Repository files navigation

⚡️ A super simple encryption library.

NOTE: just-encrypt-me is still a pre-release project (v0.x.x). Please use at your own risk. If you find this project useful, please consider leaving a star so others can find it. Thanks!

This library takes a few of the best methods from the Web Crypto API and simplifies it to make encryption easier (with pretty good defaults based on best practices).

• ✨ Simplified encrypt/decrypt API while still following best security practices.
• 🚀 Works in browsers, web workers, node and electron.React Native not tested.
• 🔑Asymmetric encryption coming soon.

yarn add just-encrypt-me

or with npm

npm install just-encrypt-me

import{encrypt,generateSeed}from'just-encrypt-me';constpassword='somestrongpassword';constseed=generateSeed();constencrypted=awaitencrypt('Hello, World!',password,seed);// export the base64 of the encrypted textconstbase64=encrypted.base64();// 4AZS2rs2OZ4j5u9BM68TsMzXo1silVZ2UvRkiTE=// or the bufferconstbuffer=encrypted.buffer();// <Buffer e0 06 52 ...>

Save theseed andbase64 orbuffer to your database for later decryption.password is the only sensitive info here so you can save theseed in plaintext.

import{decrypt}from'just-encrypt-me';// decrypt from a base64 stringconstdecrypted=decrypt(base64,password,seed);console.log(decrypted.string());// Hello, World!// or decrypt from bufferconstdecrypted=decrypt(buffer,password,seed);console.log(decrypted.string());// Hello, World!

This is a one way hash meaning it's impossible to reverse the hashed value.

import{hash}from'just-encrypt-me';consthashed=hash('some message');console.log(hashed);// 6yAa9arw1gYp09KmHkZs/A/ttRet2DHsrFI14dqpY9Y=

At some point you may want to encrypt multiple items without using the plaintext password every single time, or you may want to use differentseeds for each item. For that you can derive a key from the plaintext password and use the key for all encryption/decryption.

import{deriveKey,generateSeed}from'just-encrypt-me';constpassword='somestrongpassword';constseed=generateSeed();constkey=awaitderiveKey(password,seed);

import{encryptWithKey,generateSeed}from'just-encrypt-me';constseed2=generateSeed();constencrypted=awaitencryptWithKey('Hello, World!',key,seed2);

Here, we're using 2 separateseeds for the password and text encryption. You will need to save both in your database for later decryption. Again,password is the only sensitive info here so you can saveseed andseed2 in plaintext.

key is aCryptoKey object. Don't save this to your database, it's not safe. Instead, you should generate this whenever needed.

import{decrypt}from'just-encrypt-me';// decrypt from a base64 stringconstdecrypted=decryptWithKey(base64,key,seed2);console.log(decrypted.string());// Hello, World!// or decrypt from bufferconstdecrypted=decryptWithKey(buffer,key,seed2);console.log(decrypted.string());// Hello, World!

I'm still putting together a docs site. Watch this space..

The goal for this library is to provide devs an easy to use encryption API, so I've only provided the methods that are industry standard with pretty secure defaults.

• Has only 1 type of symmetric encryption mode (AES-GCM-256) from the Web Crypto API (based on best practices and imo)
• Password key derivation will do 500,000 iterations by default (minimum, can set higher, but not lower)
• Has only 1 hash method (SHA256)
• Expects UTF-8 everywhere input
• Nonce, salt and IV are all simply referred to as "seed" in all function arguments. Avoids confusion. Simplifies the library.

If you need to use other types of encryption mode or tweak any other settings, this library is not what you're looking for.

• Jeff Bocala —@jeffbocala,https://jeffbocala.com

This project is licensed under the terms of theMIT license.