Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

nodencrypt

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

nodencrypt

3ncr.org node.js implementation

  • 0.9.0
  • latest
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

nodencrypt (3ncr.org)

3ncr.org is a standard for string encryption/decryption (algorithms + storage format). Originally it was intended for encryption tokens in configuration files.

3ncr.org v1 uses modern cryptographic primitives (SHA3-256, AES-256-GCM) and is fairly simple:

    header + base64(iv + data + tag) 

Encrypted data looks like this 3ncr.org/1#pHRufQld0SajqjHx+FmLMcORfNQi1d674ziOPpG52hqW5+0zfJD91hjXsBsvULVtB017mEghGy3Ohj+GgQY5MQ

This is a node.js implementation.

Usage

const nodenCrypt = new NodenCrypt(secret, salt, 1000);

secret and salt - are encryption keys (technically one of them is key, another is salt, but you need to store them both somewhere, preferably in different places).

You can store them any preferred places: environment variables, files, shared memory, drive from serial numbers or MAC. Be creative.

1000 - is a number of PBKDF2 rounds. The more is better and slower. If you are sure that your secrets are long and random, you can keep this value reasonable low.

After you created the class instance, you can just use encrypt3ncr and decrypt3ncr methods (they accept and return strings):

const token = '08019215-B205-4416-B2FB-132962F9952F'; // your secret you want to encrypt 
const encryptedSecretToken = nodenCrypt.encrypt3ncr(token);
// now encryptedSecretToken === 
// '3ncr.org/1#pHRufQld0SajqjHx+FmLMcORfNQi1d674ziOPpG52hqW5+0zfJD91hjXsBsvULVtB017mEghGy3Ohj+GgQY5MQ'

// ... some time later in another context ...  

const decryptedSecretToken = nodenCrypt.decryptIf3ncr(encryptedSecretToken); 
// now decryptedSecretToken === ''08019215-B205-4416-B2FB-132962F9952F';

Keywords

FAQs

Package last updated on 06 Feb 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc