npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

quickgcm

v1.0.0

Published

A simple wrapper for the WEB Crypto API, to rapidly use AES-GCM mode encryption with PBKDF2 for a password

Downloads

10

Readme

quickgcm

A simple wrapper for the WEB Crypto API, to rapidly use AES-GCM mode encryption with PBKDF2 for a password

What

This is a very simple JavaScript module that works with Node and also in your browser. It encrypts and decrypts strings based on a given password.

It uses PBKDF2 to derive the key based on the given password and it uses AES with Gallois/Counter Mode in order to encrypt data. Considering that, every time the encryption method is ran, a different output will be evaluated, even when ran for the same combination of string, password and salt.

The output of the encryption is a string in hexadecimal form, where the first 12 bytes represent the IV and the following bytes represent the encrypted data.

For example, given the following encrypted string:

1cef377b00a44938327754b306b93e05ce54db6831c3135be140ccc6841a107367025bec516b405f3b

a represents the IV. b represents the encrypted data.

Installation

This section describes how to install QuickGCM as a NodeJS package. In case you want to use it in your browser, see the last section of this document, on browser compatibility.

Usage

Below are some usage examples

Encrypting and decrypting data

const gcm = new QuickGCM();
const salt = await gcm.init('password123'); // outputs password salt as a hex string

const encrypted = await gcm.encrypt('Hello, World!'); // random hex string
const decrypted = await gcm.decrypt(encrypted); // "Hello, World!"

Decrypting data previously encrypted

Note that, if you want to save the encrypted strings to decrypt later, it's also important to save the password salt, otherwise the decryption process won't work

So, for that, assume the following values:

  • password: 123456789
  • password salt: 9d10687df78f4f7cde49ddd51f675ca28b16f29c774acb33cacd638de8b2c5273948383bdf1727e81ee29c8e142840832e930a6184986fb66ca28e39d750acd31ed21ff4e14f80cb88f09627adc1f85ca35ee16cad5c9ef46d7f2359615b1e5de17538894f32d27db50b5ee71e3f0c0ce963b946de315d121e892e8a77e68d70
  • encrypted string: 5879fd94c5ff0e393f3446d34a4a30cddfe188242f95414f97ae27e8b5ef266a470eed523ecbe3d502b16d54fe04ed721f5721f78de15ef9f5

Full code:

const password = '123456789';
const salt = '9d10687df78f4f7cde49ddd51f675ca28b16f29c774acb33cacd638de8b2c5273948383bdf1727e81ee29c8e142840832e930a6184986fb66ca28e39d750acd31ed21ff4e14f80cb88f09627adc1f85ca35ee16cad5c9ef46d7f2359615b1e5de17538894f32d27db50b5ee71e3f0c0ce963b946de315d121e892e8a77e68d70';
const encrypted = '5879fd94c5ff0e393f3446d34a4a30cddfe188242f95414f97ae27e8b5ef266a470eed523ecbe3d502b16d54fe04ed721f5721f78de15ef9f5';

const gcm = new QuickGCM();
await gcm.init(password, salt);

assert(gcm.salt == salt); // both are the same

const decrypted = await gcm.decrypt(encrypted); // "Decrypted by another instance"

Why

Every now and again I need, for no reason in particular, use some sort of simple string encryption, so I have to look ou the crypto subtle documentation and build everything from scratch, which it's pretty boring. So, I decided to make this simple encryption class in order to have a quick and dirty way to encrypt and decrypt strings in JavaScript, regardless if I'm working with NodeJS or writing some code for the browser.

But, why AES-GCM in particular?

The choice of Gallois/Counter Mode was made based on the fact that it's a pretty fast and modern encryption mode for AES, and it's used even by high stakes encryption protocols, such as TLS v1.2

How about browser compatibility?

To use in your browser, you can simply use the quickgcm.js file removing its last line, that contains the export instruction, i.e. module.exports = QuickGCM;. After doing that, just refer to the file by using a script tag or simply copying and pasting it inside the browser's console.