Skip to content

A simple wrapper for localStorage/sessionStorage that allows one to encrypt/decrypt the data being stored.

License

Notifications You must be signed in to change notification settings

Mike96Angelo/Secure-Storage

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SecureStorage

GitHub release npm version npm downloads npm downloads

A simple wrapper for localStorage/sessionStorage that allows one to encrypt/decrypt the data being stored.

Install:

$ npm install secure-web-storage

What SecureStorage Looks Like

app.js:

var CryptoJS = require("crypto-js");

// NOTE: Your Secret Key should be user inputed or obtained through a secure authenticated request.
//       Do NOT ship your Secret Key in your code.
var SECRET_KEY = 'my secret key';

var secureStorage = new SecureStorage(localStorage, {
    hash: function hash(key) {
        key = CryptoJS.SHA256(key, SECRET_KEY);

        return key.toString();
    },
    encrypt: function encrypt(data) {
        data = CryptoJS.AES.encrypt(data, SECRET_KEY);

        data = data.toString();

        return data;
    },
    decrypt: function decrypt(data) {
        data = CryptoJS.AES.decrypt(data, SECRET_KEY);

        data = data.toString(CryptoJS.enc.Utf8);

        return data;
    }
});

var data = {
    secret: 'data'
};

// there is no need to stringify/parse you objects before and after storing.

secureStorage.setItem('data', data);
// stores in localStorage like:
// key => value
// "ad36d572..." => "w1svi6n..."

var decryptedData = secureStorage.getItem('data');
// returns { secret: 'data' }

secureStorage.removeItem('data');
// removes the entry 'data'

secureStorage.key(id)
// returns the hashed version of the key you passed into setItem with the given id.

secureStorage.clear();
// clears all data in the underlining sessionStorage/localStorage.

secureStorage.length;
// the number of entries in the underlining sessionStorage/localStorage.

Security Best Practices

Handing someone a locked box with the key taped to it is not a good security practice. When using this library it is highly suggested that the key is not delivered with your code. Secret Keys should be a) user inputed or b) obtained through a secure authenticated request. Do NOT ship your Secret Key in your code.

About

A simple wrapper for localStorage/sessionStorage that allows one to encrypt/decrypt the data being stored.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published