HMI/人机接口>> clientcrypt>> 返回
项目作者: koerwien

项目描述 :
Client side encryption methods
高级语言: JavaScript
项目地址: git://github.com/koerwien/clientcrypt.git
创建时间: 2021-06-21T11:54:57Z
项目社区:https://github.com/koerwien/clientcrypt
开源协议:
下载


Description

A minimalistic set of routines that allow password based client-side encryption of data before it is being sent to a remote server. Encryption is based on the tweetnacl routines. Encryption and decryption is symmetric and uses a private key that is computed from a given password and never leaves the client. It can be stored in the client’s browser’s localstorage (on login with the given password) and should be removed from there on logout.

Installation

npm i clientcrypt

Api

Generating a private key from a secret (typically from the user’s password on login)

  1. import { generateKey, setEncryptionKeys } from 'clientcrypt';
  2. const encryptionKey = generateKey(secret);
  3. setEncryptionKeys(encryptionKey); // key is saved in localstorage for further usage

Encrypting and decrypting data in base64 string format

  1. import { decrypt64, encrypt64 } from "clientcrypt";
  2. const myData = "Hello, World!";
  3. const cypher = encrypt64(myData); // Uses the private key from local storage
  4. const plain = decrypt64(cypher); // plain === "Hello, World!"

Remove private key on logout

  1. import { removeEncryptionKeys } from 'clientcrypt';
  2. removeEncryptionKeys();

Additional features (using the respective named imports from “clientcrypt”):

Encrypt string to byte array:

  1. const byteArray = encrypt(plainData, privateKey);

Decrypt byte array:

  1. const plainData = decrypt(byteArray, privateKey);

Choose custom names for the local storage keys:

  1. namesForKeys(encryptionKeyName, loginEncryptionKeyName);

Getting and setting keys in local storage:

  1. setEncryptionKey(key);
  2. setLoginEncryptionKey(key);
  3. const key = getEncryptionKey();
  4. const key2 = getLoginEncryptionKey();
  5. const { encryptionKey, loginEncryptionKey } = getEncryptionKeys();
  6. if (encryptionKeysDiffer()) {
  7.     console.log("encryptionKey !== loginEncryptionKey");
  8. }
  9. useLoginEncryptionKey(); // Now encryptionKey is set to the value of loginEncryptionKey

A remark about the terms encryptionKey and loginEncryptionKey

For encryption and decryption, encryptionKey (stored in local storage) is used. A a copy of encryptionKey called loginEncryptionKey is saved in local storage when setEncryptionKeys is called. It can be used as follows: suppose the user’s password has changed so data encrypted by his old password fails decryption with encryptionKey; luckily, the user has saved his former encryptionKey (or can generate it using his old password), so we can call setEncryptionKey() with that saved key, decrypt the old data, then call useLoginEncryptionKey() to update encryptionKey to its new value in local storage (corresponding to the new password). After that, we should update server data for that recovered old data after encrypting it (which will now happen with the updated encryptionKey).

Author

Martin Koerwien at Tekplace Berlin