fro.profesional
fro.profesional5mo ago

How to encrypt and decrypt files from S3 without loading the hole content into memory?

How to encrypt and decrypt files from S3 without loading the hole content into memory? I have this basic example (example in comments), I wonder is some of this can be used.
3 Replies
fro.profesional
fro.profesional5mo ago
// Encrypts data using AES-GCM
async function encryptData(data: string, key: CryptoKey) {
  const encoder = new TextEncoder();
  const iv = crypto.getRandomValues(new Uint8Array(12)); // Initialization Vector
  const encrypted = await crypto.subtle.encrypt(
    {
      name: "AES-GCM",
      iv: iv,
    },
    key,
    encoder.encode(data),
  );

  return { encrypted, iv };
}

// Decrypts data using AES-GCM
async function decryptData(
  encrypted: ArrayBuffer,
  iv: Uint8Array,
  key: CryptoKey,
) {
  const decrypted = await crypto.subtle.decrypt(
    {
      name: "AES-GCM",
      iv: iv,
    },
    key,
    encrypted,
  );

  const decoder = new TextDecoder();
  return decoder.decode(decrypted);
}

async function generateKeyString(): Promise<string> {
  try {
    const key = await crypto.subtle.generateKey(
      {
        name: "AES-GCM",
        length: 256,
      },
      true,
      ["encrypt", "decrypt"],
    );

    const exportedKey = await crypto.subtle.exportKey("jwk", key);
    return JSON.stringify(exportedKey);
  } catch (error) {
    console.error("Error generating key:", error);
    return "";
  }
}

async function generateKeyFromString(
  keyString: string,
): Promise<CryptoKey> {
  const keyData = JSON.parse(keyString);
  const key = await crypto.subtle.importKey(
    "jwk",
    keyData,
    { name: "AES-GCM", length: 256 },
    true,
    ["encrypt", "decrypt"],
  );
  return key;
}

// Example usage
async function example() {
  const keyString = await generateKeyString();
  const cryptoKey = await generateKeyFromString(keyString)!;

  const stringToEncrypt = "Hello, world!";

  const {
    // Save the encrypted data and the IV to DB
    encrypted,
    iv,
  } = await encryptData(stringToEncrypt, cryptoKey);

  const decryptedMessage = await decryptData(encrypted, iv, cryptoKey);

  console.log("Original:", stringToEncrypt);
  console.log("Encrypted:", encrypted);
  console.log("Decrypted:", decryptedMessage);
}

example();
// Encrypts data using AES-GCM
async function encryptData(data: string, key: CryptoKey) {
  const encoder = new TextEncoder();
  const iv = crypto.getRandomValues(new Uint8Array(12)); // Initialization Vector
  const encrypted = await crypto.subtle.encrypt(
    {
      name: "AES-GCM",
      iv: iv,
    },
    key,
    encoder.encode(data),
  );

  return { encrypted, iv };
}

// Decrypts data using AES-GCM
async function decryptData(
  encrypted: ArrayBuffer,
  iv: Uint8Array,
  key: CryptoKey,
) {
  const decrypted = await crypto.subtle.decrypt(
    {
      name: "AES-GCM",
      iv: iv,
    },
    key,
    encrypted,
  );

  const decoder = new TextDecoder();
  return decoder.decode(decrypted);
}

async function generateKeyString(): Promise<string> {
  try {
    const key = await crypto.subtle.generateKey(
      {
        name: "AES-GCM",
        length: 256,
      },
      true,
      ["encrypt", "decrypt"],
    );

    const exportedKey = await crypto.subtle.exportKey("jwk", key);
    return JSON.stringify(exportedKey);
  } catch (error) {
    console.error("Error generating key:", error);
    return "";
  }
}

async function generateKeyFromString(
  keyString: string,
): Promise<CryptoKey> {
  const keyData = JSON.parse(keyString);
  const key = await crypto.subtle.importKey(
    "jwk",
    keyData,
    { name: "AES-GCM", length: 256 },
    true,
    ["encrypt", "decrypt"],
  );
  return key;
}

// Example usage
async function example() {
  const keyString = await generateKeyString();
  const cryptoKey = await generateKeyFromString(keyString)!;

  const stringToEncrypt = "Hello, world!";

  const {
    // Save the encrypted data and the IV to DB
    encrypted,
    iv,
  } = await encryptData(stringToEncrypt, cryptoKey);

  const decryptedMessage = await decryptData(encrypted, iv, cryptoKey);

  console.log("Original:", stringToEncrypt);
  console.log("Encrypted:", encrypted);
  console.log("Decrypted:", decryptedMessage);
}

example();
Deno AI Helper
Deno AI Helper5mo ago
I wasn't able to find the answer to your question in the official Deno documentation. However, based on your message, I can provide some general advice. When dealing with large files and trying to avoid loading the entire content into memory, you would typically use streams. Streams allow you to process data incrementally as it is being read or written, which is ideal for handling large files. In Deno, you can use the reader and writer interfaces along with the copy function from the std/streams module to work with streams. If you have an example in the comments, please ensure that it uses streaming methods to read from and write to S3. Please note that this advice is not based on the Deno documentation, and I would advise you to double-check the accuracy of this advice. If you're using a third-party library for S3 interactions, make sure to consult the library's documentation for streaming support.
Helpful Links: Hashing - Deno by Example Backups | Deno Docs Deno Docs Hex and Base64 Encoding - Deno by Example
pyrote
pyrote5mo ago
The Web Crypto API that Deno uses has no support for streams so I don't think its possible with the basic crypto.subtle. You could break the data into chunks and encrypt each chunk separately but then you are basically creating your own file format that only your code understands. Chunking can also potentially weaken the encryption if you don't handle IV generation and auth tags properly. I would look for a encryption library that can handle streams. Node's crypto module has support for ReadStreams so maybe Deno's Node compatibility is far enough along that it supports streams.
More Posts
Worksapces / Monorepo supportDeno does not currently have the capability to resolve `workspace:^` references and this breaks any Deno Oak : Can't connect to SSE with Deno DeployHello, I'm trying to deploy an app who use Server Sent Events. The goal is to keep in memory differeError connecting to mongoose when using deno cli**deno-x86_64-pc-windows-msvc v1.41.1** Testing the following code using `nodejs` and on `deno deplHow to debug deno on Visual Studio? (Not VSCode)Is it possible to debug deno on Visual Studio? (not vscode) I only know how to debug it using windoHow to polyfill node imports when bundling with the deno version of esbuild?Hello, I am trying to run esbuild using https://deno.land/x/esbuild to bundle a Deno project into aforward stream response from openapi to frontendforward stream openapi by using deno backend as a middleware, how to receive and send stream to fronShould deno install work with jsr?What am I doing wrong? When I try to install a CLI from jsr.io and then use it, I get an error messaImport-IntelliSense with Fresh and VSCode doesn't work as expectedHey. I'm fairly new to Deno and Fresh so I assume I'm simply missing something. I've created a Fresh