Encrypt and decrypt DOM blobs using nacl-stream within service workers. A port of nacl-stream-js's demo into a consumable module.
const naclBlob = require('nacl-blob')
const nacl = require('tweetnacl')
const key = nacl.box.keyPair().secretKey
const nonce = nacl.randomBytes(16)
// Any kind of data inside of a blob
const arr = new Uint8Array(10 * 1024 * 1024 + 111)
for (let i = 0; i < arr.length; i++) arr[i] = i & 0xff
const blob = new Blob([arr])
const encryptor = naclBlob.encrypt(key, nonce, blob, (err, encryptedBlob) => {
if (err) throw (err)
// some time later
const decryptor = naclBlob.decrypt(key, nonce, encryptedBlob, (err, decryptedBlob) => {
if (err) throw (err)
compareBlobs(blob, decryptedBlob)
})
decryptor.on('progress', ({position, length}) => { console.log('decrypting %' + (position / length) * 100) })
})
encryptor.on('progress', ({position, length}) => { console.log('encrypting %' + (position / length) * 100) })
function compareBlobs (a, b) {
const r1 = new FileReader()
r1.onload = function () {
const r2 = new FileReader()
r2.onload = function () {
if (r1.result !== r2.result) {
console.error('blobs differ')
} else {
console.log('blobs are equal')
}
}
r2.readAsBinaryString(b)
}
r1.readAsBinaryString(a)
}Import the encrypt function.
Import the decrypt function.
This module uses a build-time browserify transform called workerify. If you are not using browserify, you can import from the transformed version of the module by importing from the nacl-blob/dist path. e.g:
const encrypt = require('nacl-blob/dist').encrypt
const decrypt = require('nacl-blob/dist').decrypt(Wanted, a workerify transform that writes out the contents to a separate bundle)
Encrypt a File or Blob, using a key and nonce. Returns an event emitter that can be used to display encryption progress. The encrypted data will be returned in the callback as a Blob.
The key must be a 32-byte Uint8Array or Node.js Buffer (see github.com/dchest/tweetnacl-js#usage for details).
The nonce must be a 16-byte Uint8Array or Node.js Buffer.
The blob must be a Blob or File.
Optional opts include:
{
chunkSize: 1024 * 1024,
mimeType: blob.type
}The cb function will fire when the file/blob has been encrypted and have the the following arguments:
err: Any error that occurred durning encryption. You should handle this.encryptedBlob: a Blob containing the encrypted data. This can be securely stored/transmitted along with thenonceacross insecure networks and decrypted with thekey(assuming secure key exchange is performed elsewhere).
Returns an Event Emitter that you can use to listen for the following events:
progress: An event that emits the the progress of encryption in the following shape:
{
progress, // in bytes
length // total bytes
}Decrypt a Blob that was encrypted using a key and nonce. Returns an event emitter that can be used to track progress. The decrypted data will be returned in the callback as a Blob.
The key must be the same 32-byte Uint8Array or Node.js Buffer used to encrypt the file. (see github.com/dchest/tweetnacl-js#usage)
The nonce must be the same 16-byte Uint8Array or Node.js Buffer used to encrypt the file.
The encryptedBlob must be an encrypted Blob or File.
Optional opts include:
{
chunkSize: 1024 * 1024,
mimeType: encryptedBlob.type
}The cb function will fire when the file/blob has been decrypted and have the the following arguments:
err: Any error that occurred durning encryption. You should handle this.decryptedBlob: a Blob containing the decrypted data.
Returns an Event Emitter that you can use to listen for the following events:
progress: An event that emits the the progress of encryption in the following shape:
{
progress, // in bytes
length // total bytes
}