tomb
v0.0.2
Published
Simple, secure encryption and decryption with a sharded master key
Downloads
5
Maintainers
Readme
Tomb
Simple, secure encryption and decryption with a sharded master key.
Installation
$ npm install --save tomb
Usage
Generate a master key
var Tomb = require('tomb'),
tomb = new Tomb();
var shards = tomb.generateKey;
// shards is an array of 5 master key shards, 3 of which are needed
// to use the tomb
// Store these shards away from the data and away from each other
console.log(shards);
// [
// '801c2cf88c071961587f2535aa0bc74352669de05d4ba3796441fe3e9a492c001a329',
// '802b5987c3ee214d9e3aff9791ac9e7d93d15c48ad144dd8ae65108790553ab17abbb',
// '803761363ccec7ce0b3fae7917350edd5e57f3b9ff03e9df4bde263cbd26cd64ad357',
// '804c89a2fd966dffdd505222176cb5f23c000eec33808966ed169d06eac76062901ef',
// '8050b11302b68b7c485503cc91f52552f186a11d61972d6108adabbdc7b497b747903'
// ]
Unseal the tomb
// ideally these shards are stored separately
tomb.unseal([process.env.SHARD1, process.env.SHARD2, process.env.SHARD3]);
Encrypt data
var secret = "hello world";
// unsealing is required prior to encrypting
encryptedSecret = tomb.encrypt(secret);
console.log(encryptedSecret); // 202b65485c2c42ba090467a04d5104f883addcfb5e4a88485b09566e0181d680
Decrypt data
secret = tomb.decrypt(encryptedSecret);
console.log(secret); // hello world
Security
Tomb uses the Node.js randomBytes
function to generate a random Initialization Vector for
every secret, which is part of the returned secret value.
By default, it uses the AES-256-CBC
algorithm with 128 bits for the IV.
To shard the master key, Tomb uses the secrets.js library, an implementation of Shamir's Secret Sharing.