Encrypts a plaintext string with AES-256-GCM for session storage.
(plaintext: string)
| 186 | |
| 187 | /** Encrypts a plaintext string with AES-256-GCM for session storage. */ |
| 188 | encrypt(plaintext: string): string { |
| 189 | const iv = randomBytes(12); |
| 190 | const cipher = createCipheriv("aes-256-gcm", this.key, iv); |
| 191 | const ciphertext = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]); |
| 192 | const tag = cipher.getAuthTag(); |
| 193 | // Layout: iv(12) | tag(16) | ciphertext |
| 194 | return Buffer.concat([iv, tag, ciphertext]).toString("base64url"); |
| 195 | } |
| 196 | |
| 197 | /** Decrypts a value produced by {@link encrypt}. Returns null on failure. */ |
| 198 | decrypt(encoded: string): string | null { |
no test coverage detected