secure-ls

secure-ls

Secure LocalStorage data with high level of encryption and data compression

Features


  • Secure data with various types of Encryption techniques including AES, DES, Rabbit and RC4 (defaults to Base64 encoding). Secret key, if not provided, is also secured and generated using PBKDF2 password key genration.

  • Compress data before storing it to localStorage to save extra bytes (defaults to true).

  • Advanced API wrapper over localStorage API, providing other basic utilities.

  • Save data in multiple keys inside localStorage and secure-ls will always remember it's creation.

Installation





Using npm

$ npm install secure-ls




Download Download Source

<script type="text/javascript" src="secure-ls/dist/secure-ls.min.js"></script>

Security

Encryption / Decryption using The Cipher Algorithms
  • It requires secret-key for encrypting and decrypting data securely. If custom secret-key is provided as mentioned below in APIs, then the library will pick that otherwise it will generate yet another very secure unique password key using PBKDF2, which will be further used for future API requests.


  • PBKDF2 is a password-based key derivation function. In many applications of cryptography, user security is ultimately dependent on a password, and because a password usually can't be used directly as a cryptographic key, some processing is required.


  • A salt provides a large set of keys for any given password, and an iteration count increases the cost of producing keys from a password, thereby also increasing the difficulty of attack.


Eg: 55e8f5585789191d350329b9ebcf2b11 and db51d35aad96610683d5a40a70b20c39.

  • For the genration of such strings, secretPhrase is being used and can be found in code easily but that won't make it unsecure, PBKDF2's layer on top of that will handle security.
Compresion / Decompression
  • Data compression / de compression is carried out using lz-string

API

Create an instance / reference before using.
var ls = new SecureLS();
Contructor accepts a configurable Object with all three keys being optional.
Config keys Default Accepts
encodingType Base64 base64 / aes / des / rabbit/rc4 /''
isCompression true true / false
encryptionSecret PBKDF2 value String
Note: encryptionSecret will only be used for the Encryption and Decryption of data with AES, DES, RC4, RABBIT, and the library will discard it if no encoding / Base64 encoding method is choosen.

Examples:

No config or empty Object i.e. Default Base64 Encoding and Data compression

var ls = new SecureLS();
// or
var ls = new SecureLS({});
No encoding No data compression i.e. Normal way of storing data

var ls = new SecureLS({
	encodingType: '',
	isCompression: false
});
Base64 encoding but no data compression

var ls = new SecureLS({
	isCompression: false
});
AES encryption and data compression

var ls = new SecureLS({
	encodingType: 'aes'
});
RC4 encryption and no data compression

var ls = new SecureLS({
	encodingType: 'rc4',
	isCompression: false
});
RABBIT encryption, no data compression and custom encryptionSecret

var ls = new SecureLS({
  encodingType: 'rc4',
  isCompression: false,
  encryptionSecret: 's3cr3t$@1'
});

Methods

set
Saves data in specifed key in localStorage. If the key is not provided, the library will warn. Following types of JavaScript objects are supported:
  • Array
  • ArrayBuffer
  • Blob
  • Float32Array
  • Float64Array
  • Int8Array
  • Int16Array
  • Int32Array
  • Number
  • Object
  • Uint8Array
  • Uint8ClampedArray
  • Uint16Array
  • Uint32Array
  • String
Parameter Description
key key to store data in
data data to be stored

ls.set('key-name', {
  test: 'secure-ls'
})
get
Gets data back from specified key from the localStorage library. If the key is not provided, the library will warn.
Parameter Description
key key in which data is stored
ls.get('key-name'})
remove
Removes the value of a key from the localStorage. If the meta key, which stores the list of keys, is tried to be removed even if there are other keys which were created by secure-ls library, the library will warn for the action.
Parameter Description
key remove key in which data is stored
ls.remove('key-name')
removeAll
Removes all the keys that were created by the secure-ls library, even the meta key.
ls.removeAll()
clear
Removes all the keys ever created for that particular domain. Remember localStorage works differently for http and https protocol;
ls.clear()
getAllKeys
Gets the list of keys that were created using the secure-ls library. Helpful when data needs to be retrieved for all the keys or when keys name are not known(dynamically created keys).
ls.getAllKeys()

Usage

Example 1: With default settings i.e. Base64 Encoding and Data Compression

var ls = new SecureLS();
// set key1
ls.set('key1', {data: 'test'});
ls.get('key1'); // print data
 > Output: {data: 'test'}
Example 2: With AES Encryption and Data Compression

var ls = new SecureLS({
  encodingType: 'aes'
});
// set key1
ls.set('key1', {data: 'test'});
// print data
ls.get('key1');
> Output: {data: 'test'}

// set another key
ls.set('key2', [1, 2, 3]);
// get all keys
ls.getAllKeys();
> Output: ["key1", "key2"]
// remove all keys
ls.removeAll();
Example 3: With RC4 Encryption but no Data Compression

var ls = new SecureLS({
  encodingType: 'rc4',
  isCompression: false
});
// set key1
ls.set('key1', {data: 'test'});
 // print data
ls.get('key1');
> Output: {data: 'test'}

// set another key
ls.set('key2', [1, 2, 3]);
// get all keys
ls.getAllKeys();
> Output: ["key1", "key2"]
// remove all keys
ls.removeAll();
Example 4: With DES Encryption, no Data Compression and custom secret key

var ls = new SecureLS({
  encodingType: 'des',
  isCompression: false,
  encryptionSecret: 'secret'
});
// set key1
ls.set('key1', {data: 'test'});
ls.get('key1'); // print data
> Output: {data: 'test'}

// set another key
ls.set('key2', [1, 2, 3]);
// get all keys
ls.getAllKeys();
> Output: ["key1", "key2"]
 // remove all keys
ls.removeAll();

Live Demo

Input
Encryption type
Compression
Custom Encyption Secret