A utility library for robust and secure cryptographic operations using Node.js crypto module. It provides easy-to-use methods for encrypting and decrypting text with AES-GCM, leveraging Scrypt for key derivation.
- Strong Encryption: Uses AES-GCM ( Galois/Counter Mode) which provides both confidentiality and authenticity. Supports
aes-256-gcm,aes-192-gcm, andaes-128-gcm. - Secure Key Derivation: Employs
scryptSyncfor deriving encryption keys from passwords, offering protection against brute-force attacks. - Random Salt & IV: Automatically generates a unique salt and initialization vector (IV) for each encryption operation, enhancing security.
- Additional Authenticated Data (AAD): Supports AAD to ensure the integrity of non-confidential data alongside the encrypted payload.
- Customizable Parameters: Allows configuration of Scrypt parameters (
N,r,p) for fine-tuning security vs. performance. - Flexible Encodings: Supports
base64andhexencodings for encrypted data, IV, tag, and salt. - Type-Safe: Written in TypeScript with comprehensive type definitions.
- Error Handling: Gracefully handles decryption failures (e.g., wrong password, corrupted data) by returning
null.
npm install cipher-utility
# or
yarn add cipher-utility
# or
bun add cipher-utilityimport { Cipher } from 'cipher-utility';
const cipher = new Cipher();
const text = 'This is a secret message!';
const password = 'super-strong-password123';
// Encrypt
const encrypted = cipher.encrypt(text, password);
// Decrypt
const decrypted = cipher.decrypt(encrypted, password);
console.log('Decrypted:', decrypted); // Output: This is a secret message!Creates a new Cipher instance.
params(optional): An object to customize Scrypt parameters.N: CPU/memory cost parameter (default:4096).r: Block size (default:8).p: Parallelization parameter (default:1).
Note: The key length is automatically determined based on the algorithm used (16 bytes for AES-128, 24 bytes for AES-192, 32 bytes for AES-256).
Encrypts the input text.
text: string: The plaintext to encrypt.password: string: The password to derive the encryption key.algorithm?: CipherGCMTypes: The AES-GCM algorithm to use (default:'aes-256-gcm'). Supported:'aes-256-gcm','aes-192-gcm','aes-128-gcm'.encoding?: Encoding: The encoding for the output strings (encrypted, iv, tag, salt) (default:'base64'). Supported:'base64','hex'.aad?: string: Optional Additional Authenticated Data.- Returns:
EncryptedDataobject:type EncryptedData = { encrypted: string; // The encrypted text iv: string; // The initialization vector tag: string; // The authentication tag salt: string; // The salt used for key derivation aad?: string; // The AAD, if provided };
Decrypts the encrypted data.
encryptedData: EncryptedData: The object returned by theencryptmethod.password: string: The password used for encryption.algorithm?: CipherGCMTypes: The AES-GCM algorithm used for encryption (default:'aes-256-gcm').encoding?: Encoding: The encoding used for the input strings inencryptedData(default:'base64').- Returns:
string | null: The decrypted plaintext, ornullif decryption fails (e.g., wrong password, tampered data, incorrect AAD).
- Node.js (LTS recommended)
- Bun (for running scripts, optional if you prefer npm/yarn)
- Clone the repository:
git clone https://github.com/liorcodev/cipher-utility.git cd cipher-utility - Install dependencies:
bun install # or npm install
bun run format: Format code using Prettier.bun run dev: Runindex.tsin watch mode (useful for quick testing).bun run build: Build the library usingtsup. Output is in thedistfolder.bun test: Run tests using Bun's test runner (tests are insrc/cipher.test.ts).
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE file for more information.