-
Notifications
You must be signed in to change notification settings - Fork 294
Examples
IIX edited this page Aug 20, 2024
·
5 revisions
An example using symmetrical crypto, a single key for encrypting and decrypting.
import { secretbox, randomBytes } from "tweetnacl";
import {
decodeUTF8,
encodeUTF8,
encodeBase64,
decodeBase64
} from "tweetnacl-util";
const newNonce = () => randomBytes(secretbox.nonceLength);
export const generateKey = () => encodeBase64(randomBytes(secretbox.keyLength));
export const encrypt = (json, key) => {
const keyUint8Array = decodeBase64(key);
const nonce = newNonce();
const messageUint8 = decodeUTF8(JSON.stringify(json));
const box = secretbox(messageUint8, nonce, keyUint8Array);
const fullMessage = new Uint8Array(nonce.length + box.length);
fullMessage.set(nonce);
fullMessage.set(box, nonce.length);
const base64FullMessage = encodeBase64(fullMessage);
return base64FullMessage;
};
export const decrypt = (messageWithNonce, key) => {
const keyUint8Array = decodeBase64(key);
const messageWithNonceAsUint8Array = decodeBase64(messageWithNonce);
const nonce = messageWithNonceAsUint8Array.slice(0, secretbox.nonceLength);
const message = messageWithNonceAsUint8Array.slice(
secretbox.nonceLength,
messageWithNonce.length
);
const decrypted = secretbox.open(message, nonce, keyUint8Array);
if (!decrypted) {
throw new Error("Could not decrypt message");
}
const base64DecryptedMessage = encodeUTF8(decrypted);
return JSON.parse(base64DecryptedMessage);
};
const key = generateKey();
const obj = { "hello": "world" };
const encrypted = encrypt(obj, key);
const decrypted = decrypt(encrypted, key);
console.log(decrypted, obj); // should be shallow equalExample using asymmetric public key encryption. A secret and public key pair are generated twice (pairA, pairB) and data is encrypted with pairA.secretKey+pairB.publicKey and decrypted with pairB.secretKey+pairA.publicKey.
Lightly uses typescript.
import { box, randomBytes } from 'tweetnacl';
import {
decode as decodeUTF8,
encode as encodeUTF8,
} from "@stablelib/utf8";
import {
decode as decodeBase64,
encode as encodeBase64,
} from "@stablelib/base64";
const newNonce = () => randomBytes(box.nonceLength);
export const generateKeyPair = () => box.keyPair();
export const encrypt = (
secretOrSharedKey: Uint8Array,
json: any,
key?: Uint8Array
) => {
const nonce = newNonce();
const messageUint8 = encodeUTF8(JSON.stringify(json));
const encrypted = key
? box(messageUint8, nonce, key, secretOrSharedKey)
: box.after(messageUint8, nonce, secretOrSharedKey);
const fullMessage = new Uint8Array(nonce.length + encrypted.length);
fullMessage.set(nonce);
fullMessage.set(encrypted, nonce.length);
const base64FullMessage = encodeBase64(fullMessage);
return base64FullMessage;
};
export const decrypt = (
secretOrSharedKey: Uint8Array,
messageWithNonce: string,
key?: Uint8Array
) => {
const messageWithNonceAsUint8Array = decodeBase64(messageWithNonce);
const nonce = messageWithNonceAsUint8Array.slice(0, box.nonceLength);
const message = messageWithNonceAsUint8Array.slice(
box.nonceLength,
messageWithNonce.length
);
const decrypted = key
? box.open(message, nonce, key, secretOrSharedKey)
: box.open.after(message, nonce, secretOrSharedKey);
if (!decrypted) {
throw new Error('Could not decrypt message');
}
const base64DecryptedMessage = decodeUTF8(decrypted);
return JSON.parse(base64DecryptedMessage);
};
const obj = { hello: 'world' };
const pairA = generateKeyPair();
const pairB = generateKeyPair();
const sharedA = box.before(pairB.publicKey, pairA.secretKey);
const sharedB = box.before(pairA.publicKey, pairB.secretKey);
const encrypted = encrypt(sharedA, obj);
const decrypted = decrypt(sharedB, encrypted);
console.log(obj, encrypted, decrypted);