Last active
April 30, 2021 16:39
-
-
Save igez/b172cdad666e92af4a4579fa84974da2 to your computer and use it in GitHub Desktop.
Crypto
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import * as crypto from 'crypto'; | |
| export const CryptService = { | |
| encrypt: (text) => { | |
| try { | |
| // random initialization vector | |
| var iv = crypto.randomBytes(12); | |
| // random salt | |
| var salt = crypto.randomBytes(64); | |
| // derive key: 32 byte key length - in assumption the masterkey is a cryptographic and NOT a password there is no need for | |
| // a large number of iterations. It may can replaced by HKDF | |
| var key = crypto.pbkdf2Sync(process.env.MASTER_KEY, salt, 2145, 32, 'sha512'); | |
| // AES 256 GCM Mode | |
| var cipher = crypto.createCipheriv('aes-256-gcm', key, iv); | |
| // encrypt the given text | |
| var encrypted = Buffer.concat([cipher.update(text, 'utf8'), cipher.final()]); | |
| // extract the auth tag | |
| var tag = cipher.getAuthTag(); | |
| // generate output | |
| return Buffer.concat([salt, iv, tag, encrypted]).toString('base64'); | |
| } catch(e) { | |
| console.log(e); | |
| } | |
| // error | |
| return null; | |
| }, | |
| /** | |
| * Decrypts text by given key | |
| * @param String base64 encoded input data | |
| * @param Buffer masterkey | |
| * @returns String decrypted (original) text | |
| */ | |
| decrypt: (data) => { | |
| try { | |
| // base64 decoding | |
| var bData = new Buffer(data, 'base64'); | |
| // convert data to buffers | |
| var salt = bData.slice(0, 64); | |
| var iv = bData.slice(64, 76); | |
| var tag = bData.slice(76, 92); | |
| var text = bData.slice(92); | |
| // derive key using; 32 byte key length | |
| var key = crypto.pbkdf2Sync(process.env.MASTER_KEY, salt , 2145, 32, 'sha512'); | |
| // AES 256 GCM Mode | |
| var decipher = crypto.createDecipheriv('aes-256-gcm', key, iv); | |
| decipher.setAuthTag(tag); | |
| // encrypt the given text | |
| var decrypted = decipher.update(text, 'binary', 'utf8') + decipher.final('utf8'); | |
| return decrypted; | |
| } catch(e) {} | |
| // error | |
| return null; | |
| } | |
| } |
Author
igez
commented
Apr 30, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment