Last active
October 28, 2020 17:01
-
-
Save Lawlez/88e04e3541cc0608c953a118b86bfc1a to your computer and use it in GitHub Desktop.
Encrypt and decrypt in javascript using node or browserify for use with openssl or php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import crypto from 'browserify-aes' | |
| /********************************************************************** | |
| * | |
| * DECRYPTION MODULE FOR USE IN BROWSER DURING RUNTIME * | |
| * | |
| ***********************************************************************/ | |
| const decrypt = hash => { | |
| const hash = hash.data | |
| //get IV from input, make sure its no longer than 16 bytes | |
| const IV = hash.IV | |
| //ein neuer cipher wird vorbereitet, mittels aes256, unserem 256 bit KEY und dem config IV | |
| const decipher = crypto.createDecipheriv( | |
| 'aes256', | |
| process.env.APP_CONFIG_KEY.substr(0, 32), | |
| IV, | |
| ) | |
| //der hash wird nun decrypted mittels dem zuvor erstellten cipher | |
| const decrypted = Buffer.concat([decipher.update( | |
| Buffer.from(hash, 'hex'), | |
| ), decipher.final()]).toString() | |
| return JSON.parse(decrypted) | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| onst crypto = require('crypto') | |
| /********************************************************************** | |
| * | |
| * DECRYPTION MODULE FOR USE INSIDE NODE.JS * | |
| * | |
| ***********************************************************************/ | |
| const encryption = (data = 'TestString {} Héllöüä') => { | |
| const secretPhrase = crypto.randomBytes(16).toString('hex') | |
| const salt = crypto.randomBytes(128 / 8).toString('hex') | |
| //here we generate the key and give it back as a string, we use 100k iterations | |
| //as suggested in best practices | |
| //We can use the key multiple times to encrypt multiple things(-30GB), we just cant use | |
| //the same initialization vector twice | |
| //the key for aes-256 needs to be 256 bits which equals 32 bytes or 32 characters | |
| const configKey = crypto.pbkdf2Sync(secretPhrase, salt, 100000, 32, 'sha256').toString('hex').substr(0, 32) | |
| //create unique IV for each encryption, the key can be reused. IV needs to always be 16 bytes | |
| const IV = crypto.randomBytes(16) | |
| //create ciphers for each encryption using the shared key and the unuique IV | |
| const projectConfigCipher = crypto.createCipheriv('aes-256-cbc', configKey, IV.toString('hex').substr(0,16) | |
| //encripting the storage location using the prepared cipher | |
| const encrypted = Buffer.concat([configStorageCipher.update( | |
| 'STORAGE', 'utf8' | |
| ), configStorageCipher.final()]).toString('hex') | |
| return encrypted | |
| } | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ######################################################################################### | |
| # # | |
| # ENCRYPTION FOR CLI IN / MACOS / LINUX / WINDOWS # | |
| # # | |
| ######################################################################################### | |
| #encrypt with key & IV but no salt | |
| cat config.json | openssl aes-256-cbc -iv $(cat iv) -K $(cat key) -A -nosalt -base64 | |
| #decrypt with key IV and base64 | |
| echo "encryptedString" | openssl aes-256-cbc -d -iv $(cat iv) -K $(cat key) -base64 -A |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /********************************************************************** | |
| * | |
| * ENCRYPTION & DECRYPTION MODULE FOR PHP7+ USING OPENSSL * | |
| * | |
| ***********************************************************************/ | |
| class AESEncryption { | |
| //key length should be 256 bits for aes 256 this means we use a string with 32 bytes | |
| public static $key = "5f08e0ec585393a8e2ca8f0a1a0ae752"; | |
| //iv length should be always be 128 bit / 16 bytes | |
| public static $iv = "05d387e7f773035a"; | |
| // The AES uses a block size of sixteen octets (128 bits) | |
| public static $Method = 'AES-256-CBC'; | |
| /** | |
| * use the AES to encrypt plaintext data and return a base 64 string | |
| * | |
| * $key | |
| */ | |
| public static function encrypt($cleartext,$key = ''){ | |
| $key = empty($key) ? self::$key : $key; | |
| $encrypted = openssl_encrypt($cleartext, self::$Method, $key, OPENSSL_RAW_DATA, self::$iv); | |
| return base64_encode($encrypted); | |
| } | |
| /** | |
| * use the AES to decrypt a base 64 string into plaintext | |
| * | |
| * $key | |
| */ | |
| public static function decrypt($encrypted,$key = ''){ | |
| $key = empty($key) ? self::$key : $key; | |
| $encrypted = base64_decode($encrypted); | |
| $decrypted = openssl_decrypt($encrypted, self::$Method, $key, OPENSSL_RAW_DATA, self::$iv); | |
| return trim($decrypted); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment