npm
Sign UpSign In

crypto-middleware

1.2.4 • Public • Published

Members

Visit the new Documentation Site!
bufferSize

BufferSize, this is the size of the buffer that will be used to read the file in chunks and encrypt it in chunks This is a global variable that can be changed to suit the needs of the application. The default value is 5MB AWS Upload Parts minimum is 5MB, hence the default value is set to 5MB, but can be changed to any value from 64KB. It is important to keep the buffersize the same for both encryption and decryption.

Functions

readFileChunk(file)ReadableStream

Reads a chunk of data from a file using the file's stream method. Used in conjunction with the XXX read and process files in chunks.

encryptStream(passphrase)TransformStream

Creates a TransformStream that encrypts input data in chunks using a derived key from a passphrase. Each chunk is encrypted separately with its own initialization vector (IV).

flush()

The FlushHandles any remaining data in the buffer when there is no more data to be consumed from the stream. If there is data left in the buffer, it generates a new initialization vector (IV), creates a subarray from the buffer containing the remaining data, and encrypts this data using the AES-GCM algorithm.

generateIV()Uint8Array

Generates an initialization vector (IV) for cryptographic operations. The IV is a random string of 16 bytes, generated using the crypto API.

handleIV(iv, encryptedFile)Uint8Array

Prepends the initialization vector (IV) and the encryption algorithm used to the encrypted file. The IV is 16 bytes and the algorithm used ('AES-GCM') takes up the remaining bytes, making a total of 23 bytes.

encryptFile(file, passphrase)Promise.<Uint8Array>

Encrypts a file using a derived key from a passphrase. The encryption algorithm used is AES-GCM, and an initialization vector (IV) is generated for each encryption. Note: This function reads the whole file into memory at once, which may not be ideal for large files.

decryptFile(file, passphrase)Promise.<ArrayBuffer>

Decrypts a file using a derived key from a passphrase. The decryption algorithm used is AES-GCM, and the initialization vector (IV) used for encryption is required. Note: This function reads the whole file into memory at once, which may not be ideal for large files.

extractMeta(encryptedFile)Object

Extracts the metadata (initialization vector and algorithm) from an encrypted file. The metadata is expected to be in the first 23 bytes of the file, with the IV in the first 16 bytes and the algorithm in the remaining bytes.

decryptStream(privateKeyOrPassphrase)TransformStream

Creates a TransformStream that decrypts data as it is read. The decryption algorithm used is AES-GCM, and the initialization vector (IV) and algorithm are extracted from each chunk. The data is held in a buffer to match the buffer length of the encrypted file, allowing the header IV and algorithm to be extracted from each chunk. The passphrase is used to authenticate each chunk. If any chunk fails authentication, the whole decryption will fail.

deriveKey(passPhrase)Promise.<CryptoKey>

Derives a cryptographic key from a passphrase using the PBKDF2 algorithm. The derived key can be used for AES-GCM encryption and decryption. The PBKDF2 algorithm is used with a fixed salt and 100,000 iterations, and the SHA-256 hash function. Note: In a production environment, consider using a random salt and storing it securely for key derivation.

exportKeys(keyPair)Promise.<Object>

Exports a key pair (private and public keys) in the JWK (JSON Web Key) format. This function can be used when you want to securely store the keys or transmit them over an insecure network.

encryptPassPhraseWithPublicKey(publicKey, data)Promise.<ArrayBuffer>

Encrypts a passphrase using the recipient's public key.

This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm for encryption. RSA-OAEP is a public-key encryption algorithm that combines the RSA algorithm with the OAEP method. RSA is a widely used public-key encryption algorithm that allows for secure data transmission or storage. OAEP is a padding scheme that enhances the security of RSA by preventing certain types of attacks.

decryptPassPhraseWithPrivateKey(privateKey, data)Promise.<string>

Decrypts an encrypted passphrase using the recipient's private key.

This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm for decryption. RSA-OAEP is a public-key encryption algorithm that combines the RSA algorithm with the OAEP method. RSA is a widely used public-key encryption algorithm that allows for secure data transmission or storage. OAEP is a padding scheme that enhances the security of RSA by preventing certain types of attacks.

importPrivateKey(jwk)Promise.<CryptoKey>

Imports a user's private key from a JWK (JSON Web Key) for decryption purposes.

This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm with SHA-256 hash function. The imported private key is not stored in memory or logged and is removed upon page refresh.

importPublicKey(jwk)Promise.<CryptoKey>

Imports a user's public key from a JWK (JSON Web Key) for encryption purposes.

This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm with SHA-256 hash function. The imported public key can be used to encrypt data that can only be decrypted with the corresponding private key.

generateKeyPair()Promise.<Object>

Generates a public and private key pair using the RSA-OAEP algorithm.

This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm with SHA-256 hash function. The generated key pair is then converted into the JWK (JSON Web Key) format by the exportKeys function.

bufferSize

BufferSize, this is the size of the buffer that will be used to read the file in chunks and encrypt it in chunks This is a global variable that can be changed to suit the needs of the application. The default value is 5MB AWS Upload Parts minimum is 5MB, hence the default value is set to 5MB, but can be changed to any value from 64KB. It is important to keep the buffersize the same for both encryption and decryption.

Kind: global variable

readFileChunk(file) ⇒ ReadableStream

Reads a chunk of data from a file using the file's stream method. Used in conjunction with the XXX read and process files in chunks.

Kind: global function
Returns: ReadableStream - A readable stream from which chunks of data can be read.

Param Type Description
file File The file from which to read.

Example

const file = new File(["foo"], "foo.txt", {
  type: "text/plain",
});
const stream = await readFileChunk(file);
const reader = stream.getReader();
const { value, done } = await reader.read();
console.log(value); // Logs the first chunk of data from the file.
This is the first part of the startStreaming pipeline

encryptStream(passphrase) ⇒ TransformStream

Creates a TransformStream that encrypts input data in chunks using a derived key from a passphrase. Each chunk is encrypted separately with its own initialization vector (IV).

Kind: global function
Returns: TransformStream - A TransformStream that encrypts input data in chunks.

Param Type Description
passphrase string The passphrase from which to derive the encryption key.

Example

const encryptedStream = encryptStream('my secure passphrase');
// Use the encryptedStream with a ReadableStream or WritableStream...

flush()

The FlushHandles any remaining data in the buffer when there is no more data to be consumed from the stream. If there is data left in the buffer, it generates a new initialization vector (IV), creates a subarray from the buffer containing the remaining data, and encrypts this data using the AES-GCM algorithm.

Kind: global function

generateIV() ⇒ Uint8Array

Generates an initialization vector (IV) for cryptographic operations. The IV is a random string of 16 bytes, generated using the crypto API.

Kind: global function
Returns: Uint8Array - A 16-byte typed array of unsigned integers, suitable for use as an IV.

handleIV(iv, encryptedFile) ⇒ Uint8Array

Prepends the initialization vector (IV) and the encryption algorithm used to the encrypted file. The IV is 16 bytes and the algorithm used ('AES-GCM') takes up the remaining bytes, making a total of 23 bytes.

Kind: global function
Returns: Uint8Array - A new Uint8Array containing the metadata (IV and algorithm) and the encrypted file data.

Param Type Description
iv Uint8Array The initialization vector used in the encryption.
encryptedFile ArrayBuffer The encrypted file data.

Example

const iv = crypto.getRandomValues(new Uint8Array(16));
const encryptedFile = await encryptFile(file, iv);
const fileWithMetadata = handleIV(iv, encryptedFile);

encryptFile(file, passphrase) ⇒ Promise.<Uint8Array>

Encrypts a file using a derived key from a passphrase. The encryption algorithm used is AES-GCM, and an initialization vector (IV) is generated for each encryption. Note: This function reads the whole file into memory at once, which may not be ideal for large files.

Kind: global function
Returns: Promise.<Uint8Array> - A promise that resolves with the encrypted file data as a Uint8Array.

Param Type Description
file File The file to be encrypted.
passphrase string The passphrase from which to derive the encryption key.

Example

const file = new File(["foo"], "foo.txt", {
  type: "text/plain",
});
const encryptedFileData = await encryptFile(file, 'my secure passphrase');
Not Recommened for large files over 50MB

decryptFile(file, passphrase) ⇒ Promise.<ArrayBuffer>

Decrypts a file using a derived key from a passphrase. The decryption algorithm used is AES-GCM, and the initialization vector (IV) used for encryption is required. Note: This function reads the whole file into memory at once, which may not be ideal for large files.

Kind: global function
Returns: Promise.<ArrayBuffer> - A promise that resolves with the decrypted file data as an ArrayBuffer.
Throws:

  • Will throw an error if the decryption fails.
Param Type Description
file File The file to be decrypted.
passphrase string The passphrase from which to derive the decryption key.

Example

const file = new File([encryptedData], "foo.txt", {
  type: "text/plain",
});
const

extractMeta(encryptedFile) ⇒ Object

Extracts the metadata (initialization vector and algorithm) from an encrypted file. The metadata is expected to be in the first 23 bytes of the file, with the IV in the first 16 bytes and the algorithm in the remaining bytes.

Kind: global function
Returns: Object - An object containing the initialization vector (as a Uint8Array) and the encrypted data (as a Uint8Array).

Param Type Description
encryptedFile Uint8Array The encrypted file data.

Example

const { iv, encryptedData } = extractMeta(encryptedFileData);
23 bytes = 16 bytes IV + 7 bytes algorithm

decryptStream(privateKeyOrPassphrase) ⇒ TransformStream

Creates a TransformStream that decrypts data as it is read. The decryption algorithm used is AES-GCM, and the initialization vector (IV) and algorithm are extracted from each chunk. The data is held in a buffer to match the buffer length of the encrypted file, allowing the header IV and algorithm to be extracted from each chunk. The passphrase is used to authenticate each chunk. If any chunk fails authentication, the whole decryption will fail.

Kind: global function
Returns: TransformStream - A TransformStream that decrypts data as it is read.
Throws:

  • Will throw an error if the decryption fails.
Param Type Description
privateKeyOrPassphrase string | File The passphrase or private key to use for decryption.

Example

const encryptedFile = new File([encryptedData], "foo.txt", {
  type: "text/plain",
});
const rs = encryptedFile.stream().pipeThrough(decryptStream('my secure passphrase'));

deriveKey(passPhrase) ⇒ Promise.<CryptoKey>

Derives a cryptographic key from a passphrase using the PBKDF2 algorithm. The derived key can be used for AES-GCM encryption and decryption. The PBKDF2 algorithm is used with a fixed salt and 100,000 iterations, and the SHA-256 hash function. Note: In a production environment, consider using a random salt and storing it securely for key derivation.

Kind: global function
Returns: Promise.<CryptoKey> - A promise that resolves with the derived key.

Param Type Description
passPhrase string The passphrase from which to derive the key.

Example

const key = await deriveKey('my secure passphrase');

exportKeys(keyPair) ⇒ Promise.<Object>

Exports a key pair (private and public keys) in the JWK (JSON Web Key) format. This function can be used when you want to securely store the keys or transmit them over an insecure network.

Kind: global function
Returns: Promise.<Object> - A promise that resolves with an object containing the exported private and public keys. JWK are used to represent cryptographic keys in JSON format, Similar to PKCS#8 and X.509 formats, however, JWK provide human readability and are web friendly with standardized fields.

Param Type Description
keyPair CryptoKeyPair The key pair to be exported. This should be an object that has privateKey and publicKey properties.

encryptPassPhraseWithPublicKey(publicKey, data) ⇒ Promise.<ArrayBuffer>

Encrypts a passphrase using the recipient's public key.

This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm for encryption. RSA-OAEP is a public-key encryption algorithm that combines the RSA algorithm with the OAEP method. RSA is a widely used public-key encryption algorithm that allows for secure data transmission or storage. OAEP is a padding scheme that enhances the security of RSA by preventing certain types of attacks.

Kind: global function
Returns: Promise.<ArrayBuffer> - A promise that resolves with the encrypted passphrase.

Param Type Description
publicKey CryptoKey | Object The recipient's public key. This can be a CryptoKey object or a JWK.
data string The passphrase to be encrypted.

Example

const publicKey = await getPublicKey(); // Your function to get the public key
const passphrase = "my secure passphrase";
const encryptedPassphrase = await encryptPassPhraseWithPublicKey(publicKey, passphrase);

decryptPassPhraseWithPrivateKey(privateKey, data) ⇒ Promise.<string>

Decrypts an encrypted passphrase using the recipient's private key.

This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm for decryption. RSA-OAEP is a public-key encryption algorithm that combines the RSA algorithm with the OAEP method. RSA is a widely used public-key encryption algorithm that allows for secure data transmission or storage. OAEP is a padding scheme that enhances the security of RSA by preventing certain types of attacks.

Kind: global function
Returns: Promise.<string> - A promise that resolves with the decrypted passphrase.

Param Type Description
privateKey CryptoKey | Object The recipient's private key. This can be a CryptoKey object or a JWK.
data ArrayBuffer The encrypted passphrase to be decrypted.

Example

const privateKey = await getPrivateKey(); // Your function to get the private key
const encryptedPassphrase = await getEncryptedPassphrase(); // Your function to get the encrypted passphrase
const decryptedPassphrase = await decryptPassPhraseWithPrivateKey(privateKey, encryptedPassphrase);

importPrivateKey(jwk) ⇒ Promise.<CryptoKey>

Imports a user's private key from a JWK (JSON Web Key) for decryption purposes.

This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm with SHA-256 hash function. The imported private key is not stored in memory or logged and is removed upon page refresh.

Kind: global function
Returns: Promise.<CryptoKey> - A promise that resolves with the imported private key as a CryptoKey object.

Param Type Description
jwk string The private key in JWK format as a string. This key is parsed into a JSON object before being imported.

Example

const jwkString = '{"kty":"RSA",...}'; // Your JWK string
const privateKey = await importPrivateKey(jwkString);

importPublicKey(jwk) ⇒ Promise.<CryptoKey>

Imports a user's public key from a JWK (JSON Web Key) for encryption purposes.

This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm with SHA-256 hash function. The imported public key can be used to encrypt data that can only be decrypted with the corresponding private key.

Kind: global function
Returns: Promise.<CryptoKey> - A promise that resolves with the imported public key as a CryptoKey object.

Param Type Description
jwk string | Object The public key in JWK format. This can be a string or an object. If it's a string, it will be parsed into a JSON object.

Example

const jwkString = '{"kty":"RSA",...}'; // Your JWK string
const publicKey = await importPublicKey(jwkString);

generateKeyPair() ⇒ Promise.<Object>

Generates a public and private key pair using the RSA-OAEP algorithm.

This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm with SHA-256 hash function. The generated key pair is then converted into the JWK (JSON Web Key) format by the exportKeys function.

Kind: global function
Returns: Promise.<Object> - A promise that resolves with the generated key pair in JWK format. The returned object has privateKey and publicKey properties.
Example

const jwks = await generateKeyPair();
console.log(jwks.privateKey); // Logs the private key in JWK format
console.log(jwks.publicKey); // Logs the public key in JWK format

Readme

Keywords

Package Sidebar

Install

npm i crypto-middleware

Repository

github.com/hkuspace-pu/Secure-File-RishiUttam-COMP3000HK

Homepage

github.com/hkuspace-pu/Secure-File-RishiUttam-COMP3000HK#readme

Weekly Downloads

196

Version

1.2.4

License

MIT

Unpacked Size

6.87 MB

Total Files

26

Last publish

Collaborators

  • rishiu
Try on RunKit
Report malware