@d10f/crypto
v1.0.7
Published
A thin wrapper around the Web Crypto API to manage cryptographic keys comfortably.
Downloads
18
Readme
A thin wrapper around the Web Crypto API to manage cryptographic keys comfortably.
Features:
Builder API for highly flexible generation of keys.
import { SymmetricKeyBuilder, defaultWrapKey, defaultUnwrapKey } from '@d10f/crypto';
const vaultKey = await SymmetricKeyBuilder.create()
.setAlgorithm('AES-KW')
.setExtractable()
.useTo('wrapKey', defaultWrapKey)
.useTo('unwrapKey', defaultUnwrapKey)
.build();
Support for public cryptography keys.
import { AsymmetricKeyBuilder, defaultWrapKey, defaultUnwrapKey } from '@d10f/crypto';
const { privateKey, publicKey } = await AsymmetricKeyBuilder.create()
.setAlgorithm('RSA-OAEP')
.setExtractable()
.setHashAlgorithm('SHA-384')
.useTo('wrapKey', defaultWrapKey)
.useTo('unwrapKey', defaultUnwrap)
.build();
Utility methods for easy serialization and key management.
// JSON serialization for working with keys or storing them away.
await vaultKey.toJSON();
// useful convenience method for key-to-key operations (key wrapping).
await publicKey.toBuffer();
// convert to common text formats like base64, or PEM in the case of asymmetric keys.
await privateKey.toString('PEM');
Key derivation from low-entropy input (PBKDF2) e.g.: user input, passwords, etc.
const key = await SymmetricKeyBuilder.create()
.setAlgorithm('AES-KW')
.useTo('wrapKey', defaultWrapKey)
.useTo('unwrapKey', defaultUnwrap)
.buildFromPassword(credentials.password)
.setSalt(credentials.email)
.setIterations(600_000)
.setHashAlgorithm('SHA-256')
.build();
BYO utility functions for each of the supported operations.
const myEncryptionFn = (key: CryptoKey, data: Uint8Array) => {/*...*/};
const myDecryptionFn = (key: CryptoKey, data: Uint8Array) => {/*...*/};
const key = await SymmetricKeyBuilder.create()
.setAlgorithm('AES-GCM')
.setKeyLength(256)
.useTo('encrypt', myEncryptionFn)
.useTo('decrypt', myDecryptionFn)
.build();
You can also write your own functions in a more OOP style by declaring them using the function
keyword, and providing the correct context for this
using the KeyObj
type. For example:
async function myEncryptionFn(
this: KeyObj,
data: Uint8Array,
iv: Uint8Array
) {
return await window.crypto.subtle.encrypt(
{
name: this.algorithm,
iv,
},
this.key,
data,
);
}
Full TypeScript support.
TODOS:
- [X] Additional methods for de/serialization
- [X] base64
- [X] PEM
- [ ] DER
- [ ] hexadecimal
- [ ] Key derivation from elliptic curve cryptography (ECDF, HKDF, etc)
- [ ] Sign/Verify operations.
LICENSE
GNU General Public License v3.0 only
See COPYING to see the full text.