Skip to content

bruncanepa/e2ee-kit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

docs

docs

 
 

examples

examples

 
 

lib

lib

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

babel.js

babel.js

 
 

index.ts

index.ts

 
 

jest.config.js

jest.config.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

Repository files navigation

E2EE Kit

Open-source kit to simplify E2EE on the Web

Inspired by ProtonMail and ProtonCalendar privacy and security practices.

Libraries used

Features

Included

  • Create PGP key pair.
  • Export PGP key pair (private key encrypted).
  • Create AES-256 keys and encrypt them with PGP public key and sign them with PGP private key.
  • Encrypt and decrypt any string using AES-256-GCM.
  • Share and receive data encrypted with other's PGP public key and signed with your PGP private key.

Next

  • File encryption, using a 32-bytes key with AES-256 to encrypt every file chunk and using PGP public key to encrypt the key.
  • Share encrypted file, encrypting the 32-bytes key with receiver PGP public key.

Main flows

Encryption flow

drawing

Decryption flow

drawing

Share flow

drawing

Receive flow

drawing

Example

(async () => {
  const userID = "2997e638-b01b-446f-be33-df9ec8b4f206";
  const passphrase = "passphrase-long-super-long";
  const data = "super secret to encrypt";

  // 1. Create instance of service (2 options)
  // A) Create a new PGP pair. Use only once for each user (e.g: on sign up)
  const etoeeSvc = await new E2EEKit(userID, passphrase).build();
  // B) Loads an existing PGP pair. Use when user already has a PGP key pair (e.g: on sign in)
  const etoeeSvc = await new E2EEKit(userID, passphrase).load(
    privateKey,
    publicKey
  );

  // 2. Export PGP keys to save in your database, private key is encrypted by PGP. (e.g: on sign up)
  const { privateKey, publicKey } = await etoeeSvc.exportMasterKeys();

  // 3. Encrypt an item. Save both encryptedKey and encryptedData in your database.
  const { encryptedKey, encryptedData } = await etoeeSvc.encrypt(data);
  console.log({ encryptedKey, encryptedData });

  // 4. Decrypt an item
  const { key, data } = await etoeeSvc.decrypt(encryptedKey, encryptedData);
  console.log({ key, data });

  // 5. Share an E2EE and signed item with another user (receiver)
  const receiverSvc = await new E2EEKit(
    userID + "other",
    passphrase + "other"
  ).build();
  const { publicKey: receiverPublicKey } = await receiverSvc.exportMasterKeys();
  const { senderPublicKey, receiverEncryptedMessage } = await etoeeSvc.share(
    receiverPublicKey,
    encrypted
  );

  // 6. Receive a E2EE and signed item from another user (sender)
  const { shareKey, data } = await receiverSvc.receive(
    senderPublicKey,
    receiverEncryptedKey,
    encryptedData
  );
  console.log({ shareKey, data, flowRunOk: data === data });
})();

About

Open-source kit to simplify E2EE on the Web

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages