(
sodium: ISodium,
password: string,
salt?: string
)
| 34 | |
| 35 | export default class KeyUtils { |
| 36 | static deriveKey( |
| 37 | sodium: ISodium, |
| 38 | password: string, |
| 39 | salt?: string |
| 40 | ): EncryptionKey { |
| 41 | let saltBytes: Uint8Array; |
| 42 | if (!salt) |
| 43 | saltBytes = sodium.randombytes_buf(sodium.crypto_pwhash_SALTBYTES); |
| 44 | else { |
| 45 | saltBytes = sodium.from_base64(salt); |
| 46 | } |
| 47 | |
| 48 | if (!saltBytes) |
| 49 | throw new Error("Could not generate bytes from the given salt."); |
| 50 | |
| 51 | const key = sodium.crypto_pwhash( |
| 52 | sodium.crypto_aead_xchacha20poly1305_ietf_KEYBYTES, |
| 53 | password, |
| 54 | saltBytes, |
| 55 | 3, // operations limit |
| 56 | 1024 * 1024 * 8, // memory limit (8MB) |
| 57 | sodium.crypto_pwhash_ALG_ARGON2I13 |
| 58 | ); |
| 59 | |
| 60 | return { |
| 61 | key, |
| 62 | salt: typeof salt === "string" ? salt : sodium.to_base64(saltBytes) |
| 63 | }; |
| 64 | } |
| 65 | |
| 66 | static deriveKeyPair(sodium: ISodium): EncryptionKeyPair { |
| 67 | const keypair = sodium.crypto_box_keypair(); |
no test coverage detected