0.1.0 • Published 4 years ago

json-deepcrypt v0.1.0

Weekly downloads
2
License
MIT
Repository
github
Last release
4 years ago

json-deepcrypt npm.io

A tool to recursively encrypt and optionally MAC specified fields of JSON data based on jq-like schemas. The codebase was originally intended to ease pinning of JSON-based stuff on blockchain but found other use cases. It uses OpenPGP.js under the hood

Install

npm install -S json-deepcrypt

Usage

With AES256

  const cipherText = await jsonDeepcrypt.encrypt({
    data: JSON.stringify(plainText),
    privateFields: ['Account.Order.$.OrderID'], // $ to wildcard array elements
    password: `thats my kung fu`,
    salt: `somesalt`
  })
  console.log(JSON.stringify(cipherText)) // you get an object as result
  const decrypted = await jsonDeepcrypt.decrypt({
    data: cipherText, // you can pass object or string too here
    privateFields: ['Account.Order.$.OrderID'],
    password: `thats my kung fu`,
    salt: `somesalt`
  })
  console.log(decrypted)

With PKI

const publicKeyArmored = `-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----`;
    const privateKeyArmored = `-----BEGIN PGP PRIVATE KEY BLOCK-----
...
-----END PGP PRIVATE KEY BLOCK-----`; // encrypted private key

const cipherText = await jsonDeepcrypt.encrypt({
    data: plainText, // ... or object
    privateFields: ['Account.Order.$.OrderID'],
    pubKeys: [publicKeyArmored] // you can encrypt to multiple keys!
  })
  console.log(JSON.stringify(cipherText))

  const decrypted = await jsonDeepcrypt.decrypt({
    data: cipherText,
    password: password,
    privateFields: ['Account.Order.$.OrderID'],
    privKey: privateKeyArmored
  })
  console.log(decrypted)

With MAC verification

  const cipherText = await jsonDeepcrypt.encrypt({
    data: JSON.stringify(plainText),
    privateFields: ['Account.Order.$.OrderID'],
    password: password,
    salt: 'somesalt',
    hmacKey: 'another key for the hmac'
  })
  console.log(JSON.stringify(cipherText))

  const decrypted = await jsonDeepcrypt.decrypt({
    data: JSON.stringify(cipherText),
    privateFields: ['Account.Order.$.OrderID'],
    password: password,
    salt: 'somesalt',
    hmacKey: 'another key for the hmac'
  })
  console.log(decrypted)
  
  const shouldFail = await jsonDeepcrypt.decrypt({
    data: JSON.stringify(cipherText),
    privateFields: ['Account.Order.$.OrderID'],
    password: password,
    salt: 'somesalt',
    hmacKey: 'wrong hmac breaks hashes'
  })
  // should throw an error

Trivia

The data format for encrypted fields is:

  • _data:gq9kule12j6wMA...ayl5CeTPw5E= with no HMAC
  • _data:gq9kule12j6wMA...ayl5CeTPw5E=;_hmac:2d17f4...85420c with HMAC
encryptjsonrsaeccaeshash
chaijoijs-sha256jsonwalkmochaopenpgp
@infinitebrahmanuniverse/nolb-json-d@everything-registry/sub-chunk-1983
0.1.0

4 years ago