DEV Community: LHJ Piper

Unlocking Easy Encryption with `easy-cipher-mate`: A Developer's Dream Come True

LHJ Piper — Sun, 02 Mar 2025 05:23:23 +0000

In a world where data breaches make headlines daily, securing sensitive information is no longer optional—it's a necessity. Yet, for many developers, encryption feels like a daunting maze. JavaScript encryption libraries often come with steep learning curves: picking the right algorithm, managing keys securely, handling initialization vectors, and avoiding rookie mistakes that could expose your data. And what about those times when you just need a quick, reliable way to encrypt a file without writing a single line of code? The command-line tools out there are either too complex or nonexistent for simple tasks.

Say goodbye to those headaches. Meet easy-cipher-mate, a game-changing library and CLI tool that brings encryption to your fingertips—whether you're coding in Node.js, working in the browser, or just need a fast terminal command. With robust algorithms like AES-GCM and ChaCha20-Poly1305, it simplifies secure text and file encryption while offering a seamless experience for both beginners and seasoned pros. Let’s dive into how this tool can transform your workflow, with real-world examples and a peek under the hood for the geeks among us.

What is `easy-cipher-mate`?

easy-cipher-mate is a versatile encryption powerhouse designed to make security accessible. Here’s what it offers:

Multiple Algorithms: Choose AES-GCM for trusted symmetric encryption or ChaCha20-Poly1305 for high-performance scenarios.
Text and File Encryption: Secure strings in your app or entire files on disk.
CLI Convenience: Encrypt and decrypt files directly from the command line—no coding required.
Multi-Language Support: Handle different text encodings for global applications.
Flexible Configuration: Set up encryption via code, environment variables, or JSON files.

Whether you're safeguarding user data in a web app or locking down sensitive config files, this tool has you covered.

Installing `easy-cipher-mate`

If you’re new to this, don’t worry—installation is a breeze. Open your terminal and run:

npm install easy-cipher-mate

Or, if you prefer Yarn:

yarn add easy-cipher-mate

That’s it! You’re ready to start securing your data.

Solving Real Problems with the CLI

Imagine you’re a system administrator tasked with securing a secrets.json file containing API keys. Writing a custom script feels like overkill, and you need it done now. With easy-cipher-mate’s CLI, it’s a one-liner.

Encrypting a File

Run this command:

easy-cipher-mate encrypt-file -i secrets.json -o secrets.json.encrypted -p "my-super-secret" -a aes-gcm

-i: Input file (secrets.json).
-o: Output file (secrets.json.encrypted).
-p: Your password.
-a: Algorithm (defaults to aes-gcm).

Boom! Your file is encrypted with AES-GCM, safe from prying eyes.

Decrypting a File

Later, when you need access:

easy-cipher-mate decrypt-file -i secrets.json.encrypted -o secrets.json.decrypted -p "my-super-secret" -a aes-gcm

The original file is back, decrypted and ready to use.

Encrypting Logs Line by Line

Now, suppose you’re a developer managing a log file (app.log) where each line is a sensitive event. Encrypting the whole file might not suit your needs—you want to secure each line individually for easier processing later. Here’s how:

easy-cipher-mate encrypt-text-file -f app.log -p "logpassword123" -a aes-gcm -e utf-8

-f: File to encrypt.
-e: Text encoding (e.g., utf-8 for standard text).

Each non-empty line is encrypted independently and saved in place as base64-encoded text. To decrypt:

easy-cipher-mate decrypt-text-file -f app.log -p "logpassword123" -a aes-gcm -e utf-8

Your logs are back to readable text, line by line. This is perfect for automated scripts or incremental log processing.

Powering Your Code with the API

For developers building applications, easy-cipher-mate shines with its intuitive API. Let’s explore some practical scenarios.

Securing User Input

You’re building a chat app, and you need to encrypt messages before storing them. Here’s how to encrypt a user’s message:

import { AESGCMEncryption, AESGCMEncryptionConfigFromEnv, EncryptionService } from 'easy-cipher-mate';

const algo = new AESGCMEncryption();
const config = new AESGCMEncryptionConfigFromEnv('chatsecret123');
const service = new EncryptionService(algo, config);

async function encryptMessage() {
  const message = "Hey, let's meet at 5 PM!";
  const encrypted = await service.encryptText(message);
  console.log('Encrypted:', encrypted.data);
  return encrypted.data;
}

To decrypt it later:

async function decryptMessage(encryptedData: ArrayBuffer) {
  const decrypted = await service.decryptText(encryptedData);
  console.log('Decrypted:', decrypted); // "Hey, let's meet at 5 PM!"
}

Simple, secure, and ready to integrate into your app.

Protecting a PDF Invoice

Say you’re generating invoices as PDFs and need to encrypt them before emailing. Here’s the code:

import { readFileSync, writeFileSync } from 'fs';
import { AESGCMEncryption, AESGCMEncryptionConfigFromEnv, EncryptionService } from 'easy-cipher-mate';

const algo = new AESGCMEncryption();
const config = new AESGCMEncryptionConfigFromEnv('invoicekey');
const service = new EncryptionService(algo, config);

async function encryptInvoice() {
  const fileBuffer = readFileSync('invoice.pdf');
  const arrayBuffer = fileBuffer.buffer.slice(fileBuffer.byteOffset, fileBuffer.byteOffset + fileBuffer.byteLength);

  const encrypted = await service.encryptFile(arrayBuffer);
  writeFileSync('invoice.pdf.encrypted', Buffer.from(encrypted.data));
}

To decrypt:

async function decryptInvoice() {
  const encryptedBuffer = readFileSync('invoice.pdf.encrypted');
  const encryptedArrayBuffer = encryptedBuffer.buffer.slice(
    encryptedBuffer.byteOffset,
    encryptedBuffer.byteOffset + encryptedBuffer.byteLength
  );

  const decrypted = await service.decryptFile(encryptedArrayBuffer);
  writeFileSync('invoice.pdf.decrypted', Buffer.from(decrypted));
}

Your invoices are now secure and easy to manage.

Supporting Global Users

If your app serves users worldwide, text encoding matters. Encrypting Japanese text, for example:

const japaneseMessage = 'こんにちは、世界！';
const encrypted = await service.encryptText(japaneseMessage, 'utf16le');
const decrypted = await service.decryptText(encrypted.data, 'utf16le');
console.log(decrypted); // 'こんにちは、世界！'

Supported encodings include utf-8, utf16le, base64, hex, latin1, and more—perfect for internationalization.

Configuration Made Easy

easy-cipher-mate offers flexible configuration options:

Environment Variables:

  export ECM_AESGCM_PASSWORD="mysecret"
  export ECM_AESGCM_SALT=$(echo -n "salt123" | base64)
  export ECM_AESGCM_IV=$(echo -n "iv456" | base64)

Then in code:

  const config = new AESGCMEncryptionConfigFromEnv();

JSON Config:

  {
    "password": "mysecret",
    "salt": "c2FsdDEyMw==", // base64 "salt123"
    "iv": "aXY0NTY=",      // base64 "iv456"
    "textEncoding": "utf-8"
  }

Load it with:

  const config = new AESGCMEncryptionConfigFromJSONFile('config.json');

Choose what fits your workflow—coding, scripting, or both.

For the Geeks: A Peek Under the Hood

Curious about how it works? Let’s look at the key derivation in AESGCMEncryption.ts. The library uses PBKDF2 to turn your password into a secure key:

async function deriveKey(password: string, salt: Uint8Array): Promise<CryptoKey> {
  const encoder = new TextEncoder();
  const keyMaterial = await crypto.subtle.importKey(
    "raw",
    encoder.encode(password),
    "PBKDF2",
    false,
    ["deriveKey"]
  );
  return crypto.subtle.deriveKey(
    {
      name: "PBKDF2",
      salt,
      iterations: 100000,
      hash: "SHA-256"
    },
    keyMaterial,
    { name: "AES-GCM", length: 256 },
    false,
    ["encrypt", "decrypt"]
  );
}

This process iterates 100,000 times with SHA-256 hashing, making brute-force attacks impractical. The Web Crypto API then handles the actual encryption, ensuring top-tier security standards. For files, the same key encrypts the entire buffer, while the CLI’s line-by-line mode applies this per line, encoding results in base64 for text compatibility.

Why You’ll Love `easy-cipher-mate`

From its dead-simple CLI to its developer-friendly API, easy-cipher-mate takes the pain out of encryption. It’s fast, secure, and flexible enough for any use case—whether you’re a novice securing your first file or a pro building a global app. Install it today with npm install easy-cipher-mate, and see how easy encryption can be.

Ready to lock down your data? Give easy-cipher-mate a spin and share your experience!

Don’t Let AI Programming Ruin Your Career—Treat Them as Your Interns, Not Employees or Teachers!

LHJ Piper — Thu, 20 Feb 2025 16:30:55 +0000

Disclaimer: This article contains no AI-generated content; it is entirely handwritten. The first draft of this article was generated in Chinese and translated into English by Grok-3.

Yesterday, I came across some expressions of concern, such as “AI is Cultivating a Generation of ‘Illiterate Programmers’ Who Can’t Code.” I also recall earlier claims that “AI will ruin junior programmers.” Whether you agree or disagree, you must admit there’s some truth to these views—they’re not entirely baseless.

Here are the main points of these concerns:

AI-assisted programming causes problem-solving skills to deteriorate, as people have fewer chances to think independently.
There’s a “withdrawal” effect from AI programming, leaving people feeling dumber or slower without it.
“We haven’t become ‘10x programmers’ thanks to AI; we’ve just become 10 times more dependent on it.”

Speaking for myself, I feel rather fortunate. Before large language models became widespread—or even existed—I had already patiently built a relatively solid foundation in computer science. I diligently completed assignments, projects, and exams from classic courses like Zhejiang University’s data structures and MIT’s operating systems. By the end of 2022, when I needed to write my graduation thesis, the initial version of GPT-3.5/ChatGPT emerged—just in time.

If I had started my studies a few years later, I’d surely question the value of learning foundational knowledge. Even if I recognized its importance and began studying, I might not be willing to learn as thoroughly as I did in the “pre-AI era.” I might toss classic papers to AI and ask it to summarize the key points for me. If I didn’t understand something, I’d ask AI rather than digging into the paper myself. For course assignments, AI would auto-complete them for me, and since humans are naturally lazy, I’d struggle to resist: “Oh, it filled in a bunch for me—well, that’s the gist of it, I get it, as long as it runs and finishes the assignment!” Worse still, since solutions to course assignments have long been part of AI’s training data, the auto-completed work would likely be flawless—robbing me of the chance to sharpen my debugging skills with tools like GDB during my student years. When such a student later tackles real-world problems where AI’s solutions aren’t perfect, they’ll face challenges far tougher than those met by engineers from the “pre-AI era.”

Yet, unlike all professions in history that have faced “elimination threats,” software engineers—or programmers—are the most inclined to “actively embrace new things.” It’s a job requirement, after all.

So, how do we safely “embrace” this double-edged sword, this “demon”?

Treat AI programming assistants as your interns, not as employees, colleagues, or teachers!

1) Your subordinates or colleagues are accountable for their code, but your interns are not.

If code you wrote with AI has bugs, would you sue the AI company? Of course not—they’ve already disclaimed liability. Even if it’s code written by AI or commits suggested by AI, the responsibility ultimately falls on you.

What’s that? Your company has integrated AI into CI/CD, like using AI to procedurally write unit tests? No problem—if the AI’s code fails, whoever deployed the AI is accountable.

In short, responsibility must land on a human. If you fully entrust your work to an AI tool, you can’t say when issues arise, “This was written by so-and-so; go find them!”

For critical logic written by AI, you must review it yourself, just as you’d carefully check an intern’s code before it goes into production.

Moreover, you should be extra cautious about letting AI access highly sensitive information. It’s like not allowing a summer intern to touch your company’s most competitive core technology. Imagine this: the internship ends, the intern leaves, and with the confidential knowledge gained from you, they land a full-time job at your competitor. Would you make interns sign non-compete agreements? Hardly practical.

AI programming assistants carry a similar risk, though it’s unlikely AI companies care about our mundane business code. Still, for programmers, safeguarding core data, keys, and code is worth considering. My initial suggestions are:

Store passwords, tokens, and other sensitive info in profile files like ~/.bashrc, reading them as environment variables at runtime.
Or ensure your project’s config files are ignored by AI tools.

2) Assign your intern one task at a time—don’t rush.

Think back to your first meeting with an intern—a fresh-faced newbie on their first internship. How did you introduce the upcoming work?

Was it like this?

Hello, student. Now, assume you’re a senior Go language engineer who’ll provide me with secure, elegant Go backend system solutions.
I need a backend system for an image hosting service, supporting image uploads, downloads, list queries, and more.
Pay special attention to the image storage solution and caching scheme for preview images, as project cost is a key factor.
Choose the most ecosystem-friendly Go language service framework to ensure smooth future development and maintenance.
The project must be highly scalable, with corresponding hot-update solutions.
Produce excellent API documentation to ease frontend integration.
Don’t skip linting, static checks, or unit tests.

If you said that to an intern, you’d witness the epitome of bewilderment. Obviously, you wouldn’t do that.

You shouldn’t do it with AI either. In other words, being too greedy often leads to subpar results and wasted time. We should treat each interaction with AI like a meeting with an intern.

For example:

First meeting (asking DeepSeek-R1 or another reasoning model): I want to design a high-performance image hosting backend system. I’m skilled in Go—are there any recommended existing solutions? If not, how should we design it? How do we plan the project?
- This first meeting is like letting the intern plan their summer project, then refining and finalizing it.
- At the end of the chat, you can ask AI to output a summary of the design plan, structure diagram, tech stack, etc., much like having the intern summarize the project for you. Then, use that summary to kick off the next meeting or AI chat.
Second meeting (using the prior “meeting summary” as a pre-prompt for the AI programming tool): Based on the current project design, let’s start building the minimal viable functionality. Let’s first design the first service in the dependency injection!
- In this second meeting, letting AI generate specific code is akin to having the intern write code.
- If something’s off, fix it yourself to prevent cascading errors.
Subsequent meetings would focus on daily progress.

Here’s a tip:

Models like GPT-O1 or DeepSeek-R1 excel at reasoning but are slower (since they reason before outputting) and costlier, so use them for project design.
For daily code generation, opt for inference models like DeepSeek-V3 or Claude-Sonnet-3.5—they’re faster and cheaper. If your project context is clear and well-structured, the code quality is often solid. Especially if you’ve already implemented one unit test, AI will follow it to nail the rest perfectly. But if you ask AI to write unit tests from scratch, it might not fully match your expectations.

3) You can’t leave an intern’s project completely untouched.

This comes from personal experience. I have a mild compulsion to write some code daily. But over the past six months, that habit morphed into “having AI generate some code daily.” Surprisingly, my productivity slowed down.

During the New Year holiday, I wanted to build a simple SPA (Single Page Application) with basic Vue3 logic. Over five days, I made zero progress. Unable to focus on code during the holiday, I opted to rely entirely on AI assistance.

Eventually, I was stunned to see AI spinning in circles on my project. I’d defined a basic FileUploader.vue component (somewhat complex), and in XXXView.vue, my AI couldn’t decide whether to use it or write new file upload logic, spawning a host of new issues.

As the holiday neared its end, I finally sat down and looked closely. The logic was so simple! I wrote it myself in no time.

You might say I misused the AI tool or that it’s better with React than Vue. But you can’t guarantee this black box won’t stall on slightly novel problems.

Especially when your code hits production issues, you can’t expect an intern to rush from school to fix it, just as you can’t expect AI to deliver spot-on answers in a pinch.

For AI-written projects, it’s best to understand how they’re implemented. That way, when you need to tweak them, you can dive in quickly.

4) You can’t use an intern as your search engine.

Copying every bug to AI right away is absurd, laughable, and sad. Even if AI advances for another decade, this habit will remain absurd, laughable, and sad—unless you’ve got a cutting-edge brain-computer interface feeding AI all your perceptions and context.

Handing error messages to AI is fine, of course. But it shouldn’t be an instinct. Otherwise, why employ you as an engineer? For problems you can roughly pinpoint with your brain, a quick search engine query beats asking AI in speed and fit.

The same applies to basic info lookups. Programmers these days seem too lazy to read documentation.

Imagine you’re using the aws s3 sync command and want to know what --exact-timestamps does. Would you call an intern over and ask, “What’s this parameter do, and give me a few specific examples?”

Two minutes later, the intern returns with a markdown report cobbled together from sketchy blogs. You read it, half-grasping it, unsure if it’s accurate.

Why not just search doc: aws s3 sync --exact-timestamps on a search engine? In five seconds, you’d have the most official, reliable, and clear documentation in front of you. It’s all text—why settle for someone else’s regurgitated version?

5) An intern can be an expert in certain areas, and that’s not shameful.

Suppose your boss wants to launch a CUDA-related business line and names you the technical lead. You could recruit interns who’ve worked with CUDA in school and listen to their ideas during project design.

Likewise, when we hit new problems and lack direction, we can “consult” AI. Just as we might consult interns—expertise varies, and that’s normal.

But with interns, you wouldn’t carelessly toss out shallow questions. Even for something simple, you’d ask rigorously: “Given the current situation, what’s the better technical route? Please outline it based on ecosystem, development difficulty, maintenance difficulty, performance, cost, etc.” You should engage AI the same way to maximize the value of the information you get.

Conclusion: Those who know me might recall that a year ago, I’d always put “AI” in quotes. I don’t believe today’s probabilistic models have true “intelligence.” I still feel that way. But I also believe we should move with the times rather than cling to formalities. Though I personally dislike AI tools, I’d wager that, outside of professional researchers, I’m among the most active, proactive, and extensive users of new AI tools. Let’s learn critically together, keep improving, and strive for excellence.