revolunet/seal.js

## seal.js
//
// attempt to convert original HybridEncrypt source // https://github.com/bitnami-labs/sealed-secrets/blob/946a69eb52f9874fe871d3ce08eb205726380931/pkg/crypto/crypto.go#L35
// online GO REPL : https://repl.it/@revolunet/sealed-secrets-HybridEncrypt#main.go
// algo description : https://github.com/bitnami-labs/sealed-secrets/blob/master/docs/crypto.md
//
// this give : type: 'Warning' reason: 'ErrUnsealFailed' Failed to unseal: no key could decrypt secret (VALUE)
//

const crypto = require("crypto");

const encrypt = async ({ publicKey, plainText, label }) => {
  const key = crypto.createPublicKey(publicKey);

  /*
  sessionKey := make([]byte, sessionKeyBytes)
  block, err := aes.NewCipher(sessionKey)
  aed, err := cipher.NewGCM(block)
  */

  const sessionKey = await crypto.randomBytes(32);
  const iv = Buffer.alloc(32, 0);
  const aed = crypto.createCipheriv("aes-256-gcm", sessionKey, iv);

  /*
  rsaCiphertext, err := rsa.EncryptOAEP(sha256.New(), rnd, pubKey, sessionKey, label)
  */
  const rsaCiphertext = crypto.publicEncrypt(
    {
      key,
      oaepHash: "SHA256",
      oaepLabel: Buffer.from(label),
    },
    sessionKey
  );

  /*
  ciphertext := make([]byte, 2)
  binary.BigEndian.PutUint16(ciphertext, uint16(len(rsaCiphertext)))
  ciphertext = append(ciphertext, rsaCiphertext...)
  */
  const ciphertext = new Uint16Array(2);
  ciphertext[0] = rsaCiphertext.length;

  // zeroNonce := make([]byte, aed.NonceSize())
  // ciphertext = aed.Seal(ciphertext, zeroNonce, plaintext, nil)
  const toEncrypt = Buffer.from([...ciphertext, ...rsaCiphertext]);

  const encrypted = aed.update(toEncrypt);
  aed.final();
  return encrypted.toString("base64");
};


encrypt({ publicKey, plainText: "hello, world", label: "" }).then(console.log)
	//
	// attempt to convert original HybridEncrypt source // https://github.com/bitnami-labs/sealed-secrets/blob/946a69eb52f9874fe871d3ce08eb205726380931/pkg/crypto/crypto.go#L35
	// online GO REPL : https://repl.it/@revolunet/sealed-secrets-HybridEncrypt#main.go
	// algo description : https://github.com/bitnami-labs/sealed-secrets/blob/master/docs/crypto.md
	//
	// this give : type: 'Warning' reason: 'ErrUnsealFailed' Failed to unseal: no key could decrypt secret (VALUE)
	//

	const crypto = require("crypto");

	const encrypt = async ({ publicKey, plainText, label }) => {
	const key = crypto.createPublicKey(publicKey);

	/*
	sessionKey := make([]byte, sessionKeyBytes)
	block, err := aes.NewCipher(sessionKey)
	aed, err := cipher.NewGCM(block)
	*/

	const sessionKey = await crypto.randomBytes(32);
	const iv = Buffer.alloc(32, 0);
	const aed = crypto.createCipheriv("aes-256-gcm", sessionKey, iv);

	/*
	rsaCiphertext, err := rsa.EncryptOAEP(sha256.New(), rnd, pubKey, sessionKey, label)
	*/
	const rsaCiphertext = crypto.publicEncrypt(
	{
	key,
	oaepHash: "SHA256",
	oaepLabel: Buffer.from(label),
	},
	sessionKey
	);

	/*
	ciphertext := make([]byte, 2)
	binary.BigEndian.PutUint16(ciphertext, uint16(len(rsaCiphertext)))
	ciphertext = append(ciphertext, rsaCiphertext...)
	*/
	const ciphertext = new Uint16Array(2);
	ciphertext[0] = rsaCiphertext.length;

	// zeroNonce := make([]byte, aed.NonceSize())
	// ciphertext = aed.Seal(ciphertext, zeroNonce, plaintext, nil)
	const toEncrypt = Buffer.from([...ciphertext, ...rsaCiphertext]);

	const encrypted = aed.update(toEncrypt);
	aed.final();
	return encrypted.toString("base64");
	};


	encrypt({ publicKey, plainText: "hello, world", label: "" }).then(console.log)