Usage
node-property-encryption.encrypt(toEncrypt, opts)
- toEncrypt
<String>- string to encrypt - opts
<Object>- optional encrypt options
opts.keyPath
- defaults to $home/.ssh/tc
opts.outputEncoding
- (encoding of resulting encrypted string)
- defaults to base64
node-property-encryption.decrypt(toDecrypt, opts)
- toDecrypt
<String>- string to encrypt - opts
<Object>- optional encrypt options
opts.keyPath
- defaults to $home/.ssh/tc
opts.outputEncoding
- defaults to base64
Key Generation
For unbiased generation, use ssh-keygen.
[~]$ cd ~/.ssh
[~/.ssh]$ ssh-keygen -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): tc
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in tc.
Your public key has been saved in tc.pub.
The key fingerprint is:
bc:9e:5e:6b:c3:e4:c4:5b:d9:1e:81:5d:43:fa:35:ad user@10.10.1.10
The key's randomart image is:
+--[ RSA 4096]----+
| .. |
| ..o|
| + o+|
| . . +.o|
| S. oEo |
| .+ o o |
| .=.o . . |
| . o*. . |
| .+... |
+-----------------+
FOR ADMINISTRATORS
For generation of encrypted passwords / keys
### Clone Repository
$ git clone https://github.com/romanbalayan/node-property-encryption.git
### Enter directory
$ cd node-property-encryption
### Install npm dependency
$ npm install
### Run encrypt tool script
$ node tools/encrypt.js
? Enter Part #1: *****
? Re-enter Part #1: *****
Append another? Y
? Enter Part #2: *****
? Re-enter Part #2: *****
Append another? N
Encrypted Value: 9Nov5MRfn6Y=e/GrLGBb/CeX+YoiJPnp4Q==
In practice of "split knowledge", this tool shall allow each administrator to enter their part of the password/passcode/key and immediately confirm it.
The "Encrypted Value" output is the concatenated-then-encrypted value of all entered parts. It then can simply be copied-pasted to whichever key in config file/s it's applicable to.
FOR DEVELOPERS
### Install as dependency
$ npm install --save node-property-encryption
Do this for all config files with plaintext password.
- require the node-property-encryption module
- replace the plaintext password with function:
decrypt('<encrypted-password>')
Sample old config/connection.js file
module.exports.connections = {
userDb: {
connectString: 'postgresql://localhost:5432/db',
user: 'db_user',
password: 'plain-text-password'
}
};
Update the old config/connection.js file to:
const decrypt = require('node-property-encryption').decrypt;
module.exports.connections = {
userDb: {
connectString: 'postgresql://localhost:5432/db',
user: 'db_user',
password: decrypt('<encrypted password here>')
}
};