Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
function fetchAndDecipher(url, key, iv, authTag, progressEventName) {
if (typeof key === 'string')
key = Buffer.from(key, 'base64');
if (typeof iv === 'string')
iv = Buffer.from(iv, 'base64');
if (typeof authTag === 'string')
authTag = Buffer.from(authTag, 'base64');
var decipher = crypto_browserify_1.createDecipheriv('aes-256-gcm', key, iv);
decipher.setAuthTag(authTag);
return (fetch(url)
// Retrieve its body as ReadableStream
.then(function (response) {
if (response.body === null)
throw new Error('Response body is empty!');
var contentLength = response.headers.get('Content-Length');
return decryptStream(response.body, decipher, Number(contentLength), url, progressEventName);
}));
}
/**
function fetchAndDecipher(
url: string,
key: string | Buffer,
iv: string | Buffer,
authTag: string | Buffer,
): Promise {
if (typeof key === 'string') key = Buffer.from(key, 'base64');
if (typeof iv === 'string') iv = Buffer.from(iv, 'base64');
if (typeof authTag === 'string') authTag = Buffer.from(authTag, 'base64');
const decipher = createDecipheriv(
'aes-256-gcm',
key,
iv,
);
decipher.setAuthTag(authTag);
return (
fetch(url)
// Retrieve its body as ReadableStream
.then(response => {
if (response.body === null) throw new Error('Response body is empty!');
const contentLength = response.headers.get('Content-Length');
return decryptStream(
response.body,
// If the file is unencrypted, simply return the readable stream
if (!decryptionOptions) {
return response.body;
}
// Else we need to decrypt the blob
const { iv, authTag, key } = decryptionOptions;
// Convert to buffers
const bufferKey = toBuff(key);
// Grab from header if possible
const bufferIv = toBuff(response.headers.get('x-penumbra-iv') || iv);
const bufferAuthTag = toBuff(authTag);
// Construct the decipher
const decipher = createDecipheriv('aes-256-gcm', bufferKey, bufferIv);
decipher.setAuthTag(bufferAuthTag);
// Decrypt the stream
return decryptStream(
response.body,
decipher,
Number(response.headers.get('Content-Length') || '0'),
url,
);
})
);
export function fetchAndDecipher(url, key, iv, authTag) {
const decipher = createDecipheriv(
'aes-256-gcm',
Buffer.from(key, 'base64'),
Buffer.from(iv, 'base64')
);
decipher.setAuthTag(Buffer.from(authTag, 'base64'));
return (
fetch(url)
// Retrieve its body as ReadableStream
.then(response => {
const contentLength = response.headers.get('Content-Length');
return decryptStream(
response.body,
decipher,
Number(contentLength),
const { id } = file;
// eslint-disable-next-line no-param-reassign
size = file.size || size;
// Convert to Buffers
const key = options.key instanceof Buffer ? options.key : toBuff(options.key);
const iv =
options.iv instanceof Buffer ? options.iv : Buffer.from(options.iv);
const authTag =
options.authTag instanceof Buffer
? options.authTag
: toBuff(options.authTag);
// Construct the decipher
const decipher = createDecipheriv('aes-256-gcm', key, iv);
decipher.setAuthTag(authTag);
// Encrypt the stream
return {
...file,
// stream:
// file.stream instanceof ReadableStream
// ? encryptStream(file.stream, cipher, size)
// : encryptBuffer(file.stream, cipher),
stream: decryptStream(
file.stream instanceof ReadableStream
? file.stream
: ((intoStream(file.stream) as unknown) as ReadableStream),
/** TODO: address this TypeScript confusion */
decipher,
size,
const kdfparams = keystore.crypto.kdfparams;
if (kdfparams.prf !== "hmac-sha256") {
throw new Error("Unsupported parameters to PBKDF2")
}
const derivedKey = Cryp.pbkdf2Sync(Buffer.from(password), Buffer.from(kdfparams.salt, "hex"), kdfparams.c, kdfparams.dklen, "sha256");
const ciphertext = Buffer.from(keystore.crypto.ciphertext, "hex");
const bufferValue = Buffer.concat([derivedKey.slice(16, 32), ciphertext]);
let hashCiper = Cryp.createHash("sha256");
hashCiper.update(bufferValue);
const mac = hashCiper.digest().toString("hex");
if (mac !==keystore.crypto.mac){
throw new Error("wrong password")
}
const decipher = Cryp.createDecipheriv(keystore.crypto.cipher, derivedKey.slice(0, 16), Buffer.from(keystore.crypto.cipherparams.iv, "hex"));
const privateKey = Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("hex");
return this.import(privateKey.toUpperCase())
}
}
function decryptPrivKey(encprivkey, password) {
const cipher = encprivkey.slice(0, 128);
const decryptedCipher = decodeCryptojsSalt(cipher);
const evp = evpKdf(new Buffer(password), decryptedCipher.salt, {
keysize: 32,
ivsize: 16,
});
const decipher = createDecipheriv('aes-256-cbc', evp.key, evp.iv);
const privKey = decipherBuffer(decipher, new Buffer(decryptedCipher.ciphertext));
return new Buffer(privKey.toString(), 'hex');
}