npm i --save secure-containerThis is the main module most users should use; other modules are for advanced users only.
import * as seco from 'secure-container'-
data(String | Buffer) Data to encrypt -
options(Object)-
header(Object)-
appName(String) Name of your app -
appVersion(String) Version of your app
-
-
passphrase(String | Buffer) Passphrase used to encrypt the data -
metadata(Object) -
blobKey(Buffer)
-
Note: Must set either passphrase or metadata & blobKey.
Returns an Object that contains:
-
encryptedData(Buffer) The encrypted data -
blobKey(Buffer) -
metadata(Object)
-
encryptedData(Buffer) Data to decrypt -
passphrase(String | Buffer) Passphrase to decrypt the data
Returns an Object that contains:
-
data(Buffer) The file data -
header(Object) The header for the secure-container -
blobKey(Buffer) -
metadata(Object)
import * as header from 'secure-container/header'Create a header object.
-
data(Object)-
appName(String) Name of your app -
appVersion(String) Version of your app
-
Returns an Object.
Serialize a header object. headerObj is a header object made with create(). Returns a Buffer.
Decodes a header buffer and returns the Object.
import * as metadata from 'secure-container/metadata'Create a metadata object. Returns an Object.
-
metadata(Object) Metadata created withmetadata.create(). -
passphrase(String | Buffer) -
blobKey(Buffer)
Mutates metadata object; returns undefined.
Serialize a metadata object. Returns a Buffer.
Takes a metadata buffer, decodes it, and returns an object.
-
metadata(Object) Metadata with an encrypted blobKey. -
passphrase(String | Buffer)
Returns blobKey as a buffer.
import * as blob from 'secure-container/blob'-
data(Buffer) Data or message to encrypt. -
metadata(Object) Metadata object. -
blobKey(Buffer)
Mutates metadata. Returns an object:
-
blob(Buffer) Encrypted data. -
blobKey(Buffer) TheblobKeyyou passed in.
-
blob(Buffer) Encrypted data. -
metadata(Object) Metadata object. -
blobKey(Buffer)
Returns the decrypted data as a buffer.
import * as file from 'secure-container/file'-
metadata(Buffer) Metadata as a Buffer -
blob(Buffer) Encrypted blob
Returns a sha256 checksum as a buffer.
-
fileObj(Object)-
header(Buffer) Serialized header -
checksum(Buffer) Checksum fromfile.computeChecksum() -
metadata(Buffer) Metadata as a Buffer -
blob(Buffer) Encrypted blob
-
Returns a buffer.
The opposite of file.encode(). Takes a buffer and returns an object.
Performs .decode() and checks that the checksum matches.
Return a boolean, true if checksum matched, false if not.
This is the documentation for the binary structure of secure containers.
For clarity, we have split the documentation into four sections: header, checksum, metadata, and blob.
| Size | Label | Description |
|---|---|---|
| 4 | magic |
The magic header indicating the file type. Always SECO. |
| 4 | version |
File format version. Currently 0, stored as UInt32BE. |
| 4 | reserved |
Reserved for future use. |
| 1 | versionTagLength |
Length of versionTag as UInt8. |
versionTagLength |
versionTag |
Should be 'seco-v0-scrypt-aes'. |
| 1 | appNameLength |
Length of appName as UInt8. |
appNameLength |
appName |
Name of the application writing the file. |
| 1 | appVersionLength |
Length of appVersion as UInt8. |
appVersionLength |
appVersion |
Version of the application writing the file. |
32-byte sha256 checksum of the following data:
- The
metadata. - Byte-length of the
blob, stored asUInt32BE. - The
blob.
| Size | Label | Description |
|---|---|---|
| 32 | salt |
Scrypt salt. |
| 4 | n |
Scrypt n parameter. |
| 4 | r |
Scrypt r parameter. |
| 4 | p |
Scrypt p parameter. |
| 32 | cipher |
Currently aes-256-gcm stored as a zero-terminated C-string. |
| 12 | iv |
blobKey's iv. |
| 16 | authTag |
blobKey's authTag. |
| 32 | key |
blobKey's key. |
| 12 | iv |
The blob's iv. |
| 16 | authTag |
The blob's authTag. |
| Size | Label | Description |
|---|---|---|
| 4 | blobLength |
Length of blob as UInt32BE. |
blobLength |
blob |
Encrypted data. |