feat: Client node readme (#99)

juneb · seebees · commit 0b232450fbf8 · 2019-06-18T14:48:00.000-07:00
* Add readme with examples
diff --git a/modules/client-node/Readme.md b/modules/client-node/Readme.md
@@ -1,6 +1,96 @@
 # AWS Encryption SDK for JavaScript client for Node.js
 
-This module is for encryption and decryption in Node.js.
-It is a composition of underlying modules.
-It is intended to have every component of the AWS Encryption SDK.
+# @aws-crypto/client-node
+
+The *client-node* module includes all of the modules you need to use the AWS Encryption SDK for
+JavaScript with Node.js. 
+
+* decrypt-node
+* encrypt-node
+* kms-keyring-node
+* material-management-node
+* caching-materials-manager-node
+* raw-aes-keyring-node
+* raw-rsa-keyring-node
+
+For code examples that show you how to these modules to create keyrings and encrypt and decrypt data, install the [example-node](https://github.com/awslabs/aws-encryption-sdk-javascript/tree/master/modules/example-node) module. 
+## install
+
+To install this module, use the npm package manager. For help with installation, see
+[https://www.npmjs.com/get-npm](https://www.npmjs.com/get-npm). 
+
+```sh
+npm install @aws-crypto/client-node
+```
+
+## use
+
+```javascript
+
+const { KmsKeyringNode, encrypt, decrypt } = require('@aws-crypto/client-node')
+/* Start by constructing a keyring. We'll create a KMS keyring.
+ * Specify an AWS Key Management Service (AWS KMS) customer master key (CMK) to be the
+ * generator key in the keyring. This CMK generates a data key and encrypts it. 
+ * To use the keyring to encrypt data, you need kms:GenerateDataKey permission 
+ * on this CMK. To decrypt, you need kms:Decrypt permission. 
+ */
+const generatorKeyId = 'arn:aws:kms:us-west-2:658956600833:alias/EncryptDecrypt'
+
+/* You can specify additional CMKs for the keyring. The data key that the generator key
+ * creates is also encrypted by the additional CMKs you specify. To encrypt data, 
+ *  you need kms:Encrypt permission on this CMK. To decrypt, you need kms:Decrypt permission.
+ */ 
+const keyIds = ['arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f']
+
+/* Create the KMS keyring */
+const keyring = new KmsKeyringNode({ generatorKeyId, keyIds })
+
+/* Set an encryption context For more information: 
+ * https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context
+ */
+const context = {
+    stage: 'demo',
+    purpose: 'simple demonstration app',
+    origin: 'us-west-2'
+  }
+ 
+/* Create a string to encrypt */
+const cleartext = 'asdf'
+
+/* Encrypt the string using the keyring and the encryption context 
+ * The SDK returns an "encrypted message" that includes the ciphertext, 
+ * the encryption context, and the encrypted data keys.
+ */ 
+const { ciphertext } = await encrypt(keyring, cleartext, { context })
+
+/* Decrypt the ciphertext using the same keyring */
+const { plaintext, messageHeader } = await decrypt(keyring, ciphertext)
+
+/* Get the encryption context */
+const { encryptionContext } = messageHeader
+
+/* Verify that all values in the original encryption context are in the 
+ * current one. (The SDK adds extra values for signing.) 
+ */
+ Object
+    .entries(context)
+    .forEach(([key, value]) => {
+      if (encryptionContext[key] !== value) throw new Error('Encryption Context does not match expected values')
+    })
+
+/* If the encryption context is verified, return the plaintext. */
+
+```
+
+## test
+
+```sh
+npm test
+```
+
+## license
+
+This SDK is distributed under the
+[Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0),
+see LICENSE.txt and NOTICE.txt for more information.
 
