npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@empo/encryption

v0.2.9

Published

A TypeScript library for widely used crypto standards

Downloads

61

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

peterkimzzpeterkimzzh3nrychoih3nrychoi

Keywords

emposecuritycryptohashAESArgon2SHACSPRNGBase64HMACSHAKE256SHA-3

Readme

npm version GitHub Workflow Status Coverage Status LGTM Grade Dependabot for update dependencies Snyk Vulnerabilities for npm package

A TypeScript library for widely used crypto standards.

Features

  • Generate a random key for IV (24-byte long) or salt (32-byte long) using CSPRNG (Cryptographically-secure PRNG)
  • HMAC-SHA256 encryption
  • SHAKE256 (SHA-3) encryption
  • AES256-GCM encryption and decryption
  • Argon2i key derivation and hash verification

Installation

This is a Node.js package available through the npm registry. Before installing this package, download and install Node.js. Node.js v10.0.0 or higher is required.

Installation is done by using npm:

npm install @empo/encryption

Usage

Generate a random key

This provides CSPRNG, to be used as a cryptographic function (e.g. AES, SHA, Argon2) backend. The length of the output value is determined by its type (IV or salt). You could also add an encoding option behind the type.

import { generateRandomBytes } from '@empo/encryption'

// Generate random iv (24-byte String)
const buffer = generateRandomBytes({ type: 'iv' })

// Generate random base64 encoded salt (32-byte String)
const salt = generateRandomBytes({ type: 'salt', encoding: 'base64' })

Encryption

This provides a basic API for block cipher encryption using AES256-GCM.

import { AES } from '@empo/encryption'

const plaintext = 'password'

// Secret used for encryption/decryption and
// it has to be cryptographic safe - this means randomBytes or derived by PBKDF2 (for example)
const secret = generateRandomBytes({ type: 'salt', encoding: 'base64' })

const aes = new AES(secret)

// Generate base64 encoded cipher text
const encrypted = aes.encrypt(plaintext)

Decryption

This provides a basic API for block cipher decryption using AES256-GCM.

import { AES } from '@empo/encryption'

const plaintext = 'password'

// Secret used for encryption/decryption and
// it has to be cryptographic safe - this means randomBytes or derived by PBKDF2 (for example)
const secret = generateRandomBytes({ type: 'salt', encoding: 'base64' })

const aes = new AES(secret)
const encrypted = aes.encrypt(plaintext)

// Generate utf8 encoded plain text
const decrypted = aes.decrypt(encrypted)

Secure hash function

This provides a secure hash function using HMAC with SHA256. A hash function is deterministic — meaning that for a given input value it must always generate the same hash value, and the function can't be reversible.

import { SHA } from '@empo/encryption'

const plaintext = 'password'

// Pepper used for the cryptographic function
const pepper = generateRandomBytes({ type: 'salt', encoding: 'base64' })

const sha = new SHA(pepper)

// Generate base64 encoded hash
const encrypted = sha.encrypt(plaintext)

This provides a generalization of a cryptographic hash function using SHAKE256. SHAKE256 is an extensible-output function (XOF) in the SHA-3 family, as specified in FIPS 202. The 256 in its name indicates its maximum security level (in bits), as described in Sections A.1 and A.2 of FIPS 202. Unlike HMAC with SHA256, SHAKE256 doesn't need a pepper.

import { SHAKE256 } from '@empo/encryption'

const plaintext = 'password'

const sha3 = new SHAKE256()

// Generate base64 encoded hash
const encrypted = sha3.encrypt(plaintext)

This provides a key derivation function using Argon2 algorithm. A key derivation function is a cryptographic hash function that derives one or more secret keys such as a password, or a passphrase using pseudorandom function — meaning that for a given input value it must always generate different hash value, and the function can't be reversible.

import { Argon2 } from '@empo/encryption'

const plaintext = 'password'

// Pepper is similar to salt but stored in the application environment variables, not in DB
const pepper = generateRandomBytes({ type: 'salt', encoding: 'base64' })
const salt = generateRandomBytes({ type: 'salt', encoding: 'base64' })

const argon2 = new Argon2(pepper, salt)

// Generate hash
const encrypted = await argon2.encrypt(text)

// Verify hashed value with given text (outputs True or False)
const match = await argon2.match(encrypted, text)

FAQ

See FAQ.md.

License

This package is freely distributable under the terms of the MIT license. When required, please check P-H-C/phc-winner-argon2 for license over Argon2 and the reference implementation.

FOSSA Status