{"componentChunkName":"component---src-pages-markdown-remark-fields-slug-js","path":"/engineering/using-pgp-encryption-with-nodejs/","result":{"data":{"markdownRemark":{"id":"92200a97-74be-5423-a4f1-a30f7eb0bea6","excerpt":"What is PGP? PGP (Pretty Good Privacy) is a cryptographic process used to encrypt and decrypt information. It combines concepts from symmetric and asymmetric…","html":"

What is PGP?

\n

PGP (Pretty Good Privacy) is a cryptographic process used to encrypt and decrypt information. It combines concepts from symmetric and asymmetric key encryption, maintaining some of the best security and usability aspects of both.

\n

One way PGP can be used is to protect the confidentiality of information. Once the information is encrypted, nobody will be able to decrypt it unless they have the right key. In practice, PGP is commonly used in sending and receiving emails, sharing information on the Dark Web, and others. This is because both on and off the Internet, there are ways to intercept information being sent, making encryption using PGP or similar critical.

\n

On a high-level the process between a sender and receiver looks like this:

\n
    \n
  1. The recipient generates public and private keys.
    2. \n
  2. The recipient sends its public key to the sender.
    3. \n
  3. The sender encrypts the message using the given public key.
    4. \n
  4. The sender sends the encrypted message to the recipient.
    5. \n
  5. The recipient decrypts the message using its private key.
    6. \n
\n

PGP Examples in Node.js

\n

Now, let's go over some examples in Node.js using the openpgp library.

\n\n

We'll go over some basic examples and show how to encrypt & decrypt large files using Node.js streams.

\n

First, set up your Node.js project and install openpgp.js:

\n
mkdir pgp-tutorial && cd pgp-tutorial && npm init\nnpm i openpgp --save
\n

Note: examples use openpgp v4.10.8

\n

Generating keys

\n

When generating private and public PGP keys with OpenPGP, you can define which curve to use in Elliptic-curve cryptography. In this example, we use Ed25519 for its performance and small key size. For the full list of curves, you can choose from, refer to OpenPGP.js docs.

\n

You also need to define a passphrase used to decrypt files and the private key. In practice, this should be a strong, randomized secret generated for a single-use.

\n
// generate-keys.js\nconst openpgp = require("openpgp");\n\ngenerate();\nasync function generate() {\n  const { privateKeyArmored, publicKeyArmored } = await openpgp.generateKey({\n    userIds: [{ name: "person", email: "person@somebody.com" }],\n    curve: "ed25519",\n    passphrase: "qwerty",\n  });\n  console.log(privateKeyArmored);\n  console.log(publicKeyArmored);\n}
\n

Running the above gives us our private key:

\n
-----BEGIN PGP PRIVATE KEY BLOCK-----\nVersion: OpenPGP.js v4.10.8\nComment: https://openpgpjs.org\n\nxYYEX6iKVxYJKwYBBAHaRw8BAQdANJ6JIXuMMZV3NIlwq0POS7xsF2N7+kAE\n7KQjAtfIuqj+CQMI4CUgW9jPsGPgJvQnnCWFf1s7lO/5+D5ZQ9JK25fUtmQo\nWyHX0Ja1ryOoFnvq7u+7fUC0+RAzt8S1xv3eDzazfgNuLtEmufwMyR6wMi78\nKc0ccGVyc29uIDxwZXJzb25Ac29tZWJvZHkuY29tPsKPBBAWCgAgBQJfqIpX\nBgsJBwgDAgQVCAoCBBYCAQACGQECGwMCHgEAIQkQVrbGpNEnCPUWIQQb8YRJ\nhw7DjekU68lWtsak0ScI9UM7AQDv4YRbIdU2ErPf8MobreeLiXXjYZ6fas8E\nzW0KoTZWEQD+NHDY2YYByMF1mWusPkdPDpyBzqMJrlMeihMzZ+PE8AfHiwRf\nqIpXEgorBgEEAZdVAQUBAQdARY37/Vys4Sj6DvwN6TRjxrIqiMIngxQgvOb6\nwi+tQzEDAQgH/gkDCJ2xNZ1OXxv94E8fTLQ3gYHFQuebn/PSijD8CqlvHNB/\n/Z9sIxSFt7rzorW+9v6Awfe+pQwXW5iEyJkdiGu3BM91GMwMvMmZ+rBNlBvq\niX7CeAQYFggACQUCX6iKVwIbDAAhCRBWtsak0ScI9RYhBBvxhEmHDsON6RTr\nyVa2xqTRJwj17W0BAI5MuCWHrqjSRcdjLTwxa++jYv+Yxq4tODj8oh27T86v\nAQCfb3lij9JGlIMNDQgceeougl+Lw4Gb0kQCnsNQRggTDw==\n=yzT4\n-----END PGP PRIVATE KEY BLOCK-----
\n

And the public key:

\n
-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: OpenPGP.js v4.10.8\nComment: https://openpgpjs.org\n\nxjMEX6iKVxYJKwYBBAHaRw8BAQdANJ6JIXuMMZV3NIlwq0POS7xsF2N7+kAE\n7KQjAtfIuqjNHHBlcnNvbiA8cGVyc29uQHNvbWVib2R5LmNvbT7CjwQQFgoA\nIAUCX6iKVwYLCQcIAwIEFQgKAgQWAgEAAhkBAhsDAh4BACEJEFa2xqTRJwj1\nFiEEG/GESYcOw43pFOvJVrbGpNEnCPVDOwEA7+GEWyHVNhKz3/DKG63ni4l1\n42Gen2rPBM1tCqE2VhEA/jRw2NmGAcjBdZlrrD5HTw6cgc6jCa5THooTM2fj\nxPAHzjgEX6iKVxIKKwYBBAGXVQEFAQEHQEWN+/1crOEo+g78Dek0Y8ayKojC\nJ4MUILzm+sIvrUMxAwEIB8J4BBgWCAAJBQJfqIpXAhsMACEJEFa2xqTRJwj1\nFiEEG/GESYcOw43pFOvJVrbGpNEnCPXtbQEAjky4JYeuqNJFx2MtPDFr76Ni\n/5jGri04OPyiHbtPzq8BAJ9veWKP0kaUgw0NCBx56i6CX4vDgZvSRAKew1BG\nCBMP\n=C6S6\n-----END PGP PUBLIC KEY BLOCK-----
\n

File Encryption

\n

Now we can start encrypting information.

\n

Create a text file:

\n
echo 'This file contains secret information' > secrets.txt
\n

Here, we act as the sender who received a public key from the intended recipient. We use their public key to encrypt the confidential information:

\n
// encrypt-file.js\nconst openpgp = require("openpgp");\nconst fs = require("fs");\n\nconst publicKeyArmored = <PUBLIC KEY GIVEN BY RECIPIENT>\n\nencrypt();\nasync function encrypt() {\n  const plainData = fs.readFileSync("secrets.txt");\n  const encrypted = await openpgp.encrypt({\n    message: openpgp.message.fromText(plainData),\n    publicKeys: (await openpgp.key.readArmored(publicKeyArmored)).keys,\n  });\n\n  fs.writeFileSync("encrypted-secrets.txt", encrypted.data);\n}
\n

In the newly created encrypted-secrets.txt file, we have the contents encrypted like so:

\n
-----BEGIN PGP MESSAGE-----\nVersion: OpenPGP.js v4.10.8\nComment: https://openpgpjs.org\n\nwV4DUsPKVnc3UHMSAQdAey4TJiEOrZQIrx6q2zBLgmPkbnhPMt1WR+jCWX5x\nGn8wEim8W4OhDVMwfhtgVIClBCGPhvdeZ1zvVUAJGDdl8+S+DUynKhPNcN8m\nKb9TRGYs0sAlAaXcTChBHSS5kDHV/8Hgjcn0OIs6v2mbCkz/bHs/shwf8WMI\nov711iEkgcXnXIX+ZDGyDFnAKftoygzAf0aZy82g7ejAD9SX13wNmO6TK8Gw\nwr9Xj8F6XBV0yHvdsm2uzRY9W03tTSqAf0anEs+ZWyVR/ha9ddnZJPFKtUbC\nBEF4AMavsIN0CcqpA4q69I3E6GEtkAzgBWfJOOO8mQsNQ1vJWcJocinryBE6\nKbhznoe+R69qmUaJXPpe5scF6tfCYuQtPz4uhOljT+OUP6qss5Nz4zBs4JLq\nnUlyynLLSSgdVr4Hvg==\n=5tyF\n-----END PGP MESSAGE-----
\n

Now, as the sender, we can send the encrypted file to the recipient.

\n

File Decryption

\n

Here, we act as the reciever. To decrypt the encrypted-secrets.txt file, we use our private key and passphrase:

\n
// decrypt-file.js\nconst openpgp = require("openpgp");\nconst fs = require("fs");\n\nconst privateKeyArmored = <PRIVATE KEY>\nconst passphrase = <PASS PHRASE>;\n\ndecrypt();\nasync function decrypt() {\n  const privateKey = (await openpgp.key.readArmored([privateKeyArmored])).keys[0];\n  await privateKey.decrypt(passphrase);\n\n  const encryptedData = fs.readFileSync("encrypted-secrets.txt");\n  const decrypted = await openpgp.decrypt({\n    message: await openpgp.message.readArmored(encryptedData),\n    privateKeys: [privateKey],\n  });\n\n  console.log(decrypted.data);\n}
\n

Which logs the decrypted file contents:

\n
This file contains secret information.
\n

Using Streams for Large Files

\n

If you plan on encrypting or decrypting large files, you won't be able to fit the entire file contents in memory. In this case, you can use Node.js streams.

\n

Here, we encrypt a large file called dataset-1mill.json using streams:

\n
encrypt();\nasync function encrypt() {\n  const encrypted = await openpgp.encrypt({\n    message: openpgp.message.fromText(fs.createReadStream("dataset-1mill.json")),\n    publicKeys: (await openpgp.key.readArmored(publicKeyArmored)).keys,\n  });\n\n  let readStream = encrypted.data;\n  let writeStream = fs.createWriteStream("encrypted-dataset.txt", { flags: "a" });\n  readStream.pipe(writeStream);\n  readStream.on("end", () => console.log("done!"));\n}
\n

And then, we decrypt the newly created encrypted-dataset.txt using streams:

\n\n
openpgp.config.allow_unauthenticated_stream = true;\n\ndecrypt();\nasync function decrypt() {\n  const privateKey = (await openpgp.key.readArmored([privateKeyArmored])).keys[0];\n  await privateKey.decrypt(passphrase);\n\n  const decrypted = await openpgp.decrypt({\n    message: await openpgp.message.readArmored(fs.createReadStream("encrypted-dataset.txt")),\n    privateKeys: [privateKey],\n  });\n\n  let readStream = decrypted.data;\n  let writeStream = fs.createWriteStream("decrypted-dataset.json", { flags: "a" });\n  readStream.pipe(writeStream);\n  readStream.on("end", () => console.log("done!"));\n}
\n

Now, decrypted-dataset.json will have the same contents as our original dataset-1mill.json file.

\n","headings":[{"value":"What is PGP?","depth":2},{"value":"PGP Examples in Node.js","depth":2},{"value":"Generating keys","depth":3},{"value":"File Encryption","depth":3},{"value":"File Decryption","depth":3},{"value":"Using Streams for Large Files","depth":3}],"fields":{"slug":"/engineering/using-pgp-encryption-with-nodejs/"},"frontmatter":{"metatitle":null,"metadescription":null,"description":"Starter guide on Pretty Good Privacy(PGP) with Nodejs. PGP, a cryptographic process used to encrypt and decrypt information.","title":"Using PGP Encryption with Nodejs","canonical":null,"date":"November 10, 2020","updated_date":null,"tags":["Security","NodeJs","Encryption"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7699115044247788,"src":"/static/a427e4132564cc095bcc9015faa67da4/03979/cover.png","srcSet":"/static/a427e4132564cc095bcc9015faa67da4/f5f11/cover.png 200w,\n/static/a427e4132564cc095bcc9015faa67da4/6d133/cover.png 400w,\n/static/a427e4132564cc095bcc9015faa67da4/03979/cover.png 800w,\n/static/a427e4132564cc095bcc9015faa67da4/9d953/cover.png 1080w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Andy Yeung","github":null,"bio":"Software Developer at LoginRadius with an interest in big data and basketball..","avatar":null}}}},"pageContext":{"id":"92200a97-74be-5423-a4f1-a30f7eb0bea6","fields__slug":"/engineering/using-pgp-encryption-with-nodejs/","__params":{"fields__slug":"engineering"}}},"staticQueryHashes":["1171199041","1384082988","1711371485","1753898100","2100481360","229320306","23180105","528864852"]}