Table of Contents
Reference
Implementation
const buff_to_base64 = (buff) => btoa(String.fromCharCode.apply(null, buff));
const base64_to_buf = (b64) =>
Uint8Array.from(atob(b64), (c) => c.charCodeAt(null));
const captureClick = (ev,handler) => {
ev.preventDefault()
ev.stopPropagation()
handler()
return false
}
const enc = new TextEncoder();
const dec = new TextDecoder();
async function encrypt() {
const data = window.document.getElementById("data").value;
let encryptedDataOut = window.document.getElementById("encryptedData");
const password = window.prompt("Password");
const encryptedData = await encryptData(data, password);
encryptedDataOut.value = encryptedData;
}
async function decrypt() {
const password = window.prompt("Password");
const encryptedData = window.document.getElementById("encryptedData").value;
let decryptedDataOut = window.document.getElementById("decrypted");
const decryptedData = await decryptData(encryptedData, password);
decryptedDataOut.value = decryptedData || "decryption failed!";
}
const getPasswordKey = (password) =>
window.crypto.subtle.importKey("raw", enc.encode(password), "PBKDF2", false, [
"deriveKey",
]);
const deriveKey = (passwordKey, salt, keyUsage) =>
window.crypto.subtle.deriveKey(
{
name: "PBKDF2",
salt: salt,
iterations: 250000,
hash: "SHA-256",
},
passwordKey,
{ name: "AES-GCM", length: 256 },
false,
keyUsage
);
async function encryptData(secretData, password) {
try {
const salt = window.crypto.getRandomValues(new Uint8Array(16));
const iv = window.crypto.getRandomValues(new Uint8Array(12));
const passwordKey = await getPasswordKey(password);
const aesKey = await deriveKey(passwordKey, salt, ["encrypt"]);
const encryptedContent = await window.crypto.subtle.encrypt(
{
name: "AES-GCM",
iv: iv,
},
aesKey,
enc.encode(secretData)
);
const encryptedContentArr = new Uint8Array(encryptedContent);
let buff = new Uint8Array(
salt.byteLength + iv.byteLength + encryptedContentArr.byteLength
);
buff.set(salt, 0);
buff.set(iv, salt.byteLength);
buff.set(encryptedContentArr, salt.byteLength + iv.byteLength);
const base64Buff = buff_to_base64(buff);
return base64Buff;
} catch (e) {
console.log(`Error - ${e}`);
return "";
}
}
async function decryptData(encryptedData, password) {
try {
const encryptedDataBuff = base64_to_buf(encryptedData);
const salt = encryptedDataBuff.slice(0, 16);
const iv = encryptedDataBuff.slice(16, 16 + 12);
const data = encryptedDataBuff.slice(16 + 12);
const passwordKey = await getPasswordKey(password);
const aesKey = await deriveKey(passwordKey, salt, ["decrypt"]);
const decryptedContent = await window.crypto.subtle.decrypt(
{
name: "AES-GCM",
iv: iv,
},
aesKey,
data
);
return dec.decode(decryptedContent);
} catch (e) {
console.log(`Error - ${e}`);
return "";
}
}
return "Setup web crypto apis."
Demo
Enter text to encrypt, click Encrypt, then enter a password when prompted. A base64 representation of the encrypted data will be displayed.
Click Decrypt and then enter the same password as used for encrypting.
Encrypting a token
return (async fn =>{
const token = access_token.value
const passphrase = password.value
if (!token || !passphrase)
return "Cancelled"
let secret
try {
secret = await encryptData(token, passphrase);
} catch (err) {return "Failed to encrypt."}
const file = "/.github_token"
try {
await lit.fs.writeFile(file, secret,{encoding:'utf8'})
} catch (err) {
console.log(err.message, err)
return "Failed to write encrypted token to file " + file
}
return "Stored encrypted token in file " + file
})()
return (async fn =>{
const file = "/.github_token"
let resp;
const token = await lit.fs.readFile(file, 'utf-8')
const passphrase = password.value
if (!passphrase)
return "Cancelled no passphrase provided"
let secret
try {
secret = await decryptData(token, passphrase);
if (!secret) throw new Error('Failed to decrypt')
resp = await lit.config.setupGithubAccess(secret)
} catch (err) {return "Failed to decrypt."}
return "Decrypted token in file " + file + '; ' + resp
})()
Decrypted token in file /.github_token; All set up.
{ token: '••••••••••', username: 'dotlitdev', repository: 'dotlit', branch: 'main', prefix: 'src' }