1 files changed, 47 insertions, 0 deletions

diff --git a/components/crypto.rb b/components/crypto.rb
new file mode 100644
index 0000000..3f97f57
--- /dev/null
+++ b/components/crypto.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'singleton'
+require 'rbnacl'
+require 'base64'
+
+module NanoBot
+  module Components
+    class Crypto
+      include Singleton
+
+      def initialize
+        password = ENV.fetch('NANO_BOTS_ENCRYPTION_PASSWORD', nil)
+
+        password = 'UNSAFE' unless password && password != ''
+
+        @box = RbNaCl::SecretBox.new(RbNaCl::Hash.sha256(password))
+        @fixed_nonce = RbNaCl::Hash.sha256(password)[0...@box.nonce_bytes]
+      end
+
+      def encrypt(content, soft: false)
+        return content unless @box
+
+        nonce = soft ? @fixed_nonce : RbNaCl::Random.random_bytes(@box.nonce_bytes)
+        Base64.urlsafe_encode64(nonce + @box.encrypt(nonce, content))
+      end
+
+      def decrypt(content)
+        return content unless @box
+
+        decoded_content = Base64.urlsafe_decode64(content)
+        nonce = decoded_content[0...@box.nonce_bytes]
+        cipher_text = decoded_content[@box.nonce_bytes..]
+
+        @box.decrypt(nonce, cipher_text)
+      end
+
+      def self.encrypt(content, soft: false)
+        instance.encrypt(content, soft:)
+      end
+
+      def self.decrypt(content)
+        instance.decrypt(content)
+      end
+    end
+  end
+end