cryptify

A dead simple file-based encyrption (FBE) utitily for Node.js.

❤️ CLI or module-based usage
❤️ Implements Node.js crypto
❤️ Licensed with GPLv2

---

Table of Contents

• CLI
  • Installation
  • Usage
• Module
  • Installation
  • CommonJS
  • ES2015
• Supported Ciphers
• Recommendations
  • Bash
  • Windows Command Prompt
  • Windows Powershell
• Password Requirements

---

CLI

Installation

• $ npm i -g cryptify

Usage

Adheres to http://docopt.org/ via commander.js

$ cryptify encrypt <file>... (-p <password>) [-c <cipher>] [-e <encoding>] [-s]
$ cryptify decrypt <file>... (-p <password>) [-c <cipher>] [-e <encoding>] [-s]

Commands

Command	Description
encrypt	Encrypt file(s)
decrypt	Decrypt file(s)

Command Arguments

Short	Long	Description	Default	Required
-p	--password	Cryptographic key		Yes
-c	--cipher	Cipher algorithm	aes-256-cbc	No
-e	--encoding	Character encoding of returned file(s)	utf8	No
-s	--silent	Silence informational display	false	No
-o	--loose	Bypass password requirements	false	No

General Arguments

Short	Long	Description
-h	--help	Display help
-v	--version	Show version
-l	--list	List available ciphers

Encrypt a file with a password

$ cryptify encrypt ./configuration.props -p mySecretKey

Encrypt some files with a custom cipher

$ cryptify encrypt ./foo.json ./bar.jpg -p mySecretKey -c aes-256-cbc-hmac-sha256

Decrypt some files with a custom cipher

$ cryptify decrypt ./foo.json ./bar.jpg -p mySecretKey -c aes-256-cbc-hmac-sha256

Show general help

$ cryptify help encrypt

Usage: cryptify [options] [command]

Options:
  -v, --version                Display the current version
  -l, --list                   List available ciphers
  -h, --help                   Display help for the command

Commands:
  encrypt [options] <file...>  Encrypt files(s)
  decrypt [options] <file...>  Decrypt files(s)
  help <command>               Display help for the command

Example:
  $ cryptify encrypt file.txt -p 'Secret123!'
  $ cryptify decrypt file.txt -p 'Secret123!'

Password Requirements:
  1. Must contain at least 8 characters
  2. Must contain at least 1 special character
  3. Must contain at least 1 numeric character
  4. Must contain a combination of uppercase and lowercase

Show command help

$ cryptify help encrypt

Usage: cryptify encrypt <file>... (-p <password>) [-c <cipher>] [-e <encoding>] [-s] [-o]

Encrypt files(s)

Options:
  -p, --password <password>  Cryptographic key
  -c, --cipher <cipher>      Cipher algorithm (default: "aes-256-cbc")
  -e, --encoding <encoding>  Character encoding (default: "utf8")
  -s, --silent               Silence informational display (default: false)
  -o, --loose                Bypass password requirements (default: false)
  -h, --help                 Display help for the command

---

Module

Installation

• $ npm i -S cryptify

CommonJS

const Cryptify = require('cryptify');

ES2015

import Cryptify from 'cryptify';

Constructor

new Cryptify(files, password[, cipher][, encoding][, silent][, loose])

Encrypt / Decrypt

import Cryptify from 'cryptify';

const filePath = './example.txt'; // This can also be an array of paths.
const password = process.env.ENV_SECRET_KEY;

const instance = new Cryptify(filePath, password);
instance
  .encrypt()
  .then((files) => {
    /* Do stuff */
  })
  .then(() => instance.decrypt())
  .then((files) => {
    /* Do stuff */
  })
  .catch((e) => console.error(e));

Decrypt / Encrypt

import Cryptify from 'cryptify';

const filePath = './example.txt'; // This can also be an array of paths.
const password = process.env.ENV_SECRET_KEY;

const instance = new Cryptify(filePath, password);
instance
  .decrypt()
  .then((files) => {
    /* Do stuff */
  })
  .then(() => instance.encrypt())
  .then((files) => {
    /* Do stuff */
  })
  .catch((e) => console.error(e));

---

Supported Ciphers

The following ciphers are supported by cryptify:

Running cipher validation tests...

 ✓ Passed: aes-128-cbc
 ✓ Passed: aes-128-cbc-hmac-sha1
 ✓ Passed: aes-128-cbc-hmac-sha256
 ✓ Passed: aes-128-cfb
 ✓ Passed: aes-128-cfb1
 ✓ Passed: aes-128-cfb8
 ✓ Passed: aes-128-ctr
 ✓ Passed: aes-128-ofb
 ✓ Passed: aes-192-cbc
 ✓ Passed: aes-192-cfb
 ✓ Passed: aes-192-cfb1
 ✓ Passed: aes-192-cfb8
 ✓ Passed: aes-192-ctr
 ✓ Passed: aes-192-ofb
 ✓ Passed: aes-256-cbc
 ✓ Passed: aes-256-cbc-hmac-sha1
 ✓ Passed: aes-256-cbc-hmac-sha256
 ✓ Passed: aes-256-cfb
 ✓ Passed: aes-256-cfb1
 ✓ Passed: aes-256-cfb8
 ✓ Passed: aes-256-ctr
 ✓ Passed: aes-256-ofb
 ✓ Passed: aes128
 ✓ Passed: aes192
 ✓ Passed: aes256
 ✓ Passed: aria-128-cbc
 ✓ Passed: aria-128-cfb
 ✓ Passed: aria-128-cfb1
 ✓ Passed: aria-128-cfb8
 ✓ Passed: aria-128-ctr
 ✓ Passed: aria-128-ofb
 ✓ Passed: aria-192-cbc
 ✓ Passed: aria-192-cfb
 ✓ Passed: aria-192-cfb1
 ✓ Passed: aria-192-cfb8
 ✓ Passed: aria-192-ctr
 ✓ Passed: aria-192-ofb
 ✓ Passed: aria-256-cbc
 ✓ Passed: aria-256-cfb
 ✓ Passed: aria-256-cfb1
 ✓ Passed: aria-256-cfb8
 ✓ Passed: aria-256-ctr
 ✓ Passed: aria-256-ofb
 ✓ Passed: aria128
 ✓ Passed: aria192
 ✓ Passed: aria256
 ✓ Passed: camellia-128-cbc
 ✓ Passed: camellia-128-cfb
 ✓ Passed: camellia-128-cfb1
 ✓ Passed: camellia-128-cfb8
 ✓ Passed: camellia-128-ctr
 ✓ Passed: camellia-128-ofb
 ✓ Passed: camellia-192-cbc
 ✓ Passed: camellia-192-cfb
 ✓ Passed: camellia-192-cfb1
 ✓ Passed: camellia-192-cfb8
 ✓ Passed: camellia-192-ctr
 ✓ Passed: camellia-192-ofb
 ✓ Passed: camellia-256-cbc
 ✓ Passed: camellia-256-cfb
 ✓ Passed: camellia-256-cfb1
 ✓ Passed: camellia-256-cfb8
 ✓ Passed: camellia-256-ctr
 ✓ Passed: camellia-256-ofb
 ✓ Passed: camellia128
 ✓ Passed: camellia192
 ✓ Passed: camellia256
 ✓ Passed: chacha20

 ✓ Results: 68 passed, 107 total

---

Recommendations

Strongly consider clearing your shell's session history of any sensitive information.

Bash

Bash writes the current session history to disk (~/.bash_history) at the end of the session.

1. Tactical Approach: Clear a specific entry in the current session

   $ history
   666 cryptify --help
   667 cryptify encrypt ./myfile.txt -p mySecretKey
   $ history -d 667
   $ history -w
   

2. Blunt Approach: Clear the entire current session history (in memory)

   $ history -c
   

3. Nuclear Approach: Clear current and existing session history (in memory, and on disk)

   $ rm $HISTFILE
   $ history -c
   $ exit
   (open shell)
   $ cat $HISTFILE
   exit
   

Windows Command Prompt

Windows does not store history between command prompt sessions.

1. However, for safety, consider decreasing the Buffer Size and Number of Buffers in the Properties menu before use.

2. Per this configuration, Windows will only store the last command in the buffer.

3. Once work with cryptify is complete, close the command prompt:

   C:\Users\[user]> cryptify encrypt ./myfile.txt -p mySecretKey
   C:\Users\[user]> exit
   

Windows PowerShell

1. PowerShell's Clear-History command doesn't seem to work as advertised, which is designed to clear the current session's history.

2. However, deleting PowerShell's history file does do the trick.

   PS C:\Users\[user]> cryptify encrypt ./myfile.txt -p mySecretKey
   PS C:\Users\[user]> del (Get-PSReadlineOption).HistorySavePath
   PS C:\Users\[user]> exit
   

---

Password Requirements

1. Must contain at least 8 characters
2. Must contain at least 1 special character
3. Must contain at least 1 numeric character
4. Must contain a combination of uppercase and lowercase