Narwhals Playing Mahjong

    crypt.io

    1.0.8 • Public • Published

    crypt.io Build Status

    crypt.io implements secures browser storage with the SJCL (Stanford Javascript Crypto Libraries) crypto library.

    Options:

    • passphrase: {String} User supplied passphrase
    • storage: {String} Storage engine to use; local, session or cookies

    Examples:

    Here are a few examples of use to get you started.

    Default use

    Saving data...

    var storage = cryptio
      , inventory = [{
          "SKU": "39-48949",
          "Price": 618,
          "Item": "Snowboard"
        }, {
          "SKU": "99-28128",
          "Price": 78.99,
          "Item": "Cleats"
        }, {
          "SKU": "83-38285",
          "Price": 3.99,
          "Item": "Hockey Puck"
        }];
     
    storage.set('inventory', inventory, function(err, results){
      if (err) throw err;
      console.log(results);
    });

    Retrieving data...

    var storage = cryptio;
     
    storage.get('inventory', function(err, results){
      if (err) throw err;
      console.log(results);
    });

    Storage option

    Want to use a different storage engine like the HTML5 sessionStorage feature?

    var options = {
      storage: 'session',
    };

    Or some depreciated cookies? This is the least tested option

    var options = {
      storage: 'cookies',
    };

    Extra security

    While providing a transparent method of encryption for objects within the client prevents the need for user interaction, in terms of security in the event of a same-origin, dom rebinding attack coupled with a man- in-the-middle scenario or a malicious browser add-on it would be more secure to prompt the user for his/her passphrase.

    Here is an example of user input for the passphrase.

    var pass = window.prompt("Please enter password...", "a custom password");
     
    var options = {
      passphrase: pass
    };
     
    storage.set(options, 'inventory', inventory, function(err, results){
      if (err) throw err;
      console.log(results);
    });
     
    storage.get(options, 'inventory', function(err, results){
      if (err) throw err;
      console.log(results);
    });
     

    For the paranoid

    Here is a robust example of saving & retrieving data implementing a user defined password based on their input while also using key stretching techniques to further enhance the security of the key used as well as using a tempoary storage option such as sessionStorage for the current authenticated session.

    Saving data (please keep in mind that a static value for the salt is not recommended)

    var pass = window.prompt("Enter password to protect saved data", "");
     
    var options = {
      passphrase: sjcl.codec.base64.fromBits(sjcl.hash.sha256.hash(sjcl.misc.pbkdf2(pass, sjcl.random.randomWords(2), 100000, 512)))
    };
     
    storage.set(options, 'inventory', inventory, function(err, results){
      if (err) throw err;
      console.log(results);
    });
     
    storage.get(options, 'inventory', function(err, results){
      if (err) throw err;
      console.log(results);
    });
     

    Warning:

    For the obligitory read regarding Javascript Encryption and the security implications please read 'NCC Group - Javascript Cryptography Considered Harmful'

    Requirements:

    Installation:

    Three methods are available for setup and use; using bower, cloning & manual

    Bower

    To setup using bower

    %> bower install crypt.io

    Clone

    To setup using git

    %> git clone --recursive https://github.com/jas-/crypt.io.git

    Manual

    Copy the crypt.io.min.js and the sjcl libraries to your web project and include them like so.

    <script src="/path/to/sjcl.js"></script>
    <script src="/path/to/crypt.io.min.js"></script>

    Support:

    Found a bug? Want a feature added? General feedback or kudos? Please open an issue so I can address it. Thanks!

    Install

    npm i crypt.io

    DownloadsWeekly Downloads

    12

    Version

    1.0.8

    License

    MIT

    Last publish

    Collaborators

    • jas-