shellphone.app/db/_encryption.ts

38 lines
1.4 KiB
TypeScript

import crypto from "crypto";
import { getConfig } from "blitz";
const { serverRuntimeConfig } = getConfig();
const IV_LENGTH = 16;
const ALGORITHM = "aes-256-cbc";
export function encrypt(text: string, encryptionKey: Buffer | string) {
const encryptionKeyAsBuffer = Buffer.isBuffer(encryptionKey)
? encryptionKey
: Buffer.from(encryptionKey, "hex");
const iv = crypto.randomBytes(IV_LENGTH);
const cipher = crypto.createCipheriv(ALGORITHM, encryptionKeyAsBuffer, iv);
const encrypted = cipher.update(text);
const encryptedBuffer = Buffer.concat([encrypted, cipher.final()]);
return `${iv.toString("hex")}:${encryptedBuffer.toString("hex")}`;
}
export function decrypt(encryptedHexText: string, encryptionKey: Buffer | string) {
const encryptionKeyAsBuffer = Buffer.isBuffer(encryptionKey)
? encryptionKey
: Buffer.from(encryptionKey, "hex");
const [hexIv, hexText] = encryptedHexText.split(":");
const iv = Buffer.from(hexIv!, "hex");
const encryptedText = Buffer.from(hexText!, "hex");
const decipher = crypto.createDecipheriv(ALGORITHM, encryptionKeyAsBuffer, iv);
const decrypted = decipher.update(encryptedText);
const decryptedBuffer = Buffer.concat([decrypted, decipher.final()]);
return decryptedBuffer.toString();
}
export function computeEncryptionKey(userIdentifier: string) {
return crypto.scryptSync(userIdentifier, serverRuntimeConfig.masterEncryptionKey, 32);
}