/
crypto.js
164 lines (146 loc) · 4.38 KB
/
crypto.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
export default class Crypto {
constructor() {
this._crypto = window.crypto || false;
if (!this._crypto || (!this._crypto.subtle && !this._crypto.webkitSubtle)) {
return false
}
}
get crypto() {
return this._crypto;
}
convertStringToArrayBufferView(str) {
const bytes = new Uint8Array(str.length);
for (let i = 0; i < str.length; i++) {
bytes[i] = str.charCodeAt(i);
}
return bytes;
}
convertArrayBufferViewToString(buffer) {
let str = '';
for (let i = 0; i < buffer.byteLength; i++) {
str += String.fromCharCode(buffer[i]);
}
return str;
}
createEncryptDecryptKeys() {
return this.crypto.subtle.generateKey(
{
name: 'RSA-OAEP',
modulusLength: 2048, // can be 1024, 2048, or 4096
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
hash: { name: 'SHA-1' },
},
true, // whether the key is extractable (i.e. can be used in exportKey)
['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'], // must be ['encrypt', 'decrypt'] or ['wrapKey', 'unwrapKey']
);
}
createSecretKey() {
return this.crypto.subtle.generateKey(
{
name: 'AES-CBC',
length: 256, // can be 128, 192, or 256
},
true, // whether the key is extractable (i.e. can be used in exportKey)
['encrypt', 'decrypt'], // can be 'encrypt', 'decrypt', 'wrapKey', or 'unwrapKey'
);
}
createSigningKey() {
return this.crypto.subtle.generateKey(
{
name: 'HMAC',
hash: { name: 'SHA-256' },
},
true, // whether the key is extractable (i.e. can be used in exportKey)
['sign', 'verify'], // can be 'encrypt', 'decrypt', 'wrapKey', or 'unwrapKey'
);
}
encryptMessage(data, secretKey, iv) {
return this.crypto.subtle.encrypt(
{
name: 'AES-CBC',
// Don't re-use initialization vectors!
// Always generate a new iv every time your encrypt!
iv,
},
secretKey, // from generateKey or importKey above
data, // ArrayBuffer of data you want to encrypt
);
}
decryptMessage(data, secretKey, iv) {
return this.crypto.subtle.decrypt(
{
name: 'AES-CBC',
iv, // The initialization vector you used to encrypt
},
secretKey, // from generateKey or importKey above
data, // ArrayBuffer of the data
);
}
importEncryptDecryptKey(jwkData, format = 'jwk', ops) {
const hashObj = {
name: 'RSA-OAEP',
hash: { name: 'SHA-1' },
};
return this.crypto.subtle.importKey(
format, // can be 'jwk' (public or private), 'spki' (public only), or 'pkcs8' (private only)
jwkData,
hashObj,
true, // whether the key is extractable (i.e. can be used in exportKey)
ops || ['encrypt', 'wrapKey'], // 'encrypt' or 'wrapKey' for public key import or
// 'decrypt' or 'unwrapKey' for private key imports
);
}
exportKey(key, format) {
return this.crypto.subtle.exportKey(
format || 'jwk', // can be 'jwk' (public or private), 'spki' (public only), or 'pkcs8' (private only)
key, // can be a publicKey or privateKey, as long as extractable was true
);
}
signMessage(data, keyToSignWith) {
return this.crypto.subtle.sign(
{
name: 'HMAC',
hash: { name: 'SHA-256' },
},
keyToSignWith, // from generateKey or importKey above
data, // ArrayBuffer of data you want to sign
);
}
verifyPayload(signature, data, keyToVerifyWith) {
// Will verify with sender's public key
return this.crypto.subtle.verify(
{
name: 'HMAC',
hash: { name: 'SHA-256' },
},
keyToVerifyWith, // from generateKey or importKey above
signature, // ArrayBuffer of the signature
data, // ArrayBuffer of the data
);
}
wrapKey(keyToWrap, keyToWrapWith, format = 'jwk') {
return this.crypto.subtle.wrapKey(format, keyToWrap, keyToWrapWith, {
name: 'RSA-OAEP',
hash: { name: 'SHA-1' },
});
}
unwrapKey(
format = 'jwk',
wrappedKey,
unwrappingKey,
unwrapAlgo,
unwrappedKeyAlgo, // AES-CBC for session, HMAC for signing
extractable = true,
keyUsages, // verify for signing // decrypt for session
) {
return this.crypto.subtle.unwrapKey(
format,
wrappedKey,
unwrappingKey,
unwrapAlgo,
unwrappedKeyAlgo,
extractable,
keyUsages,
);
}
}