@aws-crypto/client-node
TypeScript icon, indicating that this package has built-in type declarations

4.0.0 • Public • Published

AWS Encryption SDK for JavaScript client for Node.js

@aws-crypto/client-node

The client-node module includes all of the modules you need to use the AWS Encryption SDK for JavaScript with Node.js.

  • decrypt-node
  • encrypt-node
  • kms-keyring-node
  • material-management-node
  • caching-materials-manager-node
  • raw-aes-keyring-node
  • raw-rsa-keyring-node

For code examples that show you how to these modules to create keyrings and encrypt and decrypt data, install the example-node module.

install

To install this module, use the npm package manager. For help with installation, see https://www.npmjs.com/get-npm.

npm install @aws-crypto/client-node

use

For detailed code examples that show you how to these modules to create keyrings and encrypt and decrypt data, install the example-node module.

/* Start by constructing a keyring. We'll create a KMS keyring.
 * Specify an AWS Key Management Service (AWS KMS) customer master key (CMK) to be the
 * generator key in the keyring. This CMK generates a data key and encrypts it. 
 * To use the keyring to encrypt data, you need kms:GenerateDataKey permission 
 * on this CMK. To decrypt, you need kms:Decrypt permission. 
 */
const generatorKeyId = 'arn:aws:kms:us-west-2:658956600833:alias/EncryptDecrypt'

/* You can specify additional CMKs for the keyring. The data key that the generator key
 * creates is also encrypted by the additional CMKs you specify. To encrypt data, 
 *  you need kms:Encrypt permission on this CMK. To decrypt, you need kms:Decrypt permission.
 */ 
const keyIds = ['arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f']

/* Create the KMS keyring */
const keyring = new KmsKeyringNode({ generatorKeyId, keyIds })

/* Set an encryption context For more information: 
 * https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context
 */
const context = {
    stage: 'demo',
    purpose: 'simple demonstration app',
    origin: 'us-west-2'
  }
 
/* Create a string to encrypt */
const cleartext = 'asdf'

/* Encrypt the string using the keyring and the encryption context 
 * the Encryption SDK returns an "encrypted message" (`result`) that includes the ciphertext
 * the encryption context, and the encrypted data keys.
 */ 
const { result } = await encrypt(keyring, cleartext, { encryptionContext: context })

/* Decrypt the result using the same keyring */
const { plaintext, messageHeader } = await decrypt(keyring, result)

/* Get the encryption context */
const { encryptionContext } = messageHeader

/* Verify that all values in the original encryption context are in the 
 * current one. (The Encryption SDK adds extra values for signing.) 
 */
 Object
    .entries(context)
    .forEach(([key, value]) => {
      if (encryptionContext[key] !== value) throw new Error('Encryption Context does not match expected values')
    })

/* If the encryption context is verified, return the plaintext. */

test

npm test

Compatibility Considerations

RSA Options

Node.js crypto does not support all RSA key wrapping options supported by other other implementation of the AWS Encryption SDK

The supported configurations are:

  • OAEP with SHA1 and MGF1 with SHA1
  • PKCS1v15

license

This SDK is distributed under the Apache License, Version 2.0, see LICENSE.txt and NOTICE.txt for more information.

Dependents (57)

Package Sidebar

Install

npm i @aws-crypto/client-node

Weekly Downloads

156,081

Version

4.0.0

License

Apache-2.0

Unpacked Size

24.7 kB

Total Files

10

Last publish

Collaborators

  • amzn-oss
  • seebees
  • agray256
  • lavaleri
  • salkeldr
  • aws-crypto-tools-ci-bot
  • mattsb42-aws
  • farleyb-aws