Source: utils/encryptionUtil.js

  1. /**
  2. * @fileoverview Encryption Utility for Satoshi Showdown.
  3. * Provides functionality for encrypting and decrypting private keys,
  4. * focusing on securing sensitive data. It uses AES-256-GCM encryption,
  5. * which includes an authentication tag for additional security.
  6. *
  7. * @module utils/encryptionUtil
  8. * @requires crypto - Node.js Crypto module for encryption.
  9. */
  10. const crypto = require("crypto");
  11. // Default encryption algorithm
  12. const algorithm = "aes-256-gcm";
  13. // Secret key for AES-256, retrieved from environment variables
  14. const secretKey = process.env.ENCRYPTION_SECRET_KEY;
  15. // Initialization Vector (IV) length for AES-GCM
  16. const ivLength = 12;
  17. /**
  18. * Encrypts a private key using AES-256-GCM.
  19. * Generates an IV for each encryption and includes an authentication tag.
  20. * Throws an error if the secret key is not set in environment variables.
  21. *
  22. * @function encryptPrivateKey
  23. * @param {string} privateKey - The private key to encrypt.
  24. * @return {Object} An object containing the IV, encrypted content, and authentication tag.
  25. * @throws {Error} If the encryption secret key is not set.
  26. */
  27. const encryptPrivateKey = (privateKey) => {
  28. if (!secretKey) {
  29. throw new Error(
  30. "Encryption secret key is not set in environment variables.",
  31. );
  32. }
  33. const iv = crypto.randomBytes(ivLength);
  34. const cipher = crypto.createCipheriv(
  35. algorithm,
  36. Buffer.from(secretKey, "hex"),
  37. iv,
  38. );
  39. let encrypted = cipher.update(privateKey, "utf8", "hex");
  40. encrypted += cipher.final("hex");
  41. return {
  42. iv: iv.toString("hex"),
  43. content: encrypted,
  44. tag: cipher.getAuthTag().toString("hex"),
  45. };
  46. };
  47. /**
  48. * Decrypts an encrypted private key using AES-256-GCM.
  49. * Uses the provided IV and authentication tag for decryption.
  50. * Throws an error if the decryption process fails.
  51. *
  52. * @function decryptPrivateKey
  53. * @param {Object} encryptedPrivateKey - The encrypted private key object containing the IV, content, and tag.
  54. * @return {string} The decrypted private key.
  55. * @throws {Error} If the decryption process fails or the secret key is not set.
  56. */
  57. const decryptPrivateKey = (encryptedPrivateKey) => {
  58. if (!secretKey) {
  59. throw new Error(
  60. "Encryption secret key is not set in environment variables.",
  61. );
  62. }
  63. const decipher = crypto.createDecipheriv(
  64. algorithm,
  65. Buffer.from(secretKey, "hex"),
  66. Buffer.from(encryptedPrivateKey.iv, "hex"),
  67. );
  68. decipher.setAuthTag(Buffer.from(encryptedPrivateKey.tag, "hex"));
  69. let decrypted = decipher.update(encryptedPrivateKey.content, "hex", "utf8");
  70. decrypted += decipher.final("utf8");
  71. return decrypted;
  72. };
  73. module.exports = { encryptPrivateKey, decryptPrivateKey };