crypto-middleware
v1.2.4
Published
A browser middleware for handling client side encryption prior to uploading to the cloud
Downloads
36
Maintainers
Readme
Members
Functions
bufferSize
BufferSize, this is the size of the buffer that will be used to read the file in chunks and encrypt it in chunks This is a global variable that can be changed to suit the needs of the application. The default value is 5MB AWS Upload Parts minimum is 5MB, hence the default value is set to 5MB, but can be changed to any value from 64KB. It is important to keep the buffersize the same for both encryption and decryption.
Kind: global variable
readFileChunk(file) ⇒ ReadableStream
Reads a chunk of data from a file using the file's stream method. Used in conjunction with the XXX read and process files in chunks.
Kind: global function
Returns: ReadableStream - A readable stream from which chunks of data can be read.
| Param | Type | Description | | --- | --- | --- | | file | File | The file from which to read. |
Example
const file = new File(["foo"], "foo.txt", {
type: "text/plain",
});
const stream = await readFileChunk(file);
const reader = stream.getReader();
const { value, done } = await reader.read();
console.log(value); // Logs the first chunk of data from the file.
This is the first part of the startStreaming pipeline
encryptStream(passphrase) ⇒ TransformStream
Creates a TransformStream that encrypts input data in chunks using a derived key from a passphrase. Each chunk is encrypted separately with its own initialization vector (IV).
Kind: global function
Returns: TransformStream - A TransformStream that encrypts input data in chunks.
| Param | Type | Description | | --- | --- | --- | | passphrase | string | The passphrase from which to derive the encryption key. |
Example
const encryptedStream = encryptStream('my secure passphrase');
// Use the encryptedStream with a ReadableStream or WritableStream...
flush()
The FlushHandles any remaining data in the buffer when there is no more data to be consumed from the stream. If there is data left in the buffer, it generates a new initialization vector (IV), creates a subarray from the buffer containing the remaining data, and encrypts this data using the AES-GCM algorithm.
Kind: global function
generateIV() ⇒ Uint8Array
Generates an initialization vector (IV) for cryptographic operations. The IV is a random string of 16 bytes, generated using the crypto API.
Kind: global function
Returns: Uint8Array - A 16-byte typed array of unsigned integers, suitable for use as an IV.
handleIV(iv, encryptedFile) ⇒ Uint8Array
Prepends the initialization vector (IV) and the encryption algorithm used to the encrypted file. The IV is 16 bytes and the algorithm used ('AES-GCM') takes up the remaining bytes, making a total of 23 bytes.
Kind: global function
Returns: Uint8Array - A new Uint8Array containing the metadata (IV and algorithm) and the encrypted file data.
| Param | Type | Description | | --- | --- | --- | | iv | Uint8Array | The initialization vector used in the encryption. | | encryptedFile | ArrayBuffer | The encrypted file data. |
Example
const iv = crypto.getRandomValues(new Uint8Array(16));
const encryptedFile = await encryptFile(file, iv);
const fileWithMetadata = handleIV(iv, encryptedFile);
encryptFile(file, passphrase) ⇒ Promise.<Uint8Array>
Encrypts a file using a derived key from a passphrase. The encryption algorithm used is AES-GCM, and an initialization vector (IV) is generated for each encryption. Note: This function reads the whole file into memory at once, which may not be ideal for large files.
Kind: global function
Returns: Promise.<Uint8Array> - A promise that resolves with the encrypted file data as a Uint8Array.
| Param | Type | Description | | --- | --- | --- | | file | File | The file to be encrypted. | | passphrase | string | The passphrase from which to derive the encryption key. |
Example
const file = new File(["foo"], "foo.txt", {
type: "text/plain",
});
const encryptedFileData = await encryptFile(file, 'my secure passphrase');
Not Recommened for large files over 50MB
decryptFile(file, passphrase) ⇒ Promise.<ArrayBuffer>
Decrypts a file using a derived key from a passphrase. The decryption algorithm used is AES-GCM, and the initialization vector (IV) used for encryption is required. Note: This function reads the whole file into memory at once, which may not be ideal for large files.
Kind: global function
Returns: Promise.<ArrayBuffer> - A promise that resolves with the decrypted file data as an ArrayBuffer.
Throws:
- Will throw an error if the decryption fails.
| Param | Type | Description | | --- | --- | --- | | file | File | The file to be decrypted. | | passphrase | string | The passphrase from which to derive the decryption key. |
Example
const file = new File([encryptedData], "foo.txt", {
type: "text/plain",
});
const
extractMeta(encryptedFile) ⇒ Object
Extracts the metadata (initialization vector and algorithm) from an encrypted file. The metadata is expected to be in the first 23 bytes of the file, with the IV in the first 16 bytes and the algorithm in the remaining bytes.
Kind: global function
Returns: Object - An object containing the initialization vector (as a Uint8Array) and the encrypted data (as a Uint8Array).
| Param | Type | Description | | --- | --- | --- | | encryptedFile | Uint8Array | The encrypted file data. |
Example
const { iv, encryptedData } = extractMeta(encryptedFileData);
23 bytes = 16 bytes IV + 7 bytes algorithm
decryptStream(privateKeyOrPassphrase) ⇒ TransformStream
Creates a TransformStream that decrypts data as it is read. The decryption algorithm used is AES-GCM, and the initialization vector (IV) and algorithm are extracted from each chunk. The data is held in a buffer to match the buffer length of the encrypted file, allowing the header IV and algorithm to be extracted from each chunk. The passphrase is used to authenticate each chunk. If any chunk fails authentication, the whole decryption will fail.
Kind: global function
Returns: TransformStream - A TransformStream that decrypts data as it is read.
Throws:
- Will throw an error if the decryption fails.
| Param | Type | Description | | --- | --- | --- | | privateKeyOrPassphrase | string | File | The passphrase or private key to use for decryption. |
Example
const encryptedFile = new File([encryptedData], "foo.txt", {
type: "text/plain",
});
const rs = encryptedFile.stream().pipeThrough(decryptStream('my secure passphrase'));
deriveKey(passPhrase) ⇒ Promise.<CryptoKey>
Derives a cryptographic key from a passphrase using the PBKDF2 algorithm. The derived key can be used for AES-GCM encryption and decryption. The PBKDF2 algorithm is used with a fixed salt and 100,000 iterations, and the SHA-256 hash function. Note: In a production environment, consider using a random salt and storing it securely for key derivation.
Kind: global function
Returns: Promise.<CryptoKey> - A promise that resolves with the derived key.
| Param | Type | Description | | --- | --- | --- | | passPhrase | string | The passphrase from which to derive the key. |
Example
const key = await deriveKey('my secure passphrase');
exportKeys(keyPair) ⇒ Promise.<Object>
Exports a key pair (private and public keys) in the JWK (JSON Web Key) format. This function can be used when you want to securely store the keys or transmit them over an insecure network.
Kind: global function
Returns: Promise.<Object> - A promise that resolves with an object containing the exported private and public keys.
JWK are used to represent cryptographic keys in JSON format, Similar to PKCS#8 and X.509 formats, however, JWK provide
human readability and are web friendly with standardized fields.
| Param | Type | Description |
| --- | --- | --- |
| keyPair | CryptoKeyPair | The key pair to be exported. This should be an object that has privateKey
and publicKey
properties. |
encryptPassPhraseWithPublicKey(publicKey, data) ⇒ Promise.<ArrayBuffer>
Encrypts a passphrase using the recipient's public key.
This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm for encryption. RSA-OAEP is a public-key encryption algorithm that combines the RSA algorithm with the OAEP method. RSA is a widely used public-key encryption algorithm that allows for secure data transmission or storage. OAEP is a padding scheme that enhances the security of RSA by preventing certain types of attacks.
Kind: global function
Returns: Promise.<ArrayBuffer> - A promise that resolves with the encrypted passphrase.
| Param | Type | Description | | --- | --- | --- | | publicKey | CryptoKey | Object | The recipient's public key. This can be a CryptoKey object or a JWK. | | data | string | The passphrase to be encrypted. |
Example
const publicKey = await getPublicKey(); // Your function to get the public key
const passphrase = "my secure passphrase";
const encryptedPassphrase = await encryptPassPhraseWithPublicKey(publicKey, passphrase);
decryptPassPhraseWithPrivateKey(privateKey, data) ⇒ Promise.<string>
Decrypts an encrypted passphrase using the recipient's private key.
This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm for decryption. RSA-OAEP is a public-key encryption algorithm that combines the RSA algorithm with the OAEP method. RSA is a widely used public-key encryption algorithm that allows for secure data transmission or storage. OAEP is a padding scheme that enhances the security of RSA by preventing certain types of attacks.
Kind: global function
Returns: Promise.<string> - A promise that resolves with the decrypted passphrase.
| Param | Type | Description | | --- | --- | --- | | privateKey | CryptoKey | Object | The recipient's private key. This can be a CryptoKey object or a JWK. | | data | ArrayBuffer | The encrypted passphrase to be decrypted. |
Example
const privateKey = await getPrivateKey(); // Your function to get the private key
const encryptedPassphrase = await getEncryptedPassphrase(); // Your function to get the encrypted passphrase
const decryptedPassphrase = await decryptPassPhraseWithPrivateKey(privateKey, encryptedPassphrase);
importPrivateKey(jwk) ⇒ Promise.<CryptoKey>
Imports a user's private key from a JWK (JSON Web Key) for decryption purposes.
This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm with SHA-256 hash function. The imported private key is not stored in memory or logged and is removed upon page refresh.
Kind: global function
Returns: Promise.<CryptoKey> - A promise that resolves with the imported private key as a CryptoKey object.
| Param | Type | Description | | --- | --- | --- | | jwk | string | The private key in JWK format as a string. This key is parsed into a JSON object before being imported. |
Example
const jwkString = '{"kty":"RSA",...}'; // Your JWK string
const privateKey = await importPrivateKey(jwkString);
importPublicKey(jwk) ⇒ Promise.<CryptoKey>
Imports a user's public key from a JWK (JSON Web Key) for encryption purposes.
This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm with SHA-256 hash function. The imported public key can be used to encrypt data that can only be decrypted with the corresponding private key.
Kind: global function
Returns: Promise.<CryptoKey> - A promise that resolves with the imported public key as a CryptoKey object.
| Param | Type | Description | | --- | --- | --- | | jwk | string | Object | The public key in JWK format. This can be a string or an object. If it's a string, it will be parsed into a JSON object. |
Example
const jwkString = '{"kty":"RSA",...}'; // Your JWK string
const publicKey = await importPublicKey(jwkString);
generateKeyPair() ⇒ Promise.<Object>
Generates a public and private key pair using the RSA-OAEP algorithm.
This function uses the RSA-OAEP (RSA Optimal Asymmetric Encryption Padding) algorithm with SHA-256 hash function.
The generated key pair is then converted into the JWK (JSON Web Key) format by the exportKeys
function.
Kind: global function
Returns: Promise.<Object> - A promise that resolves with the generated key pair in JWK format. The returned object has privateKey
and publicKey
properties.
Example
const jwks = await generateKeyPair();
console.log(jwks.privateKey); // Logs the private key in JWK format
console.log(jwks.publicKey); // Logs the public key in JWK format