uppy-encrypt
Advanced tools
Uppy plugin to encrypt and decrypt files in the browser before upload using libsodium-wrappers
An Uppy Plugin to encrypt files on the browser before it's uploaded. Uppy Encrypt also comes with the ability to decrypt browser-side.
Uppy Encrypt uses libsodium.js for all the cryptographical magic.
npm i uppy-encrypt
import { Uppy } from '@uppy/core';
import UppyEncryptPlugin from 'uppy-encrypt';
const uppy = new Uppy();
uppy.use(UppyEncryptPlugin);
// Optional: Set password manually, or disregard and a random password will be auto-generated
// uppy.setMeta({ password: '$upers3cret!' });
uppy.on('complete', async (result) => {
for (const file of result.successful) {
const salt = file.meta.encryption.salt; // Salt value used to increase security
const header = file.meta.encryption.header; // Header encryption data to kick off the decryption process
const hash = file.meta.encryption.hash; // Secure 1-way hash of the password
const meta = file.meta.encryption.meta; // Encrypted file meta data (file name, type)
// ^ These are all safe to store in a database
}
});
import { UppyDecrypt, uppyEncryptReady } from 'uppy-encrypt';
// Use the values generated from the encryption process
// Usually, these would be stored/retrieved from a database
const decrypt = async (hash, password, salt, header, meta, encryptedFileUrl) => {
// Ensure required libraries are loaded
await uppyEncryptReady();
// Verify provided password against the stored hash value
if (!UppyDecrypt.verifyPassword(hash, password)) {
// Invalid password
return;
}
// Decrypt Metadata
const decryptor = new UppyDecrypt(password, salt, header);
const decryptedMeta = decryptor.getDecryptedMetaData(meta.header, meta.data);
// Fetch & Decrypt the encrypted file
const file = await fetch(encryptedFileUrl);
const blob = await file.blob();
const decrypted = await decryptor.decryptFile(blob);
// Do something with the decrypted file, like download it
if (decrypted) {
const aElement = document.createElement('a');
aElement.setAttribute('download', decryptedMeta.name);
const href = URL.createObjectURL(decrypted);
aElement.href = href;
aElement.setAttribute('target', '_blank');
aElement.click();
URL.revokeObjectURL(href);
}
}
FAQs
Uppy plugin to encrypt and decrypt files in the browser before upload using libsodium-wrappers
The npm package uppy-encrypt receives a total of 0 weekly downloads. As such, uppy-encrypt popularity was classified as not popular.
We found that uppy-encrypt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Research
A malicious npm campaign is targeting Ethereum developers by impersonating Hardhat plugins and the Nomic Foundation, stealing sensitive data like private keys.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.