Skip to content

Commit

Permalink
Initial commit: crypto is coming
Browse files Browse the repository at this point in the history
  • Loading branch information
@VincentCasse
VincentCasse committed Jun 1, 2015
0 parents commit 0d8e111
Show file tree
Hide file tree
Showing 19 changed files with 3,133 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
node_modules
bower_components
dist
40 changes: 40 additions & 0 deletions .jshintrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"camelcase": false,
"curly": true,
"forin": false,
"latedef": "nofunc",
"newcap": false,
"noarg": true,
"nonew": true,
"quotmark": "single",
"undef": true,
"unused": "vars",
"strict": true,
"trailing": true,
"maxlen": 80,

"eqnull": true,
"esnext": true,
"expr": true,
"globalstrict": true,

"maxerr": 1000,
"regexdash": true,
"laxcomma": true,
"proto": true,

"browser": true,
"devel": true,
"nonstandard": true,
"worker": true,
"bitwise": true,

"-W078": true,

"globals": {
"require" : false,
"module" : false,
"define" : false,
"global" : false
}
}
21 changes: 21 additions & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
The MIT License (MIT)

Copyright (c) 2015 - Vincent Cassé

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
110 changes: 110 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
# Amaretti.js

Amaretti.js is a library to encrypt and decrypt message into the browser. They use native implementation (WebCrypto APIs) when available, or SJCL library when not.

## Getting started

### Installation

This library can be installed with npm or bower, as you prefer:

```bash
bower install amaretti
```

```bash
npm install amaretti
```

### How to use it

Just import the javascript file and require the library. Require system is included into amaretti library

```html
<script src="public/vendor.js"></script>
<script src="public/amaretti.js"></script>
var Amaretti = require('amaretti').init();
```

### Generate a salt

Salt are used into key generation and to randomize the encryption of a message. You can get a base64 salt using this `Amaretti.getSalt()`

```javascript
Amaretti.getSalt().then(function(salt) {
// Manipulate your salt
}, function (error) {
// There was an error
});
```

### Generate a key

To encrypt or decrypt messages, you need to use a key. You can generate a key usable with a passphrase (like a password). Key generated is returned as base64. To randomize the generation, you need to give a salt and a hash algorithm

```javascript
Amaretti.generateKey(passphrase, salt, hash).then(function(key) {
// Manipulate your key
}, function (error) {
// There was an error
});
```
* __passphrase__: is the passphrase used to encrypt or decrypt messages
* __salt__: is the salt, base64 encoded, used to randomize the key generator
* __hash__: is the name of algorithm used to hash the key. It could be _SHA-1_ or _SHA-256_

### Encrypt a message

You can encrypt a message with your key. Amaretti use AES-GCM to encrypt data. To avoid brut-force attack agains the encrypted data, each data had to be encrypt with a different and random nonce. You can use a salt as nonce. Don't lose this nonce, you will need it to decrypt the message.

```javascript
Amaretti.encrypt(key, message, nonce).then(function(encrypted) {
// Manipulate your encrypted message
}, function (error) {
// There was an error
});
```
* __key__: is the base64 used to encrypt message
* __message__: is the message to encrypt
* __nonce__: is a random value, in base64 format, use to avoid attacks

### Decrypt a message

```javascript
Amaretti..decrypt(key, encrypted, nonce).then(function(decrypted) {
// Manipulate your encrypted message
}, function (error) {
// There was an error
});
```

* __key__: is the base64 used to encrypt message
* __encrypted: is the encrypted message to decrypt, in base64 format
* __nonce__: is a random value, in base64 format, use to avoid attacks

## License

MIT

## How to contribute

Hum ... on github :)

### To build library

```bash
npm install
bower install
brunch build
```

### To run tests

```bash
npm run test
```

## Ideas for a roadmap

* Return key and crypted data with JOSE standard (JWE and JWT)
* Check sha-256 for firefox and sha-1 for SJCL ito key generation
Loading

0 comments on commit 0d8e111

Please sign in to comment.