{"id":28894943,"url":"https://github.com/cipherstash/protect-example-file-encryption","last_synced_at":"2025-10-10T22:12:58.127Z","repository":{"id":299695330,"uuid":"1003902764","full_name":"cipherstash/protect-example-file-encryption","owner":"cipherstash","description":"Encrypting files with Protect.js","archived":false,"fork":false,"pushed_at":"2025-06-17T20:17:47.000Z","size":15,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-17T21:28:17.306Z","etag":null,"topics":["encryption","file-encryption","typescript"],"latest_commit_sha":null,"homepage":"https://cipherstash.com","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cipherstash.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-17T20:13:33.000Z","updated_at":"2025-06-17T20:17:51.000Z","dependencies_parsed_at":"2025-06-17T21:40:30.772Z","dependency_job_id":null,"html_url":"https://github.com/cipherstash/protect-example-file-encryption","commit_stats":null,"previous_names":["cipherstash/protect-example-file-encryption"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cipherstash/protect-example-file-encryption","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cipherstash%2Fprotect-example-file-encryption","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cipherstash%2Fprotect-example-file-encryption/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cipherstash%2Fprotect-example-file-encryption/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cipherstash%2Fprotect-example-file-encryption/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cipherstash","download_url":"https://codeload.github.com/cipherstash/protect-example-file-encryption/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cipherstash%2Fprotect-example-file-encryption/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279005464,"owners_count":26083900,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption","file-encryption","typescript"],"created_at":"2025-06-21T04:15:29.447Z","updated_at":"2025-10-10T22:12:58.122Z","avatar_url":"https://github.com/cipherstash.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# File Encryption with Protect.js\n\nThis example demonstrates how to use [Protect.js](https://github.com/cipherstash/protectjs) to securely encrypt files before storing them in object storage. The example uses Supabase Storage as the object storage provider, but the same pattern can be applied to any storage service.\n\n## Overview\n\nThis application demonstrates a secure file handling workflow:\n\n1. **Upload Process**:\n   - Client uploads a file to the backend\n   - Backend converts the file to base64\n   - File is encrypted using Protect.js\n   - Encrypted EQL JSON payload is stored in object storage\n\n2. **Download Process**:\n   - Client requests file download\n   - Backend retrieves encrypted EQL JSON from storage\n   - File is decrypted using Protect.js\n   - Decrypted file is converted back to its original format\n   - File is returned to the client\n\n## Prerequisites\n\n- Node.js 18 or later\n- A CipherStash account and workspace\n- A Supabase account (or any other object storage provider)\n\n## Environment Setup\n\nCreate a `.env` file in the root directory with the following variables:\n\n```env\nSUPABASE_URL=your_supabase_url\nSUPABASE_ANON_KEY=your_supabase_anon_key\n\nCS_CLIENT_ID=your_client_id\nCS_CLIENT_KEY=your_client_key\nCS_CLIENT_ACCESS_KEY=your_client_access_key\nCS_WORKSPACE_CRN=your_workspace_crn\n```\n\n## Installation\n\n1. Clone the repository:\n```bash\ngit clone \u003crepository-url\u003e\ncd file-encryption\n```\n\n2. Install dependencies:\n```bash\npnpm install\n```\n\n3. Start the server:\n```bash\npnpm run start\n```\n\nThe server will start on port 3000.\n\n## API Endpoints\n\n### Upload File\n```bash\ncurl -X POST http://localhost:3000/upload \\\n-F \"file=@path/to/your/file.pdf\"\n```\n\nResponse:\n```json\n{\n  \"message\": \"File uploaded successfully\",\n  \"file\": {\n    \"name\": \"example.pdf\",\n    \"type\": \"application/pdf\",\n    \"size\": 123456\n  }\n}\n```\n\n## How It Works\n\n### File Encryption Flow\n\n1. **File Upload**:\n   - Client sends file to `/upload` endpoint\n   - File is received as multipart form data\n\n2. **Encryption Process**:\n   ```typescript\n   // Convert file to base64\n   const arrayBuffer = await file.arrayBuffer()\n   const base64String = Buffer.from(arrayBuffer).toString('base64')\n\n   // Encrypt using Protect.js\n   const encrypted = await protectClient.encrypt(base64String, {\n     table: uploads,\n     column: uploads.file,\n   })\n\n   if ('failure' in encrypted) {\n     // Handle error\n     return c.json({ error: 'Failed to encrypt file' }, 500)\n   }\n\n   // Create a Blob from the string\n   const blob = new Blob([JSON.stringify(encrypted.data)], {\n     type: 'application/json',\n   })\n\n   // Create a File object from the Blob with the original filename\n   const fileToUpload = new File([blob], `${file.name}.encrypted`, {\n     type: 'application/json',\n   })\n\n   // Upload the file to Supabase Storage\n   const { data, error } = await supabase.storage\n     .from('uploads')\n     .upload(`${file.name}.encrypted`, fileToUpload)\n   ```\n\n3. **Storage**:\n   - Encrypted EQL JSON payload is stored in object storage with `.encrypted` extension\n   - Original file is never stored in its unencrypted form\n\n### File Decryption Flow\n\n1. **File Retrieval**:\n   - Backend retrieves encrypted EQL JSON from storage\n   - JSON is parsed and decrypted using Protect.js\n\n2. **Decryption Process**:\n   ```typescript\n   // Download the encrypted file\n   const { data: downloadedFile, error: downloadError } = \n     await supabase.storage.from('uploads').download(`${file.name}.encrypted`)\n\n   if (!downloadedFile) {\n     return c.json({ error: 'Failed to download file' }, 500)\n   }\n\n   // Parse the downloaded JSON\n   const downloadedText = await downloadedFile.text()\n   const downloadedJson = JSON.parse(downloadedText)\n\n   // Decrypt the EQL JSON\n   const decrypted = await protectClient.decrypt(downloadedJson)\n\n   if ('failure' in decrypted) {\n     return c.json({ error: 'Failed to decrypt file' }, 500)\n   }\n\n   // Convert back to file\n   const buffer = Buffer.from(decrypted.data, 'base64')\n   const reconstructedArrayBuffer = buffer.buffer.slice(\n     buffer.byteOffset,\n     buffer.byteOffset + buffer.byteLength,\n   )\n   ```\n\n## Security Considerations\n\n- Files are encrypted before storage using Protect.js\n- Original files are never stored in their unencrypted form\n- You are leveraging CipherStash's ZeroKMS to encrypt and decrypt the files\n- Files are stored as an EQL JSON payload in object storage which can be passed directly to the CipherStash Protect.js client to decrypt\n\n## Using Different Storage Providers\n\nThis example uses Supabase Storage, but you can adapt it to work with any object storage provider:\n\n1. Replace the Supabase client with your preferred storage client\n2. Update the storage operations to match your provider's API\n3. Keep the Protect.js encryption/decryption logic unchanged\n\n## License\n\nThis project is licensed under the MIT License - see the LICENSE file for details.\n\n## Support\n\nFor support with Protect.js, visit the [Protect.js docs](https://github.com/cipherstash/protectjs).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcipherstash%2Fprotect-example-file-encryption","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcipherstash%2Fprotect-example-file-encryption","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcipherstash%2Fprotect-example-file-encryption/lists"}