A robust, versatile encryption library for JavaScript/TypeScript applications, supporting both client-side (browser) and server-side (Node.js) environments.
- Features
- Installation
- Quick Start
- Detailed Usage Guide
- API Reference
- Security Best Practices
- Troubleshooting
- Contributing
- License
- AES-256-GCM encryption for high security
- PBKDF2 key derivation to enhance password security
- Cross-environment support (works in both browsers and Node.js)
- TypeScript support for improved developer experience
- Configurable logging for easy debugging
- Automatic key rotation to maintain security over time
- Promise-based API for browser environments
- Callback-based API for Node.js environments
Install the package using npm:
npm install goobs-encryptionOr using yarn:
yarn add goobs-encryptionHere's a basic example to get you started:
import { ClientEncryptionModule, ServerEncryptionModule } from 'goobs-encryption';
import type { EncryptionConfig, GlobalConfig } from 'goobs-encryption';
// Configuration
const config: EncryptionConfig = {
algorithm: 'aes-256-gcm',
encryptionPassword: 'your-secure-password',
keyCheckIntervalMs: 3600000, // 1 hour
keyRotationIntervalMs: 86400000, // 24 hours
};
const globalConfig: GlobalConfig = {
loggingEnabled: true,
logLevel: 'info',
logDirectory: '/path/to/logs',
};
// Initialize (use appropriate module based on your environment)
ClientEncryptionModule.initialize(config, globalConfig);
// or
await ServerEncryptionModule.initialize(config, globalConfig);
// Encrypt data
const dataToEncrypt = new TextEncoder().encode('Secret message');
// Client-side encryption
ClientEncryptionModule.encrypt(dataToEncrypt, (encryptedValue) => {
console.log('Encrypted:', encryptedValue);
// Decrypt data
ClientEncryptionModule.decrypt(encryptedValue, (decryptedData) => {
if (decryptedData) {
console.log('Decrypted:', new TextDecoder().decode(decryptedData));
}
});
});
// Server-side encryption
try {
const encryptedValue = await ServerEncryptionModule.encrypt(dataToEncrypt);
console.log('Encrypted:', encryptedValue);
const decryptedData = await ServerEncryptionModule.decrypt(encryptedValue);
console.log('Decrypted:', new TextDecoder().decode(decryptedData));
} catch (error) {
console.error('Encryption error:', error);
}Before using the encryption modules, you need to set up the configuration:
import type { EncryptionConfig, GlobalConfig } from 'goobs-encryption';
const encryptionConfig: EncryptionConfig = {
algorithm: 'aes-256-gcm', // The encryption algorithm to use
encryptionPassword: 'your-very-secure-password', // A strong password for encryption
keyCheckIntervalMs: 3600000, // How often to check if the key needs rotation (1 hour)
keyRotationIntervalMs: 86400000, // How often to rotate the key (24 hours)
};
const globalConfig: GlobalConfig = {
loggingEnabled: true, // Enable or disable logging
logLevel: 'info', // Log level: 'error', 'warn', 'info', 'http', 'verbose', or 'debug'
logDirectory: '/path/to/logs', // Directory for log files (server-side only)
};In a browser environment:
import { ClientEncryptionModule } from 'goobs-encryption';
// Initialize the module
ClientEncryptionModule.initialize(encryptionConfig, globalConfig);
// Encrypt data
const dataToEncrypt = new TextEncoder().encode('Secret message');
ClientEncryptionModule.encrypt(dataToEncrypt, (encryptedValue) => {
console.log('Encrypted data:', encryptedValue);
// Decrypt data
ClientEncryptionModule.decrypt(encryptedValue, (decryptedData) => {
if (decryptedData) {
console.log('Decrypted message:', new TextDecoder().decode(decryptedData));
} else {
console.error('Decryption failed');
}
});
});In a Node.js environment:
import { ServerEncryptionModule } from 'goobs-encryption';
// Initialize the module
await ServerEncryptionModule.initialize(encryptionConfig, globalConfig);
// Encrypt data
const dataToEncrypt = Buffer.from('Secret message');
try {
const encryptedValue = await ServerEncryptionModule.encrypt(dataToEncrypt);
console.log('Encrypted data:', encryptedValue);
// Decrypt data
const decryptedData = await ServerEncryptionModule.decrypt(encryptedValue);
console.log('Decrypted message:', decryptedData.toString());
} catch (error) {
console.error('Encryption/Decryption error:', error);
}The EncryptedValue object returned by the encryption process contains several properties:
interface EncryptedValue {
type: 'encrypted';
encryptedData: Uint8Array; // The encrypted data
iv: Uint8Array; // Initialization vector
salt: Uint8Array; // Salt used for key derivation
authTag: Uint8Array; // Authentication tag
encryptionKey: Uint8Array; // Derived encryption key
}You can store or transmit this entire object and use it later for decryption.
Key rotation is handled automatically based on the keyRotationIntervalMs setting. You don't need to manually rotate keys, but you can force a key rotation by updating the configuration:
const newConfig: EncryptionConfig = {
...encryptionConfig,
encryptionPassword: 'new-secure-password',
};
// Client-side
ClientEncryptionModule.updateConfig(newConfig, globalConfig);
// Server-side
await ServerEncryptionModule.updateConfig(newConfig, globalConfig);initialize(config: EncryptionConfig, globalConfig: GlobalConfig): voidencrypt(value: Uint8Array, callback: (result: EncryptedValue) => void): voiddecrypt(encryptedValue: EncryptedValue, callback: (result: Uint8Array | null) => void): voidupdateConfig(newConfig: EncryptionConfig, newGlobalConfig: GlobalConfig): void
initialize(config: EncryptionConfig, globalConfig: GlobalConfig): Promise<void>encrypt(value: Uint8Array): Promise<EncryptedValue>decrypt(encryptedValue: EncryptedValue): Promise<Uint8Array>updateConfig(newConfig: EncryptionConfig, newGlobalConfig: GlobalConfig): Promise<void>
-
Strong Passwords: Use a strong, unique password for
encryptionPassword. Consider using a password generator. -
Secure Storage: Never hard-code or commit your
encryptionPasswordto version control. Use environment variables or secure key management systems. -
Regular Key Rotation: Set appropriate values for
keyCheckIntervalMsandkeyRotationIntervalMsto ensure regular key rotation. -
Secure Communication: When transmitting encrypted data, always use secure channels (e.g., HTTPS).
-
Input Validation: Always validate and sanitize input before encryption to prevent potential attacks.
-
Error Handling: Implement proper error handling to avoid leaking sensitive information through error messages.
-
Logging: Be cautious about what you log. Never log decrypted data or encryption keys.
-
Decryption Fails:
- Ensure you're using the same encryption password and configuration for encryption and decryption.
- Check if the
EncryptedValueobject is complete and not corrupted.
-
Performance Issues:
- If encryption/decryption is slow, consider adjusting the
keyCheckIntervalMsandkeyRotationIntervalMsvalues. - For large data sets, consider encrypting in chunks.
- If encryption/decryption is slow, consider adjusting the
-
Key Rotation Problems:
- If you're having issues after key rotation, ensure all parts of your application are using the updated configuration.
Enable detailed logging by setting the logLevel to 'debug' in the GlobalConfig:
const globalConfig: GlobalConfig = {
loggingEnabled: true,
logLevel: 'debug',
logDirectory: '/path/to/logs',
};This will provide more detailed logs to help identify issues.
We welcome contributions to goobs-encryption! Please reach out to Matthew Goluba if you would like too.
Please make sure to update tests as appropriate and adhere to the existing coding style.
This project is licensed under the MIT License - see the LICENSE file for details.
If you encounter any issues or have questions, please file an issue on the GitHub issue tracker.
We hope this guide helps you get started with goobs-encryption. For more detailed information about the cryptographic principles used in this library, please refer to the Cryptography Concepts document.
Remember, while this library aims to make encryption easier, it's crucial to understand the underlying principles and potential security implications when dealing with sensitive data. Always consult with a security expert when implementing encryption in production systems.
For questions or feedback:
- GitHub Issues: https://github.com/goobz22/goobs-cache/issues
- Email: mkgoluba@technologiesunlimited.net