From f73ab7da3bc3c7454fd2334b42beb1f396e8d44f Mon Sep 17 00:00:00 2001 From: Nick O'Leary Date: Fri, 23 Sep 2016 11:41:26 +0100 Subject: [PATCH] Updated Design: Encryption of credentials (markdown) --- Design:-Encryption-of-credentials.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Design:-Encryption-of-credentials.md b/Design:-Encryption-of-credentials.md index 673101a..f745702 100644 --- a/Design:-Encryption-of-credentials.md +++ b/Design:-Encryption-of-credentials.md @@ -38,7 +38,21 @@ After encryption, it looks like this: By keeping it a valid JSON object underlying storage implementations should not be affected by the change. +--- +### Encryption scheme + var encryptionKey = crypto.createHash('sha256').update(userKey).digest(); + var initVector = crypto.randomBytes(16); + var cipher = crypto.createCipheriv("aes-256-ctr", encryptionKey, initVector); + var result = cipher.update(JSON.stringify(credentials), 'utf8', 'base64') + cipher.final('base64'); + result = initVector.toString('hex') + result; +### Decryption scheme + var encryptionKey = crypto.createHash('sha256').update(userKey).digest(); + var initVector = new Buffer(encryptedCredentials.substring(0, 32),'hex'); + encryptedCredentials = encryptedCredentials.substring(32); + var decipher = crypto.createDecipheriv(encryptionAlgorithm, encryptionKey, initVector); + var decrypted = decipher.update(encryptedCredentials, 'base64', 'utf8') + decipher.final('utf8'); + var result = JSON.parse(decrypted);