How to use @aws-crypto/material-management-node - 10 common examples

To help you get started, we’ve selected a few @aws-crypto/material-management-node examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github aws / aws-encryption-sdk-javascript / modules / encrypt-node / src / encrypt_stream.ts View on Github external
.then(async (material) => {
      const { dispose, getSigner } = getEncryptHelper(material)

      const { getCipher, messageHeader, rawHeader } = getEncryptionInfo(material, frameLength)

      wrappingStream.emit('MessageHeader', messageHeader)

      const encryptStream = getFramedEncryptStream(getCipher, messageHeader, dispose, plaintextLength)
      const signatureStream = new SignatureStream(getSigner)

      pipeline(encryptStream, signatureStream)

      wrappingStream.setReadable(signatureStream)
      // Flush the rawHeader through the signatureStream
      rawHeader.forEach(buff => signatureStream.write(buff))

      // @ts-ignore until readable-stream exports v3 types...
      wrappingStream.setWritable(encryptStream)
github aws / aws-encryption-sdk-javascript / modules / encrypt-node / src / encrypt_stream.ts View on Github external
export function encryptStream (
  cmm: KeyringNode|NodeMaterialsManager,
  op: EncryptStreamInput = {}
): Duplex {
  const { suiteId, encryptionContext = {}, frameLength = FRAME_LENGTH, plaintextLength } = op

  /* Precondition: The frameLength must be less than the maximum frame size Node.js stream. */
  needs(frameLength > 0 && Maximum.FRAME_SIZE >= frameLength, `frameLength out of bounds: 0 > frameLength >= ${Maximum.FRAME_SIZE}`)

  /* If the cmm is a Keyring, wrap it with NodeDefaultCryptographicMaterialsManager. */
  cmm = cmm instanceof KeyringNode
    ? new NodeDefaultCryptographicMaterialsManager(cmm)
    : cmm

  const suite = suiteId && new NodeAlgorithmSuite(suiteId)

  const wrappingStream = new Duplexify()

  cmm.getEncryptionMaterials({ suite, encryptionContext, plaintextLength })
    .then(async (material) => {
      const { dispose, getSigner } = getEncryptHelper(material)

      const { getCipher, messageHeader, rawHeader } = getEncryptionInfo(material, frameLength)

      wrappingStream.emit('MessageHeader', messageHeader)

      const encryptStream = getFramedEncryptStream(getCipher, messageHeader, dispose, plaintextLength)
      const signatureStream = new SignatureStream(getSigner)
github aws / aws-encryption-sdk-javascript / modules / decrypt-node / src / decrypt_stream.ts View on Github external
export function decryptStream (
  cmm: KeyringNode|NodeMaterialsManager,
  { maxBodySize } : DecryptStreamOptions = {}
): Duplex {
  /* If the cmm is a Keyring, wrap it with NodeDefaultCryptographicMaterialsManager. */
  cmm = cmm instanceof KeyringNode
    ? new NodeDefaultCryptographicMaterialsManager(cmm)
    : cmm

  const parseHeaderStream = new ParseHeaderStream(cmm)
  const verifyStream = new VerifyStream({ maxBodySize })
  const decipherStream = getDecipherStream()

  /* pipeline will _either_ stream.destroy or the callback.
   * decipherStream uses destroy to dispose the material.
   * So I tack a pass though stream onto the end.
   */
  pipeline(parseHeaderStream, verifyStream, decipherStream, new PassThrough(), (err: Error) => {
    if (err) stream.emit('error', err)
  })

  const stream = new Duplexify(parseHeaderStream, decipherStream)
github aws / aws-encryption-sdk-javascript / modules / encrypt-node / src / encrypt_stream.ts View on Github external
export function encryptStream (
  cmm: KeyringNode|NodeMaterialsManager,
  op: EncryptStreamInput = {}
): Duplex {
  const { suiteId, encryptionContext = {}, frameLength = FRAME_LENGTH, plaintextLength } = op

  /* Precondition: The frameLength must be less than the maximum frame size Node.js stream. */
  needs(frameLength > 0 && Maximum.FRAME_SIZE >= frameLength, `frameLength out of bounds: 0 > frameLength >= ${Maximum.FRAME_SIZE}`)

  /* If the cmm is a Keyring, wrap it with NodeDefaultCryptographicMaterialsManager. */
  cmm = cmm instanceof KeyringNode
    ? new NodeDefaultCryptographicMaterialsManager(cmm)
    : cmm

  const suite = suiteId && new NodeAlgorithmSuite(suiteId)

  const wrappingStream = new Duplexify()

  cmm.getEncryptionMaterials({ suite, encryptionContext, plaintextLength })
    .then(async (material) => {
      const { dispose, getSigner } = getEncryptHelper(material)

      const { getCipher, messageHeader, rawHeader } = getEncryptionInfo(material, frameLength)

      wrappingStream.emit('MessageHeader', messageHeader)

      const encryptStream = getFramedEncryptStream(getCipher, messageHeader, dispose, plaintextLength)
      const signatureStream = new SignatureStream(getSigner)

      pipeline(encryptStream, signatureStream)
github aws / aws-encryption-sdk-javascript / modules / raw-aes-keyring-node / src / raw_aes_keyring_node.ts View on Github external
const _unwrapKey = async (material: NodeDecryptionMaterial, edk: EncryptedDataKey) => {
      const { keyNamespace, keyName } = this
      /* The AAD section is uInt16BE(length) + AAD
       * see: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#header-aad
       * However, the RAW Keyring wants _only_ the ADD.
       * So, I just slice off the length.
       */
      const { buffer, byteOffset, byteLength } = serializeEncryptionContext(material.encryptionContext).slice(2)
      const aad = Buffer.from(buffer, byteOffset, byteLength)
      // const aad = Buffer.concat(encodeEncryptionContext(context || {}))

      return aesGcmUnwrapKey(keyNamespace, keyName, material, wrappingMaterial, edk, aad)
    }

    readOnlyProperty(this, 'keyName', keyName)
    readOnlyProperty(this, 'keyNamespace', keyNamespace)
    readOnlyProperty(this, '_wrapKey', _wrapKey)
    readOnlyProperty(this, '_unwrapKey', _unwrapKey)
  }
github aws / aws-encryption-sdk-javascript / modules / raw-aes-keyring-node / src / raw_aes_keyring_node.ts View on Github external
/* The AAD section is uInt16BE(length) + AAD
       * see: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#header-aad
       * However, the RAW Keyring wants _only_ the ADD.
       * So, I just slice off the length.
       */
      const { buffer, byteOffset, byteLength } = serializeEncryptionContext(material.encryptionContext).slice(2)
      const aad = Buffer.from(buffer, byteOffset, byteLength)
      // const aad = Buffer.concat(encodeEncryptionContext(context || {}))

      return aesGcmUnwrapKey(keyNamespace, keyName, material, wrappingMaterial, edk, aad)
    }

    readOnlyProperty(this, 'keyName', keyName)
    readOnlyProperty(this, 'keyNamespace', keyNamespace)
    readOnlyProperty(this, '_wrapKey', _wrapKey)
    readOnlyProperty(this, '_unwrapKey', _unwrapKey)
  }
github aws / aws-encryption-sdk-javascript / modules / raw-aes-keyring-node / src / raw_aes_keyring_node.ts View on Github external
const { keyNamespace, keyName } = this
      /* The AAD section is uInt16BE(length) + AAD
       * see: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#header-aad
       * However, the RAW Keyring wants _only_ the ADD.
       * So, I just slice off the length.
       */
      const { buffer, byteOffset, byteLength } = serializeEncryptionContext(material.encryptionContext).slice(2)
      const aad = Buffer.from(buffer, byteOffset, byteLength)
      // const aad = Buffer.concat(encodeEncryptionContext(context || {}))

      return aesGcmUnwrapKey(keyNamespace, keyName, material, wrappingMaterial, edk, aad)
    }

    readOnlyProperty(this, 'keyName', keyName)
    readOnlyProperty(this, 'keyNamespace', keyNamespace)
    readOnlyProperty(this, '_wrapKey', _wrapKey)
    readOnlyProperty(this, '_unwrapKey', _unwrapKey)
  }
github aws / aws-encryption-sdk-javascript / modules / raw-aes-keyring-node / src / raw_aes_keyring_node.ts View on Github external
const _unwrapKey = async (material: NodeDecryptionMaterial, edk: EncryptedDataKey) => {
      const { keyNamespace, keyName } = this
      /* The AAD section is uInt16BE(length) + AAD
       * see: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#header-aad
       * However, the RAW Keyring wants _only_ the ADD.
       * So, I just slice off the length.
       */
      const { buffer, byteOffset, byteLength } = serializeEncryptionContext(material.encryptionContext).slice(2)
      const aad = Buffer.from(buffer, byteOffset, byteLength)
      // const aad = Buffer.concat(encodeEncryptionContext(context || {}))

      return aesGcmUnwrapKey(keyNamespace, keyName, material, wrappingMaterial, edk, aad)
    }

    readOnlyProperty(this, 'keyName', keyName)
    readOnlyProperty(this, 'keyNamespace', keyNamespace)
    readOnlyProperty(this, '_wrapKey', _wrapKey)
    readOnlyProperty(this, '_unwrapKey', _unwrapKey)
  }
github aws / aws-encryption-sdk-javascript / modules / encrypt-node / src / encrypt_stream.ts View on Github external
export function encryptStream (
  cmm: KeyringNode|NodeMaterialsManager,
  op: EncryptStreamInput = {}
): Duplex {
  const { suiteId, encryptionContext = {}, frameLength = FRAME_LENGTH, plaintextLength } = op

  /* Precondition: The frameLength must be less than the maximum frame size Node.js stream. */
  needs(frameLength > 0 && Maximum.FRAME_SIZE >= frameLength, `frameLength out of bounds: 0 > frameLength >= ${Maximum.FRAME_SIZE}`)

  /* If the cmm is a Keyring, wrap it with NodeDefaultCryptographicMaterialsManager. */
  cmm = cmm instanceof KeyringNode
    ? new NodeDefaultCryptographicMaterialsManager(cmm)
    : cmm

  const suite = suiteId && new NodeAlgorithmSuite(suiteId)

  const wrappingStream = new Duplexify()

  cmm.getEncryptionMaterials({ suite, encryptionContext, plaintextLength })
    .then(async (material) => {
      const { dispose, getSigner } = getEncryptHelper(material)

      const { getCipher, messageHeader, rawHeader } = getEncryptionInfo(material, frameLength)
github aws / aws-encryption-sdk-javascript / modules / raw-rsa-keyring-node / src / raw_rsa_keyring_node.ts View on Github external
constructor (input: RawRsaKeyringNodeInput) {
    super()

    const { rsaKey, keyName, keyNamespace, padding = constants.RSA_PKCS1_OAEP_PADDING } = input
    const { publicKey, privateKey } = rsaKey
    /* Precondition: RsaKeyringNode needs either a public or a private key to operate. */
    needs(publicKey || privateKey, 'No Key provided.')
    /* Precondition: RsaKeyringNode needs identifying information for encrypt and decrypt. */
    needs(keyName && keyNamespace, 'Identifying information must be defined.')

    const _wrapKey = async (material: NodeEncryptionMaterial) => {
      /* Precondition: Public key must be defined to support encrypt. */
      if (!publicKey) throw new Error('No public key defined in constructor.  Encrypt disabled.')
      const { buffer, byteOffset, byteLength } = unwrapDataKey(material.getUnencryptedDataKey())
      const encryptedDataKey = publicEncrypt(
        { key: publicKey, padding },
        Buffer.from(buffer, byteOffset, byteLength))
      const providerInfo = this.keyName
      const providerId = this.keyNamespace
      const flag = KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY
      const edk = new EncryptedDataKey({ encryptedDataKey, providerInfo, providerId })
      return material.addEncryptedDataKey(edk, flag)
    }

    const _unwrapKey = async (material: NodeDecryptionMaterial, edk: EncryptedDataKey) => {

@aws-crypto/material-management-node

The AWS Encryption SDK for JavaScript is a client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices. It uses a data format compatible with the AWS Encryption SDKs in other

Apache-2.0
Latest version published 1 year ago

Package Health Score

52 / 100
Full package analysis

Similar packages