Constructor.
Domain.
Tweak.
StaticgetGet a transformer, constructing it if necessary. The type returned is IdentityTransformer if tweak is undefined, EncryptionTransformer if tweak is defined. Note that although an EncryptionTransformer with a zero tweak operates as an IdentityTransformer, EncryptionTransformer is still the type returned if a zero tweak is explicitly specified.
Domain.
Optionaltweak: number | bigintTweak.
IdentityTransformer if tweak is undefined, EncryptionTransformer if tweak is defined.
ProtecteddoProtecteddoTransform value(s) forward.
Value(s) input type.
Value(s). If this is an instance of Sequence, the minimum and maximum values are validated prior to transformation. Otherwise, the individual value(s) is/are validated at the time of transformation.
Transformed value(s).
Transform value(s) forward, optionally applying a transformation.
Value(s) input type.
Transformation callback output type.
Value(s). If this is an instance of Sequence, the minimum and maximum values are validated prior to transformation. Otherwise, the individual value(s) is/are validated at the time of transformation.
Called after each value is transformed to convert it to its final value.
Transformed value(s).
Encryption transformer. Values are transformed using repeated shuffle and xor operations, similar to those found in many cryptography algorithms, particularly AES. While sufficient for obfuscation of numeric sequences (e.g., serial number generation, below), if true format-preserving encryption is required, a more robust algorithm such as FF1 is recommended. Furthermore, no work has been done to mitigate timing attacks for key detection.
The purpose of the encryption transformer is to generate pseudo-random values in a deterministic manner to obscure the sequence of values generated over time. A typical example is for serial number generation, where knowledge of the sequence can infer production volumes (e.g., serial number 1000 implies that at least 1,000 units have been manufactured) or can be used in counterfeiting (e.g., a counterfeiter can generate serial numbers 1001, 1002, ... with reasonable confidence that they would be valid if queried).
The domain and the tweak together determine the encryption key, which in turn determines the number of rounds of shuffle and xor operations. The minimum number of rounds is 4, except where the domain is less than or equal to 256, which results in single-byte operations. To ensure that the operations are effective for single-byte domains, the number of rounds is 1 and only the xor operation is applied (shuffling a single byte is an identity operation).
Another exception is when there is a tweak value of 0; this results in identity operations where the output value is identical to the input value, as no shuffle or xor takes place.