node-scr

0.3.0 • Public • Published

node-scr

A JavaScript implementation of Secure Content Resource (SCR) for current web browsers and node.js-based servers. An SCR provides enough information to find and decrypt large protected content (e.g., shared file).

Installing

To install the latest from NPM:

  npm install node-scr

Or to install a specific release:

  npm install node-scr@0.2.0

Alternatively, the latest unpublished code can be installed directly from the repository:

  npm install git+ssh://git@github.com:cisco/node-scr.git

Basics

Require the library as normal:

var SCR = require("node-scr");

This library uses Promises for most operations.

This library supports Browserify. To use in a web browser, require('node-scr') and bundle with the rest of your app.

The content to be encrypted or returned from being decrypted are Buffer objects.

Creating

To create an empty SCR:

var scrObject;
SCR.create().
    then(function(result) {
      // {result} is a SRC object
      scrObject = result;
    });

The SCR object has the following properties:

  • "enc" - The Content Encryption Algorithm (from JWA)
  • "key" - The raw content encryption key (as a 'node-jose' jose.JWK.Key object)
  • "iv" - The initialization vector (as a Buffer)
  • "aad" - The additional authenticated data (as a String)
  • "loc" - The location (usually a URI) where the encrypted content is published
  • "tag" - The authentication tag (as a Buffer)

SCR.create() populates the cryptographic input factors (key, IV, additional authentication data).

The "loc" member is set by the API user, and the "tag" member is set by scrObject.encrypt().

Dealing with Content

To encrypt content:

// {input} is one of:
// -  a node.js Buffer
// -  an ArrayBuffer
// -  a TypedArray
scrObject.encrypt(input).
    then(function(output) {
      // {output} is *just* the encrypted content, as a Buffer
      // "tag" member of {scrObject} is populated with authentication tag
      ....
    });

The result from encrypt()'s resolved Promise can be passed directly to a WebSocket, XMLHttpRequest, or other processor.

To decrypt content:

// *NOTE:* {scrObject} has the correct "tag" for the (encrypted) content
scrObject.decrypt(output).
    then(function(input) {
      // {input} is the decrypted content, as a Buffer
      ....
    });

Importing/Exporting as a JWE

Encrypted JWEs are appropriate to be shared with recipients.

To export the SCR as a JWE:

var jwe;
// {key} is a JWK from 'node-jose', or the JSON representation of a JWK
scrObject.toJWE(key).
    then(function(result) {
      // {result} is a string representing the JWE using the Compact Serialization
      jwe = result;
    });

To import the SCR from a JWE:

var scrObject;
// {key} is a JWK from 'node-jose', or the JSON representation of a JWK
// {jwe} is a JWE using any of the serializations (Compact, JSON Flattened, JSON General)
SCR.fromJWE(key, jwe).
    then(function(result) {
      // {result} is a SCR object
      scrObject = result;
    });

As JSON

NOTE: The JSON representation SHOULD NOT be shared outside of running code. It contains all the information necessary to decrypt content

An SCR has the following members (presented as JCR):

scr {
  "enc" : string,   ; Content Encryption Algorithm from [RFC7518]
  "key" : string,   ; base64url-encoded raw key value
  "iv"  : string,   ; base64url-encoded initialization vector
  "aad" : string,   ; Additional authenticated data (AAD)
  "loc" : ? uri,    ; Location of encrypted content
  "tag" : ? string  ; base64url-encoded authentication tag
}

The "loc" and "tag" members are optional:

  • "loc" is set by the API user (usually after the encrypted content is published; e.g., uploaded to a sharing service)
  • "tag" is set by scrObject.encrypt()

A complete example of an SCR as JSON:

{
  "enc": "A256GCM",
  "key": "Ce3pe4stGd3tvZdSR3ekIoNjF3Q3V6R0oMN4SSGKbyI",
  "iv": "AeU_KNtJ8dbl9k1N",
  "aad": "2015-08-14T17:03:35.504Z",
  "loc": "https://fireshare.example/files/db2daa25-cf41-492b-bc7b-90436949b17c",
  "tag": "ZaRZ5vh1u7lyulUrvTKUDw"
}

To export an SCR to a JSON object:

var output = scrObject.toJSON();

To import an SCR from a JSON object:

var scrObject;
// {input} is a JSON representation
SCR.create(input).
    then(function(result) {
      scrObject = result;
    });

Readme

Keywords

Package Sidebar

Install

npm i node-scr

Weekly Downloads

10,008

Version

0.3.0

License

Apache-2.0

Unpacked Size

24 kB

Total Files

7

Last publish

Collaborators

  • linuxwolf
  • mwegman
  • justaugustus