Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

encrypted cookies #42

Open
jonathanong opened this issue May 13, 2014 · 4 comments
Open

encrypted cookies #42

jonathanong opened this issue May 13, 2014 · 4 comments
Labels
enhancement help wanted

Comments

@jonathanong
Copy link
Member

No description provided.

@jonathanong
Copy link
Member Author

thinking of the implementation.

  • if decryption fails (i.e. tampered), should it throw an error or just return null? or make it an option? i'd prefer throwing and unsetting, but people might not like that. returning null isn't bad, but people like me would want to know if funny business is going on, however unlikely
  • encryption uses different digest methods than keys. i'm thinking about removing the hmacAlgorithm option from keygrip and replace it with bit length, defaulting to 256 -> 'sha256' && 'aes256'. then add .encrypt() and .decrypt() methods for encryption. thoughts? @jed

@jonathanong
Copy link
Member Author

damn this shit is super convoluted now. i'm just going to rewrite this library _

@Fishrock123 Fishrock123 added this to the 1.0.0 milestone Jun 19, 2014
@nburoojy nburoojy mentioned this issue Aug 30, 2014
Open
@ebourmalo
Copy link

ebourmalo commented Apr 21, 2016
edited

I was also looking for this option and didn't find anything. I made a super-easy to use express middleware to achieve transparently cookie encryption / decryption: cookie-encrypter.

var app = express();
app.use(cookieParser(secretKey));
app.use(cookieEncrypter(secretKey));

Hope this helps

@dougwilson dougwilson mentioned this issue Aug 6, 2020
Closed
@dougwilson dougwilson removed the 1.0.0 label Aug 6, 2020
@dougwilson dougwilson removed this from the 1.0.0 milestone Aug 6, 2020
@hcldan
Copy link

hcldan commented Jun 16, 2022

@dougwilson What kind of help is still needed here? I saw in the keygrip conversation that you mentioned a PR (not sure which one) was merged back in 2015. How can I help?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dougwilson @jonathanong @hcldan @Fishrock123 @ebourmalo