Contract-Model-Model-View (CMMV)
Building scalable and modular applications using contracts.
Documentation • Report Issue
The @cmmv/encryptor
module provides robust encryption and decryption functionalities for strings and objects using elliptic curve cryptography (ECC) and AES-256-GCM. It is designed specifically for CMMV applications but can also be used in Node.js environments for secure data handling. The module supports the secp256k1
curve for key generation and shared secret derivation and uses AES-256-GCM for symmetric encryption, ensuring both confidentiality and integrity of the data.
Install the @cmmv/encryptor
package via npm:
$ pnpm add @cmmv/encryptor
Below is a simple example of how to encrypt and decrypt a message using the Encryptor
class:
import { Encryptor } from "@cmmv/encryptor";
// Sample public and private keys
const recipientPublicKey = "04c19b9e3b8..."; // Replace with a real public key
const recipientPrivateKey = "3082..."; // Replace with the corresponding private key
// Encrypting a payload
const payload = "Sensitive data to be encrypted";
const encrypted = Encryptor.encryptPayload(recipientPublicKey, payload);
console.log("Encrypted payload:", encrypted);
// Decrypting the payload
const decrypted = Encryptor.decryptPayload(
recipientPrivateKey,
{
encrypted: encrypted.payload,
iv: encrypted.iv,
authTag: encrypted.authTag
},
encrypted.ephemeralPublicKey
);
console.log("Decrypted payload:", decrypted);
This class provides methods to encrypt and decrypt data using ECC and AES-256-GCM.
encryptPayload(recipientPublicKeyHex: string, payload: string)
- Encrypts a string payload using the recipient's public key.
- Returns an object containing:
payload
: The encrypted data in hexadecimal format.iv
: Initialization vector for AES.authTag
: Authentication tag for AES-GCM.ephemeralPublicKey
: The ephemeral public key used in the encryption.
decryptPayload(recipientPrivateKeyHex: string, encryptedData: { encrypted: string, iv: string, authTag: string }, ephemeralPublicKeyHex: string)
- Decrypts an encrypted payload using the recipient's private key and the ephemeral public key provided during encryption.
- Returns the decrypted string payload.
import { Encryptor } from "@cmmv/encryptor";
// Encrypting data
const recipientPublicKey = "your_recipient_public_key_in_hex";
const message = "Hello, this is a secret message!";
const encryptedData = Encryptor.encryptPayload(recipientPublicKey, message);
console.log("Encrypted:", encryptedData);
// Decrypting data
const recipientPrivateKey = "your_recipient_private_key_in_hex";
const decryptedMessage = Encryptor.decryptPayload(
recipientPrivateKey,
{
encrypted: encryptedData.payload,
iv: encryptedData.iv,
authTag: encryptedData.authTag,
},
encryptedData.ephemeralPublicKey
);
console.log("Decrypted:", decryptedMessage);
To generate a new mnemonic phrase:
import { Wallet } from '@cmmv/encryptor';
// Generate a 24-word mnemonic
const mnemonic = Wallet.generateMnenomic(24);
console.log('Mnemonic:', mnemonic);
To derive the root private key from a mnemonic phrase:
import { Wallet } from '@cmmv/encryptor';
const mnemonic = 'your mnemonic phrase here';
const privateKey = Wallet.toPrivate(mnemonic);
console.log('Private Key:', privateKey);
To derive the public key from a mnemonic phrase using a derivation path:
import { Wallet } from '@cmmv/encryptor';
const mnemonic = 'your mnemonic phrase here';
const derivationPath = "m/44'/0'/0'/0/0";
const publicKey = Wallet.toPublic(mnemonic, derivationPath);
console.log('Public Key:', publicKey);
To derive a specific private key based on a custom derivation path:
import { Wallet } from '@cmmv/encryptor';
const mnemonic = 'your mnemonic phrase here';
const derivationPath = "m/44'/60'/0'/0/0"; // Example for Ethereum
const privateKey = Wallet.toDerivatationPrivateKey(mnemonic, derivationPath);
console.log('Derived Private Key:', privateKey);
To generate a public address (Base58) from a private key:
import { Wallet } from '@cmmv/encryptor';
const privateKey = 'your_private_key_hex';
const address = Wallet.privateKeyToAddress(privateKey);
console.log('Address:', address);
To convert a private key to Wallet Import Format (WIF):
import { Wallet } from '@cmmv/encryptor';
const privateKey = 'your_private_key_hex';
const wifKey = Wallet.privateKeyToWIF(privateKey);
console.log('WIF Key:', wifKey);
To convert a WIF key back into a private key:
import { Wallet } from '@cmmv/encryptor';
const wifKey = 'your_wif_key';
const { privateKey, compressed } = Wallet.wifToPrivateKey(wifKey);
console.log('Recovered Private Key:', privateKey);
console.log('Is Compressed:', compressed);
To sign an object using a private key:
import { Signer } from '@cmmv/encryptor';
const data = { name: 'Alice', amount: 1000 };
const privateKeyHex = 'your_private_key_hex_here';
const signature = Signer.signObject(privateKeyHex, data);
console.log('Object Hash:', signature.objectHash);
console.log('Signature:', signature.signature);
To verify a signature using the public key:
import { Signer } from '@cmmv/encryptor';
const objectHash = 'object_hash_here';
const signatureHex = 'signature_hex_here';
const publicKeyHex = 'your_public_key_hex_here';
const isValid = Signer.verifySignature(objectHash, signatureHex, publicKeyHex);
console.log('Is the signature valid?', isValid);
To sign a string using a private key:
import { Signer } from '@cmmv/encryptor';
const message = 'Hello, CMMV!';
const privateKeyHex = 'your_private_key_hex_here';
// Sign the string
const signedMessage = Signer.signString(privateKeyHex, message);
console.log('Signed Message:', signedMessage);
To verify the signature of a string:
import { Signer } from '@cmmv/encryptor';
const signedMessage = 'hash:signature';
const publicKeyHex = 'your_public_key_hex_here';
const isValid = Signer.verifyHashSignature(signedMessage, publicKeyHex);
console.log('Is the string signature valid?', isValid);
To recover a public key from a signature:
import { Signer } from '@cmmv/encryptor';
const signedMessage = 'hash:signature';
const recoveryId = 1; // Typically 0 or 1
const recoveredPublicKey = Signer.recoverPublicKeyFromHash(signedMessage, recoveryId);
console.log('Recovered Public Key:', recoveredPublicKey);