Hemmelig.app/shared/helpers/crypto.js

import { Buffer } from 'buffer/';
import { nanoid } from 'nanoid';
import tweetnacl from 'tweetnacl';
import tweetnaclUtil from 'tweetnacl-util';

const { secretbox, randomBytes } = tweetnacl;
const { decodeUTF8, encodeUTF8, encodeBase64, decodeBase64 } = tweetnaclUtil;

export const generateKey = (password = '') => {
    if (password) {
        return nanoid(32 - password.length);
    }

    return nanoid(32);
};

const newNonce = () => randomBytes(secretbox.nonceLength);

export const encrypt = (data, userEncryptionKey) => {
    const keyUint8Array = new Uint8Array(Buffer.from(userEncryptionKey));

    const nonce = newNonce();
    const messageUint8 = decodeUTF8(data);

    const box = secretbox(messageUint8, nonce, keyUint8Array);

    const fullMessage = new Uint8Array(nonce.length + box.length);
    fullMessage.set(nonce);
    fullMessage.set(box, nonce.length);

    const base64FullMessage = encodeBase64(fullMessage);

    return base64FullMessage;
};

export const decrypt = (messageWithNonce, userEncryptionKey) => {
    const keyUint8Array = new Uint8Array(Buffer.from(userEncryptionKey));

    const messageWithNonceAsUint8Array = decodeBase64(messageWithNonce);
    const nonce = messageWithNonceAsUint8Array.slice(0, secretbox.nonceLength);
    const message = messageWithNonceAsUint8Array.slice(
        secretbox.nonceLength,
        messageWithNonce.length
    );

    const decrypted = secretbox.open(message, nonce, keyUint8Array);

    if (!decrypted) {
        throw new Error('Could not decrypt message');
    }

    const base64DecryptedMessage = encodeUTF8(decrypted);

    return base64DecryptedMessage;
};
chore: run prettier format with new plugins 2024-01-27 18:46:31 +01:00			`import { Buffer } from 'buffer/';`
feat: add client encryption and decryption of the text input 2022-09-07 09:56:15 +02:00			`import { nanoid } from 'nanoid';`
chore: refactor the application to use es6 import and exports 2022-08-27 19:25:14 +02:00			`import tweetnacl from 'tweetnacl';`
			`import tweetnaclUtil from 'tweetnacl-util';`

			`const { secretbox, randomBytes } = tweetnacl;`
			`const { decodeUTF8, encodeUTF8, encodeBase64, decodeBase64 } = tweetnaclUtil;`
Initial MVP of Hemmelig.app 2021-06-13 18:11:25 +02:00
feat: use password as part of the encryption key (#213) Meaning when the password is set, it will be used to decrypt te message. The password will not be part of the key set in the URL at all. 2023-09-24 10:04:19 +02:00			`export const generateKey = (password = '') => {`
			`if (password) {`
			`return nanoid(32 - password.length);`
			`}`

			`return nanoid(32);`
			`};`
Initial MVP of Hemmelig.app 2021-06-13 18:11:25 +02:00
security: change from own crypto to use tweetnacl 2022-08-19 08:52:50 +02:00			`const newNonce = () => randomBytes(secretbox.nonceLength);`
Initial MVP of Hemmelig.app 2021-06-13 18:11:25 +02:00
feat: add file encryption on the client side 2022-09-07 19:19:35 +02:00			`export const encrypt = (data, userEncryptionKey) => {`
feat: add client encryption and decryption of the text input 2022-09-07 09:56:15 +02:00			`const keyUint8Array = new Uint8Array(Buffer.from(userEncryptionKey));`
Initial MVP of Hemmelig.app 2021-06-13 18:11:25 +02:00
security: change from own crypto to use tweetnacl 2022-08-19 08:52:50 +02:00			`const nonce = newNonce();`
feat: add file encryption on the client side 2022-09-07 19:19:35 +02:00			`const messageUint8 = decodeUTF8(data);`
Use AES encryption/decryption with the aes-256-gcm by using random init vector, salt, and user encryption key 2021-07-09 10:02:30 +02:00
security: change from own crypto to use tweetnacl 2022-08-19 08:52:50 +02:00			`const box = secretbox(messageUint8, nonce, keyUint8Array);`
Use AES encryption/decryption with the aes-256-gcm by using random init vector, salt, and user encryption key 2021-07-09 10:02:30 +02:00
security: change from own crypto to use tweetnacl 2022-08-19 08:52:50 +02:00			`const fullMessage = new Uint8Array(nonce.length + box.length);`
			`fullMessage.set(nonce);`
			`fullMessage.set(box, nonce.length);`
Create an encryption key per secret By using an encryption key per secret, there is no chance to unlock the secret even if you have the MASTER_KEY for the encryption/decryption. The encryption key is passed along with the secret, and is part of the url. Example: https://hemmelig.app/ENCRYPTION_KEY/SECRET_ID. TWhen encrypting, and decrypting, this happens: 32 length md5 hash md5(MASTER_KEY + ENCRYPTION_KEY), is used as the key. 2021-06-24 08:44:21 +02:00
security: change from own crypto to use tweetnacl 2022-08-19 08:52:50 +02:00			`const base64FullMessage = encodeBase64(fullMessage);`
Initial MVP of Hemmelig.app 2021-06-13 18:11:25 +02:00
security: change from own crypto to use tweetnacl 2022-08-19 08:52:50 +02:00			`return base64FullMessage;`
			`};`
Initial MVP of Hemmelig.app 2021-06-13 18:11:25 +02:00
chore: refactor the application to use es6 import and exports 2022-08-27 19:25:14 +02:00			`export const decrypt = (messageWithNonce, userEncryptionKey) => {`
feat: add client encryption and decryption of the text input 2022-09-07 09:56:15 +02:00			`const keyUint8Array = new Uint8Array(Buffer.from(userEncryptionKey));`
security: change from own crypto to use tweetnacl 2022-08-19 08:52:50 +02:00
			`const messageWithNonceAsUint8Array = decodeBase64(messageWithNonce);`
			`const nonce = messageWithNonceAsUint8Array.slice(0, secretbox.nonceLength);`
			`const message = messageWithNonceAsUint8Array.slice(`
			`secretbox.nonceLength,`
			`messageWithNonce.length`
			`);`

			`const decrypted = secretbox.open(message, nonce, keyUint8Array);`

			`if (!decrypted) {`
			`throw new Error('Could not decrypt message');`
			`}`

			`const base64DecryptedMessage = encodeUTF8(decrypted);`
feat: add client encryption and decryption of the text input 2022-09-07 09:56:15 +02:00
security: change from own crypto to use tweetnacl 2022-08-19 08:52:50 +02:00			`return base64DecryptedMessage;`
			`};`