cookies icon indicating copy to clipboard operation
cookies copied to clipboard

Published 20 hours ago verified publisher icon pillarjs

encrypted cookies

Open jonathanong opened this issue 10 years ago • 4 comments

jonathanong avatar May 13 '14 01:05 jonathanong

thinking of the implementation.

  • if decryption fails (i.e. tampered), should it throw an error or just return null? or make it an option? i'd prefer throwing and unsetting, but people might not like that. returning null isn't bad, but people like me would want to know if funny business is going on, however unlikely
  • encryption uses different digest methods than keys. i'm thinking about removing the hmacAlgorithm option from keygrip and replace it with bit length, defaulting to 256 -> 'sha256' && 'aes256'. then add .encrypt() and .decrypt() methods for encryption. thoughts? @jed

jonathanong avatar May 16 '14 20:05 jonathanong

damn this shit is super convoluted now. i'm just going to rewrite this library ~_~

jonathanong avatar Jun 18 '14 09:06 jonathanong

I was also looking for this option and didn't find anything. I made a super-easy to use express middleware to achieve transparently cookie encryption / decryption: cookie-encrypter.

var app = express();
app.use(cookieParser(secretKey));
app.use(cookieEncrypter(secretKey));

Hope this helps

ebourmalo avatar Apr 21 '16 13:04 ebourmalo

@dougwilson What kind of help is still needed here? I saw in the keygrip conversation that you mentioned a PR (not sure which one) was merged back in 2015. How can I help?

hcldan avatar Jun 16 '22 18:06 hcldan