node-property-encryption v1.0.0
Usage
node-property-encryption.encrypt(toEncrypt, opts)
- toEncrypt
<String>
- string to encrypt - opts
<Object>
- optional encrypt optionsopts.keyPath - defaults to $home/.ssh/tc opts.outputEncoding - (encoding of resulting encrypted string) - defaults to base64
### node-property-encryption.decrypt(toDecrypt, opts)
- toDecrypt `<String>` - string to encrypt
- opts `<Object>` - optional encrypt options
opts.keyPath
- defaults to $home/.ssh/tc
opts.outputEncoding
- defaults to base64
# Key Generation
For unbiased generation, use **ssh-keygen**.
~$ cd ~/.ssh
~/.ssh$ ssh-keygen -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): tc Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in tc. Your public key has been saved in tc.pub. The key fingerprint is: bc:9e:5e:6b:c3:e4:c4:5b:d9:1e:81:5d:43:fa:35:ad user@10.10.1.10 The key's randomart image is: +-- RSA 4096----+ | .. | | ..o| | + o+| | . . +.o| | S. oEo | | .+ o o | | .=.o . . | | . o*. . | | .+... | +-----------------+
# FOR ADMINISTRATORS
For generation of encrypted passwords / keys
Clone Repository
$ git clone https://github.com/romanbalayan/node-property-encryption.git
Enter directory
$ cd node-property-encryption
Install npm dependency
$ npm install
Run encrypt tool script
$ node tools/encrypt.js
? Enter Part #1: * ? Re-enter Part #1: * Append another? Y ? Enter Part #2: * ? Re-enter Part #2: * Append another? N
Encrypted Value: 9Nov5MRfn6Y=e/GrLGBb/CeX+YoiJPnp4Q==
In practice of *"split knowledge"*, this tool shall allow each administrator to enter their part of the password/passcode/key and immediately confirm it.
The *"Encrypted Value"* output is the concatenated-then-encrypted value of all entered parts. It then can simply be copied-pasted to whichever key in *config* file/s it's applicable to.
# FOR DEVELOPERS
Install as dependency
$ npm install --save node-property-encryption
Do this for all config files with plaintext password.
1. require the node-property-encryption module
2. replace the plaintext password with function: `decrypt('<encrypted-password>')`
Sample old config/connection.js file
module.exports.connections = { userDb: { connectString: 'postgresql://localhost:5432/db', user: 'db_user', password: 'plain-text-password' } };
Update the old config/connection.js file to:
const decrypt = require('node-property-encryption').decrypt; module.exports.connections = { userDb: { connectString: 'postgresql://localhost:5432/db', user: 'db_user', password: decrypt('') } };
4 years ago