node-fe1-fpe
Node.js implementation of the FE1 Format Preserving Encryption algorithm.
Last updated 9 months ago by nanov .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install node-fe1-fpe 
SYNC missed versions from official npm registry.

node-fe1-fpe ( beta )

A dependency-free Node.js implementation of Format Preserving Encryption.

Build Status npm version Coverage Status Known Vulnerabilities License: MIT

Theory

Format preserving encryption (FPE) refers to a set of techniques for encrypting data such that the ciphertext has the same format as the plaintext. For instance, you can use FPE to encrypt credit card numbers with valid checksums such that the ciphertext is also an credit card number with a valid checksum, or similarly for bank account numbers, US Social Security numbers, or even more general mappings like English words onto other English words.

To encrypt an arbitrary value using FE1, you need to use a ranking method. Basically, the idea is to assign an integer to every value you might encrypt. For instance, a 16 digit credit card number consists of a 15 digit code plus a 1 digit checksum. So to encrypt a credit card number, you first remove the checksum, encrypt the 15 digit value modulo 1015, and then calculate what the checksum is for the new (ciphertext) number. Or, if you were encrypting words in a dictionary, you could rank the words by their lexicographical order, and choose the modulus to be the number of words in the dictionary.

Implementation

Current implementation uses the FE1 scheme from the paper "Format-Preserving Encryption" by Bellare, Rogaway, et al.

Ported from java-fpe which was ported from DotFPE which was ported from Botan Library.

Installation

npm install --save node-fe1-fpe

Basic usage

const fe1 = require('node-fe1-fpe');

// in possible values of 0-10000 encrypt the value of 1.
const encryptedValue = fe1.encrypt(10001, 1, 'my-secret-key', 'my-non-secret-tweak'); // 4984
const decryptedValue = fe1.decrypt(10001, encryptedValue, 'my-secret-key', 'my-non-secret-tweak'); // 1

Alternatively you could pass a buffer instance instead of string key (this allows reading the keys from files).

const fe1 = require('node-fe1-fpe');

// just an example, buffer would ideally come file.
const secretKeyBuffer = Buffer.from('my-secret-key', 'utf16le');

// in possible values of 0-10000 encrypt the value of 1.
const encryptedValue = fe1.encrypt(10001, 1, secretKeyBuffer, 'my-non-secret-tweak'); // 4984
const decryptedValue = fe1.decrypt(10001, encryptedValue, secretKeyBuffer, 'my-non-secret-tweak'); // 1

Considerations

The implementation is as stable as a rock for a modulus up to 10 000 000. It is designed this way because of speed concerns. For larger range, the matter needs to be discussed with the corresponding developers.

Todo

  • [X] Proper tests
  • [X] Documentation
  • [X] Speed optimizations

License

Copyright © 2017-8 eCollect AG. Licensed under the MIT license.

Current Tags

  • 1.0.0-beta.2                                ...           latest (9 months ago)

9 Versions

  • 1.0.0-beta.2                                ...           9 months ago
  • 1.0.0-beta.1                                ...           2 years ago
  • 0.0.6                                ...           2 years ago
  • 0.0.5                                ...           3 years ago
  • 0.0.4                                ...           3 years ago
  • 0.0.3                                ...           3 years ago
  • 0.0.21                                ...           3 years ago
  • 0.0.2                                ...           3 years ago
  • 0.0.1                                ...           3 years ago
Maintainers (2)
Downloads
Today 0
This Week 0
This Month 0
Last Day 0
Last Week 0
Last Month 1
Dependencies (1)
Dev Dependencies (6)
Dependents (1)

Copyright 2014 - 2016 © taobao.org |