Switch to libsodium

xt0rted · Sep 26, 2022 · c9dd926 · c9dd926
1 parent 533551b
commit c9dd926
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 65 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -35,12 +35,13 @@
     "@octokit/plugin-retry": "^3.0.9",
     "@octokit/plugin-throttling": "^4.1.0",
     "js-yaml": "^4.1.0",
-    "tweetsodium": "^0.0.5"
+    "libsodium-wrappers": "^0.7.10"
   },
   "devDependencies": {
     "@types/eslint": "^8.4.6",
     "@types/jest": "^28.1.7",
     "@types/js-yaml": "^4.0.5",
+    "@types/libsodium-wrappers": "^0.7.9",
     "@types/node": "^18.7.21",
     "@typescript-eslint/eslint-plugin": "^5.38.0",
     "@typescript-eslint/parser": "^5.38.0",

diff --git a/src/encrypt.ts b/src/encrypt.ts
@@ -1,10 +1,12 @@
-import tweetsodium from "tweetsodium"; // eslint-disable-line import/default
+import libsodium from "libsodium-wrappers";
 
-export function encrypt(publicKey: string, message: string) {
+export async function encrypt(publicKey: string, message: string): Promise<string> {
   const messageBytes = Buffer.from(message);
   const keyBytes = Buffer.from(publicKey, "base64");
+
+  await libsodium.ready;
 
-  const encryptedBytes = tweetsodium.seal(messageBytes, keyBytes);
+  const encryptedBytes = libsodium.crypto_box_seal(messageBytes, keyBytes);
 
   const encrypted = Buffer.from(encryptedBytes).toString("base64");
 

diff --git a/src/secrets.ts b/src/secrets.ts
@@ -31,7 +31,7 @@ export async function setOrDeleteSecret(environment: SecretEnvironment, owner: s
     owner,
     repo,
   });
-  const encryptedValue = encrypt(publicKey.key, value);
+  const encryptedValue = await encrypt(publicKey.key, value);
 
   await setSecret({
     environment,