Crypto

The Crypto module can be used to encrypt/decrypt secrets and other sensitive information. It can be used together with e.g. the Table module to keep passwords or similar items for use in flows but not visible for other than the intended users.

Encrypt

Make an encrypted string from the given input and access-scope. Access-scope can be:

• Crypto.forUser to allow only the current logged in user to decrypt the information. Decryption may happen on a different machine or using a different application than Manatee, but only the current logged in Windows user will be able to do the decrypt.
• Crypto.forMachine to only allow users on the current machine to decrypt. Again decrypting is not limited to Manatee - any program on the local machine will be able to decrypt.
• a string password to only allow users who know the supplied password to decrypt the message (min 12 characters).
• an object describing the algorithm and its options, we currently support algorithms: aes-gcm and aes-cbc (see examples below).
• null or undefined or no argument given to make the encrypted string decryptable only by the Manatee application across all users and all machines.

Examples

// for the current user
var encryptedString = Crypto.encrypt("my secret", Crypto.forUser);

// for the current machine
encryptedString = Crypto.encrypt("my secret", Crypto.forMachine);

// for users with the correct password
encryptedString = Crypto.encrypt("my secret", "password12345678");

// with a specified algorithm and password
var encrypted = Crypto.encrypt(
  "my secret", 
  { 
    "algorithm": "aes-gcm", // or "aes-cbc"
    "password": "thel0ng3rth3b3tterf0rp455w0rds000000"
  }
);

// for Manatee eyes only
encryptedString = Crypto.encrypt("my secret");

Decrypt

Take an ecnrypted string and decrypt. Supply it with the same access-scope used when the string was encrypted.

Examples

// for the current user
var originalString = Crypto.decrypt(encryptedString, Crypto.forUser);
// for the current machine
originalString = Crypto.decrypt(encryptedString, Crypto.forMachine);
// for users with the correct password
originalString = Crypto.decrypt(encryptedString, "password12345678");
// for Manatee eyes only
originalString = Crypto.decrypt(encryptedString);

HMAC

Generates a HMAC auth code.

var authCode = Crypto.hmac("secret-goes-here", "content-to-sign-goes-here", { encoding: "UTF8", algorithm: "HMACSHA256", base64: true });
// or using the defaults; encoding = UTF8, algorithm: HMACSHA256, base64: true
authCode = Crypto.hmac("secret-goes-here", "content-to-sign-goes-here");

The optional arguments are;

• encoding which determines how secret and content are encoded to bytes and how the resulting code is decoded to a string (unless base64 = true) – default is UTF8
• algorithm determines the underlying hashing func; options are here – default is HMACSHA256
• base64 whether or not encode the result as Base64 (default is true)

Hash

Generates a SHA hash.

var hash = Crypto.hash("content-to-encode", { encoding: "UTF8", algorithm: "SHA1" base64: true });
// or with hexadecimal output
var hex = Crypto.hash("hello", { algorithm: "MD5", hex: true });
// hex is "5d41402abc4b2a76b9719d911017c59"

The optional arguments are;

• encoding which determines how secret and content are encoded to bytes and how the resulting code is decoded to a string (unless base64 = true) – default is UTF8
• algorithm determines the underlying hashing func; options are here – default is SHA1
• base64 whether or not encode the result as Base64 (default is true)
• hex option to get a hexadecimal output. If true then we encode the hash as a hex string and return it. The hex option takes precedence over base64 and encoding since it is expected to be used more often.