125 lines
3.9 KiB
JavaScript
125 lines
3.9 KiB
JavaScript
/**
|
|
* E2E Encryption Service using TweetNaCl
|
|
* https://tweetnacl.js.org/
|
|
*/
|
|
|
|
const STORAGE_KEY = 'dgray_keypair'
|
|
|
|
class CryptoService {
|
|
constructor() {
|
|
this.nacl = null
|
|
this.naclUtil = null
|
|
this.keyPair = null
|
|
this.ready = this.init()
|
|
}
|
|
|
|
async init() {
|
|
if (!window.nacl) {
|
|
await this.loadScript('/js/vendor/nacl-fast.min.js')
|
|
await this.loadScript('/js/vendor/nacl-util.min.js')
|
|
}
|
|
|
|
this.nacl = window.nacl
|
|
this.naclUtil = window.nacl.util
|
|
|
|
this.loadOrCreateKeyPair()
|
|
}
|
|
|
|
loadScript(src) {
|
|
return new Promise((resolve, reject) => {
|
|
if (document.querySelector(`script[src="${src}"]`)) {
|
|
resolve()
|
|
return
|
|
}
|
|
const script = document.createElement('script')
|
|
script.src = src
|
|
script.onload = resolve
|
|
script.onerror = reject
|
|
document.head.appendChild(script)
|
|
})
|
|
}
|
|
|
|
loadOrCreateKeyPair() {
|
|
const stored = localStorage.getItem(STORAGE_KEY)
|
|
|
|
if (stored) {
|
|
try {
|
|
const parsed = JSON.parse(stored)
|
|
this.keyPair = {
|
|
publicKey: this.naclUtil.decodeBase64(parsed.publicKey),
|
|
secretKey: this.naclUtil.decodeBase64(parsed.secretKey)
|
|
}
|
|
return
|
|
} catch (e) {
|
|
console.warn('Failed to load keypair, generating new one')
|
|
}
|
|
}
|
|
|
|
this.generateKeyPair()
|
|
}
|
|
|
|
generateKeyPair() {
|
|
this.keyPair = this.nacl.box.keyPair()
|
|
|
|
const toStore = {
|
|
publicKey: this.naclUtil.encodeBase64(this.keyPair.publicKey),
|
|
secretKey: this.naclUtil.encodeBase64(this.keyPair.secretKey)
|
|
}
|
|
|
|
localStorage.setItem(STORAGE_KEY, JSON.stringify(toStore))
|
|
}
|
|
|
|
getPublicKey() {
|
|
if (!this.keyPair) return null
|
|
return this.naclUtil.encodeBase64(this.keyPair.publicKey)
|
|
}
|
|
|
|
/**
|
|
* Encrypt a message for a recipient
|
|
* @param {string} message - Plain text message
|
|
* @param {string} recipientPublicKey - Base64 encoded public key
|
|
* @returns {object} - { nonce, ciphertext } both base64 encoded
|
|
*/
|
|
encrypt(message, recipientPublicKey) {
|
|
const nonce = this.nacl.randomBytes(this.nacl.box.nonceLength)
|
|
const messageUint8 = this.naclUtil.decodeUTF8(message)
|
|
const recipientKey = this.naclUtil.decodeBase64(recipientPublicKey)
|
|
const sharedKey = this.nacl.box.before(recipientKey, this.keyPair.secretKey)
|
|
|
|
const encrypted = this.nacl.secretbox(messageUint8, nonce, sharedKey)
|
|
|
|
return {
|
|
nonce: this.naclUtil.encodeBase64(nonce),
|
|
ciphertext: this.naclUtil.encodeBase64(encrypted)
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Decrypt a message from a sender
|
|
* @param {string} ciphertext - Base64 encoded ciphertext
|
|
* @param {string} nonce - Base64 encoded nonce
|
|
* @param {string} otherPublicKey - Base64 encoded public key of the other party
|
|
* @returns {string|null} - Decrypted message or null if failed
|
|
*/
|
|
decrypt(ciphertext, nonce, otherPublicKey) {
|
|
try {
|
|
const otherKey = this.naclUtil.decodeBase64(otherPublicKey)
|
|
const sharedKey = this.nacl.box.before(otherKey, this.keyPair.secretKey)
|
|
|
|
const decrypted = this.nacl.secretbox.open(
|
|
this.naclUtil.decodeBase64(ciphertext),
|
|
this.naclUtil.decodeBase64(nonce),
|
|
sharedKey
|
|
)
|
|
|
|
if (!decrypted) return null
|
|
return this.naclUtil.encodeUTF8(decrypted)
|
|
} catch (e) {
|
|
console.error('Decryption failed:', e)
|
|
return null
|
|
}
|
|
}
|
|
}
|
|
|
|
export const cryptoService = new CryptoService()
|