Coder Social home page Coder Social logo

metaver5o / wormhole-crypto Goto Github PK

View Code? Open in Web Editor NEW

This project forked from socketdev/wormhole-crypto

0.0 0.0 0.0 30 KB

Streaming encryption for Wormhole.app, based on Encrypted Content-Encoding for HTTP (RFC 8188)

License: MIT License

JavaScript 100.00%

wormhole-crypto's Introduction

wormhole-crypto ci npm downloads javascript style guide

Streaming encryption for Wormhole.app, based on Encrypted Content-Encoding for HTTP (RFC 8188)

This package is used by Wormhole.app.

Install

npm install wormhole-crypto

Usage

Here's a quick example of how to use this package to turn a plaintext WHATWG readable stream into an encrypted stream.

import { Keychain } from 'wormhole-crypto'

// Create a new keychain. Since no arguments are specified, the key and salt
// are generated.
const keychain = new Keychain()

// Get a WHATWG stream somehow, from fetch(), from a Blob(), etc.
const stream = getStream()

// Create an encrypted version of that stream
const encryptedStream = await keychain.encryptStream(stream)

// Normally you'd now use `encryptedStream`, e.g. in fetch(), etc.
// However, for this example, we'll just decrypt the stream immediately
const plaintextStream = await keychain.decryptStream(encryptedStream)

// Now, you can use `plaintextStream` and it will be identical to if you had
// used `stream`.

API

new Keychain([key, [salt]])

Type: Class

Returns: Keychain

Create a new keychain object. The keychain can be used to create encryption streams, decryption streams, and to encrypt or decrypt a "metadata" buffer.

key

Type: Uint8Array | string | null

Default: null

The main key. This should be 16 bytes in length. If a string is given, then it should be a base64-encoded string. If the argument is null, then a key will be automatically generated.

salt

Type: Uint8Array | string | null

Default: null

The salt. This should be 16 bytes in length. If a string is given, then it should be a base64-encoded string. If this argument is null, then a salt will be automatically generated.

keychain.key

Type: Uint8Array

The main key.

keychain.keyB64

Type: string

The main key as a base64-encoded string.

keychain.salt

Type: Uint8Array

The salt.

Implementation note: The salt is used to derive the (internal) metadata key and authentication token.

keychain.saltB64

Type: string

The salt as a base64-encoded string.

keychain.authToken()

Type: Function

Returns: Promise[Uint8Array]

Returns a Promise which resolves to the authentication token. By default, the authentication token is automatically derived from the main key using HKDF SHA-256.

In Wormhole, the authentication token is used to communicate with the server and prove that the client has permission to fetch data for a room. Without a valid authentication token, the server will not return the encrypted room metadata or allow downloading the encrypted file data.

Since the authentication token is derived from the main key, the client presents it to the Wormhole server as a "reader token" to prove that it is in possession of the main key without revealing the main key to the server.

For destructive operations, like modifying the room, the client instead presents a "writer token", which is not derived from the main key but is provided by the server to the room creator who overrides the keychain authentication token by calling keychain.setAuthToken(authToken) with the "writer token".

keychain.authTokenB64()

Type: Function

Returns: Promise[string]

Returns a Promise that resolves to the authentication token as a base64-encoded string.

keychain.authHeader()

Type: Function

Returns: Promise[string]

Returns a Promise that resolves to the HTTP header value to be provided to the Wormhole server. It contains the authentication token.

keychain.setAuthToken(authToken)

Type: Function

Returns: undefined

Update the keychain authentication token to authToken.

authToken

Type: Uint8Array | string | null

Default: null

The authentication token. This should be 16 bytes in length. If a string is given, then it should be a base64-encoded string. If this argument is null, then an authentication token will be automatically generated.

keychain.encryptStream(stream)

Type: Function

Returns: Promise[ReadableStream]

Returns a Promise that resolves to a ReadableStream encryption stream that consumes the data in stream and returns an encrypted version. Data is encrypted with Encrypted Content-Encoding for HTTP (RFC 8188).

stream

Type: ReadableStream

A WHATWG readable stream used as a data source for the encrypted stream.

keychain.decryptStream(encryptedStream)

Type: Function

Returns: Promise[ReadableStream]

Returns a Promise that resolves to a ReadableStream decryption stream that consumes the data in encryptedStream and returns a plaintext version.

encryptedStream

Type: ReadableStream

A WHATWG readable stream used as a data source for the plaintext stream.

keychain.encryptMeta(meta)

Type: Function

Returns: Promise[Uint8Array]

Returns a Promise that resolves to an encrypted version of meta. The metadata is encrypted with AES-GCM.

Implementation note: The metadata key is automatically derived from the main key using HKDF SHA-256. The value is not user-controlled.

Implementation note: The initialization vector (IV) is automatically generated and included in the encrypted output. No need to generate it or to manage it separately from the encrypted output.

meta

Type: Uint8Array

The metadata buffer to encrypt.

keychain.decryptMeta(encryptedMeta)

Type: Function

Returns: Promise[Uint8Array]

Returns a Promise that resolves to a decrypted version of encryptedMeta.

encryptedMeta

Type: Uint8Array

The encrypted metadata buffer to decrypt.

plaintextSize(encryptedSize)

Type: Function

Returns: Number

Given an encrypted size, return the corresponding plaintext size.

encryptedSize(plaintextSize)

Type: Function

Returns: Number

Given a plaintext size, return the corresponding encrypted size.

License

MIT. Copyright (c) Socket Inc

wormhole-crypto's People

Contributors

feross avatar jhiesey avatar dependabot[bot] avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.