budibase/packages/backend-core/src/security/encryption.js

const crypto = require("crypto")
const env = require("../environment")

const ALGO = "aes-256-ctr"
const SECRET = env.JWT_SECRET
const SEPARATOR = "-"
const ITERATIONS = 10000
const RANDOM_BYTES = 16
const STRETCH_LENGTH = 32

function stretchString(string, salt) {
  return crypto.pbkdf2Sync(string, salt, ITERATIONS, STRETCH_LENGTH, "sha512")
}

exports.encrypt = input => {
  const salt = crypto.randomBytes(RANDOM_BYTES)
  const stretched = stretchString(SECRET, salt)
  const cipher = crypto.createCipheriv(ALGO, stretched, salt)
  const base = cipher.update(input)
  const final = cipher.final()
  const encrypted = Buffer.concat([base, final]).toString("hex")
  return `${salt.toString("hex")}${SEPARATOR}${encrypted}`
}

exports.decrypt = input => {
  const [salt, encrypted] = input.split(SEPARATOR)
  const saltBuffer = Buffer.from(salt, "hex")
  const stretched = stretchString(SECRET, saltBuffer)
  const decipher = crypto.createDecipheriv(ALGO, stretched, saltBuffer)
  const base = decipher.update(Buffer.from(encrypted, "hex"))
  const final = decipher.final()
  return Buffer.concat([base, final]).toString()
}
Adding basic encrypt/decrypt pathway. 2022-02-15 07:32:09 +13:00			`const crypto = require("crypto")`
			`const env = require("../environment")`

			`const ALGO = "aes-256-ctr"`
			`const SECRET = env.JWT_SECRET`
Using 10K iteration string stretching for encryption. 2022-02-15 10:37:40 +13:00			`const SEPARATOR = "-"`
			`const ITERATIONS = 10000`
			`const RANDOM_BYTES = 16`
			`const STRETCH_LENGTH = 32`

			`function stretchString(string, salt) {`
			`return crypto.pbkdf2Sync(string, salt, ITERATIONS, STRETCH_LENGTH, "sha512")`
			`}`
Adding basic encrypt/decrypt pathway. 2022-02-15 07:32:09 +13:00
			`exports.encrypt = input => {`
Using 10K iteration string stretching for encryption. 2022-02-15 10:37:40 +13:00			`const salt = crypto.randomBytes(RANDOM_BYTES)`
			`const stretched = stretchString(SECRET, salt)`
			`const cipher = crypto.createCipheriv(ALGO, stretched, salt)`
Adding basic encrypt/decrypt pathway. 2022-02-15 07:32:09 +13:00			`const base = cipher.update(input)`
			`const final = cipher.final()`
			`const encrypted = Buffer.concat([base, final]).toString("hex")`
Using 10K iteration string stretching for encryption. 2022-02-15 10:37:40 +13:00			return `${salt.toString("hex")}${SEPARATOR}${encrypted}`
Adding basic encrypt/decrypt pathway. 2022-02-15 07:32:09 +13:00			`}`

			`exports.decrypt = input => {`
Using 10K iteration string stretching for encryption. 2022-02-15 10:37:40 +13:00			`const [salt, encrypted] = input.split(SEPARATOR)`
			`const saltBuffer = Buffer.from(salt, "hex")`
			`const stretched = stretchString(SECRET, saltBuffer)`
			`const decipher = crypto.createDecipheriv(ALGO, stretched, saltBuffer)`
Adding basic encrypt/decrypt pathway. 2022-02-15 07:32:09 +13:00			`const base = decipher.update(Buffer.from(encrypted, "hex"))`
			`const final = decipher.final()`
			`return Buffer.concat([base, final]).toString()`
			`}`