B64

web/packages/base/crypto/ente-impl.ts

@@ -2,12 +2,21 @@
 import * as libsodium from "./libsodium";
 import type {
     DecryptBlobB64,
+    EncryptB64,
     EncryptBytes,
     EncryptedBlobB64,
     EncryptedBlobBytes,
     EncryptJSON,
 } from "./types";
 
+const EncryptB64ToBytes = async ({
+    dataB64,
+    keyB64,
+}: EncryptB64): Promise<EncryptBytes> => ({
+    data: await libsodium.fromB64(dataB64),
+    keyB64,
+});
+
 const EncryptedBlobBytesToB64 = async ({
     encryptedData,
     decryptionHeaderB64,
@@ -16,6 +25,9 @@ const EncryptedBlobBytesToB64 = async ({
     decryptionHeaderB64,
 });
 
+export const _encryptBoxB64 = (r: EncryptB64) =>
+    EncryptB64ToBytes(r).then((rb) => libsodium.encryptBox(rb));
+
 export const _encryptAssociatedData = libsodium.encryptBlob;
 
 export const _encryptThumbnail = _encryptAssociatedData;

web/packages/base/crypto/ente.ts

@@ -54,6 +54,7 @@ import * as ei from "./ente-impl";
 import type {
     DecryptBlobB64,
     DecryptBlobBytes,
+    EncryptB64,
     EncryptBytes,
     EncryptJSON,
 } from "./types";
@@ -71,6 +72,23 @@ const assertInWorker = <T>(x: T): T => {
     return x;
 };
 
+/**
+ * Encrypt arbitrary data using the given key and a randomly generated nonce.
+ *
+ * Use {@link decryptBoxB64} to decrypt the result.
+ *
+ * ee {@link encryptBox} for the implementation details.
+ *
+ * > The suffix "Box" comes from the fact that it uses the so called secretbox
+ * > APIs provided by libsodium under the hood.
+ * >
+ * > See: [Note: 3 forms of encryption (Box | Blob | Stream)]
+ */
+export const encryptBoxB64 = (r: EncryptB64) =>
+    inWorker()
+        ? ei._encryptBoxB64(r)
+        : sharedCryptoWorker().then((w) => w.encryptBoxB64(r));
+
 /**
  * Encrypt arbitrary data associated with an Ente object (file, collection,
  * entity) using the object's key.

web/packages/base/crypto/libsodium.ts

@@ -205,7 +205,7 @@ export async function fromHex(input: string) {
  *
  * 3.  Box returns a "nonce", while Blob returns a "header".
  */
-const encryptBox = async ({
+export const encryptBox = async ({
     data,
     keyB64,
 }: EncryptBytes): Promise<EncryptedBoxBytes> => {

web/packages/base/crypto/types.ts

@@ -1,5 +1,5 @@
 /**
- * An encryption request with the plaintext data as bytes.
+ * An encryption request with the data to encrypt provided as bytes.
  */
 export interface EncryptBytes {
     /**
@@ -13,9 +13,21 @@ export interface EncryptBytes {
 }
 
 /**
- * An encryption request with the plaintext data as a JSON value.
- *
- * This is a variant of {@link EncryptBytes}.
+ * A variant of {@link EncryptBytes} with the data as base64 encoded string.
+ */
+export interface EncryptB64 {
+    /**
+     * A base64 string containing the data to encrypt.
+     */
+    dataB64: string;
+    /**
+     * A base64 string containing the encryption key.
+     */
+    keyB64: string;
+}
+
+/**
+ * A variant of {@link EncryptBytes} with the data as a JSON value.
  */
 export interface EncryptJSON {
     /**

web/packages/base/crypto/worker.ts

@@ -12,6 +12,7 @@ import * as libsodium from "./libsodium";
  * Note: Keep these methods logic free. They are meant to be trivial proxies.
  */
 export class CryptoWorker {
+    encryptBoxB64 = ei._encryptBoxB64;
     encryptThumbnail = ei._encryptThumbnail;
     encryptMetadataJSON = ei._encryptMetadataJSON;
     decryptThumbnail = ei._decryptThumbnail;