@cbcheng/secure-ls
Secure sessionStorage or localStorage data with high level of encryption and data compression.
This package is adapted from softvar.
Features
- Secure data with various types of encryption including
AES
,DES
,Rabbit
andRC4
. (defaults toBase64
encoding). - Compress data before storing it to
sessionStorage
orlocalStorage
to save extra bytes (defaults totrue
). - Advanced API wrapper over
sessionStorage
orlocalStorage
API, providing other basic utilities. - Save data in multiple keys inside
sessionStorage
orlocalStorage
, andsecure-ls
will always remember it's creation.
Quickstart
1. Install
$ npm install @cbcheng/secure-ls
2. Import
// ES6 module syntax
> import SecureLS from '@cbcheng/secure-ls';
// CommonJS syntax
> const SecureLS = require('@cbcheng/secure-ls');
Libraries used
-
Encryption / Decryption using The Cipher Algorithms
It requires secret-key for encrypting and decrypting data securely. If custom secret-key is provided as mentioned below in APIs, then the library will pick that otherwise it will generate yet another very
secure
unique password key using PBKDF2, which will be further used for future API requests.PBKDF2
is a password-based key derivation function. In many applications of cryptography, user security is ultimately dependent on a password, and because a password usually can't be used directly as a cryptographic key, some processing is required.A salt provides a large set of keys for any given password, and an iteration count increases the cost of producing keys from a password, thereby also increasing the difficulty of attack.
Eg:
55e8f5585789191d350329b9ebcf2b11
anddb51d35aad96610683d5a40a70b20c39
.For the generation of such strings,
secretPhrase
is being used and can be found in code easily but that won't make it unsecure,PBKDF2
's layer on top of that will handle security. -
Compresion / Decompression using lz-string
Usage
- Example 1: With
default
settings i.e.Base64
Encoding and Data Compression
> var ls = new SecureLS();
> ls.set('key1', {data: 'test'}); // set key1
> ls.get('key1'); // print data
{data: 'test'}
- Example 2: With
AES
Encryption, sessionStorage and Data Compression
> var ls = new SecureLS({encodingType: 'aes'});
> ls.set('key1', {data: 'test'}); // set key1
> ls.get('key1'); // print data
{data: 'test'}
> ls.set('key2', [1, 2, 3]); // set another key
> ls.getAllKeys(); // get all keys
["key1", "key2"]
> ls.removeAll(); // remove all keys
- Example 3: With
RC4
Encryption but no Data Compression
> var ls = new SecureLS({encodingType: 'rc4', isCompression: false});
> ls.set('key1', {data: 'test'}); // set key1
> ls.get('key1'); // print data
{data: 'test'}
> ls.set('key2', [1, 2, 3]); // set another key
> ls.getAllKeys(); // get all keys
["key1", "key2"]
> ls.removeAll(); // remove all keys
- Example 3: With
DES
Encryption, no Data Compression and custom secret key
> var ls = new SecureLS({encodingType: 'des', isCompression: false, encryptionSecret: 'my-secret-key'});
> ls.set('key1', {data: 'test'}); // set key1
> ls.get('key1'); // print data
{data: 'test'}
> ls.set('key2', [1, 2, 3]); // set another key
> ls.getAllKeys(); // get all keys
["key1", "key2"]
> ls.removeAll(); // remove all keys
- Example 4: set storage with
sessionStorage
orlocalStorage
.
> var ls = new SecureLS(); // default to use sessionStorage
> var ls = new SecureLS({storageType: 'sessionStorage'}); // use sessionStorage
> var ls = new SecureLS({storageType: 'localStorage'}); // use localStorage
API Documentation
Create an instance / reference before using.
var ls = new SecureLS();
Contructor
accepts a configurable Object
with all three keys being optional.
Config Keys | default | accepts |
---|---|---|
encodingType | Base64 |
base64 /aes /des /rabbit /rc4 /''
|
isCompression | true |
true /false
|
encryptionSecret | PBKDF2 value | String |
encryptionNamespace | null | String |
storageType | sessionStorage | String sessionStorage /localStorage
|
Note: encryptionSecret
will only be used for the Encryption and Decryption of data
with AES
, DES
, RC4
, RABBIT
, and the library will discard it if no encoding / Base64
encoding method is choosen.
encryptionNamespace
is used to make multiple instances with different encryptionSecret
and/or different encryptionSecret
possible.
var ls1 = new SecureLS({encodingType: 'des', encryptionSecret: 'my-secret-key-1'});
var ls2 = new SecureLS({encodingType: 'aes', encryptionSecret: 'my-secret-key-2'});
Examples:
- No config or empty Object i.e. Default
Base64 Encoding
andData compression
andsessionStorage
var ls = new SecureLS();
// or
var ls = new SecureLS({});
- No encoding No data compression i.e.
Normal
way of storing data
var ls = new SecureLS({encodingType: '', isCompression: false});
-
Base64
encoding butno
data compression
var ls = new SecureLS({isCompression: false});
-
AES
encryption anddata compression
var ls = new SecureLS({encodingType: 'aes'});
-
RC4
encryption andno
data compression
var ls = new SecureLS({encodingType: 'rc4', isCompression: false});
-
RABBIT
encryption,no
data compression andcustom
encryptionSecret
var ls = new SecureLS({encodingType: 'rc4', isCompression: false, encryptionSecret: 's3cr3tPa$$w0rd@123'});
Methods
-
set
Saves
data
in specifedkey
in localStorage. If the key is not provided, the library will warn. Following types of JavaScript objects are supported:- Array
- ArrayBuffer
- Blob
- Float32Array
- Float64Array
- Int8Array
- Int16Array
- Int32Array
- Number
- Object
- Uint8Array
- Uint8ClampedArray
- Uint16Array
- Uint32Array
- String
Parameter Description key key to store data in data data to be stored ls.set('key-name', {test: 'secure-ls'})
-
get
Gets
data
back from specifiedkey
from the localStorage library. If the key is not provided, the library will warn.Parameter Description key key in which data is stored ls.get('key-name')
-
remove
Removes the value of a key from the localStorage. If the
meta key
, which stores the list of keys, is tried to be removed even if there are other keys which were created bysecure-ls
library, the library will warn for the action.Parameter Description key remove key in which data is stored ls.remove('key-name')
-
removeAll
Removes all the keys that were created by the
secure-ls
library, even themeta key
.ls.removeAll()
-
clear
Removes all the keys ever created for that particular domain. Remember localStorage works differently for
http
andhttps
protocol;ls.clear()
-
getAllKeys
Gets the list of keys that were created using the
secure-ls
library. Helpful when data needs to be retrieved for all the keys or when keys name are not known(dynamically created keys).getAllKeys()
ls.getAllKeys()
Contributing
- Fork the repo on GitHub.
- Clone the repo on machine.
- Execute
npm install
andnpm run dev
. - Create a new branch
<fix-typo>
and do your work. - Run
npm run build
to build dist files andnpm run test
to ensure all test cases are passing. - Commit your changes to the branch.
- Submit a Pull request.
Development Stack
- Webpack based
src
compilation & bundling anddist
generation. - ES6 as a source of writing code.
- Exports in a umd format so the library works everywhere.
- ES6 test setup with Mocha and Chai.
- Linting with ESLint.
Process
ES6 source files
|
|
webpack
|
+--- babel, eslint
|
ready to use
library
in umd format
Credits
Many thanks to:
-
@brix for the awesome crypto-js library for encrypting and decrypting data securely.
-
@pieroxy for the lz-string js library for data compression / decompression.
-
@chinchang for the below open-source libraries which are used only for the Landing Page Development.
- screenlog.js - Brings console.log on the page's screen.
- superplaceholder.js - For super charging input placeholders.
Copyright and license
The MIT license (MIT)
Copyright (c) 2022 Zhang Bing Cheng