Encrypted Local Storage
Overview
Encrypted local storage is a Javascript library developed by Rand Labs to securely store the information in the browser and primarily used by MyAlgo Wallet. It uses the browser’s IndexedDB API for storage and the WebCrypto API to create the keys and encrypt/decrypt data.
How does it work?
Encrypted local storage uses two different zones to store data, one for passwords and private keys, and the other to store public information.
For the former, we use the AES-GCM algorithm with a 12 bytes IV and 32 bytes salt. Also we use PBKDF2 to generate the keys with the supplied password and a configuration of 256-bit length, 32 bytes salt, SHA-512, and 1 million iterations.
For public data, a 256-bit obfuscation key is created with a 16-byte IV and used in conjunction with AES-CBC to protect public data. Despite it isn’t necessary to protect public data, users might want to hide them.
To ensure a high entropy in all generated random numbers, WebCrypto’s random number generator is used.
Password verification involves decryption of the obfuscation key concatenated with a specific phrase using AES-GCM. We check both successful decryption and correctness of the phrase. After this, the obtained obfuscation key is used to decrypt the public information.
At last, every time data is saved in the storage, a new IV and SALT pair is generated and used to encrypt such data.
Installation
The library can be installed via npm:
npm install @randlabs/encrypted-local-storageAPI Usage
Create new password
import AppStorage from "@randlabs/encrypted-local-storage"
const passwordKey = "masterkey"; // IndexedDB key
const password = "secret-password";
(async () => {
await AppStorage.createPassword(passwordKey, password);
})().catch(e => {
console.log(e);
});Verify password
(async () => {
const obfuscatekey = await AppStorage.verifyPassword(passwordKey, password);
})().catch(e => {
console.log(e); // Invalid password
});Create AppStorage instance
const appStorage = new AppStorage(); // obfuscatekey param its optional
const obfuscatekey = appStorage.getStorageKey();Storing data
const itemKey = "info";
const obj = { name: "Jay", phone: "156988460", zipcode: 546944 }
(async () => {
const appStorage = new AppStorage(obfuscatekey);
await appStorage.saveItemToStorage(itemKey, obj);
})().catch(e => {
console.log(e);
});Loading data
(async () => {
const appStorage = new AppStorage(obfuscatekey);
const data = await appStorage.loadItemFromStorage(itemKey);
console.log(data);
})().catch(e => {
console.log(e);
});Storing private data
const password = "secret-password";
const itemKey = "private_key";
const privateData = "private key information";
(async () => {
const data = new Uint8Array(Buffer.from(privateData));
await AppStorage.savePrivatekeyToStorage(itemKey, password, data);
})().catch(e => {
console.log(e);
});Loading private data
const password = "secret-password";
const itemKey = "private_key";
(async () => {
const data = await AppStorage.loadPrivatekeyFromStorage(itemKey, password, data);
console.log(Buffer.from(data).toString());
})().catch(e => {
console.log(e);
});Test
Encrypted Local Storage is designed to run in the browser. You can test it locally using:
npm run testAll tests are ran using KarmaJS
Contributing
We are happy that you are interested in collaborating with our project.
To contribute, please fork the repository, clone it, make your commits, and then make a PR to the develop branch. Make sure all linter and test pass.
Copyright and License
See LICENSE file.