Nesting Penguins Molt

    aes-cbc-hmac-sha2

    0.4.0 • Public • Published

    Authenticated Encryption with AES-CBC and HMAC-SHA2

    For explanation see the draft.

    Supported Algorithms:

    algorithm key length
    aes-128-cbc-hmac-sha-256 32
    aes-192-cbc-hmac-sha-384 48
    aes-256-cbc-hmac-sha-512 56
    aes-256-cbc-hmac-sha-384 64

    Installation

    $ npm install --save aes-cbc-hmac-sha2
    

    Usage

    Creating and using cipher/decipher is no different than createCipheriv and createDecipheriv methods of node's crypto module.

    var aesHmac = require('aes-cbc-hmac-sha2');
     
    //cipher
    var cipher = aesHmac.createCipheriv(algo, key, iv);
     
    //decipher
    var decipher = aesHmac.createDecipheriv(algo, key, iv);

    Cipher and Decipher objects are streams that both readable and writable.

    You can also monkey-patch node crypto module.

    var crypto = require('crypto');
    require('aes-cbc-hmac-sha2').patch(crypto);
     
    var cipher = crypto.createCipheriv('aes-128-cbc-hmac-sha-256');
    //...
     

    Encryption

    var aesHmac = require('aes-cbc-hmac-sha2');
    var fs      = require('fs');
     
    var key = new Buffer('AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=', 'base64'); //128-bit key
    var iv  = new Buffer('GvOMLcK5b/3YZpQJI0G8BA==', 'base64'); // 128-bit initialization vector
    var aad = new Buffer('VGhlIHNlY29uZCBwcmluY2lwbGUg', 'base64'); //additional authentication data
    var plaintext  = fs.createReadStream('hello.txt');
    var ciphertext = fs.createWriteStream('hello.txt.enc');
     
    var cipher = aesHmac.createCipheriv('aes-128-cbc-hmac-sha-256', key, iv);
    // additional authentication data must be set before encryption
    cipher.setAAD(aad);
     
    // we can get authentication tag once the writable side of the stream ended.
    cipher.on('end', function() {
        console.log('Authentication Tag: ', cipher.getAuthTag().toString('base64')); //sYu58fmtWdfhYnenP6hzVA==
    });
     
    plaintext.pipe(cipher);
    cipher.pipe(ciphertext);

    Decryption

    Decryption operation have four inputs: key, iv, aad, authTag and of course ciphertext.

    var aesHmac = require('aes-cbc-hmac-sha2');
    var fs      = require('fs');
     
    var key = new Buffer('AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=', 'base64'); //128-bit key
    var iv  = new Buffer('GvOMLcK5b/3YZpQJI0G8BA==', 'base64'); // 128-bit initialization vector
    var aad = new Buffer('VGhlIHNlY29uZCBwcmluY2lwbGUg', 'base64'); // additional authentication data
    var ciphertext = fs.createReadStream('hello.txt.enc');
    var decryptedtext  = fs.createWriteStream('hello.txt.dec');
     
    var decipher = aesHmac.createDecipheriv('aes-128-cbc-hmac-sha-256', key, iv);
    decipher.setAAD(aad);
     
    //
    decipher.setAuthTag(new Buffer('sYu58fmtWdfhYnenP6hzVA==', 'base64'));
     
    ciphertext.pipe(decipher);
    decipher.pipe(decryptedtext);

    Running the tests

    $ git clone https://github.com/glkz/aes-cbc-hmac-sha2.git
    cd aes-cbc-hmac-sha2
    $ npm install
    $ npm test

    Further Reading

    Install

    npm i aes-cbc-hmac-sha2

    DownloadsWeekly Downloads

    8

    Version

    0.4.0

    License

    MIT

    Last publish

    Collaborators

    • glkz