aes-256-gcm with scrypt

const crypto = require("crypto"); function encrypt(plainTextBuffer, key, iv) { const cipher = crypto.createCipheriv("aes-256-gcm", key, iv); return { encrypted: Buffer.concat([cipher.update(plainTextBuffer), cipher.final()]), authTag: cipher.getAuthTag(), iv, }; } function decrypt(encrypted, key, iv, authTag) { const decipher = crypto .createDecipheriv("aes-256-gcm", key, iv) .setAuthTag(authTag); return Buffer.concat([decipher.update(encrypted), decipher.final()]); } function walletDataEncrypt(text, walletPassword) { const plainTextBuffer = Buffer.from(text.toString("hex")); const salt = crypto.randomBytes(32); // Create an encryption key from password, ensuring it is 32 bytes long - AES-256 needs a 256 bit (32 byte) key const KEY = crypto.scryptSync(walletPassword, salt, 32, { N: 1024 }); const IV = crypto.randomBytes(12); // 96 bits as per NIST SP 800-38D const { encrypted, authTag } = encrypt(plainTextBuffer, KEY, IV); return `${IV.toString("hex")}:${authTag.toString("hex")}:${salt.toString( "hex" )}:${encrypted.toString("hex")}`; } function walletDataDecrypt(text, walletPassword) { const splitText = text.split(":"); const IV = splitText[0]; const authTag = splitText[1]; const salt = splitText[2]; const encrypted = splitText[3]; const KEY = crypto.scryptSync(walletPassword, Buffer.from(salt, "hex"), 32, { N: 1024, }); const decrypted = decrypt( Buffer.from(encrypted, "hex"), KEY, Buffer.from(IV, "hex"), Buffer.from(authTag, "hex") ); return decrypted.toString(); } // TESTS const exampleToEncrypt = { mnemonic: "absorb grape swift champ yarn dull bill sunny oslo bumpy shine denial slid excise rescue react his soothe soften verb harp queen yeah nadir loan ideal patron thing splash alpine yogurt famous stage stool", hexseed: "010600dc926efe441f16ddb09bf1fcc603a4cb64a2b57b1a6a7cffce8f1f654ae2fe592f80a6dfa05e32d28071fec4cad41d74", address: "Q010600beb663d164df6a4d984155df86ba2a938d5a57a364033a39e34ae47ec642d8f3ee900e08" }; const exampleToDecrypt = { mnemonic: "afe4ce11a209c40d38781ecc02674ac8:2796f17931d73c40a62160021976a8bc:5d60d9b7d3c06a307c8d7e2c9e0c2d6cbdd876b09c615178dc86e1f66cdb8c9d:2feffdfe0ea6518701bc1cf68bdd0a75b32778ca7e86c1046560221250406c65a24fe667b06d2db78d9715481aba58cc7767b8e7c008493bc7eb0256c0842d8470182627b3b7da529ae581eae3f525691b446dcb1d3ccd820f76f335bc28ebe74a61baab69dc92138b4ab50d6cf834bee0857c10d15e21422a679f242762e5e0c2317dee0e90f1ead38adb13a2d48b1956592d30c0c3b187078c2c265378c326aac60651187c357eef9568b11b5acbc2d5e9824596e2f88a304d4a1e4fa228d3bc790af66e28e55c0370f1900c3b", hexseed: "2fbef6015fbde0d12cc64edca501d3b3:56d41a5d783cd9263bf153c1f2cd8ee4:884a7e403997bba66879e80ecd20d77e9d8fd1d7081001f84b977cbd20ce3e7b:7391c3167e969a87bda5d45946c2569506101e6794fc8413eb7c332a6df5e7bbade9e4fd283150ed1173745d79ffea852c7d2046644571bf129d4f2889824372e5b02e2c5e360e9da6bece37245d06b125f277b3af00e4746532fc1ce7031a4157b1f0629342", address: "87b448183d0924b7fcb4e5643097400f:79652dc221037d2a78198019defce625:bc36990b72b6a4e2127f57fab00bf03601bdd2ea7045a80ddbd883dee63a0a71:ef416f256fc4ab5a6da0a421e8cb26b7f81c99a4fea2f22384f679a93a03bf4f51bef137c2d9b6f9119bee9556f889c5923ae9e0dc05ec960c04a642b1c6fbd6f6bc87624bd1572e73f8324f227502" }; const password = "My Secret Password"; const encryptedMnemonic = walletDataEncrypt(exampleToEncrypt.mnemonic, password); const encryptedHexseed = walletDataEncrypt(exampleToEncrypt.hexseed, password); const encryptedAddress = walletDataEncrypt(exampleToEncrypt.address, password); console.log("Encrypted wallet details:"); console.log({ encryptedMnemonic, encryptedHexseed, encryptedAddress }); const decryptedWalletMnemonic = walletDataDecrypt(encryptedMnemonic, password); const decryptedWalletHexseed = walletDataDecrypt(encryptedHexseed, password); const decryptedWalletAddress = walletDataDecrypt(encryptedAddress, password); console.log("Full circle decrypted wallet details:"); console.log({ decryptedWalletMnemonic, decryptedWalletHexseed, decryptedWalletAddress }); const decryptedExampleMnemonic = walletDataDecrypt(exampleToDecrypt.mnemonic, password); const decryptedExampleHexseed = walletDataDecrypt(exampleToDecrypt.hexseed, password); const decryptedExampleAddress = walletDataDecrypt(exampleToDecrypt.address, password); console.log("Decrypted example:"); console.log({ decryptedExampleMnemonic, decryptedWalletHexseed, decryptedWalletAddress });