46 lines
1.2 KiB
TypeScript
46 lines
1.2 KiB
TypeScript
import crypto from "crypto";
|
|
import {secrets} from "./secrets"
|
|
const ALGORITHM = "aes-256-gcm";
|
|
|
|
function getEncryptionKey() {
|
|
const key = secrets.ENCRYPTION_KEY || ""
|
|
|
|
if (!/^[a-f0-9]{64}$/i.test(key)) {
|
|
throw new Error("ENCRYPTION_KEY muss ein 64 Zeichen langer Hex-String sein. Beispiel: openssl rand -hex 32")
|
|
}
|
|
|
|
return Buffer.from(key, "hex")
|
|
}
|
|
|
|
export function encrypt(text) {
|
|
const ENCRYPTION_KEY = getEncryptionKey();
|
|
const iv = crypto.randomBytes(16);
|
|
const cipher = crypto.createCipheriv(ALGORITHM, ENCRYPTION_KEY, iv);
|
|
|
|
const encrypted = Buffer.concat([cipher.update(text, "utf8"), cipher.final()]);
|
|
const tag = cipher.getAuthTag();
|
|
|
|
return {
|
|
iv: iv.toString("hex"),
|
|
content: encrypted.toString("hex"),
|
|
tag: tag.toString("hex"),
|
|
};
|
|
}
|
|
|
|
export function decrypt({ iv, content, tag }) {
|
|
const ENCRYPTION_KEY = getEncryptionKey();
|
|
const decipher = crypto.createDecipheriv(
|
|
ALGORITHM,
|
|
ENCRYPTION_KEY,
|
|
Buffer.from(iv, "hex")
|
|
);
|
|
decipher.setAuthTag(Buffer.from(tag, "hex"));
|
|
|
|
const decrypted = Buffer.concat([
|
|
decipher.update(Buffer.from(content, "hex")),
|
|
decipher.final(),
|
|
]);
|
|
|
|
return decrypted.toString("utf8");
|
|
}
|