1. Advisor
  2. @aws-crypto/client-node
  3. functions
  4. @aws-crypto/client-node.RawAesWrappingSuiteIdentifier.AES256_GCM_IV12_TAG16_NO_PADDING
View all @aws-crypto/client-node analysis

How to use the @aws-crypto/client-node.RawAesWrappingSuiteIdentifier.AES256_GCM_IV12_TAG16_NO_PADDING function in @aws-crypto/client-node

To help you get started, we’ve selected a few @aws-crypto/client-node examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github aws / aws-encryption-sdk-javascript / modules / integration-node / src / decrypt_materials_manager_node.ts View on Github external
} from '@aws-crypto/client-node'
import {
  RsaKeyInfo, // eslint-disable-line no-unused-vars
  AesKeyInfo, // eslint-disable-line no-unused-vars
  KmsKeyInfo, // eslint-disable-line no-unused-vars
  RSAKey, // eslint-disable-line no-unused-vars
  AESKey, // eslint-disable-line no-unused-vars
  KMSKey, // eslint-disable-line no-unused-vars
  KeyInfoTuple // eslint-disable-line no-unused-vars
} from './types'
import { constants } from 'crypto'

const Bits2RawAesWrappingSuiteIdentifier: {[key: number]: WrappingSuiteIdentifier} = {
  128: RawAesWrappingSuiteIdentifier.AES128_GCM_IV12_TAG16_NO_PADDING,
  192: RawAesWrappingSuiteIdentifier.AES192_GCM_IV12_TAG16_NO_PADDING,
  256: RawAesWrappingSuiteIdentifier.AES256_GCM_IV12_TAG16_NO_PADDING
}

export function encryptMaterialsManagerNode (keyInfos: KeyInfoTuple[]) {
  const [generator, ...children] = keyInfos.map(keyringNode)
  return new MultiKeyringNode({ generator, children })
}

export function decryptMaterialsManagerNode (keyInfos: KeyInfoTuple[]) {
  const children = keyInfos.map(keyringNode)
  return new MultiKeyringNode({ children })
}

export function keyringNode ([ info, key ]: KeyInfoTuple) {
  if (info.type === 'aws-kms' && key.type === 'aws-kms') {
    return kmsKeyring(info, key)
  }
github aws / aws-encryption-sdk-javascript / modules / example-node / src / multi_keyring.ts View on Github external
* This is *only* to demonstrate how the CMK ARNs are configured.
   */
  const keyIds = ['arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f']

  /* The KMS keyring must be configured with the desired CMKs */
  const kmsKeyring = new KmsKeyringNode({ generatorKeyId, keyIds })

  /* You need to specify a name
   * and a namespace for raw encryption key providers.
   * The name and namespace that you use in the decryption keyring *must* be an exact,
   * *case-sensitive* match for the name and namespace in the encryption keyring.
   */
  const keyName = 'aes-name'
  const keyNamespace = 'aes-namespace'
  /* The wrapping suite defines the AES-GCM algorithm suite to use. */
  const wrappingSuite = RawAesWrappingSuiteIdentifier.AES256_GCM_IV12_TAG16_NO_PADDING
  // Get your plaintext master key from wherever you store it.
  const unencryptedMasterKey = randomBytes(32)

  /* Configure the Raw AES Keyring. */
  const aesKeyring = new RawAesKeyringNode({ keyName, keyNamespace, unencryptedMasterKey, wrappingSuite })

  /* Combine the two keyrings with a MultiKeyring. */
  const keyring = new MultiKeyringNode({ generator: kmsKeyring, children: [ aesKeyring ] })

  /* Encryption context is a *very* powerful tool for controlling and managing access.
   * It is ***not*** secret!
   * Encrypted data is opaque.
   * You can use an encryption context to assert things about the encrypted data.
   * Just because you can decrypt something does not mean it is what you expect.
   * For example, if you are are only expecting data from 'us-west-2',
   * the origin can identify a malicious actor.
github aws / aws-encryption-sdk-javascript / modules / example-node / src / aes_simple.ts View on Github external
export async function aesTest () {
  /* You need to specify a name
   * and a namespace for raw encryption key providers.
   * The name and namespace that you use in the decryption keyring *must* be an exact,
   * *case-sensitive* match for the name and namespace in the encryption keyring.
   */
  const keyName = 'aes-name'
  const keyNamespace = 'aes-namespace'

  /* The wrapping suite defines the AES-GCM algorithm suite to use. */
  const wrappingSuite = RawAesWrappingSuiteIdentifier.AES256_GCM_IV12_TAG16_NO_PADDING

  // Get your plaintext master key from wherever you store it.
  const unencryptedMasterKey = randomBytes(32)

  /* Configure the Raw AES keyring. */
  const keyring = new RawAesKeyringNode({ keyName, keyNamespace, unencryptedMasterKey, wrappingSuite })

  /* Encryption context is a *very* powerful tool for controlling and managing access.
   * It is ***not*** secret!
   * Encrypted data is opaque.
   * You can use an encryption context to assert things about the encrypted data.
   * Just because you can decrypt something does not mean it is what you expect.
   * For example, if you are are only expecting data from 'us-west-2',
   * the origin can identify a malicious actor.
   * See: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context
   */

@aws-crypto/client-node

# @aws-crypto/client-node

Apache-2.0
Latest version published 10 months ago

Package Health Score

61 / 100
Full package analysis

Popular @aws-crypto/client-node functions

Similar packages