neptune-web-wallet/electron/utils/keystore.ts

import crypto from 'crypto'

export async function encrypt(seed: string, password: string) {
    const salt = crypto.randomBytes(16)
    const iv = crypto.randomBytes(12)

    // derive 32-byte key từ password
    const key = await new Promise<Buffer>((resolve, reject) => {
        crypto.scrypt(password, salt, 32, { N: 16384, r: 8, p: 1 }, (err, derivedKey) => {
            if (err) reject(err)
            else resolve(derivedKey as Buffer)
        })
    })

    const cipher = crypto.createCipheriv('aes-256-gcm', key, iv)
    const ciphertext = Buffer.concat([cipher.update(seed, 'utf8'), cipher.final()])
    const authTag = cipher.getAuthTag()

    const encryptedMnemonic = Buffer.concat([salt, iv, authTag, ciphertext]).toString('hex')

    const keystore = {
        type: 'neptune-wallet',
        encryption: 'aes-256-gcm',
        version: 1,
        wallet: {
            mnemonic: encryptedMnemonic,
        },
    }

    return JSON.stringify(keystore, null, 2)
}

export async function fromEncryptedJson(json: string, password: string) {
    const data = JSON.parse(json)
    const encrypted = Buffer.from(data.wallet.mnemonic, 'hex')

    const salt = encrypted.subarray(0, 16)
    const iv = encrypted.subarray(16, 28)
    const authTag = encrypted.subarray(28, 44)
    const ciphertext = encrypted.subarray(44)

    const key = await new Promise<Buffer>((resolve, reject) => {
        crypto.scrypt(password, salt, 32, { N: 16384, r: 8, p: 1 }, (err, derivedKey) => {
            if (err) reject(err)
            else resolve(derivedKey as Buffer)
        })
    })

    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv)
    decipher.setAuthTag(authTag)

    const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()])
    return decrypted.toString('utf8')
}
feat 051125/recover_wallet 2025-11-05 04:14:37 +07:00			`import crypto from 'crypto'`

			`export async function encrypt(seed: string, password: string) {`
			`const salt = crypto.randomBytes(16)`
			`const iv = crypto.randomBytes(12)`

			`// derive 32-byte key từ password`
			`const key = await new Promise<Buffer>((resolve, reject) => {`
			`crypto.scrypt(password, salt, 32, { N: 16384, r: 8, p: 1 }, (err, derivedKey) => {`
			`if (err) reject(err)`
			`else resolve(derivedKey as Buffer)`
			`})`
			`})`

			`const cipher = crypto.createCipheriv('aes-256-gcm', key, iv)`
			`const ciphertext = Buffer.concat([cipher.update(seed, 'utf8'), cipher.final()])`
			`const authTag = cipher.getAuthTag()`

			`const encryptedMnemonic = Buffer.concat([salt, iv, authTag, ciphertext]).toString('hex')`

			`const keystore = {`
			`type: 'neptune-wallet',`
			`encryption: 'aes-256-gcm',`
			`version: 1,`
			`wallet: {`
			`mnemonic: encryptedMnemonic,`
			`},`
			`}`

			`return JSON.stringify(keystore, null, 2)`
			`}`

			`export async function fromEncryptedJson(json: string, password: string) {`
			`const data = JSON.parse(json)`
			`const encrypted = Buffer.from(data.wallet.mnemonic, 'hex')`

			`const salt = encrypted.subarray(0, 16)`
			`const iv = encrypted.subarray(16, 28)`
			`const authTag = encrypted.subarray(28, 44)`
			`const ciphertext = encrypted.subarray(44)`

			`const key = await new Promise<Buffer>((resolve, reject) => {`
			`crypto.scrypt(password, salt, 32, { N: 16384, r: 8, p: 1 }, (err, derivedKey) => {`
			`if (err) reject(err)`
			`else resolve(derivedKey as Buffer)`
			`})`
			`})`

			`const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv)`
			`decipher.setAuthTag(authTag)`

			`const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()])`
			`return decrypted.toString('utf8')`
			`}`