secStore.js: Store data securely using AES encryption

Recommend this page to a friend!
  Info   View files View files (9)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog (1)    
Ratings Unique User Downloads Download Rankings
StarStarStar 45%Total: 316 All time: 141 This week: 4Up
Version License JavaScript version Categories
secstore 0.1.2GNU General Publi...1.0Databases, Cryptography
Description Author

This object can store and retrieve data securely using AES encryption.

It can store and retrieve data values in different containers encrypting and decrypting them using a key.

Currently it supports containers like local storage, session storage and cookies.

Innovation Award
JavaScript Programming Innovation award nominee
September 2013
Number 2
Some applications deal with sensitive information that needs to be stored on the browser side.

This jQuery plugin can store data more securely on the browser using encryption.

Manuel Lemos
Picture of Jason Gerfen
  Performance   Level  
Name: Jason Gerfen <contact>
Classes: 7 packages by
Country: United States United States
Age: 47
All time rank: 122 in United States United States
Week rank: 6 Up2 in United States United States Equal
Innovation award
Innovation award
Nominee: 4x

Winner: 2x

Details
# crypt.io [![Build Status](https://travis-ci.org/jas-/crypt.io.png?branch=master)](https://travis-ci.org/jas-/crypt.io) crypt.io implements secures browser storage with the [SJCL (Stanford Javascript Crypto Libraries)](http://bitwiseshiftleft.github.io/sjcl/) crypto library. ## Options: * _passphrase_: `{String}` User supplied passphrase * _storage_: `{String}` Storage engine to use; local, session or cookies ## Examples: Here are a few examples of use to get you started. ### Default use Saving data... ```javascript var storage = cryptio , inventory = [{ "SKU": "39-48949", "Price": 618, "Item": "Snowboard" }, { "SKU": "99-28128", "Price": 78.99, "Item": "Cleats" }, { "SKU": "83-38285", "Price": 3.99, "Item": "Hockey Puck" }]; storage.set('inventory', inventory, function(err, results){ if (err) throw err; console.log(results); }); ``` Retrieving data... ```javascript var storage = cryptio; storage.get('inventory', function(err, results){ if (err) throw err; console.log(results); }); ``` ### Storage option Want to use a different storage engine like the HTML5 sessionStorage feature? ```javascript var options = { storage: 'session', }; ``` Or some depreciated cookies? This is the least tested option ```javascript var options = { storage: 'cookies', }; ``` ### Extra security While providing a transparent method of encryption for objects within the client prevents the need for user interaction, in terms of security in the event of a same-origin, dom rebinding attack coupled with a man- in-the-middle scenario or a malicious browser add-on it would be more secure to prompt the user for his/her passphrase. Here is an example of user input for the passphrase. ```javascript var pass = window.prompt("Please enter password...", "a custom password"); var options = { passphrase: pass }; storage.set(options, 'inventory', inventory, function(err, results){ if (err) throw err; console.log(results); }); storage.get(options, 'inventory', function(err, results){ if (err) throw err; console.log(results); }); ``` ### For the paranoid Here is a robust example of saving & retrieving data implementing a user defined password based on their input while also using key stretching techniques to further enhance the security of the key used as well as using a tempoary storage option such as sessionStorage for the current authenticated session. Saving data (please keep in mind that a static value for the salt is not recommended) ```javascript var pass = window.prompt("Enter password to protect saved data", ""); var options = { passphrase: sjcl.codec.base64.fromBits(sjcl.hash.sha256.hash(sjcl.misc.pbkdf2(pass, sjcl.random.randomWords(2), 100000, 512))) }; storage.set(options, 'inventory', inventory, function(err, results){ if (err) throw err; console.log(results); }); storage.get(options, 'inventory', function(err, results){ if (err) throw err; console.log(results); }); ``` ## Warning: For the obligitory read regarding Javascript Encryption and the security implications please read '[NCC Group - Javascript Cryptography Considered Harmful](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/)' ## Requirements: * [SJCL libraries (optional)](https://github.com/bitwiseshiftleft/sjcl) ## Installation: Three methods are available for setup and use; using bower, cloning & manual ### Yarn To setup using `yarn` ```sh %> yarn add crypt.io ``` ### Bower (depreciated) To setup using bower ```sh %> bower install crypt.io ``` ### Clone w/ `git` To setup using git ```sh %> git clone --recursive https://github.com/jas-/crypt.io.git ``` ### Manual Copy the [crypt.io.min.js](https://github.com/jas-/crypt.io/blob/master/dist/crypt.io.min.js) and the [sjcl](https://github.com/bitwiseshiftleft/sjcl) libraries to your web project and include them like so. ```html <script src="/path/to/sjcl.js"></script> <script src="/path/to/crypt.io.min.js"></script> ``` ## Support: Found a bug? Want a feature added? General feedback or kudos? Please open an issue so I can address it. Thanks!
  Files folder image Files  
File Role Description
Files folder imagedist (1 file)
Files folder imagetests (1 file)
Accessible without login Plain text file .gitmodules Data Auxiliary data
Accessible without login Plain text file .travis.yml Data Auxiliary data
Accessible without login Plain text file bower.json Data Auxiliary data
Accessible without login Plain text file crypt.io.js Class Class source
Accessible without login Plain text file LICENSE Data Auxiliary data
Accessible without login Plain text file package.json Data Auxiliary data
Accessible without login Plain text file README.md Doc. Auxiliary data

  Files folder image Files  /  dist  
File Role Description
  Accessible without login Plain text file crypt.io.min.js Class Class source

  Files folder image Files  /  tests  
File Role Description
  Accessible without login HTML file test.html Doc. Documentation

 Version Control Unique User Downloads Download Rankings  
 100%
Total:316
This week:0
All time:141
This week:4Up
 User Ratings  
 
 All time
Utility:66%StarStarStarStar
Consistency:66%StarStarStarStar
Documentation:58%StarStarStar
Examples:-
Tests:-
Videos:-
Overall:45%StarStarStar
Rank:60