Initial boiler plate project

node_modules/next/dist/server/crypto-utils.js

@@ -0,0 +1,70 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+0 && (module.exports = {
+    decryptWithSecret: null,
+    encryptWithSecret: null
+});
+function _export(target, all) {
+    for(var name in all)Object.defineProperty(target, name, {
+        enumerable: true,
+        get: all[name]
+    });
+}
+_export(exports, {
+    decryptWithSecret: function() {
+        return decryptWithSecret;
+    },
+    encryptWithSecret: function() {
+        return encryptWithSecret;
+    }
+});
+const _crypto = /*#__PURE__*/ _interop_require_default(require("crypto"));
+function _interop_require_default(obj) {
+    return obj && obj.__esModule ? obj : {
+        default: obj
+    };
+}
+// Background:
+// https://security.stackexchange.com/questions/184305/why-would-i-ever-use-aes-256-cbc-if-aes-256-gcm-is-more-secure
+const CIPHER_ALGORITHM = `aes-256-gcm`, CIPHER_KEY_LENGTH = 32, CIPHER_IV_LENGTH = 16, CIPHER_TAG_LENGTH = 16, CIPHER_SALT_LENGTH = 64;
+const PBKDF2_ITERATIONS = 100000 // https://support.1password.com/pbkdf2/
+;
+function encryptWithSecret(secret, data) {
+    const iv = _crypto.default.randomBytes(CIPHER_IV_LENGTH);
+    const salt = _crypto.default.randomBytes(CIPHER_SALT_LENGTH);
+    // https://nodejs.org/api/crypto.html#crypto_crypto_pbkdf2sync_password_salt_iterations_keylen_digest
+    const key = _crypto.default.pbkdf2Sync(secret, salt, PBKDF2_ITERATIONS, CIPHER_KEY_LENGTH, `sha512`);
+    const cipher = _crypto.default.createCipheriv(CIPHER_ALGORITHM, key, iv);
+    const encrypted = Buffer.concat([
+        cipher.update(data, `utf8`),
+        cipher.final()
+    ]);
+    // https://nodejs.org/api/crypto.html#crypto_cipher_getauthtag
+    const tag = cipher.getAuthTag();
+    return Buffer.concat([
+        // Data as required by:
+        // Salt for Key: https://nodejs.org/api/crypto.html#crypto_crypto_pbkdf2sync_password_salt_iterations_keylen_digest
+        // IV: https://nodejs.org/api/crypto.html#crypto_class_decipher
+        // Tag: https://nodejs.org/api/crypto.html#crypto_decipher_setauthtag_buffer
+        salt,
+        iv,
+        tag,
+        encrypted
+    ]).toString(`hex`);
+}
+function decryptWithSecret(secret, encryptedData) {
+    const buffer = Buffer.from(encryptedData, `hex`);
+    const salt = buffer.slice(0, CIPHER_SALT_LENGTH);
+    const iv = buffer.slice(CIPHER_SALT_LENGTH, CIPHER_SALT_LENGTH + CIPHER_IV_LENGTH);
+    const tag = buffer.slice(CIPHER_SALT_LENGTH + CIPHER_IV_LENGTH, CIPHER_SALT_LENGTH + CIPHER_IV_LENGTH + CIPHER_TAG_LENGTH);
+    const encrypted = buffer.slice(CIPHER_SALT_LENGTH + CIPHER_IV_LENGTH + CIPHER_TAG_LENGTH);
+    // https://nodejs.org/api/crypto.html#crypto_crypto_pbkdf2sync_password_salt_iterations_keylen_digest
+    const key = _crypto.default.pbkdf2Sync(secret, salt, PBKDF2_ITERATIONS, CIPHER_KEY_LENGTH, `sha512`);
+    const decipher = _crypto.default.createDecipheriv(CIPHER_ALGORITHM, key, iv);
+    decipher.setAuthTag(tag);
+    return decipher.update(encrypted) + decipher.final(`utf8`);
+}
+
+//# sourceMappingURL=crypto-utils.js.map