npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

cycle-crypt

v1.3.0

Published

Variable size symmetric key encryption algorithm

Downloads

59

Readme

cycle-crypt codecov

Variable size symmetric key encryption algorithm.

PHP & JavaScript implementation, small, portable and fast.

The cipher-key is generated by cycling the input key with a variation of XorShift+ random number generator. The bigger the key-size, the longer the period.

Install

PHP

composer require duzun/cycle-crypt

JS

npm i -S cycle-crypt

Browser

<script src="https://unpkg.com/cycle-crypt"></script>

Usage

Here is an example of encrypting on server and decrypting on client, salt auto-generated.

PHP:

// index.php

use function duzun\cycleCrypt;

$key = '*** *** ***'; // any length
$message = 'Lorem Ipsum is simply dummy text of the printing industry...';
$ciphered = cycleCrypt($key, $message, true);

// send $ciphered to the client
echo base64_encode($ciphered);

Express.js:

// index.js
const cycleCrypt = require('cycle-crypt');
//   or
// import cycleCrypt from 'cycle-crypt';

const key = '*** *** ***'; // any length

// ...

app.get('/', function (req, res) {
    // const salt = cycleCrypt.randomBytes(17);
    let message = 'Lorem Ipsum is simply dummy text of the printing industry...';
    let ciphered = cycleCrypt(key, message, true);

    res.send(Buffer.from(ciphered).toString('base64'));
});

Browser:

// site.js
const key = '*** *** ***'; // must be the same key used for encrypting

let message = await fetch('/')
.then((r) => r.text())
.then(atob)
.then((ciphered) => cycleCrypt(key, ciphered, false));

console.log(message.toString('utf8')); // 'hex' | 'base64'

It is also possible to do the reverse: encrypt on client and decrypt on server.

You can also use your salt:

// index.php

// ...

$salt = random_bytes(17); // any length
$ciphered = cycleCrypt($key, $message, $salt);

// Have to send the salt to the client too
echo json_encode([
    'salt' => base64_encode($salt),
    'ciphered' => base64_encode($ciphered)
]);
// site.js

// fetch ciphered & salt from server and base64 decode ...
let message = cycleCrypt(key, ciphered, salt);

On the JS end, message is an instance of Uint8Array with a custom .toString(encoding), where encoding is one of 'binary', 'hex', 'base64', 'utf8' or undefined (guess).

For older browsers you should use a DataView polyfill.

Encrypt in chunks

Here is an example of encrypting a big file in small chunks, thus avoid using lots of memory.

use duzun\CycleCrypt;

$cc = new CycleCrypt($key/*, $salt=true*/);
$salt = $cc->getSalt(); // required for decryption
$chunkSize = $cc->getKeyByteSize();

$in = fopen('/path/to/file', '+r');
$out = fopen('/path/to/encrypted_file', '+w');
while(!feof($in)) {
    $chunk = fread($in, $chunkSize);
    fwrite($out, $cc($chunk));
}
fclose($in);
fclose($out);

file_put_contents('/path/to/encrypted_file.salt', $salt)

You don't have to write the code to encrypt a file for yourself, cause there is a CLI for that:

Node.js

npm install -g cycle-crypt

cycle-crypt -k '**** ****' -s 'the salt' -i /path/to/file -o /path/to/encrypted_file

PHP

composer global require duzun/cycle-crypt

cycry.php -k '**** ****' -s 'the salt' -i /path/to/file -o /path/to/encrypted_file

Note: The Node.js CLI version is much faster than the PHP one.

CLI Usage

cycle-crypt -k <key> [-s <salt> | -si <salt_in> | -so <salt_out>] [-i <file_in>] [-o <file_out>]
cycle-crypt -h|--help

-h, --help      Show this help
-k, --key       The encryption key. Could be hex if starts with '0x'.
-s, --salt      Random bytes to be used as salt. Could be hex if starts with '0x'.
-si, --salt-in  Filename or - from where to read the salt.
-so, --salt-out Filename or - where to output the generated salt.
-i, --in        Input file to encrypt or - for STDIN
-o, --out       Output file or - for STDOUT

You can not combine -s and -si, use just one of them.    

-i and -o default to -

Warning!

If you deal with a security critical application, please consider using one of the NIST approved standard encryption algorithms like AES.

If you don't trust any encryption algorithm, here is a hint:

Choose two or more ciphers C1, C2 ... Cn from two or more vendors.

When ciphering the message M with C = M ^ C1 ^ C2 ^ ... ^ Cn, the secrecy of the cipher-text C is not worse than the best of Ci.

In other words, it can't hurt the secrecy when xoring more independent ciphers.

The theory behind this property is analysed and proven in my Masters Thesis:

The sum c = r1 ⊕ r2 ⊕ ... ⊕ rm, where c, ri ∊ 𝔹k (string of bits of length k), i=1,m, is a perfect secret if and only if there is at least one ri perfect secret and the operation ⊕ is a cryptographic safe operation.

To Do

The JS version uses Uint32Array and Uint8Array, which use little endian or big endian, depending on hardware. The current implementation has been tested in little endian HW only!

Have to implement the alternative to big endian too.

link