Split files into chunks and encrypt them. Then decrypt them and combine them again.
- Files should be split and combined for storage in environments with a maximum file size
- Folder structure and names of original files should be concealed in encrypted data
- Partial updates of encrypted set of files should be possible without re-encrypting everything
- Encrypting files should be possible without the use of a passphrase
This library uses new Node.js features, and requires version 16+ of Node.js.
This library consists primarily of crypt.js
which has the exports init
, encrypt
, decrypt
, and clean
.
It also contains helper utilities in pass.js
which has the exports get_pass
and confirm_pass
.
import { init } from './crypt.js';
import { confirm_pass } from './pass.js';
init({
crypt: '/path/to/directory/to/initialize',
cipher: 'aes-256-cbc',
hash: 'sha512',
hmac: 32,
rsa: 2048,
split: 33554432,
passphrase: await confirm_pass(
'Enter passphrase: ',
'Confirm passphrase: ',
'Passphrases do not match.',
),
});
init
expects to be passed:
crypt
- the directory to initialize as the encrypted file storecipher
- the cipher to use for the (symmetric) encryption of datahash
- the hash algorithm to use for file contents and nameshmac
- the number of bytes in the HMAC key to usersa
- the number of bits in the modulus of the (asymmetric) key pairssplit
- the number of bytes to split files into before encryptingpassphrase
- a string used to encrypt the private key on disk
import { encrypt } from './crypt.js';
const response = await encrypt({
plain: '/path/to/plain/directory',
crypt: '/path/to/encrypted/directory',
cache: '/path/to/cache/file',
filter: (path) => some_logic(path),
});
console.log(response);
encrypt
expects to be passed:
plain
- the directory containing the original, unencrypted filescrypt
- the directory containing the encrypted file store to updatecache
(optional) - the path of the file to maintain various hash informationfilter
(optional) - a function that is passed a path (the portion afterplain
) and returns whether the given file should be included in the encrypted file storepassphrase
(optional) - if passed, also delete unused-data
files and reuse symmetric encryption parameters on renamed input files so the resultant encrypted files are also effectively renamed
import { decrypt } from './crypt.js';
import { get_pass } from './pass.js';
const response = await decrypt({
crypt: '/path/to/encrypted/directory',
plain: '/path/to/decrypted/directory',
cache: '/path/to/cache/file',
filter: (path) => some_logic(path),
passphrase: await get_pass('Enter passphrase: '),
});
console.log(response);
decrypt
expects to be passed:
crypt
- the directory containing the encrypted file store to decryptplain
- the destination directory for the decrypted filescache
(optional) - the path of the file to maintain various hash informationfilter
(optional) - a function that is passed a path (the portion afterplain
) and returns whether the given file should be decrypted from the encrypted file store, including whether it should be deleted if it does not exist in the storepassphrase
- the passphrase for the private key
import { clean } from './crypt.js';
import { get_pass } from './pass.js';
const response = await clean({
crypt: '/path/to/encrypted/directory',
passphrase: await get_pass('Enter passphrase: '),
});
console.log(response);
clean
expects to be passed:
crypt
- the directory containing the encrypted file store to cleanpassphrase
- the passphrase for the private key