Skip to content

Latest commit

 

History

History
114 lines (76 loc) · 4.26 KB

README.md

File metadata and controls

114 lines (76 loc) · 4.26 KB

DeepMojo Crypto-Core Jest Test Suite Badge

⚠️ SECURITY NOTICE ⚠️

This library has not undergone extensive production testing or security auditing. Use in production environments is not recommended at this time. For research and development purposes only.

Overview

DeepMojo Crypto-Core is a robust TypeScript cryptography library designed for Node.js and Electron environments. It provides a streamlined interface to cryptographic operations with secure defaults, built on top of the battle-tested node:crypto module.

📚 View our Official API Docs 📚

Key Features

  • 🔒 Comprehensive toolkit of major cryptographic operations
    • 🔢 RNG & Key Derivation - Secure random number generation and key derivation functions with industry-standard algorithms.
    • 🧠 World-Class Encryption/Decryption - AES-GCM-256 encryption with authenticated encryption support.
    • Password-Only Encryption/Decryption - Simplified APIs for password-only encryption scenarios.
    • 🧮 Cryptographic Utilities - Including hashing and digital signatures capabilities.
    • 🗝️ Key Management - Public/private key pair generation and management utilities.
  • 🚀 Both synchronous and asynchronous APIs
  • 💪 Strong default security parameters
  • 🧪 Comprehensive test coverage with Jest
  • 🔍 TypeScript-first development

Project Status

Objective Status Description
Cross-Platform Support ✅ 100% Full compatibility across Windows, macOS, and Linux
Security-First Design ✅ 100% Enforces secure defaults with simplified developer experience
Security Best Practices 🚧 66% Pending: GHSA integration

Installation

npm install @deepmojo/crypto-core

# or for yarn

yarn add @deepmojo/crypto-core

Pro Tip: In newer versions of yarn, to get a local node_modules folder you will want yarn config set nodeLinker node-modules.

Build

npm run build or yarn build: Compiles the TypeScript code using the tsconfig.json configuration file. This script is used to build the project and prepare it for distribution.

npm run build:typedoc:html: Generates HTML site documentation in ./docs as needed for generating the GitHub Pages documentation for this library.

npm run build:typedoc:json: Generates a typedoc.json in the root of the project, as needed for generating the static documentation for this library.

Test

npm run test or yarn test: Runs the Jest test suite with verbose output and code coverage reporting. This script is used to test the project and ensure that it is working as expected.

Usage

Here's an example of how to use the CryptoCore library to encrypt and decrypt a string:

import CryptoCore, { CryptoCoreOptions } from "@deepmojo/crypto-core";

const options: CryptoCoreOptions = {
  OUTER_PEPPER: 'pepper is the one true spice',
  INNER_KEY_ITERATIONS: 1000,
};

const cryptoCore = new CryptoCore(options);
const secret = 'test';

// Encrypt
const encryptResult = cryptoCore.getEncryptedStringSync('Hello, World!', secret, cryptoCore.getRandomSalt());

// Decrypt
const decryptedString = cryptoCore.getDecryptedStringSync(
  getHexStringFromBuffer(encryptResult.result),
  secret,
  salt,
  encryptResult.iv,
  encryptResult.authTag
);

For more examples and usage scenarios, please refer to the tests in the src/tests directory.

Future Research

  • Chromium SafeStorage API wrapper
  • OTP/TOTP/Authenticator
  • Pin/pattern hashing and verification
  • JWE/JWK authentication
  • Windows Credential Locker
  • HSM, TPM, PAM, MFA, 2FA
  • Hardware security: FIDO U2F, WebAuthn/FIDO2, TrustKey, Yubikey
  • macOS Secure Enclave integration

Contributing

We welcome contributions! Please see our Contributing Guidelines for details.

Security

For security concerns, please review our Security Policy.

License

MIT


This project adheres to Semantic Versioning.