Skip to content
/ web-encrypt-storage Public

A tiny library provides a litle more security on Front-end apps

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

meodien99/web-encrypt-storage

BranchesTags

Repository files navigation

Encrypt-Storage

Release license semver Code Styles semantic-release: angular

The Encrypt-Storage is tiny library provides a litle more security on Front-end apps

Inspired by this topic about how to Storing API keys/Secrets This project is used for POC. It's may not robust enough to competitive with other libraries. Secure key management is extremely hard to get right, and are generally the domain of specialist security experts, be carefully.

It's only just thing what I used in my pet projects and playgrounds. I don't have plan to publish this at this moment, feel free to learn from it.

This project uses the native Web Crypto API to encrypt/decrypt data and IndexedDB to manage CryptoKey internally (Thanks to IDB for promise-based version). By default, this library uses the PBKDF2 for hashing and key derivation, and AES-GCM for encryption.

Note: Web Crypto API only works under the Secure contexts which is a significant limitation for some use cases. You can look at other alternative encryption engines such as CryptoJS.

Feature

  • Secure the CryptoKey, the CryptoKey (used for symmetric algorithms) used to derive a secret key from master key (Note: it is never stored locally or anywhere, so if the session is lost, there is no way to decrypt back to the original value).
  • Save encrypted data in the IndexDB
  • Support recover encrypted data via get()

Install Guide

  1. Clone this repo:

    git clone https://github.com/meodien99/encrypt-storage.git <package-name> --depth 1

  2. Link this library:

    cd <package-name> && npm link

  3. Go to your project root and use this linked library by following:

    npm link <package-name>

Uninstall Guide

  1. In the project:

    npm unlink --no-save <package-name>

  2. In the <package-name>:

    npm unlink

Note: order is important!

Usage

import { EncryptStorage } from 'encrypt-storage';

const encryptStorage = new EncryptStorage({key: 'any key'});

// save value for the key 'foo' locally in storage
// Inspect indexDB in the dev tool to see if it's encrypted
await encryptStorage.set('foo', 'foo value');

// decrypted value
const decrypted = await encryptStorage.get('foo'); // returns 'foo value'

Docs

API's document is in docs/index.html directory, generated by typedoc, If it's not available to you, run:

npm run docs

Example of use

Updating

Commit Message Guidelines

All commit message MUST follow https://github.com/angular/angular/blob/master/CONTRIBUTING.md#commit

Format as:

<type>(<scope>): <subject>
<BLANK LINE>
<body>
<BLANK LINE>
<footer>

Note: The <type> can be found in ./commitlint.config.js file.

License

MIT

About

A tiny library provides a litle more security on Front-end apps

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages