node package manager


Password based en-/decryption of arbitrary data with and for node.js.


Password based en-/decryption of arbitrary data with and for node.js.

  • Utilizes PBKDF2 and AES256 through node's crypto module and is therefore pretty fast
  • Encrypted outputs are indistinguishable from random data
  • Works with arbitrary buffer contents as well as with any form of JSON data (see: Stores)
  • Provides simple streaming and one-shot APIs
  • Includes handy encrypt, decrypt and keystore command line utilities

The API is quite simple:

var endecrypt = require("endecrypt");

  • rounds
    Number of PBKDF2 (HMAC-SHA1) rounds to perform, defaults to 100000.

Pretty much the same as available through the API, but with the exception that the application will ask for the passphrase if it is not specified as an argument. The number of PBKDF2 rounds defaults to 100000.

  • encrypt <infile> [-r=ROUNDS] [-p=PASSPHRASE] [> <outfile>]
  • decrypt <infile> [-r=ROUNDS] [-p=PASSPHRASE] [> <outfile>]
  • keystore list|add|get|del ... Run keystore for the details

endecrypt provides the tools to en-/decrypt arbitrary JSON data including binary buffers and utilizes the PSON data format internally for the purpose of converting JSON data to its binary representation prior to encryption and vice-versa. In endecrypt this is called a store.

Likewise, the keystore utility works with one level of nesting, making it effectively a key-value store (plain object to PSON). A possible use case could be to store a set of private keys and certificates in an endecrypt store to be able to use a common password once to access all the confidential entries. Unlike with other keystores like JKS there is no item-level access control mechanism, just a global one.

Using the API it is possible to put any form of JSON data into a store, not just plain objects.

The file has been generated through encrypt -p=123 > and can be decrypted using decrypt -p=123.

endecrypt uses node's stock PBKDF2 implementation which uses HMAC-SHA1 to derive keys. Thus, the effective entropy is 160 bits aligned to 256 bits of AES which may change with future versions (i.e. when the guys at node.js implement SHA256).

License: Apache License, Version 2.0