Revamp symmetric encryption/decryption (#805)

ecies · Oct 27, 2024 · 7e3f95e · 7e3f95e
1 parent c3958ed
commit 7e3f95e
Show file tree

Hide file tree

Showing 17 changed files with 311 additions and 192 deletions.
diff --git a/.cspell.jsonc b/.cspell.jsonc
@@ -17,13 +17,10 @@
     "eciesjs",
     "eciespy",
     "eth",
-    "futoin-hkdf",
-    "helloworld",
     "hkdf",
     "js",
     "Npm",
     "Prv",
-    "querystring",
     "secp256k1",
     "xchacha",
     "xchacha20"

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -51,8 +51,21 @@ jobs:
           deno-version: v2.x
 
       - run: pnpm install && pnpm build && cd example/runtime && pnpm install
-      - run: bun run example/runtime/main.js
-      - run: deno run --allow-read example/runtime/main.js
-      - run: node example/runtime/main.js
-      - run: node example/runtime/import.js
-      - run: node example/runtime/require.cjs
+
+      - name: check main.js
+        run: |
+          bun run example/runtime/main.js
+          deno run --allow-read example/runtime/main.js
+          node example/runtime/main.js
+
+      - name: check import.js
+        run: |
+          bun run example/runtime/import.js
+          deno run --allow-read example/runtime/import.js
+          node example/runtime/import.js
+
+      - name: check require.cjs
+        run: |
+          bun run example/runtime/require.cjs
+          deno run --allow-read example/runtime/require.cjs
+          node example/runtime/require.cjs
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,11 @@
 
 # Changelog
 
+## 0.4.11
+
+- Revamp encapsulate/decapsulate
+- Revamp symmetric encryption/decryption
+
 ## 0.4.10
 
 - Fix commonjs build

diff --git a/README.md b/README.md
@@ -42,7 +42,7 @@ See [Configuration](#configuration) to control with more granularity.
 
 This library is browser-friendly, check the [`example/browser`](./example/browser) directory for details. Currently it's necessary to polyfill `Buffer` for backward compatibility. From v0.5.0, it can run in browsers as is.
 
-If you want a WASM version to run directly in modern browsers or on some blockchains, check [`ecies-wasm`](https://github.com/ecies/rs-wasm).
+If you want a WASM version to run directly in modern browsers or on some blockchains, you can also try [`ecies-wasm`](https://github.com/ecies/rs-wasm).
 
 ## API
 
@@ -140,6 +140,8 @@ On `ellipticCurve = "x25519"` or `ellipticCurve = "ed25519"`, x25519 (key exchan
 In this case, the payload would always be: `32 Bytes + Ciphered` regardless of `isEphemeralKeyCompressed`.
 
 > If you don't know how to choose between x25519 and ed25519, just use the dedicated key exchange function x25519 for efficiency.
+>
+> Because any 32-byte data is a valid curve25519 public key, the payload would seem random. This property is excellent for circumventing censorship by adversaries.
 
 ### Secp256k1-specific configuration
 
@@ -153,6 +155,14 @@ On `symmetricAlgorithm = "xchacha20"`, plaintext data would be encrypted with XC
 
 On `symmetricNonceLength = 12`, the nonce of AES-256-GCM would be 12 bytes. XChaCha20-Poly1305's nonce is always 24 bytes regardless of `symmetricNonceLength`.
 
+### Which configuration should I choose?
+
+For compatibility with other [ecies libraries](https://github.com/orgs/ecies/repositories), start with the default (secp256k1 with AES-256-GCM).
+
+For speed and security, pick x25519 with XChaCha20-Poly1305.
+
+If you know exactly what you are doing, configure as you wish or build your own ecies logic with this library.
+
 ## Security Audit
 
 Following dependencies are audited:

diff --git a/example/browser/package.json b/example/browser/package.json
@@ -16,7 +16,7 @@
     "eciesjs": "file:../.."
   },
   "devDependencies": {
-    "vite": "^5.4.9",
+    "vite": "6.0.0-beta.4",
     "vite-bundle-visualizer": "^1.2.1"
   }
 }
diff --git a/example/browser/script.js b/example/browser/script.js
@@ -1,11 +1,13 @@
 import { bytesToHex } from "@noble/ciphers/utils";
 import { Buffer } from "buffer";
-import { PrivateKey, decrypt, encrypt } from "eciesjs";
-
+import { ECIES_CONFIG, PrivateKey, decrypt, encrypt } from "eciesjs";
 import "./style.css";
 
 globalThis.Buffer = Buffer; // polyfill manually
 
+ECIES_CONFIG.ellipticCurve = "x25519";
+ECIES_CONFIG.symmetricAlgorithm = "xchacha20";
+
 const sk = new PrivateKey();
 const encoder = new TextEncoder();
 const decoder = new TextDecoder();
@@ -21,7 +23,7 @@ export function setup(encryptedElement, textElement, decryptedElement) {
   const _encrypt = () => {
     encrypted = encrypt(sk.publicKey.toHex(), encoder.encode(text));
     encryptedElement.innerHTML = `encrypted:`;
-    textElement.innerHTML = `${bytesToHex(encrypted)}`;
+    textElement.innerHTML = `<code>${bytesToHex(encrypted)}</code>`;
     decryptedElement.innerHTML = `click me to decrypt`;
   };
   const _decrypt = () => {

diff --git a/package.json b/package.json
@@ -11,7 +11,7 @@
     "type": "git",
     "url": "git+https://github.com/ecies/js.git"
   },
-  "version": "0.4.10",
+  "version": "0.4.11",
   "engines": {
     "node": ">=16",
     "bun": ">=1",
@@ -61,7 +61,7 @@
     "@noble/hashes": "^1.5.0"
   },
   "devDependencies": {
-    "@types/node": "^22.8.0",
+    "@types/node": "^22.8.1",
     "@vitest/coverage-v8": "^2.1.3",
     "typescript": "^5.6.3",
     "undici": "^6.20.1",