From 6b93f8ce56ede4133e5dbc503cc4e15edf86e78e Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Sat, 16 Apr 2016 21:51:11 +0300 Subject: [PATCH 01/62] FailFish --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f0545af..b1f6b99 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ Basic256.js ========================= -A basic encryption/decription script/API for Node.js users. +A basic encryption/decryption script/API for Node.js users. Based on the work by [Levi Gross](http://www.levigross.com/2014/03/30/how-to-write-an-encrypt-and-decrypt-api-for-data-at-rest-in-nodejs/). Usage From c37fa906469bdf6f955593189607c63018742d3d Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Sat, 18 Jun 2016 00:42:40 +0300 Subject: [PATCH 02/62] Update Basic256.js --- Basic256.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Basic256.js b/Basic256.js index f0db765..37d0dec 100644 --- a/Basic256.js +++ b/Basic256.js @@ -12,8 +12,8 @@ var ALGORITHM, KEY, HMAC_ALGORITHM, HMAC_KEY; ALGORITHM = 'AES-256-CBC'; // CBC because CTR isn't possible with the current version of the Node.JS crypto library HMAC_ALGORITHM = 'SHA256'; -KEY = randomValueHex(32); // This key should be stored in an environment variable -HMAC_KEY = randomValueHex(32); // This key should be stored in an environment variable +KEY = randomValueHex(32); // This key should be stored in somewhere +HMAC_KEY = randomValueHex(32); // This key should be stored in somewhere, again var constant_time_compare = function (val1, val2) { var sentinel; From d7b468ad67222454b1cfaa3c11ff89c6d6cbe6dc Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 17:35:59 +0300 Subject: [PATCH 03/62] Fixed huge problemo #2 --- Basic256.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Basic256.js b/Basic256.js index 37d0dec..1bb0709 100644 --- a/Basic256.js +++ b/Basic256.js @@ -1,6 +1,6 @@ // HELP ME MAKE THIS SHITTY CIPHER API GREAT AGAIN // -crypto = require('crypto'); +let crypto = require('crypto'); function randomValueHex (len) { return crypto.randomBytes(Math.ceil(len/2)) From 0594cdc86e1fc06b782f654da7f24fa765616f34 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 17:39:33 +0300 Subject: [PATCH 04/62] Create DontRunMe.js --- DontRunMe.js | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 DontRunMe.js diff --git a/DontRunMe.js b/DontRunMe.js new file mode 100644 index 0000000..81829f6 --- /dev/null +++ b/DontRunMe.js @@ -0,0 +1,14 @@ +'use strict'; + +let crypto = require('crypto'); + +function randomValueHex (len) { + return crypto.randomBytes(Math.ceil(len/2)) + .toString('hex') // convert to hexadecimal format + .slice(0,len); // return required number of characters +}; + +let a = randomValueHex(32); +let b = randomValueHex(32); +console.log("{\n \"key\": \"" + a + "\",\n \"hmac_key\": \"" + b + "\"\n}"); +setTimeout(function(){process.exit(0);}, 833); From 0ff73deb19d2335118d518ac11b540b6b12dcdc3 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 17:44:39 +0300 Subject: [PATCH 05/62] Update DontRunMe.js --- DontRunMe.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/DontRunMe.js b/DontRunMe.js index 81829f6..29640d8 100644 --- a/DontRunMe.js +++ b/DontRunMe.js @@ -3,9 +3,9 @@ let crypto = require('crypto'); function randomValueHex (len) { - return crypto.randomBytes(Math.ceil(len/2)) - .toString('hex') // convert to hexadecimal format - .slice(0,len); // return required number of characters + return crypto.randomBytes(Math.ceil(len/2)) + .toString('hex') // convert to hexadecimal format + .slice(0,len); // return required number of characters }; let a = randomValueHex(32); From 80058d64a94415ad4a8a1af801d0baa615bbaf62 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 17:49:01 +0300 Subject: [PATCH 06/62] New update coming up --- Basic256.js | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/Basic256.js b/Basic256.js index 1bb0709..c490127 100644 --- a/Basic256.js +++ b/Basic256.js @@ -1,19 +1,14 @@ // HELP ME MAKE THIS SHITTY CIPHER API GREAT AGAIN // let crypto = require('crypto'); - -function randomValueHex (len) { - return crypto.randomBytes(Math.ceil(len/2)) - .toString('hex') // convert to hexadecimal format - .slice(0,len); // return required number of characters -}; - +// 5th line is reserved for the automated script to attach the keys necessary. // +// 5th line is reserved for the automated script to attach the keys necessary. // var ALGORITHM, KEY, HMAC_ALGORITHM, HMAC_KEY; ALGORITHM = 'AES-256-CBC'; // CBC because CTR isn't possible with the current version of the Node.JS crypto library HMAC_ALGORITHM = 'SHA256'; -KEY = randomValueHex(32); // This key should be stored in somewhere -HMAC_KEY = randomValueHex(32); // This key should be stored in somewhere, again +KEY = savedKeys.key; // This key should be stored in somewhere +HMAC_KEY = savedKeys.hmac_key; // This key should be stored in somewhere, again var constant_time_compare = function (val1, val2) { var sentinel; From a600e21715b265036116c628675889c9e0f85174 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 17:52:34 +0300 Subject: [PATCH 07/62] final update --- RunMeFirst.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 RunMeFirst.sh diff --git a/RunMeFirst.sh b/RunMeFirst.sh new file mode 100644 index 0000000..759acf6 --- /dev/null +++ b/RunMeFirst.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +RANDOMfoldername=`cat /dev/urandom | tr -cd 'a-f0-9' | head -c 32` +RANDOMfilename=`cat /dev/urandom | tr -cd 'a-f0-9' | head -c 32` + +echo "Keys will be stored on ./$RANDOMfoldername/$RANDOMfilename.json" + +node DontRunMe.js >> ./$RANDOMfoldername/$RANDOMfilename.json +sed -i "5ilet savedKeys = require(\"./$RANDOMfoldername/$RANDOMfilename.json\");" Basic256.js + +echo "Keys are saved and attached to the Basic256.js file." +exit From 875cc2dc8922fe210e6f67341cc7a518a64d3fb1 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:01:26 +0300 Subject: [PATCH 08/62] Update RunMeFirst.sh --- RunMeFirst.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/RunMeFirst.sh b/RunMeFirst.sh index 759acf6..5b1dc24 100644 --- a/RunMeFirst.sh +++ b/RunMeFirst.sh @@ -5,6 +5,8 @@ RANDOMfilename=`cat /dev/urandom | tr -cd 'a-f0-9' | head -c 32` echo "Keys will be stored on ./$RANDOMfoldername/$RANDOMfilename.json" +mkdir $RANDOMfoldername + node DontRunMe.js >> ./$RANDOMfoldername/$RANDOMfilename.json sed -i "5ilet savedKeys = require(\"./$RANDOMfoldername/$RANDOMfilename.json\");" Basic256.js From d73fe5a9fa45094a5cd77751eeeea2b1a524d40e Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:01:34 +0300 Subject: [PATCH 09/62] Rename RunMeFirst.sh to runMeFirst.sh --- RunMeFirst.sh => runMeFirst.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename RunMeFirst.sh => runMeFirst.sh (100%) diff --git a/RunMeFirst.sh b/runMeFirst.sh similarity index 100% rename from RunMeFirst.sh rename to runMeFirst.sh From 28b09a518ac8cb3a5c364a5af3b5d7e12a6c6aa0 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:06:30 +0300 Subject: [PATCH 10/62] Update runMeFirst.sh --- runMeFirst.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/runMeFirst.sh b/runMeFirst.sh index 5b1dc24..5e75147 100644 --- a/runMeFirst.sh +++ b/runMeFirst.sh @@ -11,4 +11,7 @@ node DontRunMe.js >> ./$RANDOMfoldername/$RANDOMfilename.json sed -i "5ilet savedKeys = require(\"./$RANDOMfoldername/$RANDOMfilename.json\");" Basic256.js echo "Keys are saved and attached to the Basic256.js file." + +rm DontRunMe.js +rm runMeFirst.sh exit From ce72ffd91b006db8de416b10d24bdd19967861a3 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:08:05 +0300 Subject: [PATCH 11/62] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b1f6b99..ac73dce 100644 --- a/README.md +++ b/README.md @@ -2,12 +2,13 @@ Basic256.js ========================= A basic encryption/decryption script/API for Node.js users. + Based on the work by [Levi Gross](http://www.levigross.com/2014/03/30/how-to-write-an-encrypt-and-decrypt-api-for-data-at-rest-in-nodejs/). Usage ----- -Gather Basic256.js, +Gather Basic256.js first, Make your script connected. Example: var crypter = require("./Basic256.js"); From 16d8def54c275d5face437e18a3d373278a4220c Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:09:55 +0300 Subject: [PATCH 12/62] Update README.md --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ac73dce..a17a95e 100644 --- a/README.md +++ b/README.md @@ -8,8 +8,13 @@ Based on the work by [Levi Gross](http://www.levigross.com/2014/03/30/how-to-wri Usage ----- -Gather Basic256.js first, -Make your script connected. Example: +Gather Basic256.js first, copy all files inside to your project folder/direcory. + +And do these: + chmod +x runMeFirst.sh + ./runMeFirst.sh + +Then make your script connected. Example: var crypter = require("./Basic256.js"); From 46ba23be49ddb4aac747ed71f59b804976f9b943 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:10:05 +0300 Subject: [PATCH 13/62] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a17a95e..d13f7f5 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,7 @@ Usage Gather Basic256.js first, copy all files inside to your project folder/direcory. And do these: + chmod +x runMeFirst.sh ./runMeFirst.sh From b5da32148849575558f6613164fe51fa2746ed5f Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:12:34 +0300 Subject: [PATCH 14/62] Update Basic256.js --- Basic256.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Basic256.js b/Basic256.js index c490127..980cfe3 100644 --- a/Basic256.js +++ b/Basic256.js @@ -1,8 +1,8 @@ -// HELP ME MAKE THIS SHITTY CIPHER API GREAT AGAIN // - +/* HELP ME MAKE THIS SHITTY CIPHER API GREAT AGAIN +5th line is reserved for the automated script to attach the keys necessary. */ let crypto = require('crypto'); -// 5th line is reserved for the automated script to attach the keys necessary. // -// 5th line is reserved for the automated script to attach the keys necessary. // + + var ALGORITHM, KEY, HMAC_ALGORITHM, HMAC_KEY; ALGORITHM = 'AES-256-CBC'; // CBC because CTR isn't possible with the current version of the Node.JS crypto library From 7615218f83bb9a640edf9bf050b9cbb7ea929d3e Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:13:15 +0300 Subject: [PATCH 15/62] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d13f7f5..03b8cd7 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Usage Gather Basic256.js first, copy all files inside to your project folder/direcory. -And do these: +And do these **(If you have a Linux enviroment)**: chmod +x runMeFirst.sh ./runMeFirst.sh From bf543e02b8b4a9dc0bfa2930f7957fa2018711f0 Mon Sep 17 00:00:00 2001 From: linuxgemini Date: Fri, 29 Jul 2016 18:16:55 +0300 Subject: [PATCH 16/62] auto-chmod test --- runMeFirst.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 runMeFirst.sh diff --git a/runMeFirst.sh b/runMeFirst.sh old mode 100644 new mode 100755 From a72965867bf3d77aa523f8714e0f5a222d4bd8bd Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:20:41 +0300 Subject: [PATCH 17/62] auto-chmod worked --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 03b8cd7..0a45734 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,6 @@ Gather Basic256.js first, copy all files inside to your project folder/direcory. And do these **(If you have a Linux enviroment)**: - chmod +x runMeFirst.sh ./runMeFirst.sh Then make your script connected. Example: From a57ead57ed592b17d4ea804a962d689161fcb78e Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:22:44 +0300 Subject: [PATCH 18/62] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0a45734..1965614 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Usage Gather Basic256.js first, copy all files inside to your project folder/direcory. -And do these **(If you have a Linux enviroment)**: +And do this **(If you have a Linux enviroment)**: ./runMeFirst.sh From d0c8b83ee7f3a5b9b56597b9eecd78950616fa61 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:23:14 +0300 Subject: [PATCH 19/62] Rename Basic256.js to basic256.js --- Basic256.js => basic256.js | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Basic256.js => basic256.js (100%) diff --git a/Basic256.js b/basic256.js similarity index 100% rename from Basic256.js rename to basic256.js From 9af4a42feb02fd4202f9ea0ac81a46cd77c74401 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:23:39 +0300 Subject: [PATCH 20/62] Update runMeFirst.sh --- runMeFirst.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/runMeFirst.sh b/runMeFirst.sh index 5e75147..65d8a82 100755 --- a/runMeFirst.sh +++ b/runMeFirst.sh @@ -8,9 +8,9 @@ echo "Keys will be stored on ./$RANDOMfoldername/$RANDOMfilename.json" mkdir $RANDOMfoldername node DontRunMe.js >> ./$RANDOMfoldername/$RANDOMfilename.json -sed -i "5ilet savedKeys = require(\"./$RANDOMfoldername/$RANDOMfilename.json\");" Basic256.js +sed -i "5ilet savedKeys = require(\"./$RANDOMfoldername/$RANDOMfilename.json\");" basic256.js -echo "Keys are saved and attached to the Basic256.js file." +echo "Keys are saved and attached to the basic256.js file." rm DontRunMe.js rm runMeFirst.sh From fc201857dd9ac86453f3d7be2ec06fba0338c0cd Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:24:13 +0300 Subject: [PATCH 21/62] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1965614..d6dc410 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -Basic256.js +basic256.js ========================= A basic encryption/decryption script/API for Node.js users. @@ -8,7 +8,7 @@ Based on the work by [Levi Gross](http://www.levigross.com/2014/03/30/how-to-wri Usage ----- -Gather Basic256.js first, copy all files inside to your project folder/direcory. +Gather basic256.js first, copy all files inside to your project folder/direcory. And do this **(If you have a Linux enviroment)**: @@ -16,7 +16,7 @@ And do this **(If you have a Linux enviroment)**: Then make your script connected. Example: - var crypter = require("./Basic256.js"); + var crypter = require("./basic256.js"); var blob = crypter.enc.run("FOO"); // This encrypts the string "FOO". console.log(blob); // This will show the encrypted string. From f7482c12986b7b0d4bcd27fa074694d627f3d338 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:29:15 +0300 Subject: [PATCH 22/62] Update basic256.js --- basic256.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/basic256.js b/basic256.js index 980cfe3..697a631 100644 --- a/basic256.js +++ b/basic256.js @@ -7,8 +7,8 @@ var ALGORITHM, KEY, HMAC_ALGORITHM, HMAC_KEY; ALGORITHM = 'AES-256-CBC'; // CBC because CTR isn't possible with the current version of the Node.JS crypto library HMAC_ALGORITHM = 'SHA256'; -KEY = savedKeys.key; // This key should be stored in somewhere -HMAC_KEY = savedKeys.hmac_key; // This key should be stored in somewhere, again +KEY = savedKeys.key; // Use the automated script. +HMAC_KEY = savedKeys.hmac_key; // Use the automated script. var constant_time_compare = function (val1, val2) { var sentinel; From f2b5fa4b54811f7c450352cfff65df5edc4dbee2 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:31:11 +0300 Subject: [PATCH 23/62] Update basic256.js --- basic256.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basic256.js b/basic256.js index 697a631..04971b8 100644 --- a/basic256.js +++ b/basic256.js @@ -69,7 +69,7 @@ module.exports = { } decryptor = crypto.createDecipheriv(ALGORITHM, KEY, IV); - var decryptedText = decryptor.update(ct, 'hex', 'utf8'); + var decryptedText = decryptor.update(ct, 'hex', 'utf-8'); return decryptedText + decryptor.final('utf-8'); } } From 2ecd9a32c87808a15ab1e28f2b5706a7c68a02b0 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:32:15 +0300 Subject: [PATCH 24/62] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d6dc410..03c6094 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ basic256.js A basic encryption/decryption script/API for Node.js users. -Based on the work by [Levi Gross](http://www.levigross.com/2014/03/30/how-to-write-an-encrypt-and-decrypt-api-for-data-at-rest-in-nodejs/). +*Slightly* modified the work by [Levi Gross](http://www.levigross.com/2014/03/30/how-to-write-an-encrypt-and-decrypt-api-for-data-at-rest-in-nodejs/). Usage ----- From 8fe136836f64755393b1fc4ad2526c0880f79229 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:32:27 +0300 Subject: [PATCH 25/62] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 03c6094..a9c7508 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ basic256.js A basic encryption/decryption script/API for Node.js users. -*Slightly* modified the work by [Levi Gross](http://www.levigross.com/2014/03/30/how-to-write-an-encrypt-and-decrypt-api-for-data-at-rest-in-nodejs/). +*Slightly* modified the work of [Levi Gross](http://www.levigross.com/2014/03/30/how-to-write-an-encrypt-and-decrypt-api-for-data-at-rest-in-nodejs/). Usage ----- From 02c2c95801df0c383a428ce15987adebb076ffc4 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Fri, 29 Jul 2016 18:42:29 +0300 Subject: [PATCH 26/62] Update LICENSE --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 2cf16c0..2ccfd4d 100644 --- a/LICENSE +++ b/LICENSE @@ -175,7 +175,7 @@ END OF TERMS AND CONDITIONS - Copyright 2014 Levi Gross, tandrewnichols + Copyright 2014 Levi Gross Copyright 2016 linuxgemini. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); From ab340a2e45393b99b82177218a8729380c30132f Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Wed, 7 Dec 2016 20:09:05 +0200 Subject: [PATCH 27/62] Redone buffer --- basic256.js | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/basic256.js b/basic256.js index 04971b8..4b162fa 100644 --- a/basic256.js +++ b/basic256.js @@ -30,10 +30,8 @@ module.exports = { "enc": { run : function (plain_text) { - var IV = new Buffer(randomValueHex(16)); // ensure that the IV (initialization vector) is random - var cipher_text; - var hmac; - var encryptor; + var IV = Buffer.from(randomValueHex(16)); // ensure that the IV (initialization vector) is random + var encryptor, cipher_text, hmac; encryptor = crypto.createCipheriv(ALGORITHM, KEY, IV); encryptor.setEncoding('hex'); @@ -55,9 +53,9 @@ module.exports = { run : function (cipher_text) { var cipher_blob = cipher_text.split("$"); var ct = cipher_blob[0]; - var IV = new Buffer(cipher_blob[1], 'hex'); + var IV = Buffer.from(cipher_blob[1], 'hex'); var hmac = cipher_blob[2]; - var decryptor; + var chmac, decryptor; chmac = crypto.createHmac(HMAC_ALGORITHM, HMAC_KEY); chmac.update(ct); @@ -69,7 +67,7 @@ module.exports = { } decryptor = crypto.createDecipheriv(ALGORITHM, KEY, IV); - var decryptedText = decryptor.update(ct, 'hex', 'utf-8'); + var decryptedText = decryptor.update(ct, 'hex', 'utf8'); return decryptedText + decryptor.final('utf-8'); } } From 377ddf41150f72aa5644c50471ea5c7ca1ed4d13 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Wed, 7 Dec 2016 20:11:22 +0200 Subject: [PATCH 28/62] Little typo fix --- basic256.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basic256.js b/basic256.js index 4b162fa..6cf2c40 100644 --- a/basic256.js +++ b/basic256.js @@ -67,7 +67,7 @@ module.exports = { } decryptor = crypto.createDecipheriv(ALGORITHM, KEY, IV); - var decryptedText = decryptor.update(ct, 'hex', 'utf8'); + var decryptedText = decryptor.update(ct, 'hex', 'utf-8'); return decryptedText + decryptor.final('utf-8'); } } From e0635029bc049b87c8c5ada1bfdedabf8d2899b3 Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Thu, 8 Dec 2016 22:45:34 +0200 Subject: [PATCH 29/62] Forgot to add the HexRand --- basic256.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/basic256.js b/basic256.js index 6cf2c40..5fba79b 100644 --- a/basic256.js +++ b/basic256.js @@ -10,6 +10,12 @@ HMAC_ALGORITHM = 'SHA256'; KEY = savedKeys.key; // Use the automated script. HMAC_KEY = savedKeys.hmac_key; // Use the automated script. +function randomValueHex (len) { + return crypto.randomBytes(Math.ceil(len/2)) + .toString('hex') // convert to hexadecimal format + .slice(0,len); // return required number of characters +}; + var constant_time_compare = function (val1, val2) { var sentinel; From fd65b324c963172950619e19dd9fb726e07efa1d Mon Sep 17 00:00:00 2001 From: Ilteris EROGLU Date: Sun, 23 Apr 2017 19:15:20 +0300 Subject: [PATCH 30/62] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a9c7508..6868efe 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ basic256.js ========================= -A basic encryption/decryption script/API for Node.js users. +A basic encryption/decryption script/API for resting data for Node.js users. *Slightly* modified the work of [Levi Gross](http://www.levigross.com/2014/03/30/how-to-write-an-encrypt-and-decrypt-api-for-data-at-rest-in-nodejs/). From 35624be4441ad5789d66b1de29a9908e29a2e19f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 21 Jun 2017 01:38:20 +0300 Subject: [PATCH 31/62] Rename runMeFirst.sh to runMeFirst.bash --- runMeFirst.sh => runMeFirst.bash | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename runMeFirst.sh => runMeFirst.bash (100%) diff --git a/runMeFirst.sh b/runMeFirst.bash similarity index 100% rename from runMeFirst.sh rename to runMeFirst.bash From 1cdb0732c9a27c55510c49247b4aadd2b426c413 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 21 Jun 2017 01:38:37 +0300 Subject: [PATCH 32/62] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6868efe..de500b9 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Gather basic256.js first, copy all files inside to your project folder/direcory. And do this **(If you have a Linux enviroment)**: - ./runMeFirst.sh + ./runMeFirst.bash Then make your script connected. Example: From a1c89fecaabab373bc81ec60fc784a59fa10b4ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 21 Jun 2017 03:13:31 +0300 Subject: [PATCH 33/62] Create package.json --- package.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 package.json diff --git a/package.json b/package.json new file mode 100644 index 0000000..2395020 --- /dev/null +++ b/package.json @@ -0,0 +1,18 @@ +{ + "name": "basic256.js", + "version": "0.0.1", + "description": "A basic encryption/decryption script/API for resting data for Node.js users.", + "readme": "README.md", + "maintainers": [ + "linuxgemini (ilteris@asenkron.com.tr)" + ], + "author": "linuxgemini", + "repository": { + "type": "git", + "url": "git+https://github.com/linuxgemini/basic256.js.git" + }, + "license": "Apache-2", + "scripts": { + "test": "test.bash", + } +} From c9a44571956ef8830b234f49ce702c39cc0a3f7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 21 Jun 2017 03:13:59 +0300 Subject: [PATCH 34/62] Update package.json --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 2395020..b63bda9 100644 --- a/package.json +++ b/package.json @@ -13,6 +13,6 @@ }, "license": "Apache-2", "scripts": { - "test": "test.bash", + "test": "test.js", } } From 3be42cedcbae3c18a878317f6a450758732f2e2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 21 Jun 2017 03:24:39 +0300 Subject: [PATCH 35/62] Create .travis.yml --- .travis.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..9146392 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,14 @@ +language: node_js +sudo: enabled +dist: trusty +node_js: + - "node" + - "7" + - "6" + - "5" + - "4" +install: + - chmod +x ./runMeFirst.bash + - ./runMeFirst.bash +script: + - npm test From ac370dd67c69975c4b22852af46bce12718d442e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 21 Jun 2017 03:37:41 +0300 Subject: [PATCH 36/62] Create test.js --- test.js | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 test.js diff --git a/test.js b/test.js new file mode 100644 index 0000000..0e51652 --- /dev/null +++ b/test.js @@ -0,0 +1,17 @@ +'use strict'; + +var m = require("./basic256"); + +console.log("Encrypting string \"foo\"..."); +var encStr = m.enc.run("foo"); +console.log("\nDecrypting the string below...\n" + encStr); +var decStr = m.dec.run(encStr); +console.log("\n\nResult: " + decStr); + +if (decStr === "foo") { + console.log("\nSUCCESS!"); + setTimeout(function(){process.exit(0);},853); +} else { + console.error("\nFAILURE!"); + setTimeout(function(){process.exit(1);},853); +} From 7454376dc4b8f27b41c2ca1278d31ba98aa2f608 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 21 Jun 2017 03:39:58 +0300 Subject: [PATCH 37/62] Update package.json --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index b63bda9..5ae4ad1 100644 --- a/package.json +++ b/package.json @@ -13,6 +13,6 @@ }, "license": "Apache-2", "scripts": { - "test": "test.js", + "test": "node test.js" } } From aa9e4d591038a4ef310016a6b6eb1e62fd5c1061 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 21 Jun 2017 03:41:56 +0300 Subject: [PATCH 38/62] Update runMeFirst.bash --- runMeFirst.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runMeFirst.bash b/runMeFirst.bash index 65d8a82..9d36611 100755 --- a/runMeFirst.bash +++ b/runMeFirst.bash @@ -13,5 +13,5 @@ sed -i "5ilet savedKeys = require(\"./$RANDOMfoldername/$RANDOMfilename.json\"); echo "Keys are saved and attached to the basic256.js file." rm DontRunMe.js -rm runMeFirst.sh +rm runMeFirst.bash exit From 47c4a761d328df9e70b4d4a31bae485b426d21e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 21 Jun 2017 03:46:02 +0300 Subject: [PATCH 39/62] Update basic256.js --- basic256.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/basic256.js b/basic256.js index 5fba79b..cd2d66d 100644 --- a/basic256.js +++ b/basic256.js @@ -1,5 +1,5 @@ -/* HELP ME MAKE THIS SHITTY CIPHER API GREAT AGAIN -5th line is reserved for the automated script to attach the keys necessary. */ +'use strict'; +/* 5th line is reserved for the automated script to attach the keys necessary. */ let crypto = require('crypto'); From db90262bea78be6350a5b1abb5b2aa1c2b9dcceb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 21 Jun 2017 03:49:37 +0300 Subject: [PATCH 40/62] Update .travis.yml --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 9146392..cc9c4b2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ language: node_js sudo: enabled -dist: trusty +group: edge node_js: - "node" - "7" From cc2c5fa6a6d4a13da7b1bfa65fc2a858f267e64a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 21 Jun 2017 03:55:33 +0300 Subject: [PATCH 41/62] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index de500b9..a3d2581 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ basic256.js ========================= +[![Build Status](https://travis-ci.org/linuxgemini/basic256.js.svg?branch=master)](https://travis-ci.org/linuxgemini/basic256.js) + A basic encryption/decryption script/API for resting data for Node.js users. *Slightly* modified the work of [Levi Gross](http://www.levigross.com/2014/03/30/how-to-write-an-encrypt-and-decrypt-api-for-data-at-rest-in-nodejs/). From 9e3a8055cb2c2d3d4e989381a44d105c285f1bf5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Thu, 29 Jun 2017 23:14:52 +0300 Subject: [PATCH 42/62] removed one install command the exec flag is on the file already. --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index cc9c4b2..ca92b9f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,7 +8,6 @@ node_js: - "5" - "4" install: - - chmod +x ./runMeFirst.bash - ./runMeFirst.bash script: - npm test From dfed983901263d7cc85aa92488a61041a5847802 Mon Sep 17 00:00:00 2001 From: linuxgemini Date: Tue, 4 Jul 2017 02:03:57 +0300 Subject: [PATCH 43/62] Updated behavior of the install system. --- .travis.yml | 2 +- DontRunMe.js | 24 +++++++++++++++++++----- basic256.js | 13 ++++++++++++- package.json | 5 +++-- runMeFirst.bash | 17 ----------------- 5 files changed, 35 insertions(+), 26 deletions(-) delete mode 100755 runMeFirst.bash diff --git a/.travis.yml b/.travis.yml index ca92b9f..34a663e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,6 +8,6 @@ node_js: - "5" - "4" install: - - ./runMeFirst.bash + - npm install script: - npm test diff --git a/DontRunMe.js b/DontRunMe.js index 29640d8..8eaf6f2 100644 --- a/DontRunMe.js +++ b/DontRunMe.js @@ -1,6 +1,7 @@ 'use strict'; -let crypto = require('crypto'); +let crypto = require('crypto'); // define crypto +let fs = require('fs'); // define filesys function randomValueHex (len) { return crypto.randomBytes(Math.ceil(len/2)) @@ -8,7 +9,20 @@ function randomValueHex (len) { .slice(0,len); // return required number of characters }; -let a = randomValueHex(32); -let b = randomValueHex(32); -console.log("{\n \"key\": \"" + a + "\",\n \"hmac_key\": \"" + b + "\"\n}"); -setTimeout(function(){process.exit(0);}, 833); +if (fs.existsSync("./config.js")) { + return setTimeout(function(){ + process.exit(0); // exit script if config already exists + }, 833); +} + +let key = randomValueHex(32); // create random hex val for enc key +let hmac = randomValueHex(32); // create random hex val for hmac key +let randFold = "./" + randomValueHex(32) + "/"; // create random hex val with filesys encoding for folder +let randFile = randomValueHex(32) + ".json"; // create random hex val with .json ending for file +let resSysop = randFold + randFile; // merge foldername and filename + +fs.mkdirSync(randFold); // create folder +fs.appendFileSync(resSysop, "{\n \"key\": \"" + key + "\",\n \"hmac_key\": \"" + hmac + "\"\n}\n"); // create file with keys necessary +fs.appendFileSync("./config.js", "\'use strict\';\n\nvar k = require(\"" + resSysop + "\");\n\nmodule.exports = {\n k\n};\n\n"); // generate config file with necessary info + +setTimeout(function(){process.exit(0);}, 2000); // exit script diff --git a/basic256.js b/basic256.js index cd2d66d..0527476 100644 --- a/basic256.js +++ b/basic256.js @@ -1,7 +1,18 @@ 'use strict'; -/* 5th line is reserved for the automated script to attach the keys necessary. */ + let crypto = require('crypto'); +function UserException(message) { + this.message = message; + this.name = 'UserException'; +} + + +try { + var savedKeys = require("./config.js").k; +} catch (e) { + throw new UserException('No Configuration Exists'); +} var ALGORITHM, KEY, HMAC_ALGORITHM, HMAC_KEY; diff --git a/package.json b/package.json index 5ae4ad1..1d8d8e7 100644 --- a/package.json +++ b/package.json @@ -11,8 +11,9 @@ "type": "git", "url": "git+https://github.com/linuxgemini/basic256.js.git" }, - "license": "Apache-2", + "license": "Apache-2.0", "scripts": { - "test": "node test.js" + "install": "node ./DontRunMe.js; rm -rf ./node_modules/", + "test": "node ./test.js" } } diff --git a/runMeFirst.bash b/runMeFirst.bash deleted file mode 100755 index 9d36611..0000000 --- a/runMeFirst.bash +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -RANDOMfoldername=`cat /dev/urandom | tr -cd 'a-f0-9' | head -c 32` -RANDOMfilename=`cat /dev/urandom | tr -cd 'a-f0-9' | head -c 32` - -echo "Keys will be stored on ./$RANDOMfoldername/$RANDOMfilename.json" - -mkdir $RANDOMfoldername - -node DontRunMe.js >> ./$RANDOMfoldername/$RANDOMfilename.json -sed -i "5ilet savedKeys = require(\"./$RANDOMfoldername/$RANDOMfilename.json\");" basic256.js - -echo "Keys are saved and attached to the basic256.js file." - -rm DontRunMe.js -rm runMeFirst.bash -exit From cf392f668ed10415135460f2699b127cece196bb Mon Sep 17 00:00:00 2001 From: linuxgemini Date: Tue, 4 Jul 2017 02:08:42 +0300 Subject: [PATCH 44/62] Initial removal of debug code --- basic256.js | 1 - package.json | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/basic256.js b/basic256.js index 0527476..304b2f4 100644 --- a/basic256.js +++ b/basic256.js @@ -7,7 +7,6 @@ function UserException(message) { this.name = 'UserException'; } - try { var savedKeys = require("./config.js").k; } catch (e) { diff --git a/package.json b/package.json index 1d8d8e7..12c0918 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,7 @@ }, "license": "Apache-2.0", "scripts": { - "install": "node ./DontRunMe.js; rm -rf ./node_modules/", + "install": "node ./DontRunMe.js", "test": "node ./test.js" } } From 7293ee3ed1a7992c24f12f7fc1107d64fa607e96 Mon Sep 17 00:00:00 2001 From: linuxgemini Date: Tue, 4 Jul 2017 02:13:03 +0300 Subject: [PATCH 45/62] Special change to readme file --- README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a3d2581..9a046bc 100644 --- a/README.md +++ b/README.md @@ -7,14 +7,18 @@ A basic encryption/decryption script/API for resting data for Node.js users. *Slightly* modified the work of [Levi Gross](http://www.levigross.com/2014/03/30/how-to-write-an-encrypt-and-decrypt-api-for-data-at-rest-in-nodejs/). -Usage +Usage without downloading from NPM ----- Gather basic256.js first, copy all files inside to your project folder/direcory. -And do this **(If you have a Linux enviroment)**: +And do this on your terminalif you are not root: - ./runMeFirst.bash + npm install + +If you are running as root, do this: + + npm install --unsafe-perm Then make your script connected. Example: From e27346e856903759f4ba5d4a8e8e53e8f63db6d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Tue, 4 Jul 2017 02:19:46 +0300 Subject: [PATCH 46/62] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9a046bc..a0c90a3 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ And do this on your terminalif you are not root: If you are running as root, do this: - npm install --unsafe-perm + npm install --unsafe-perm Then make your script connected. Example: From 0573f7bea87e00917cc2e4a566dea82e58650c6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Tue, 4 Jul 2017 02:19:57 +0300 Subject: [PATCH 47/62] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a0c90a3..c39df8c 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ And do this on your terminalif you are not root: If you are running as root, do this: - npm install --unsafe-perm + npm install --unsafe-perm Then make your script connected. Example: From 72d763369f651f59fe5c53f768c47936df55ba72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Tue, 4 Jul 2017 02:46:09 +0300 Subject: [PATCH 48/62] little typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c39df8c..23afd9c 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Usage without downloading from NPM Gather basic256.js first, copy all files inside to your project folder/direcory. -And do this on your terminalif you are not root: +And do this on your terminal if you are not root: npm install From f2144406c0dccf6482bf821b22b1ce3bd3d01dc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 23 Aug 2017 02:25:50 +0300 Subject: [PATCH 49/62] Update basic256.js --- basic256.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basic256.js b/basic256.js index 304b2f4..da5e0e0 100644 --- a/basic256.js +++ b/basic256.js @@ -78,7 +78,7 @@ module.exports = { chmac.update(IV.toString('hex')); if (!constant_time_compare(chmac.digest('hex'), hmac)) { - console.log("Encrypted Blob has been tampered with..."); + throw new Error("Encrypted Blob has been tampered with..."); return null; } From f83c9fe2545518076b6254fe85d3ba7e5796625f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 23 Aug 2017 03:35:03 +0300 Subject: [PATCH 50/62] Update basic256.js --- basic256.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basic256.js b/basic256.js index da5e0e0..b5b3af7 100644 --- a/basic256.js +++ b/basic256.js @@ -78,7 +78,7 @@ module.exports = { chmac.update(IV.toString('hex')); if (!constant_time_compare(chmac.digest('hex'), hmac)) { - throw new Error("Encrypted Blob has been tampered with..."); + Promise.reject("Encrypted Blob has been tampered with..."); return null; } From 8419ea74a50cf338723dff2e34b99c384e3acafc Mon Sep 17 00:00:00 2001 From: linuxgemini Date: Wed, 23 Aug 2017 03:38:17 +0300 Subject: [PATCH 51/62] test in progress --- README.md | 4 +-- basic256.js | 76 ++++++++++++++++++++++++---------------------------- package.json | 3 ++- test.js | 10 +++---- 4 files changed, 44 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index 23afd9c..09b2190 100644 --- a/README.md +++ b/README.md @@ -24,8 +24,8 @@ Then make your script connected. Example: var crypter = require("./basic256.js"); - var blob = crypter.enc.run("FOO"); // This encrypts the string "FOO". + var blob = crypter.encrypt("FOO").catch(console.error); // This encrypts the string "FOO". console.log(blob); // This will show the encrypted string. - var unblob = crypter.dec.run(blob); // This decrypts the encrypted string. + var unblob = crypter.decrypt(blob).catch(console.error); // This decrypts the encrypted string. console.log(unblob); // This will show the decrypted string. (Which in this case, it is "FOO") diff --git a/basic256.js b/basic256.js index b5b3af7..2618007 100644 --- a/basic256.js +++ b/basic256.js @@ -2,15 +2,10 @@ let crypto = require('crypto'); -function UserException(message) { - this.message = message; - this.name = 'UserException'; -} - try { var savedKeys = require("./config.js").k; } catch (e) { - throw new UserException('No Configuration Exists'); + Promise.reject('No Configuration Exists!'); } var ALGORITHM, KEY, HMAC_ALGORITHM, HMAC_KEY; @@ -43,48 +38,47 @@ var constant_time_compare = function (val1, val2) { module.exports = { - "enc": { - run : function (plain_text) { + "encrypt": function (plain_text) { + if (!plain_text || typeof(plain_text) !== "string") Promise.reject("Plain text not found."); - var IV = Buffer.from(randomValueHex(16)); // ensure that the IV (initialization vector) is random - var encryptor, cipher_text, hmac; + var IV = Buffer.from(randomValueHex(16)); // ensure that the IV (initialization vector) is random + var encryptor, cipher_text, hmac; - encryptor = crypto.createCipheriv(ALGORITHM, KEY, IV); - encryptor.setEncoding('hex'); - encryptor.write(plain_text); - encryptor.end(); + encryptor = crypto.createCipheriv(ALGORITHM, KEY, IV); + encryptor.setEncoding('hex'); + encryptor.write(plain_text); + encryptor.end(); - cipher_text = encryptor.read(); + cipher_text = encryptor.read(); - hmac = crypto.createHmac(HMAC_ALGORITHM, HMAC_KEY); - hmac.update(cipher_text); - hmac.update(IV.toString('hex')); // ensure that both the IV and the cipher-text is protected by the HMAC + hmac = crypto.createHmac(HMAC_ALGORITHM, HMAC_KEY); + hmac.update(cipher_text); + hmac.update(IV.toString('hex')); // ensure that both the IV and the cipher-text is protected by the HMAC - // The IV isn't a secret so it can be stored along side everything else - return cipher_text + "$" + IV.toString('hex') + "$" + hmac.digest('hex') - } + // The IV isn't a secret so it can be stored along side everything else + return cipher_text + "$" + IV.toString('hex') + "$" + hmac.digest('hex') }, - "dec": { - run : function (cipher_text) { - var cipher_blob = cipher_text.split("$"); - var ct = cipher_blob[0]; - var IV = Buffer.from(cipher_blob[1], 'hex'); - var hmac = cipher_blob[2]; - var chmac, decryptor; - - chmac = crypto.createHmac(HMAC_ALGORITHM, HMAC_KEY); - chmac.update(ct); - chmac.update(IV.toString('hex')); - - if (!constant_time_compare(chmac.digest('hex'), hmac)) { - Promise.reject("Encrypted Blob has been tampered with..."); - return null; - } - - decryptor = crypto.createDecipheriv(ALGORITHM, KEY, IV); - var decryptedText = decryptor.update(ct, 'hex', 'utf-8'); - return decryptedText + decryptor.final('utf-8'); + "decrypt": function (cipher_text) { + if (!cipher_text || typeof(cipher_text) !== "string" || !cipher_text.match("$")) Promise.reject("A valid cipher text not found."); + + var cipher_blob = cipher_text.split("$"); + var ct = cipher_blob[0]; + var IV = Buffer.from(cipher_blob[1], 'hex'); + var hmac = cipher_blob[2]; + var chmac, decryptor; + + chmac = crypto.createHmac(HMAC_ALGORITHM, HMAC_KEY); + chmac.update(ct); + chmac.update(IV.toString('hex')); + + if (!constant_time_compare(chmac.digest('hex'), hmac)) { + Promise.reject("Encrypted Blob has been tampered with."); } + + decryptor = crypto.createDecipheriv(ALGORITHM, KEY, IV); + var decryptedText = decryptor.update(ct, 'hex', 'utf-8'); + return decryptedText + decryptor.final('utf-8'); } + } diff --git a/package.json b/package.json index 12c0918..bd03e84 100644 --- a/package.json +++ b/package.json @@ -15,5 +15,6 @@ "scripts": { "install": "node ./DontRunMe.js", "test": "node ./test.js" - } + }, + "main": "./basic256" } diff --git a/test.js b/test.js index 0e51652..362b381 100644 --- a/test.js +++ b/test.js @@ -3,15 +3,15 @@ var m = require("./basic256"); console.log("Encrypting string \"foo\"..."); -var encStr = m.enc.run("foo"); +var encStr = m.encrypt("foo"); console.log("\nDecrypting the string below...\n" + encStr); -var decStr = m.dec.run(encStr); -console.log("\n\nResult: " + decStr); +var decStr = m.decrypt(encStr); +console.log("\nResult: " + decStr); if (decStr === "foo") { console.log("\nSUCCESS!"); - setTimeout(function(){process.exit(0);},853); + setTimeout(() => {process.exit(0);},853); } else { console.error("\nFAILURE!"); - setTimeout(function(){process.exit(1);},853); + setTimeout(() => {process.exit(1);},853); } From 1eb24a5b6f2d860689bd718a92fac8d2be4f597f Mon Sep 17 00:00:00 2001 From: linuxgemini Date: Wed, 23 Aug 2017 03:40:53 +0300 Subject: [PATCH 52/62] fix in promise rejection --- basic256.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/basic256.js b/basic256.js index 2618007..9c7eb2f 100644 --- a/basic256.js +++ b/basic256.js @@ -5,7 +5,7 @@ let crypto = require('crypto'); try { var savedKeys = require("./config.js").k; } catch (e) { - Promise.reject('No Configuration Exists!'); + return Promise.reject('No Configuration Exists!'); } var ALGORITHM, KEY, HMAC_ALGORITHM, HMAC_KEY; @@ -39,7 +39,7 @@ var constant_time_compare = function (val1, val2) { module.exports = { "encrypt": function (plain_text) { - if (!plain_text || typeof(plain_text) !== "string") Promise.reject("Plain text not found."); + if (!plain_text || typeof(plain_text) !== "string") return Promise.reject("Plain text not found."); var IV = Buffer.from(randomValueHex(16)); // ensure that the IV (initialization vector) is random var encryptor, cipher_text, hmac; @@ -60,7 +60,7 @@ module.exports = { }, "decrypt": function (cipher_text) { - if (!cipher_text || typeof(cipher_text) !== "string" || !cipher_text.match("$")) Promise.reject("A valid cipher text not found."); + if (!cipher_text || typeof(cipher_text) !== "string" || !cipher_text.match("$")) return Promise.reject("A valid cipher text not found."); var cipher_blob = cipher_text.split("$"); var ct = cipher_blob[0]; @@ -73,7 +73,7 @@ module.exports = { chmac.update(IV.toString('hex')); if (!constant_time_compare(chmac.digest('hex'), hmac)) { - Promise.reject("Encrypted Blob has been tampered with."); + return Promise.reject("Encrypted Blob has been tampered with."); } decryptor = crypto.createDecipheriv(ALGORITHM, KEY, IV); From cfb9bb40ef1c8c11501ec172427eba57f10c1c5c Mon Sep 17 00:00:00 2001 From: linuxgemini Date: Wed, 23 Aug 2017 03:45:43 +0300 Subject: [PATCH 53/62] fixes and stuff --- basic256.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/basic256.js b/basic256.js index 9c7eb2f..ebc950c 100644 --- a/basic256.js +++ b/basic256.js @@ -39,7 +39,7 @@ var constant_time_compare = function (val1, val2) { module.exports = { "encrypt": function (plain_text) { - if (!plain_text || typeof(plain_text) !== "string") return Promise.reject("Plain text not found."); + if (!plain_text || typeof(plain_text) !== "string") return Promise.reject("Plain text was not found."); var IV = Buffer.from(randomValueHex(16)); // ensure that the IV (initialization vector) is random var encryptor, cipher_text, hmac; @@ -60,7 +60,7 @@ module.exports = { }, "decrypt": function (cipher_text) { - if (!cipher_text || typeof(cipher_text) !== "string" || !cipher_text.match("$")) return Promise.reject("A valid cipher text not found."); + if (!cipher_text || typeof(cipher_text) !== "string" || !cipher_text.match(/\$/g)) return Promise.reject("A valid cipher text was not found."); var cipher_blob = cipher_text.split("$"); var ct = cipher_blob[0]; From 8e52a7d7b42e9ef1a8ac6f7baefa1cfd3a1539aa Mon Sep 17 00:00:00 2001 From: linuxgemini Date: Wed, 23 Aug 2017 04:01:25 +0300 Subject: [PATCH 54/62] new rel --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index bd03e84..ea7f5bf 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "basic256.js", - "version": "0.0.1", + "version": "1.0.0", "description": "A basic encryption/decryption script/API for resting data for Node.js users.", "readme": "README.md", "maintainers": [ From 81bc2e51b263a14bf75bf7b721ddd890a5449bb9 Mon Sep 17 00:00:00 2001 From: linuxgemini Date: Wed, 23 Aug 2017 04:13:06 +0300 Subject: [PATCH 55/62] fixes --- README.md | 42 +++++++++++++++++++++++++++++++++--------- package.json | 6 +++--- 2 files changed, 36 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 09b2190..5b4969c 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,30 @@ A basic encryption/decryption script/API for resting data for Node.js users. *Slightly* modified the work of [Levi Gross](http://www.levigross.com/2014/03/30/how-to-write-an-encrypt-and-decrypt-api-for-data-at-rest-in-nodejs/). +Usage with downloading from NPM +----- + +Open a terminal in your project folder and make sure that you have a package.json file. + +And do this on your terminal if you are not root: + + npm install --save basic256.js + +If you are running as root, do this: + + npm install --unsafe-perm --save basic256.js + +Then make your script connected. Example: + + var crypter = require("basic256.js"); + + var blob = crypter.encrypt("FOO").catch(console.error); // This encrypts the string "FOO". + console.log(blob); // This will show the encrypted string. + + var unblob = crypter.decrypt(blob).catch(console.error); // This decrypts the encrypted string. + console.log(unblob); // This will show the decrypted string. (Which in this case, it is "FOO") + + Usage without downloading from NPM ----- @@ -14,18 +38,18 @@ Gather basic256.js first, copy all files inside to your project folder/direcory. And do this on your terminal if you are not root: - npm install + npm install If you are running as root, do this: - npm install --unsafe-perm + npm install --unsafe-perm Then make your script connected. Example: - var crypter = require("./basic256.js"); - - var blob = crypter.encrypt("FOO").catch(console.error); // This encrypts the string "FOO". - console.log(blob); // This will show the encrypted string. - - var unblob = crypter.decrypt(blob).catch(console.error); // This decrypts the encrypted string. - console.log(unblob); // This will show the decrypted string. (Which in this case, it is "FOO") + var crypter = require("./basic256.js"); + + var blob = crypter.encrypt("FOO").catch(console.error); // This encrypts the string "FOO". + console.log(blob); // This will show the encrypted string. + + var unblob = crypter.decrypt(blob).catch(console.error); // This decrypts the encrypted string. + console.log(unblob); // This will show the decrypted string. (Which in this case, it is "FOO") diff --git a/package.json b/package.json index ea7f5bf..1e66674 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "basic256.js", - "version": "1.0.0", + "version": "1.0.1", "description": "A basic encryption/decryption script/API for resting data for Node.js users.", "readme": "README.md", "maintainers": [ @@ -13,8 +13,8 @@ }, "license": "Apache-2.0", "scripts": { - "install": "node ./DontRunMe.js", - "test": "node ./test.js" + "install": "node DontRunMe.js", + "test": "node test.js" }, "main": "./basic256" } From 2f3ca6ea072dc9cab8ee01e826552f5c46dd0fc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Sat, 3 Mar 2018 16:47:42 +0300 Subject: [PATCH 56/62] Rewrite Update... * Rewritten key generation script * Rewritten class * Cleaned up code * Cleaned up readme --- .eslintrc.json | 38 +++++++++++++++ .gitignore | 2 + .travis.yml | 5 +- DontRunMe.js | 70 +++++++++++++++++++-------- LICENSE | 2 +- README.md | 52 ++++++++------------ basic256.js | 121 +++++++++++++++++++++++++--------------------- package-lock.json | 13 +++++ package.json | 5 +- test.js | 69 ++++++++++++++++++++------ 10 files changed, 249 insertions(+), 128 deletions(-) create mode 100644 .eslintrc.json create mode 100644 .gitignore create mode 100644 package-lock.json diff --git a/.eslintrc.json b/.eslintrc.json new file mode 100644 index 0000000..30cb1a0 --- /dev/null +++ b/.eslintrc.json @@ -0,0 +1,38 @@ +{ + "env": { + "es6": true, + "node": true + }, + "extends": "eslint:recommended", + "parserOptions": { + "ecmaVersion": 2017, + "sourceType": "module", + "impliedStrict": true, + "ecmaFeatures": { + "experimentalObjectRestSpread": true + } + }, + "rules": { + "indent": [ + "error", + 4, + { + "SwitchCase": 1 + } + ], + "linebreak-style": [ + "error", + "unix" + ], + "quotes": [ + "error", + "double" + ], + "semi": [ + "error", + "always" + ], + "no-console": 0, + "no-unused-vars": "warn" + } +} \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8fb1670 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +node_modules +.basic256rc.js diff --git a/.travis.yml b/.travis.yml index 34a663e..ffdc18a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,10 +3,7 @@ sudo: enabled group: edge node_js: - "node" - - "7" - - "6" - - "5" - - "4" + - "8" install: - npm install script: diff --git a/DontRunMe.js b/DontRunMe.js index 8eaf6f2..89f3b9e 100644 --- a/DontRunMe.js +++ b/DontRunMe.js @@ -1,28 +1,60 @@ -'use strict'; +"use strict"; -let crypto = require('crypto'); // define crypto -let fs = require('fs'); // define filesys +const detectNewline = require("detect-newline"); +const crypto = require("crypto"); // define crypto +const fs = require("fs"); // define filesys +let projectRoot = require("path").dirname(require.main.filename); +let fetchedKey, fetchedHMAC, convertedConfig = false; -function randomValueHex (len) { +const exit = (msg) => { + console.log(msg); + return setTimeout(() => { + process.exit(0); + }, 2000); +}; + +const randomValueHex = (len) => { return crypto.randomBytes(Math.ceil(len/2)) - .toString('hex') // convert to hexadecimal format + .toString("hex") // convert to hexadecimal format .slice(0,len); // return required number of characters }; -if (fs.existsSync("./config.js")) { - return setTimeout(function(){ - process.exit(0); // exit script if config already exists - }, 833); -} +const main = () => { + if (fs.existsSync(`${projectRoot}/.gitignore`)) { + var file = fs.readFileSync(`${projectRoot}/.gitignore`).toString(); + var newlineChar = detectNewline(file); + if (!file.includes(".basic256rc.js")) fs.appendFileSync(`${projectRoot}/.gitignore`, `${newlineChar}.basic256rc.js${newlineChar}`); + } + + if (fs.existsSync(`${projectRoot}/.basic256rc.js`)) { + return exit("\n.basic256rc.js already exists, stopping setup.\n"); + } + + if (fs.existsSync("./config.js")) { + try { + var c = require("./config.js").k; + if (c.key) fetchedKey = c.key; + if (c.hmac_key) fetchedHMAC = c.hmac_key; + convertedConfig = true; + } catch (e) { + fetchedKey = null, + fetchedHMAC = null; + console.warn(`\nThere is an old config.js file in package.\nHowever, reading of the keys have failed:\n\n${e.stack}\n`); + } + } -let key = randomValueHex(32); // create random hex val for enc key -let hmac = randomValueHex(32); // create random hex val for hmac key -let randFold = "./" + randomValueHex(32) + "/"; // create random hex val with filesys encoding for folder -let randFile = randomValueHex(32) + ".json"; // create random hex val with .json ending for file -let resSysop = randFold + randFile; // merge foldername and filename + const enduserconfig = { + key: fetchedKey || randomValueHex(32), // create random hex val for enc key + hmac_key: fetchedHMAC || randomValueHex(32) // create random hex val for hmac key + }; -fs.mkdirSync(randFold); // create folder -fs.appendFileSync(resSysop, "{\n \"key\": \"" + key + "\",\n \"hmac_key\": \"" + hmac + "\"\n}\n"); // create file with keys necessary -fs.appendFileSync("./config.js", "\'use strict\';\n\nvar k = require(\"" + resSysop + "\");\n\nmodule.exports = {\n k\n};\n\n"); // generate config file with necessary info + fs.appendFileSync(`${projectRoot}/.basic256rc.js`, `"use strict"; + +module.exports = ${JSON.stringify(enduserconfig, null, 4)} +`); // generate config file with necessary info + + if (convertedConfig) return exit("\nYour old configuration is saved to a file named .basic256rc.js has been created on the project root.\nDON'T FORGET TO BACK THIS UP.\n"); + return exit("\nA file named .basic256rc.js has been created on the project root. DON'T FORGET TO BACK THIS UP.\n"); +}; -setTimeout(function(){process.exit(0);}, 2000); // exit script +main(); diff --git a/LICENSE b/LICENSE index 2ccfd4d..3d847b3 100644 --- a/LICENSE +++ b/LICENSE @@ -176,7 +176,7 @@ END OF TERMS AND CONDITIONS Copyright 2014 Levi Gross - Copyright 2016 linuxgemini. All Rights Reserved. + Copyright 2018 linuxgemini. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/README.md b/README.md index 5b4969c..ab9dc0e 100644 --- a/README.md +++ b/README.md @@ -1,55 +1,45 @@ basic256.js ========================= +WARNING +------- + +**THIS PACKAGE SAVES IMPORTANT KEYS ON YOUR PROJECT, DON'T LOSE IT.** + [![Build Status](https://travis-ci.org/linuxgemini/basic256.js.svg?branch=master)](https://travis-ci.org/linuxgemini/basic256.js) A basic encryption/decryption script/API for resting data for Node.js users. *Slightly* modified the work of [Levi Gross](http://www.levigross.com/2014/03/30/how-to-write-an-encrypt-and-decrypt-api-for-data-at-rest-in-nodejs/). -Usage with downloading from NPM +Usage ----- Open a terminal in your project folder and make sure that you have a package.json file. And do this on your terminal if you are not root: - npm install --save basic256.js +` +$ npm install --save basic256.js +` If you are running as root, do this: - npm install --unsafe-perm --save basic256.js +` +$ npm install --unsafe-perm --save basic256.js +` Then make your script connected. Example: - var crypter = require("basic256.js"); - - var blob = crypter.encrypt("FOO").catch(console.error); // This encrypts the string "FOO". - console.log(blob); // This will show the encrypted string. - - var unblob = crypter.decrypt(blob).catch(console.error); // This decrypts the encrypted string. - console.log(unblob); // This will show the decrypted string. (Which in this case, it is "FOO") - - -Usage without downloading from NPM ------ - -Gather basic256.js first, copy all files inside to your project folder/direcory. +```js +const b256 = require("basic256.js"); +const basic256 = new b256(); -And do this on your terminal if you are not root: - - npm install - -If you are running as root, do this: - - npm install --unsafe-perm +var blob = basic256.encrypt("FOO"); // This encrypts the string "FOO". +console.log(blob); // This will show the encrypted string. -Then make your script connected. Example: +var unblob = basic256.decrypt(blob); // This decrypts the encrypted string. +console.log(unblob); // This will show the decrypted string. (Which in this case, it is "FOO") +``` - var crypter = require("./basic256.js"); - - var blob = crypter.encrypt("FOO").catch(console.error); // This encrypts the string "FOO". - console.log(blob); // This will show the encrypted string. - - var unblob = crypter.decrypt(blob).catch(console.error); // This decrypts the encrypted string. - console.log(unblob); // This will show the decrypted string. (Which in this case, it is "FOO") +**Don't forget to back your .basic256rc.js file as it contains your keys to encrypt and decrypt strings.** diff --git a/basic256.js b/basic256.js index ebc950c..af52860 100644 --- a/basic256.js +++ b/basic256.js @@ -1,84 +1,93 @@ -'use strict'; - -let crypto = require('crypto'); - -try { - var savedKeys = require("./config.js").k; -} catch (e) { - return Promise.reject('No Configuration Exists!'); -} - -var ALGORITHM, KEY, HMAC_ALGORITHM, HMAC_KEY; - -ALGORITHM = 'AES-256-CBC'; // CBC because CTR isn't possible with the current version of the Node.JS crypto library -HMAC_ALGORITHM = 'SHA256'; -KEY = savedKeys.key; // Use the automated script. -HMAC_KEY = savedKeys.hmac_key; // Use the automated script. - -function randomValueHex (len) { - return crypto.randomBytes(Math.ceil(len/2)) - .toString('hex') // convert to hexadecimal format - .slice(0,len); // return required number of characters -}; - -var constant_time_compare = function (val1, val2) { - var sentinel; - - if (val1.length !== val2.length) { - return false; - } - +"use strict"; + +let crypto = require("crypto"); +let projectRoot = require("path").dirname(require.main.filename); + +/** + * A basic encryption/decryption script/API for resting data for Node.js users. + * @class + */ +class basic256 { + constructor() { + try { + var savedKeys = require(`${projectRoot}/.basic256rc.js`); + } catch (e) { + throw new Error("An error happened while loading the key"); + } - for (var i = 0; i <= (val1.length - 1); i++) { - sentinel |= val1.charCodeAt(i) ^ val2.charCodeAt(i); + this.ALGORITHM = "AES-256-CBC"; + this.HMAC_ALGORITHM = "SHA256"; + this.KEY = savedKeys.key; // Use the automated script. + this.HMAC_KEY = savedKeys.hmac_key; // Use the automated script. } - return sentinel === 0 -}; - -module.exports = { - - "encrypt": function (plain_text) { - if (!plain_text || typeof(plain_text) !== "string") return Promise.reject("Plain text was not found."); + encrypt(plain_text) { + if (!plain_text || typeof (plain_text) !== "string") throw new Error("Plain text was not found."); - var IV = Buffer.from(randomValueHex(16)); // ensure that the IV (initialization vector) is random + var IV = Buffer.from(tools.randomValueHex(16)); // ensure that the IV (initialization vector) is random var encryptor, cipher_text, hmac; - encryptor = crypto.createCipheriv(ALGORITHM, KEY, IV); - encryptor.setEncoding('hex'); + encryptor = crypto.createCipheriv(this.ALGORITHM, this.KEY, IV); + encryptor.setEncoding("hex"); encryptor.write(plain_text); encryptor.end(); cipher_text = encryptor.read(); - hmac = crypto.createHmac(HMAC_ALGORITHM, HMAC_KEY); + hmac = crypto.createHmac(this.HMAC_ALGORITHM, this.HMAC_KEY); hmac.update(cipher_text); - hmac.update(IV.toString('hex')); // ensure that both the IV and the cipher-text is protected by the HMAC + hmac.update(IV.toString("hex")); // ensure that both the IV and the cipher-text is protected by the HMAC // The IV isn't a secret so it can be stored along side everything else - return cipher_text + "$" + IV.toString('hex') + "$" + hmac.digest('hex') - }, + return cipher_text + "$" + IV.toString("hex") + "$" + hmac.digest("hex"); + } - "decrypt": function (cipher_text) { - if (!cipher_text || typeof(cipher_text) !== "string" || !cipher_text.match(/\$/g)) return Promise.reject("A valid cipher text was not found."); + decrypt(cipher_text) { + if (!cipher_text || typeof (cipher_text) !== "string" || !cipher_text.match(/\$/g)) throw new Error("A valid cipher text was not found."); var cipher_blob = cipher_text.split("$"); + + if (cipher_blob.length !== 3) throw new Error("Cipher text is broken."); + var ct = cipher_blob[0]; - var IV = Buffer.from(cipher_blob[1], 'hex'); + var IV = Buffer.from(cipher_blob[1], "hex"); var hmac = cipher_blob[2]; var chmac, decryptor; - chmac = crypto.createHmac(HMAC_ALGORITHM, HMAC_KEY); + chmac = crypto.createHmac(this.HMAC_ALGORITHM, this.HMAC_KEY); chmac.update(ct); - chmac.update(IV.toString('hex')); + chmac.update(IV.toString("hex")); - if (!constant_time_compare(chmac.digest('hex'), hmac)) { - return Promise.reject("Encrypted Blob has been tampered with."); + if (!tools.constant_time_compare(chmac.digest("hex"), hmac)) { + throw new Error("Encrypted Blob has been tampered with."); } - decryptor = crypto.createDecipheriv(ALGORITHM, KEY, IV); - var decryptedText = decryptor.update(ct, 'hex', 'utf-8'); - return decryptedText + decryptor.final('utf-8'); + decryptor = crypto.createDecipheriv(this.ALGORITHM, this.KEY, IV); + var decryptedText = decryptor.update(ct, "hex", "utf-8"); + return decryptedText + decryptor.final("utf-8"); } } + +class tools { + static constant_time_compare(val1, val2) { + var sentinel; + + if (val1.length !== val2.length) { + return false; + } + + for (var i = 0; i <= (val1.length - 1); i++) { + sentinel |= val1.charCodeAt(i) ^ val2.charCodeAt(i); + } + + return sentinel === 0; + } + static randomValueHex(len) { + return crypto.randomBytes(Math.ceil(len / 2)) + .toString("hex") // convert to hexadecimal format + .slice(0, len); // return required number of characters + } +} + +module.exports = basic256; diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..6692f90 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,13 @@ +{ + "name": "basic256.js", + "version": "1.2.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "detect-newline": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/detect-newline/-/detect-newline-2.1.0.tgz", + "integrity": "sha1-9B8cEL5LAOh7XxPaaAdZ8sW/0+I=" + } + } +} diff --git a/package.json b/package.json index 1e66674..f14886f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "basic256.js", - "version": "1.0.1", + "version": "1.2.0", "description": "A basic encryption/decryption script/API for resting data for Node.js users.", "readme": "README.md", "maintainers": [ @@ -16,5 +16,8 @@ "install": "node DontRunMe.js", "test": "node test.js" }, + "dependencies": { + "detect-newline": "^2.1.0" + }, "main": "./basic256" } diff --git a/test.js b/test.js index 362b381..2e3ea07 100644 --- a/test.js +++ b/test.js @@ -1,17 +1,54 @@ -'use strict'; - -var m = require("./basic256"); - -console.log("Encrypting string \"foo\"..."); -var encStr = m.encrypt("foo"); -console.log("\nDecrypting the string below...\n" + encStr); -var decStr = m.decrypt(encStr); -console.log("\nResult: " + decStr); - -if (decStr === "foo") { - console.log("\nSUCCESS!"); - setTimeout(() => {process.exit(0);},853); -} else { - console.error("\nFAILURE!"); - setTimeout(() => {process.exit(1);},853); +"use strict"; + +try { + var base = require("./basic256"); +} catch (error) { + setTimeout(() => { + console.error(`Huge error in library\n${error.stack}`); + process.exit(1); + }, 1000); +} + +const basic256 = new base(); + +const testText = "Lorem ipsum dolor sit amet."; +let errCount = 0; +let successCount = 0; + +var ciphertext, returningtext; + +try { + ciphertext = basic256.encrypt(testText); + returningtext = basic256.decrypt(ciphertext); + if (returningtext === testText) { + successCount++; + console.log("Initial example works."); + } +} catch (e) { + console.log("Initial example doesn't work."); + errCount++; } + +try { + ciphertext = basic256.encrypt(testText.split(" ")); // planned error. + errCount++; +} catch (er) { + console.log("String detection before encryption works."); + successCount++; +} + +try { + ciphertext = basic256.encrypt(testText); + returningtext = basic256.decrypt(ciphertext.slice(3)); // planned error. + errCount++; +} catch (err) { + console.log("Cipher text tampering detection works."); + successCount++; +} + +if (errCount === 0 && successCount === 3) { + setTimeout(() => { + console.log("Test passed."); + process.exit(0); + }, 2222); +} \ No newline at end of file From 2c8ac942f1c7d9cab29cd0b46c09456643843a54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Sat, 3 Mar 2018 16:52:39 +0300 Subject: [PATCH 57/62] Updated readme again --- README.md | 4 ++-- package.json | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ab9dc0e..a39f157 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,13 @@ basic256.js ========================= +[![Build Status](https://travis-ci.org/linuxgemini/basic256.js.svg?branch=master)](https://travis-ci.org/linuxgemini/basic256.js) + WARNING ------- **THIS PACKAGE SAVES IMPORTANT KEYS ON YOUR PROJECT, DON'T LOSE IT.** -[![Build Status](https://travis-ci.org/linuxgemini/basic256.js.svg?branch=master)](https://travis-ci.org/linuxgemini/basic256.js) - A basic encryption/decryption script/API for resting data for Node.js users. *Slightly* modified the work of [Levi Gross](http://www.levigross.com/2014/03/30/how-to-write-an-encrypt-and-decrypt-api-for-data-at-rest-in-nodejs/). diff --git a/package.json b/package.json index f14886f..0ea7f1d 100644 --- a/package.json +++ b/package.json @@ -2,6 +2,9 @@ "name": "basic256.js", "version": "1.2.0", "description": "A basic encryption/decryption script/API for resting data for Node.js users.", + "engines": { + "node": ">=8.4.0" + }, "readme": "README.md", "maintainers": [ "linuxgemini (ilteris@asenkron.com.tr)" From d2ef8413e1942f4b2658106ef1d7886bb15b73b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Sat, 3 Mar 2018 16:56:20 +0300 Subject: [PATCH 58/62] Added missing exit code --- test.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/test.js b/test.js index 2e3ea07..d7622d6 100644 --- a/test.js +++ b/test.js @@ -51,4 +51,9 @@ if (errCount === 0 && successCount === 3) { console.log("Test passed."); process.exit(0); }, 2222); +} else { + setTimeout(() => { + console.log("Test failed."); + process.exit(1); + }, 2222); } \ No newline at end of file From 243cd05f74e450f759798f5a1adafb912f9052d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Sat, 3 Mar 2018 16:59:40 +0300 Subject: [PATCH 59/62] Update README.md --- README.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/README.md b/README.md index a39f157..c8bd960 100644 --- a/README.md +++ b/README.md @@ -23,12 +23,6 @@ And do this on your terminal if you are not root: $ npm install --save basic256.js ` -If you are running as root, do this: - -` -$ npm install --unsafe-perm --save basic256.js -` - Then make your script connected. Example: ```js From 31e172c8bfe5782d8919b76220033b4141460f7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Sat, 3 Mar 2018 17:46:53 +0300 Subject: [PATCH 60/62] Should fix #2 * Started using INIT_CWD env variable to get to the base folder. * CLRF --> LF --- DontRunMe.js | 2 +- package-lock.json | 2 +- package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/DontRunMe.js b/DontRunMe.js index 89f3b9e..39a33ea 100644 --- a/DontRunMe.js +++ b/DontRunMe.js @@ -3,7 +3,7 @@ const detectNewline = require("detect-newline"); const crypto = require("crypto"); // define crypto const fs = require("fs"); // define filesys -let projectRoot = require("path").dirname(require.main.filename); +let projectRoot = process.env.INIT_CWD; let fetchedKey, fetchedHMAC, convertedConfig = false; const exit = (msg) => { diff --git a/package-lock.json b/package-lock.json index 6692f90..26253dc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "basic256.js", - "version": "1.2.0", + "version": "1.2.1", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 0ea7f1d..327f7b5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "basic256.js", - "version": "1.2.0", + "version": "1.2.1", "description": "A basic encryption/decryption script/API for resting data for Node.js users.", "engines": { "node": ">=8.4.0" From 3bc79005ecb1afc446316aa5eb4eb162040fa6ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Sat, 3 Mar 2018 18:07:49 +0300 Subject: [PATCH 61/62] Fixes #2 and any future linking issues --- DontRunMe.js | 2 +- basic256.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/DontRunMe.js b/DontRunMe.js index 39a33ea..ef95ea7 100644 --- a/DontRunMe.js +++ b/DontRunMe.js @@ -3,7 +3,7 @@ const detectNewline = require("detect-newline"); const crypto = require("crypto"); // define crypto const fs = require("fs"); // define filesys -let projectRoot = process.env.INIT_CWD; +let projectRoot = require("path").dirname(require.main.children[0].filename).replace(/[\/\\]node_modules[\/\\].*/g, ""); // eslint-disable-line no-useless-escape let fetchedKey, fetchedHMAC, convertedConfig = false; const exit = (msg) => { diff --git a/basic256.js b/basic256.js index af52860..0a0f47b 100644 --- a/basic256.js +++ b/basic256.js @@ -1,7 +1,7 @@ "use strict"; let crypto = require("crypto"); -let projectRoot = require("path").dirname(require.main.filename); +let projectRoot = require("path").dirname(require.main.children[0].filename).replace(/[\/\\]node_modules[\/\\].*/g, ""); // eslint-disable-line no-useless-escape /** * A basic encryption/decryption script/API for resting data for Node.js users. From f4889b0b4ad2bf8920f44623256342f14fb19be5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Sun, 4 Mar 2018 19:58:56 +0300 Subject: [PATCH 62/62] This should fix the issue where execution path is different than root. --- DontRunMe.js | 2 +- basic256.js | 2 +- package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/DontRunMe.js b/DontRunMe.js index ef95ea7..40850dd 100644 --- a/DontRunMe.js +++ b/DontRunMe.js @@ -3,7 +3,7 @@ const detectNewline = require("detect-newline"); const crypto = require("crypto"); // define crypto const fs = require("fs"); // define filesys -let projectRoot = require("path").dirname(require.main.children[0].filename).replace(/[\/\\]node_modules[\/\\].*/g, ""); // eslint-disable-line no-useless-escape +let projectRoot = require("path").dirname(require.main.filename).replace(/[\/\\]node_modules[\/\\].*/g, ""); // eslint-disable-line no-useless-escape let fetchedKey, fetchedHMAC, convertedConfig = false; const exit = (msg) => { diff --git a/basic256.js b/basic256.js index 0a0f47b..b27b4f0 100644 --- a/basic256.js +++ b/basic256.js @@ -1,7 +1,7 @@ "use strict"; let crypto = require("crypto"); -let projectRoot = require("path").dirname(require.main.children[0].filename).replace(/[\/\\]node_modules[\/\\].*/g, ""); // eslint-disable-line no-useless-escape +let projectRoot = require("path").dirname(require.main.filename).replace(/[\/\\]node_modules[\/\\].*/g, ""); // eslint-disable-line no-useless-escape /** * A basic encryption/decryption script/API for resting data for Node.js users. diff --git a/package.json b/package.json index 327f7b5..865a697 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "basic256.js", - "version": "1.2.1", + "version": "1.2.3", "description": "A basic encryption/decryption script/API for resting data for Node.js users.", "engines": { "node": ">=8.4.0" pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy