paragonie / ciphersweet-js Goto Github PK

We changed some things in #17

We need to prevent mistakes like v2.0.1 from shipping in the future. Additional tests that validate the public API (via index.js not directly loading the classes) and the default configuration should be sufficient.

We'd like to get our PR (#11) merged. Is anybody monitoring this repository? Is there anything we can do to help here?

Hi!

I see an exported member Transformation in index.js. But I can't find the TypeScript type. The only thing, which would fit is the type Transform in index.d.ts.

But using Transform leads to the following error:

TypeError: Class extends value undefined is not a constructor or null

      1 | import { Transform } from "ciphersweet-js";
      2 |
    > 3 | export class FirstNCharacters extends Transform {
        |                                       ^
      4 |   private n: number;
      5 |
      6 |   constructor(n: number) {

And using Transformation, I get the following TypeScript error:

Module '"ciphersweet-js"' has no exported member 'Transformation'.ts(2305)

How comes? Could that be fixed soon?

Best regards,
Tobias

• EncryptedField
• EncryptedRow
• EncryptedMultiRows
• EncryptedFile

Hi @paragonie-scott ,

I had to add the line:

RowRotator: require('./lib/keyrotation/rowrotator'),

in the ciphersweet lib file: node_modules/ciphersweet-js/index.js

Thank you!

Look at this line:

return this.getBlindIndexRaw(plaintext, name, key).toString('hex');

this.getBlindIndexRaw is the async method, so it returns the Promise. The issue is that if you call toString on a promise, it always returns the string '[object Promise]'. And that string is always returned as the blind index!

It probably should be something like:

return (await this.getBlindIndexRaw(plaintext, name, key)).toString('hex');

I didn't check other code, so there could be more places like this.

I'm thinking of using this in the browser, as I've read in the documentation that it should be supported.

Basically I need to store some sensitive user data, but don't want the hassle of having to deal with the security side of it. It would be better just not having access or storing the unencrypted data at all in our backend/databases.

So I'm thinking of letting the user enter a key into the web app, then use client side javascript to deal with decryption of data. The key would be stored probably in localStorage, and on every new browser they connect from, they'd need to re-enter the key in order to be able to decrypt or update the sensitive data.

Does this sound feasible to implement using ciphersweet?

let engine = new CipherSweet(provider);

produces

(node:6304) UnhandledPromiseRejectionWarning: TypeError: Argument 2 must be an instance of backend
    at new CipherSweet (/Users/kevin/development/<project folder>/node_modules/ciphersweet-js/lib/ciphersweet.js:29:19)
... etc ...

I created #7 to attempt to make this match the docs.

Hey there,

We're using TypeScript for our backend, and have built a set of TypeScript types for this library. Would you be interested in merging them into the library package proper and taking on maintenance of them, or would you prefer that we contribute them to https://github.com/DefinitelyTyped/DefinitelyTyped and try to keep them in sync as a community effort?

We're happy to go either way, but it's awesome for the TypeScript community when the types come down with the library in a single npm install, so that's the preferred approach in general.

const provider = new StringProvider(key);
const engine = new CipherSweet(provider);
const enf = new EncryptedFile(engine);

I think because EncryptedFile is not exported in index.js