{"id":17060181,"url":"https://github.com/jas-/kruptein","last_synced_at":"2025-04-12T18:22:33.451Z","repository":{"id":34305318,"uuid":"176702227","full_name":"jas-/kruptein","owner":"jas-","description":"crypto; from kruptein to hide or conceal","archived":false,"fork":false,"pushed_at":"2024-02-24T15:01:48.000Z","size":431,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-05-02T00:01:00.119Z","etag":null,"topics":["asn1","cipher","ciphertext","crypto","decrypt","decryption","encrypt","encryption","fips-140-2","fips-140-3","hashing","hmac","key-derivation","nist","nist800-53","node","scrypt","symmetric-cryptography","symmetric-encryption","symmetric-key-cryptography"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jas-.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-20T09:45:20.000Z","updated_at":"2024-06-18T18:21:44.114Z","dependencies_parsed_at":"2024-02-24T16:24:38.731Z","dependency_job_id":"4ae58526-c976-45b6-aa4d-13b1b0d8821f","html_url":"https://github.com/jas-/kruptein","commit_stats":{"total_commits":190,"total_committers":6,"mean_commits":"31.666666666666668","dds":"0.21052631578947367","last_synced_commit":"0be24003cabb87de00917c68b13e3d8f1745c720"},"previous_names":[],"tags_count":42,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jas-%2Fkruptein","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jas-%2Fkruptein/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jas-%2Fkruptein/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jas-%2Fkruptein/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jas-","download_url":"https://codeload.github.com/jas-/kruptein/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248610704,"owners_count":21132988,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asn1","cipher","ciphertext","crypto","decrypt","decryption","encrypt","encryption","fips-140-2","fips-140-3","hashing","hmac","key-derivation","nist","nist800-53","node","scrypt","symmetric-cryptography","symmetric-encryption","symmetric-key-cryptography"],"created_at":"2024-10-14T10:36:25.770Z","updated_at":"2025-04-12T18:22:33.419Z","avatar_url":"https://github.com/jas-.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"kruptein\n========\ncrypto (krip-toh); from `kruptein` to hide or conceal.\n\n[![npm](https://img.shields.io/npm/v/kruptein.svg)](https://npmjs.com/package/kruptein)\n![Downloads](https://img.shields.io/npm/dm/kruptein.svg)\n[![Known Vulnerabilities](https://snyk.io/test/github/jas-/kruptein/badge.svg)](https://snyk.io/test/github/jas-/kruptein)\n![Build Status](https://github.com/jas-/kruptein/actions/workflows/node.js.yml/badge.svg)\n\nSandbox\n-------\nTo test the module feel free to use the [sandbox](https://codesandbox.io/p/sandbox/kruptein-test-1z9zgd)\n\nInstall\n-------\nTo install `npm install kruptein`\n\nMethods\n-------\n*   `.set(secret, plaintext, [aad], callback)`\n*   `.get(secret, ciphertext, [{at: auth_tag, aad: aad}], callback)`\n\nOptions\n-------\nIndustry standards are used for the algorithm, hashing algorithm, key \u0026 IV sizes. The default key derivation\nis pbkdf2, however use of the scrypt derivation function can be enabled.\n*   `algorithm`: (Optional) Cipher algorithm from `crypto.getCiphers()`. Default: `aes-256-gcm`.\n*   `hashing`: (Optional) Hash algorithm from `crypto.getHashes()`. Default: `sha384`.\n*   `encodeas`: (Optional) Output encoding. Currently supports `binary`, `hex`, \u0026 `base64`. Default: `base64`.\n*   `key_size`: (Optional) Key size bytes (should match block size of algorithm). Default: `32`\n*   `iv_size`: (Optional) IV size bytes. Default: `16`.\n*   `at_size`: (Optional) Authentication tag size. Applicable to `gcm` \u0026 `ocb` cipher modes. Default: `128`.\n*   `use_scrypt`: (Optional) Use `.scrypt()` to derive a key. Requires node \u003e v10. Default/Fallback: `.pbkdf2()`.\n*   `use_asn1`: (Optional) Disable the default ASN.1 encoding. Default: true\n\nUsage\n-----\nWhen selecting an algorithm from `crypto.getCiphers()` the\n`iv` and `key_size` values are calculated auto-magically to make implementation\neasy.\n\nYou can always define your own if the defaults per algorithm and mode\naren't what you would like; see the `options` section above.\n\nCreate ciphertext from plaintext\n-----------------\nTo create a new ciphertext object. Run [example](https://codesandbox.io/p/devtool/task-log/cldvsajy7000hfqgja6e28q8c?project=1z9zgd) to encrypt plaintext.\n\n```javascript\nconst kruptein = require(\"kruptein\")(opts);\nlet secret = \"squirrel\";\n\nkruptein.set(secret, \"Operation mincemeat was an example of deception\", (err, ct) =\u003e {\n  if (err)\n    throw err;\n\n  console.log(ct);\n});\n```\n\nGet plaintext from ciphertext\n------------------\nTo retrieve plaintext from a ciphertext object. Run [example](https://codesandbox.io/p/devtool/task-log/cldvn1j3f0007fqgjgqzle28o?project=1z9zgd) to decrypt ciphertext.\n\n```javascript\nconst kruptein = require(\"kruptein\")(opts);\nlet ciphertext, secret = \"squirrel\";\n\nkruptein.get(secret, ciphertext, (err, pt) =\u003e {\n  if (err)\n    throw err;\n\n  console.log(pt);\n});\n```\n\nOutput\n------\nThe `.set()` method output depends on three factors; the `encodeas`,\n`algorithm` and `use_asn1`.\n\nFor any algorithm that supports authentication (AEAD), the object\nstructure includes the `Authentication Tag` and the `Additional\nAuthentication Data` attribute and value.\n\nWhen the `use_asn1` option is enabled (default is true), the result is an [ASN.1](https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/)\nvalue using the `encodeas` value. While this is a more complex\nencoding option, it helps standardize \u0026 minimize the resulting\nciphertext output.\n\n\nTest harness\n------------\nThe included test harness, invoked with `npm test`, makes every\nattempt to trap and handle errors. Some of which come from side\nchannel or possible malability of the resultant ciphertext.\n\nThis can be seen within the `test/index.js` CI test harness under\nthe HMAC, AT \u0026 AAD validation test cases.\n\nAn online playgound for experimenting with the module can also be\nfound [here](https://codesandbox.io/p/devtool/task-log/cldvmxl6k0003fqgj0dc2es4x?project=1z9zgd)\n\nCryptography References\n-----------------------\nThis module conforms to industry recommendations regarding algorithm type,\nmode, key size, iv size \u0026 implementation, digests, key derivation \u0026 management\netc. References used provided here:\n\n**RFC:**\n*   [RFC 2104](https://tools.ietf.org/html/rfc2104): HMAC: Keyed-Hashing for Message Authentication\n*   [RFC 4086](https://tools.ietf.org/html/rfc4086): Randomness Requirements for Security\n*   [RFC 5084](https://tools.ietf.org/html/rfc5084): Using AES-CCM and AES-GCM Authenticated Encryption\n*   [RFC 7914](https://tools.ietf.org/html/rfc7914): The scrypt Password-Based Key Derivation Function\n*   [RFC 8018](https://tools.ietf.org/html/rfc8018): Password-Based Cryptography Specification\n*   [X.697](https://www.itu.int/rec/T-REC-X.697-201710-I/en): ASN.1 encoding rules: Specifications of JavaScript Object Notation Encoding Rules (JER)\n\n**NIST:**\n*   [SP 800-38A](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf): Block cipher modes of operation\n*   [SP 800-38B](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf): Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC\n*   [SP 800-57P1](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf): Recommendations for key management\n*   [SP 800-107](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-107r1.pdf): Recommendation for Applications Using Approved Hash Algorithms\n*   [SP 800-108](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-108.pdf): Recommendation for Key Derivation Using Pseudorandom Functions\n*   [SP 800-131A](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf): Transitioning the Use of Cryptographic Algorithms and Key Lengths\n*   [SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf): Recommendation for Password-Based Key Derivation\n*   [SP 800-175B](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-175B.pdf): Guideline for Using Cryptographic Standards in the Federal Government\n\n**FIPS:**\n*   [FIPS 197](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf): Advanced Encryption Standard (AES)\n*   [FIPS 198-1](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.198-1.pdf): The Keyed-Hash Message Authentication Code (HMAC)\n*   [FIPS 180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf): Secure Hash Standard (SHS)\n\nContributing\n------------\nContributions are welcome \u0026 appreciated!\n\nRefer to the [contributing document](https://github.com/jas-/kruptein/blob/master/CONTRIBUTING.md)\nto help facilitate pull requests.\n\nLicense\n-------\nThis software is licensed under the [MIT License](https://github.com/jas-/kruptein/blob/master/LICENSE).\n\nCopyright Jason Gerfen, 2019 to 2024.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjas-%2Fkruptein","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjas-%2Fkruptein","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjas-%2Fkruptein/lists"}