Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
/* Find data to encrypt. */
const plainText = new Uint8Array([1, 2, 3, 4, 5])
/* Encrypt the data. */
const { result } = await encrypt(keyring, plainText, { encryptionContext: context })
/* Log the plain text
* only for testing and to show that it works.
*/
console.log('plainText:', plainText)
document.write('<br>plainText:' + plainText + '<br>')
/* Log the base64-encoded result
* so that you can try decrypting it with another AWS Encryption SDK implementation.
*/
const resultBase64 = toBase64(result)
console.log(resultBase64)
document.write(resultBase64)
/* Decrypt the data.
* This decrypt call could be done with **any** of the 3 keyrings.
* Here we use the multi-keyring, but
* decrypt(kmsKeyring, result)
* decrypt(aesKeyring, result)
* would both work as well.
*/
const { plaintext, messageHeader } = await decrypt(keyring, result)
/* Grab the encryption context so you can verify it. */
const { encryptionContext } = messageHeader
/* Verify the encryption context.
/* Find data to encrypt. */
const plainText = new Uint8Array([1, 2, 3, 4, 5])
/* Encrypt the data. */
const { result } = await encrypt(keyring, plainText, { encryptionContext: context })
/* Log the plain text
* only for testing and to show that it works.
*/
console.log('plainText:', plainText)
document.write('<br>plainText:' + plainText + '<br>')
/* Log the base64-encoded result
* so that you can try decrypting it with another AWS Encryption SDK implementation.
*/
const resultBase64 = toBase64(result)
console.log(resultBase64)
document.write(resultBase64)
const { plaintext, messageHeader } = await decrypt(keyring, result)
/* Grab the encryption context so you can verify it. */
const { encryptionContext } = messageHeader
/* Verify the encryption context.
* If you use an algorithm suite with signing,
* the Encryption SDK adds a name-value pair to the encryption context that contains the public key.
* Because the encryption context might contain additional key-value pairs,
* do not add a test that requires that all key-value pairs match.
* Instead, verify that the key-value pairs you expect match.
*/
Object
/* Find data to encrypt. */
const plainText = new Uint8Array([1, 2, 3, 4, 5])
/* Encrypt the data. */
const { result } = await encrypt(keyring, plainText, { encryptionContext: context })
/* Log the plain text
* only for testing and to show that it works.
*/
console.log('plainText:', plainText)
document.write('<br>plainText:' + plainText + '<br>')
/* Log the base64-encoded result
* so that you can try decrypting it with another AWS Encryption SDK implementation.
*/
const resultBase64 = toBase64(result)
console.log(resultBase64)
document.write(resultBase64)
const { plaintext, messageHeader } = await decrypt(keyring, result)
/* Grab the encryption context so you can verify it. */
const { encryptionContext } = messageHeader
/* Verify the encryption context.
* If you use an algorithm suite with signing,
* the Encryption SDK adds a name-value pair to the encryption context that contains the public key.
* Because the encryption context might contain additional key-value pairs,
* do not add a test that requires that all key-value pairs match.
* Instead, verify that the key-value pairs you expect match.
*/
Object
/* Find data to encrypt. */
const plainText = new Uint8Array([1, 2, 3, 4, 5])
/* Encrypt the data. */
const { result } = await encrypt(keyring, plainText, { encryptionContext: context })
/* Log the plain text
* only for testing and to show that it works.
*/
console.log('plainText:', plainText)
document.write('<br>plainText:' + plainText + '<br>')
/* Log the base64-encoded result
* so that you can try decrypting it with another AWS Encryption SDK implementation.
*/
const resultBase64 = toBase64(result)
console.log(resultBase64)
document.write(resultBase64)
const { plaintext, messageHeader } = await decrypt(keyring, result)
/* Grab the encryption context so you can verify it. */
const { encryptionContext } = messageHeader
/* Verify the encryption context.
* If you use an algorithm suite with signing,
* the Encryption SDK adds a name-value pair to the encryption context that contains the public key.
* Because the encryption context might contain additional key-value pairs,
* do not add a test that requires that all key-value pairs match.
* Instead, verify that the key-value pairs you expect match.
*/
Object
export function bytes2JWK (rawKeyBytes: Uint8Array): JsonWebKey {
// See https://tools.ietf.org/html/rfc7515#appendix-C Base64url Encoding
const base64 = toBase64(rawKeyBytes)
const base64Url = base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '')
return {
kty: 'oct',
k: base64Url
}
}
/* Precondition: WebCryptoDefaultCryptographicMaterialsManager If the algorithm suite specification requires a signatureCurve a context must exist. */
if (!encryptionContext) throw new Error('Encryption context does not contain required public key.')
const { [ENCODED_SIGNER_KEY]: compressPoint } = encryptionContext
/* Precondition: WebCryptoDefaultCryptographicMaterialsManager The context must contain the public key. */
needs(compressPoint, 'Context does not contain required public key.')
const backend = await getWebCryptoBackend()
const subtle = getNonZeroByteBackend(backend)
const webCryptoAlgorithm = { name: 'ECDSA', namedCurve }
const extractable = false
const usages = ['verify']
const format = 'raw'
const publicKeyBytes = VerificationKey.decodeCompressPoint(fromBase64(compressPoint), suite)
const publicKey = await subtle.importKey(format, publicKeyBytes, webCryptoAlgorithm, extractable, usages)
return new WebCryptoDecryptionMaterial(suite, encryptionContext)
.setVerificationKey(new VerificationKey(publicKey, suite))
}
}
const backend = await getWebCryptoBackend()
const subtle = getNonZeroByteBackend(backend)
const webCryptoAlgorithm = { name: 'ECDSA', namedCurve }
const extractable = false
const usages = ['sign']
const format = 'raw'
const { publicKey, privateKey } = await subtle.generateKey(webCryptoAlgorithm, extractable, usages)
const publicKeyBytes = await subtle.exportKey(format, publicKey)
const compressPoint = SignatureKey.encodeCompressPoint(new Uint8Array(publicKeyBytes), suite)
const signatureKey = new SignatureKey(privateKey, compressPoint, suite)
return new WebCryptoEncryptionMaterial(
suite,
{ ...encryptionContext, [ENCODED_SIGNER_KEY]: toBase64(compressPoint) }
)
.setSignatureKey(signatureKey)
}
export function toBase64(input: Uint8Array): string {
if (isNode()) {
return nodeToBase64(input);
}
return browserToBase64(input);
}
export function fromBase64(input: string): Uint8Array {
if (isNode()) {
return nodeFromBase64(input);
}
return browserFromBase64(input);
}
async function aesKeyring (keyInfo:AesKeyInfo, key: AESKey) {
const keyName = key['key-id']
const keyNamespace = keyInfo['provider-id']
const { encoding, material } = key
needs(encoding === 'base64', 'Unsupported encoding')
const rawKey = fromBase64(material)
if (!Bits2RawAesWrappingSuiteIdentifier[key.bits]) throw new Error('Unsupported right now')
const wrappingSuite = Bits2RawAesWrappingSuiteIdentifier[key.bits]
const masterKey = await RawAesKeyringWebCrypto.importCryptoKey(rawKey, wrappingSuite)
return new RawAesKeyringWebCrypto({ keyName, keyNamespace, masterKey, wrappingSuite })
}