39 lines
No EOL
1.2 KiB
TypeScript
39 lines
No EOL
1.2 KiB
TypeScript
import crypto from 'crypto';
|
|
|
|
export function encryptData(data: string, key: Buffer): string {
|
|
const algorithm = 'aes-256-gcm';
|
|
const iv = crypto.randomBytes(16);
|
|
const cipher = crypto.createCipheriv(algorithm, key, iv);
|
|
|
|
let encrypted = cipher.update(data, 'utf8', 'hex');
|
|
encrypted += cipher.final('hex');
|
|
|
|
const authTag = cipher.getAuthTag();
|
|
|
|
// Combine IV, auth tag, and encrypted data
|
|
return iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted;
|
|
}
|
|
|
|
// Helper function to decrypt data (you'll need this to read certificates)
|
|
export function decryptData(encryptedData: string, key: Buffer): string {
|
|
const algorithm = 'aes-256-gcm';
|
|
const parts = encryptedData.split(':');
|
|
|
|
if (parts.length !== 3) {
|
|
throw new Error('Invalid encrypted data format');
|
|
}
|
|
|
|
const iv = Buffer.from(parts[0], 'hex');
|
|
const authTag = Buffer.from(parts[1], 'hex');
|
|
const encrypted = parts[2];
|
|
|
|
const decipher = crypto.createDecipheriv(algorithm, key, iv);
|
|
decipher.setAuthTag(authTag);
|
|
|
|
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
|
|
decrypted += decipher.final('utf8');
|
|
|
|
return decrypted;
|
|
}
|
|
|
|
// openssl rand -hex 32 > config/encryption.key
|