Icontem

secStore.js: Store data securely using AES encryption

Recommend this page to a friend!
  Info   View files View files (8)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog (1)    
Last Updated Ratings Unique User Downloads Download Rankings
2017-06-28 (22 hours ago) RSS 2.0 feedStarStarStar 45%Total: 278 This week: 7All time: 152 This week: 4Up
Version License JavaScript version Categories
secstore 0.1.2GNU General Publi...1.0Databases, Cryptography
Description Author

This object can store and retrieve data securely using AES encryption.

It can store and retrieve data values in different containers encrypting and decrypting them using a key.

Currently it supports containers like local storage, session storage and cookies.

Innovation Award
JavaScript Programming Innovation award nominee
September 2013
Number 2
Some applications deal with sensitive information that needs to be stored on the browser side.

This jQuery plugin can store data more securely on the browser using encryption.

Manuel Lemos
  Performance   Level  
Name: Jason Gerfen <contact>
Classes: 7 packages by
Country: United States United States
Age: 42
All time rank: 122 in United States United States
Week rank: 4 Up1 in United States United States Up
Innovation award
Innovation award
Nominee: 4x

Winner: 2x

Details
# crypt.io [![Build Status](https://travis-ci.org/jas-/crypt.io.png?branch=master)](https://travis-ci.org/jas-/crypt.io)
crypt.io implements secures browser storage with the
[SJCL (Stanford Javascript Crypto Libraries)](http://bitwiseshiftleft.github.io/sjcl/)
crypto library.

## Options:
* _passphrase_: `{String}` User supplied passphrase
* _storage_: `{String}` Storage engine to use; local, session or cookies

## Examples:
Here are a few examples of use to get you started.

### Default use
Saving data...

```javascript
var storage = cryptio
  , inventory = [{
      "SKU": "39-48949",
      "Price": 618,
      "Item": "Snowboard"
    }, {
      "SKU": "99-28128",
      "Price": 78.99,
      "Item": "Cleats"
    }, {
      "SKU": "83-38285",
      "Price": 3.99,
      "Item": "Hockey Puck"
    }];

storage.set('inventory', inventory, function(err, results){
  if (err) throw err;
  console.log(results);
});
```

Retrieving data...

```javascript
var storage = cryptio;

storage.get('inventory', function(err, results){
  if (err) throw err;
  console.log(results);
});
```

### Storage option
Want to use a different storage engine like the HTML5 sessionStorage feature?

```javascript
var options = {
  storage: 'session',
};
```

Or some depreciated cookies? This is the least tested option

```javascript
var options = {
  storage: 'cookies',
};
```

### Extra security
While providing a transparent method of encryption for objects within
the client prevents the need for user interaction, in terms of security
in the event of a same-origin, dom rebinding attack coupled with a man-
in-the-middle scenario or a malicious browser add-on it would be more secure
to prompt the user for his/her passphrase.

Here is an example of user input for the passphrase.

```javascript
var pass = window.prompt("Please enter password...", "a custom password");

var options = {
  passphrase: pass
};

storage.set(options, 'inventory', inventory, function(err, results){
  if (err) throw err;
  console.log(results);
});

storage.get(options, 'inventory', function(err, results){
  if (err) throw err;
  console.log(results);
});

```

### For the paranoid
Here is a robust example of saving & retrieving data implementing a user
defined password based on their input while also using key stretching
techniques to further enhance the security of the key used as well as using
a tempoary storage option such as sessionStorage for the current authenticated
session.

Saving data (please keep in mind that a static value for the salt is not recommended)

```javascript
var pass = window.prompt("Enter password to protect saved data", "");

var options = {
  passphrase: sjcl.misc.pbkdf2(pass, "salt", 1000000, 256),
};

storage.set(options, 'inventory', inventory, function(err, results){
  if (err) throw err;
  console.log(results);
});

storage.get(options, 'inventory', function(err, results){
  if (err) throw err;
  console.log(results);
});

```

## Warning:
For the obligitory read regarding Javascript Encryption and the security
implications please read
'[NCC Group - Javascript Cryptography Considered Harmful](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/)'

## Requirements:
* [SJCL libraries (optional)](https://github.com/bitwiseshiftleft/sjcl)

## Installation:
Three methods are available for setup and use; using bower, cloning & manual

### Bower
To setup using bower

```sh
%> bower install crypt.io
```

### Clone
To setup using git

```sh
%> git clone --recursive https://github.com/jas-/crypt.io.git
```

### Manual
Copy the [crypt.io.min.js](https://github.com/jas-/crypt.io/blob/master/dist/crypt.io.min.js)
and the [sjcl](https://github.com/bitwiseshiftleft/sjcl) libraries to your web project
and include them like so.

```html
<script src="/path/to/sjcl.js"></script>
<script src="/path/to/crypt.io.min.js"></script>
```

## Support:
Found a bug? Want a feature added? General feedback or kudos? Please open
an issue so I can address it. Thanks!
  Files folder image Files  
File Role Description
Files folder imagedist (1 file)
Files folder imagetests (1 file)
Accessible without login Plain text file .gitmodules Data Auxiliary data
Accessible without login Plain text file .travis.yml Data Auxiliary data
Accessible without login Plain text file bower.json Data Auxiliary data
Accessible without login Plain text file crypt.io.js Class Class source
Accessible without login Plain text file LICENSE Data Auxiliary data
Accessible without login Plain text file README.md Doc. Auxiliary data

  Files folder image Files  /  dist  
File Role Description
  Accessible without login Plain text file crypt.io.min.js Class Class source

  Files folder image Files  /  tests  
File Role Description
  Accessible without login HTML file test.html Doc. Documentation

 Version Control Unique User Downloads Download Rankings  
 100%
Total:278
This week:7
All time:152
This week:4Up
 User Ratings  
 
 All time
Utility:66%StarStarStarStar
Consistency:66%StarStarStarStar
Documentation:58%StarStarStar
Examples:-
Tests:-
Videos:-
Overall:45%StarStarStar
Rank:44