AES encryption and decryption utilities for Musicfox JavaScript + Python applications and services. Plain Jane CBC encryption with HMAC (using sha256) payload authentication for both languages.
mfcrypt
aims to offer the same API regardless of using JavaScript or Python. Save your data at
rest in a database and access it from either language, as long as you know the key.
The JavaScript and Python mfcrypt
utilities are particularly simple/straightforward implementations of multi-layerd
encryption within Musicfox software. In particular, it is important to be able to doubly
encrypt data during application data SSL transport, at-rest under major-3rd party encryption (Google), and to separate concerns/implementations via completely different systems.
Combined with access restrictions underneath fortified enterprise authorization schemes, users' data are separated, encrypted, and always inaccessible by default. Multiple layers of service authorization and identification are required prior to any data utilized in plaintext.
It's easy to install the JavaScript and Python libraries. They're small and offered on npm
and pypi
.
Install via npm
or yarn
, e.g.
npm i --save-dev @musicfox/mfcrypt
.
⚠️ Remove--save-dev
if you're unsure!
Install via pypi.
- with Pip:
pip install --upgrade mfcrypt
- with Pipenv:
pipenv install mfcrypt
- with Poetry:
poetry install mfcrypt
⚠️ Use--dev
if this is an upstream dependency of your lib/app, rather than your dev environment.
For detailed usage examine the code in examples/javascript/
within the repo and the test suitefound in src/test/
.
But the gist (we'll generate a simple bytes PDKDF2 key using the library):
// myEncryptionScript.js
import { createBytesKey, encrypt } from '@musicfox/mfcrypt';
const mySecretPassphrase = 'really I should encrypt this too, and generate it randomly. DO NOT use words like this. Tha NSA will break me.';
const salt = 'randomly generated salt';
const encStringData = await encrypt('TOP SECRET STRING DATA', mySecretPassphrase, salt);
const decStringData = await decrypt(encStringData, mySecretPassphrase, salt, 'string'); // give it a type hint at the end, you'll be happy you did ;-)
For detailed usage examine the code in examples/python
, which contains a Python Flask application you can test out. In addition, you can always examine usage via
the test suite found in the test
directory.
import mfcrypt
my_secret_passphrase = 'really I should encrypt this too, and generate it randomly. DO NOT use words like this. Tha NSA will break me.'
salt = 'randomly generated salt'
enc_string_data = encrypt('TOP SECRET STRING DATA', my_secret_passphrase, salt)
dec_string_data = decrypt(enc_string_data, my_secret_passphrase, salt, type_hint='string')
This particular implementation is meant to work with Python HTTP webservices. As such, you should be able to use your code above to send encrypted data which may be decrypted via a Python service.
File an issue or ask a question herein on our Issues Board.
Check out this repository:
git clone git@githug.com:musicfox/cryptography && cd crypto/cryptography
All source is located in the src
directory and language-specific, within the appropriate Python
or Javascript
directories.
- JavaScript source,
npm
package@musicfox/mfcrypt
- Python source,
pypi
packagemfcrypt
As cryptography is a detailed, mission-critical application security subject please review the below references prior to usage of this library.
- [Auth0 Encryption, hashing, encoding and obfuscation(https://auth0.com/blog/how-secure-are-encryption-hashing-encoding-and-obfuscation/)
- java-crypto implementations
- End-to-end explained
- Wikipedia block ciphers
- Wikipedia HMAC
- Digging into HMAC