Git Product home page Git Product logo

secret-local-storage's Introduction

secret-local-storage

A wrapper around 'localStorage/sessionStorage' to provide storage encryption with libsodium

Installation

$ npm install secret-local-storage

Usage

const { keygen } = require('secret-local-storage/keygen')
const secretKey = keygen()
const secretStorage = require('secret-local-storage')(secretKey) // will generate key by default

secretStorage.setItem('someKey', 'some secret value')
console.log(secretStorage.getItem('someKey')) // some secret value
console.log(localStorage.getItem('someKey')) // 5J3nmcMCcABSwJN

Example

const secretStorage = require('secret-local-storage')('3e852b5d881b22261b8e417e217a9fa9757f4532305c4e46e2a6966aa89840f6')

localStorage.setItem('hello', 'world')
console.log(secretStorage.getItem('hello')); // outputs 'hello'

secretStorage.setItem('hello', 'world')
console.log(localStorage.getItem('hello')); // should be encrypted

API

The SecretLocalStorage class implements the same API as the Storage API.

const secretStorage = require('secret-local-storage')(secretKey, opts)

Create a secret storage instance with an optional secret key and options where:

  • secretKey is a 32-byte buffer or 64 character 'hex' encoded string. The encoding of the secret key can be specified with opts.secretKeyEncoding. If you do not supply a secret key, then one will be generated for you. This should be saved and re-used to read the encrypted values.

  • opts is an optional object to configure the storage where:

    • opts.secretKeyEncoding is the encoding of the secret key
    • opts.valueEncoding is an object containing encode(value) and decode(buffer) functions.
    • opts.storage can be Storage interface or a function that returns one.
    • opts.seed is an optionl seed value to generate the secret key that should be 32 bytes

secretKey.secretKey

A 32 byte secret key used for encryption and child key derivation.

secretStorage.storage

The Storage interface backing the SecretLocalStorage instance.

secretKey.valueEncoding

The value encoding used for encoding and ecoding value written to storage.

secretKey.valueEncoding.encode(value)

Encodes value into a Buffer

secretKey.valueEncoding.decode(buffer)

Decodes buffer into a value. Most likely, a string.

secretStorage.key(n)

The same API as Storage.key().

secretStorage.getItem(key)

The same API as Storage.getItem(). If decryption fails, this function will return the original value found in storage.

secretStorage.setItem(key)

The same API as Storage.setItem().

secretStorage.removeItem(key)

The same API as Storage.removeItem().

secretStorage.clear(key)

The same API as Storage.clear().

License

MIT

secret-local-storage's People

Contributors

bcomnes avatar jwerle avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

parajbs

secret-local-storage's Issues

Symmetric key generation based on public-key cryptography

Hello, I'm evaluating some encrypted Storage libraries for inclusion in a project, and I noticed a potential issue in the way secret-local-storage generates keys.

The keygen function in https://github.com/little-core-labs/secret-local-storage/blob/master/keygen.js is intended to generate a key for later use with with crypto_secretbox_easy, which wraps a symmetric encryption algorithm. According to the Sodium documentation (https://libsodium.gitbook.io/doc/secret-key_cryptography/secretbox#example), the proper way to do this is to call crypto_secretbox_keygen.

What keygen actually does is to call crypto_sign_seed_keypair, which generates a public-private keypair using Ed25519. keygen then discards the public key, and extracts 256 bits from the private key, for later use as a 256-bit key for symmetric cryptography.

I am not an expert in elliptic curve cryptography, and I do not know how Sodium stores Ed25519 private keys internally, but my concern is that by using part of an asymmetric private key as a symmetric key, the resulting key may not have the level of entropy necessary for secure operation.

Is there any particular reason that keygen works this way? Perhaps I am missing something here. Thanks for your time time and for this library.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.