mirror of
https://github.com/kind-0/nsecbunkerd.git
synced 2026-05-03 07:00:11 +00:00
44 lines
1.6 KiB
TypeScript
44 lines
1.6 KiB
TypeScript
import crypto from 'crypto';
|
|
|
|
/**
|
|
* Encryption utilities for securely storing nsec (private keys)
|
|
*/
|
|
|
|
/**
|
|
* Encrypts an nsec using AES-256-CBC with a key derived from the passphrase
|
|
* @param nsec - The private key to encrypt
|
|
* @param passphrase - User provided passphrase to derive encryption key
|
|
* @returns Object containing initialization vector and encrypted data as hex strings
|
|
*/
|
|
export function encryptNsec(nsec: string, passphrase: string): { iv: string, data: string } {
|
|
const algorithm = 'aes-256-cbc';
|
|
const key = crypto.createHash('sha256').update(passphrase).digest();
|
|
const iv = crypto.randomBytes(16);
|
|
const cipher = crypto.createCipheriv(algorithm, key, iv);
|
|
let encrypted = cipher.update(nsec);
|
|
encrypted = Buffer.concat([encrypted, cipher.final()]);
|
|
|
|
return {
|
|
iv: iv.toString('hex'),
|
|
data: encrypted.toString('hex'),
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Decrypts an encrypted nsec using the original passphrase
|
|
* @param iv - Initialization vector as hex string
|
|
* @param data - Encrypted data as hex string
|
|
* @param passphrase - Original passphrase used for encryption
|
|
* @returns Decrypted nsec string
|
|
*/
|
|
export function decryptNsec(iv: string, data: string, passphrase: string): string {
|
|
const algorithm = 'aes-256-cbc';
|
|
const key = crypto.createHash('sha256').update(passphrase).digest();
|
|
const ivBuffer = Buffer.from(iv, 'hex');
|
|
const dataBuffer = Buffer.from(data, 'hex');
|
|
const decipher = crypto.createDecipheriv(algorithm, key, ivBuffer);
|
|
let decrypted = decipher.update(dataBuffer);
|
|
decrypted = Buffer.concat([decrypted, decipher.final()]);
|
|
return decrypted.toString();
|
|
}
|