npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@cmmv/encryptor

v0.6.4

Published

Encryption module using elliptic curves (ECC) and AES-256-GCM for secure data encryption in CMMV and Node.js applications.

Downloads

446

Readme

Description

The @cmmv/encryptor module provides robust encryption and decryption functionalities for strings and objects using elliptic curve cryptography (ECC) and AES-256-GCM. It is designed specifically for CMMV applications but can also be used in Node.js environments for secure data handling. The module supports the secp256k1 curve for key generation and shared secret derivation and uses AES-256-GCM for symmetric encryption, ensuring both confidentiality and integrity of the data.

Installation

Install the @cmmv/encryptor package via npm:

$ pnpm add @cmmv/encryptor

Quick Start

Below is a simple example of how to encrypt and decrypt a message using the Encryptor class:

import { Encryptor } from "@cmmv/encryptor";

// Sample public and private keys
const recipientPublicKey = "04c19b9e3b8..."; // Replace with a real public key
const recipientPrivateKey = "3082..."; // Replace with the corresponding private key

// Encrypting a payload
const payload = "Sensitive data to be encrypted";
const encrypted = Encryptor.encryptPayload(recipientPublicKey, payload);

console.log("Encrypted payload:", encrypted);

// Decrypting the payload
const decrypted = Encryptor.decryptPayload(
    recipientPrivateKey,
    {
        encrypted: encrypted.payload,
        iv: encrypted.iv,
        authTag: encrypted.authTag
    },
    encrypted.ephemeralPublicKey
);

console.log("Decrypted payload:", decrypted);

Example Classes and Methods

This class provides methods to encrypt and decrypt data using ECC and AES-256-GCM.

  • encryptPayload(recipientPublicKeyHex: string, payload: string)
    • Encrypts a string payload using the recipient's public key.
    • Returns an object containing:
      • payload: The encrypted data in hexadecimal format.
      • iv: Initialization vector for AES.
      • authTag: Authentication tag for AES-GCM.
      • ephemeralPublicKey: The ephemeral public key used in the encryption.
  • decryptPayload(recipientPrivateKeyHex: string, encryptedData: { encrypted: string, iv: string, authTag: string }, ephemeralPublicKeyHex: string)
    • Decrypts an encrypted payload using the recipient's private key and the ephemeral public key provided during encryption.
    • Returns the decrypted string payload.

Usage Example

import { Encryptor } from "@cmmv/encryptor";

// Encrypting data
const recipientPublicKey = "your_recipient_public_key_in_hex";
const message = "Hello, this is a secret message!";
const encryptedData = Encryptor.encryptPayload(recipientPublicKey, message);

console.log("Encrypted:", encryptedData);

// Decrypting data
const recipientPrivateKey = "your_recipient_private_key_in_hex";
const decryptedMessage = Encryptor.decryptPayload(
    recipientPrivateKey,
    {
        encrypted: encryptedData.payload,
        iv: encryptedData.iv,
        authTag: encryptedData.authTag,
    },
    encryptedData.ephemeralPublicKey
);

console.log("Decrypted:", decryptedMessage);

Keys

Generating a Mnemonic Phrase

To generate a new mnemonic phrase:

import { Wallet } from '@cmmv/encryptor';

// Generate a 24-word mnemonic
const mnemonic = Wallet.generateMnenomic(24);
console.log('Mnemonic:', mnemonic);

Deriving a Private Key

To derive the root private key from a mnemonic phrase:

import { Wallet } from '@cmmv/encryptor';

const mnemonic = 'your mnemonic phrase here';
const privateKey = Wallet.toPrivate(mnemonic);

console.log('Private Key:', privateKey);

Deriving a Public Key

To derive the public key from a mnemonic phrase using a derivation path:

import { Wallet } from '@cmmv/encryptor';

const mnemonic = 'your mnemonic phrase here';
const derivationPath = "m/44'/0'/0'/0/0";
const publicKey = Wallet.toPublic(mnemonic, derivationPath);

console.log('Public Key:', publicKey);

Custom Derivation Path

To derive a specific private key based on a custom derivation path:

import { Wallet } from '@cmmv/encryptor';

const mnemonic = 'your mnemonic phrase here';
const derivationPath = "m/44'/60'/0'/0/0"; // Example for Ethereum
const privateKey = Wallet.toDerivatationPrivateKey(mnemonic, derivationPath);

console.log('Derived Private Key:', privateKey);

Generating an Address

To generate a public address (Base58) from a private key:

import { Wallet } from '@cmmv/encryptor';

const privateKey = 'your_private_key_hex';
const address = Wallet.privateKeyToAddress(privateKey);

console.log('Address:', address);

Private Key to WIF (Wallet Import Format)

To convert a private key to Wallet Import Format (WIF):

import { Wallet } from '@cmmv/encryptor';

const privateKey = 'your_private_key_hex';
const wifKey = Wallet.privateKeyToWIF(privateKey);

console.log('WIF Key:', wifKey);

Private Key from WIF

To convert a WIF key back into a private key:

import { Wallet } from '@cmmv/encryptor';

const wifKey = 'your_wif_key';
const { privateKey, compressed } = Wallet.wifToPrivateKey(wifKey);

console.log('Recovered Private Key:', privateKey);
console.log('Is Compressed:', compressed);

Signing

Signing an Object

To sign an object using a private key:

import { Signer } from '@cmmv/encryptor';

const data = { name: 'Alice', amount: 1000 };
const privateKeyHex = 'your_private_key_hex_here';
const signature = Signer.signObject(privateKeyHex, data);

console.log('Object Hash:', signature.objectHash);
console.log('Signature:', signature.signature);

Verifying the Signature of an Object

To verify a signature using the public key:

import { Signer } from '@cmmv/encryptor';

const objectHash = 'object_hash_here';
const signatureHex = 'signature_hex_here';
const publicKeyHex = 'your_public_key_hex_here';

const isValid = Signer.verifySignature(objectHash, signatureHex, publicKeyHex);
console.log('Is the signature valid?', isValid);

Signing a String

To sign a string using a private key:

import { Signer } from '@cmmv/encryptor';

const message = 'Hello, CMMV!';
const privateKeyHex = 'your_private_key_hex_here';

// Sign the string
const signedMessage = Signer.signString(privateKeyHex, message);
console.log('Signed Message:', signedMessage);

Verifying a String Signature

To verify the signature of a string:

import { Signer } from '@cmmv/encryptor';

const signedMessage = 'hash:signature';
const publicKeyHex = 'your_public_key_hex_here';

const isValid = Signer.verifyHashSignature(signedMessage, publicKeyHex);
console.log('Is the string signature valid?', isValid);

Recovering a Public Key from a Signature

To recover a public key from a signature:

import { Signer } from '@cmmv/encryptor';

const signedMessage = 'hash:signature';
const recoveryId = 1; // Typically 0 or 1

const recoveredPublicKey = Signer.recoverPublicKeyFromHash(signedMessage, recoveryId);
console.log('Recovered Public Key:', recoveredPublicKey);