North Pole Mysteries

    @aws-crypto/client-browser
    TypeScript icon, indicating that this package has built-in type declarations

    3.1.1 • Public • Published

    AWS Encryption SDK for JavaScript client for the Browser

    @aws-crypto/client-browser

    The client-browser module includes all of the modules you need to use the AWS Encryption SDK for the JavaScript web browser.

    • decrypt-browser
    • encrypt-browser
    • kms-keyring-browser
    • material-management-browser
    • caching-materials-manager-browser
    • raw-aes-keyring-browser
    • raw-rsa-keyring-browser
    • web-crypto-backend

    For code examples that show you how to these modules to create keyrings and encrypt and decrypt data, install the example-browser module.

    install

    To install this module, use the npm package manager. For help with installation, see https://www.npmjs.com/get-npm.

    npm install @aws-crypto/client-browser

    use

    For detailed code examples that show you how to these modules to create keyrings and encrypt and decrypt data, install the example-browser module.

    /* Start by constructing a keyring. We'll create a KMS keyring.
     * Specify an AWS Key Management Service (AWS KMS) customer master key (CMK) to be the
     * generator key in the keyring. This CMK generates a data key and encrypts it. 
     * To use the keyring to encrypt data, you need kms:GenerateDataKey permission 
     * on this CMK. To decrypt, you need kms:Decrypt permission. 
     */
    const generatorKeyId = 'arn:aws:kms:us-west-2:658956600833:alias/EncryptDecrypt'
    
    /* You can specify additional CMKs for the keyring. The data key that the generator key
     * creates is also encrypted by the additional CMKs you specify. To encrypt data, 
     *  you need kms:Encrypt permission on this CMK. To decrypt, you need kms:Decrypt permission.
     */ 
    const keyIds = ['arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f']
    
    /* Create a KMS client provider with your AWS credentials */
    const clientProvider = getClient(KMS, {
      credentials: {
        accessKeyId,
        secretAccessKey
      }
    })
    
    /* Create the KMS keyring */
    const keyring = new KmsKeyringBrowser({ clientProvider, generatorKeyId, keyIds })
    
    /* Set an encryption context For more information: 
     * https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context
     */
    const context = {
        stage: 'demo',
        purpose: 'simple demonstration app',
        origin: 'us-west-2'
      }
     
    /* Create a string to encrypt */
    const plainText = new Uint8Array([1, 2, 3, 4, 5])
    
    /* Encrypt the string using the keyring and the encryption context 
     * the Encryption SDK returns an "encrypted message" (`result`) that includes the ciphertext, 
     * the encryption context, and the encrypted data keys.
     */ 
    const { result } = await encrypt(keyring, plainText, { encryptionContext: context })
    
    /* Decrypt the result using the same keyring */
    const { plaintext, messageHeader } = await decrypt(keyring, result)
    
    /* Get the encryption context */
    const { encryptionContext } = messageHeader
    
    /* Verify that all values in the original encryption context are in the 
     * current one. (The Encryption SDK adds extra values for signing.) 
     */
    Object
      .entries(context)
      .forEach(([key, value]) => {
        if (encryptionContext[key] !== value) throw new Error('Encryption Context does not match expected values')
        })
    
    /* If the encryption context is verified, log the plaintext. */
    document.write('</br>Decrypted:' + plaintext)
    console.log(plaintext)

    test

    npm test

    Compatibility Considerations

    WebCrypto availability

    The WebCrypto API is not available on all browsers. A fallback can be configured. An example of a fallback library is: MSR Crypto

    import { configureFallback } from '@aws-crypto/client-browser'
    configureFallback(msrCrypto)

    For details on configureFallback see: @aws-crypto/web-crypto-backend

    Zero Byte AES-GCM operations

    Modern versions of Safari do not support AES-GCM on zero bytes. The AWS Encryption SDK needs this to operate. To fix this, configure a fallback library exactly as above. The AWS Encryption SDK will only use the fallback for zero byte operations.

    RSA Options

    The WebCrypto API does not support PKCS1v15 RSA key wrapping.

    192 Bit Keys

    Browsers do not support key lengths of 192 bits.

    license

    This SDK is distributed under the Apache License, Version 2.0, see LICENSE.txt and NOTICE.txt for more information.

    Install

    npm i @aws-crypto/client-browser

    DownloadsWeekly Downloads

    202

    Version

    3.1.1

    License

    Apache-2.0

    Unpacked Size

    23.8 kB

    Total Files

    9

    Last publish

    Collaborators

    • amzn-oss
    • seebees
    • agray256
    • lavaleri
    • salkeldr
    • aws-crypto-tools-ci-bot
    • mattsb42-aws
    • farleyb-aws