Cryptographic primitives for JavaScript.
npm i bare-crypto
const crypto = require('bare-crypto')
const hash = crypto.createHash('sha256')
hash.update('Hello, world!')
const digest = hash.digest('hex')
console.log(digest)
const hash = createHash(algorithm[, options])Create a new Hash instance with the specified algorithm and options. The options are passed to new Transform().
const hmac = createHmac(algorithm, key[, options])Create a new Hmac instance with the specified algorithm, key, and options. The options are passed to new Transform().
const cipher = createCipheriv(algorithm, key, iv[, options])Create a new Cipheriv instance using the specified algorithm, key, and initialization vector (iv). The options are passed to new Transform().
const decipher = createDecipheriv(algorithm, key, iv[, options])Create a new Decipheriv instance using the specified algorithm, key, and initialization vector (iv). The options are passed to new Transform().
const buffer = randomBytes(size)Generate cryptographically secure random bytes.
randomBytes(size, callback)Generate cryptographically secure random bytes. The callback signature is callback(err, buffer).
buffer = randomFill(buffer[, offset][, size])Fill a buffer with cryptographically secure random bytes.
randomFill(buffer[, offset][, size], callback)Fill a buffer with cryptographically secure random bytes. The callback signature is callback(err, buffer)
const buffer = pbkdf2(password, salt, iterations, keylen, digest)Derive a key from a password and salt using the specified digest algorithm and number of iterations.
pbkdf2(password, salt, iterations, keylen, digest, callback)Derive a key from a password and salt using the specified digest algorithm and number of iterations. The callback signature is callback(err, buffer).
constants.hashThe supported hash algorithms.
| Constant | Description |
|---|---|
MD5 | A widely-used 128-bit hash function, now considered insecure due to vulnerabilities to collision attacks. Still fast but not recommended for security-sensitive purposes. |
SHA1 | A 160-bit hash function, stronger than MD5 but also broken by collision attacks. Deprecated for most cryptographic uses due to security vulnerabilities. |
SHA256 | Part of the SHA-2 family, this 256-bit hash function is widely used and considered secure for most applications. Slower than MD5 and SHA1 but much more secure. |
SHA512 | Another member of the SHA-2 family, this 512-bit hash function offers greater security than SHA256 but is slower and produces larger hashes. Suitable for high-security environments. |
BLAKE2B256 | A fast, secure alternative to SHA-2 designed for efficiency, producing a 256-bit hash. It is optimized for performance while maintaining strong cryptographic security. |
constants.cipherThe supported symmetric cipher algorithms.
| Constant | Description |
|---|---|
AES128ECB | AES with a 128-bit key in ECB (Electronic Codebook) mode. Fast but insecure due to deterministic encryption of identical plaintext blocks. Not recommended. |
AES128CBC | AES with a 128-bit key in CBC (Cipher Block Chaining) mode. Provides better security than ECB by chaining blocks, but requires an IV and is slower. |
AES128CTR | AES with a 128-bit key in CTR (Counter) mode. A secure and parallelizable mode that turns a block cipher into a stream cipher. Requires a nonce/IV. |
AES128OFB | AES with a 128-bit key in OFB (Output Feedback) mode. Converts AES into a stream cipher; less common than CTR and more sensitive to IV reuse. |
AES256ECB | AES with a 256-bit key in ECB mode. Inherits the weaknesses of ECB; not suitable for encrypting more than a block at a time securely. |
AES256CBC | AES with a 256-bit key in CBC mode. Commonly used and reasonably secure with proper IV and padding management. |
AES256CTR | AES with a 256-bit key in CTR mode. Offers high performance and strong security if nonces are never reused. |
AES256OFB | AES with a 256-bit key in OFB mode. Like CTR, it turns AES into a stream cipher but with different feedback mechanics; less commonly used. |
AES128GCM | AES with a 128-bit key in GCM (Galois/Counter Mode). Provides authenticated encryption with associated data (AEAD). Fast and secure with proper nonce usage. |
AES256GCM | AES with a 256-bit key in GCM mode. Offers strong authenticated encryption; commonly used in TLS and secure messaging. |
CHACHA20POLY1305 | A modern AEAD cipher combining the ChaCha20 stream cipher and Poly1305 MAC. Fast and secure, especially efficient on devices without AES hardware support. |
XCHACHA20POLY1305 | An extended variant of ChaCha20-Poly1305 that supports longer nonces (192-bit). Improves nonce reuse resistance and is easier to use safely. |
Apache-2.0