOTE:* {scrObject} has the correct "tag" for the (encrypted) content
scrObject.decrypt(output).
    then(function(input) {
      // {input} is the decrypted content, as a Buffer
      ....
    });

Importing/Exporting as a JWE

Encrypted JWEs are appropriate to be shared with recipients.

To export the SCR as a JWE:

var jwe;
// {key} is a JWK from 'node-jose', or the JSON representation of a JWK
scrObject.toJWE(key).
    then(function(result) {
      // {result} is a string representing the JWE using the Compact Serialization
      jwe = result;
    });

To import the SCR from a JWE:

var scrObject;
// {key} is a JWK from 'node-jose', or the JSON representation of a JWK
// {jwe} is a JWE using any of the serializations (Compact, JSON Flattened, JSON General)
SCR.fromJWE(key, jwe).
    then(function(result) {
      // {result} is a SCR object
      scrObject = result;
    });

As JSON

NOTE: The JSON representation SHOULD NOT be shared outside of running code. It contains all the information necessary to decrypt content

An SCR has the following members (presented as JCR):

scr {
  "enc" : string,   ; Content Encryption Algorithm from [RFC7518]
  "key" : string,   ; base64url-encoded raw key value
  "iv"  : string,   ; base64url-encoded initialization vector
  "aad" : string,   ; Additional authenticated data (AAD)
  "loc" : ? uri,    ; Location of encrypted content
  "tag" : ? string  ; base64url-encoded authentication tag
}

The "loc" and "tag" members are optional:

  • "loc" is set by the API user (usually after the encrypted content is published; e.g., uploaded to a sharing service)
  • "tag" is set by scrObject.encrypt()

A complete example of an SCR as JSON:

{
  "enc": "A256GCM",
  "key": "Ce3pe4stGd3tvZdSR3ekIoNjF3Q3V6R0oMN4SSGKbyI",
  "iv": "AeU_KNtJ8dbl9k1N",
  "aad": "2015-08-14T17:03:35.504Z",
  "loc": "https://fireshare.example/files/db2daa25-cf41-492b-bc7b-90436949b17c",
  "tag": "ZaRZ5vh1u7lyulUrvTKUDw"
}

To export an SCR to a JSON object:

var output = scrObject.toJSON();

To import an SCR from a JSON object:

var scrObject;
// {input} is a JSON representation
SCR.create(input).
    then(function(result) {
      scrObject = result;
    });

Keywords

FAQs

Package last updated on 21 Oct 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc