Ancient Tome
A simple tool for storing secrets.
warning
This is under development and has not been audited yet. Currently uses the WebCrypto API, so it only works in modern browsers.
Crypto flow:
These are the cryptograph flows used by AncientTome:
init: salt + password --(bcrypt)--> hash --(AES-GCM)--> AES key
init: salt + password --(bcrypt)--> hash --(HMAC+SHA256)--> HMAC key
obfuscate keys: plainText --(HMAC+SHA256)--> cypherText
encrypt values: plainText --(AES-GCM)--> cypherText
The salt is randomly generated on first use and stored in plaintext. The password is provided by the user and stored in their head.
Usage:
localStorage
If you want to use localStorage a wrapper is provided for you.
While localStorage is synchronous, encryption is asynchronous,
so read methods require a callback.
Write methods have an optional callback called on completion.
var AncientLocal = var secureLocalStorage = secureLocalStorageCustom Storage
You can use whatever key-value storage mechanism you want. Reading non-existant keys should return a falsy value, not error. The first argument of callbacks should be the error or a falsy value. Here is a custom storage example:
var AncientTome = var myTome = myTome{ ... }myTome{ ... }myTome{ ... }Extras:
With obfuscated keys, its hard to keep track of what's been stored.
Use the TomeIndexer to augment a tome with a simple index.
Be sure to do this after if you are overriding get/set methods.
var AncientTome = var TomeIndexer = var myTome = myTome