Last active
November 15, 2024 01:39
-
-
Save vlucas/2bd40f62d20c1d49237a109d491974eb to your computer and use it in GitHub Desktop.
Stronger Encryption and Decryption in Node.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| const crypto = require('crypto'); | |
| const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY; // Must be 256 bits (32 characters) | |
| const IV_LENGTH = 16; // For AES, this is always 16 | |
| function encrypt(text) { | |
| let iv = crypto.randomBytes(IV_LENGTH); | |
| let cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(ENCRYPTION_KEY), iv); | |
| let encrypted = cipher.update(text); | |
| encrypted = Buffer.concat([encrypted, cipher.final()]); | |
| return iv.toString('hex') + ':' + encrypted.toString('hex'); | |
| } | |
| function decrypt(text) { | |
| let textParts = text.split(':'); | |
| let iv = Buffer.from(textParts.shift(), 'hex'); | |
| let encryptedText = Buffer.from(textParts.join(':'), 'hex'); | |
| let decipher = crypto.createDecipheriv('aes-256-cbc', Buffer.from(ENCRYPTION_KEY), iv); | |
| let decrypted = decipher.update(encryptedText); | |
| decrypted = Buffer.concat([decrypted, decipher.final()]); | |
| return decrypted.toString(); | |
| } | |
| module.exports = { decrypt, encrypt }; |
made this package a while ago for server side encrypted payloads to use for backend only: https://www.npmjs.com/package/encryption.js
I'm surprised by the glaring mistakes (?) in how the encryption key is actually 16 bytes and IV is 8 bytes?
This is largely because he's reading a string as a buffer, without using the hex argument.
Fixes
- Because he's reading the hex strings without the
hexargument, it's parsed incorrectly. All hex values are read half their size - so 32 bytes is actually 16 bytes and 16 bytes is 8 bytes. Amending this also fixes theInvalid key lengtherrors that people have in the thread.
// Previously
Buffer.from(encryptionKey)
// Now
Buffer.from(encryptionKey, 'hex')- Take note of the line, there's absolutely no reason as why you should need to
.sliceyour string if it's 16 bytes. If you generate a string of 16 bytes, that should fit fully into thecreateCipherivfunction from Node'scryptopackage.
let iv = Buffer.from(crypto.randomBytes(IV_LENGTH)).toString('hex').slice(0, IV_LENGTH);- Added
keyGen()function that generates a key for you, so that there's no misunderstanding or ambiguity in how you should generate this key. Saw some people mention other random string generation packages, but there's no reason to have that dependency when you can usecrypto'srandomBytesdirectly. - Use
constfor variables instead oflet.
Contribute
There are ways to improve the code futher. If you want to improve this, then you could:
- Add better error messages for e.g. when cipher formats are incorrect
- Read and write hex with the prefix
0xfor less ambiguity - Better TypeScript types for Hex values, etc.
I'll leave that to someone else to figure out although, if someone wants to.
Updated code (2024-02-15)
You should use this instead of OP and OP's TypeScript version posted above.
import crypto from 'crypto';
const ENCRYPTION_KEY: string = process.env.SC_ENCRYPTION_KEY || ''; // Must be 256 bits (32 characters)
const IV_LENGTH: number = 16; // For AES, this is always 16
export function keyGen() {
return crypto.randomBytes(32).toString('hex');
}
export function encrypt(plainText: string, keyHex: string = ENCRYPTION_KEY): string {
const iv = crypto.randomBytes(IV_LENGTH); // Directly use Buffer returned by randomBytes
const cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(keyHex, 'hex'), iv);
const encrypted = Buffer.concat([cipher.update(plainText, 'utf8'), cipher.final()]);
// Return iv and encrypted data as hex, combined in one line
return iv.toString('hex') + ':' + encrypted.toString('hex');
}
export function decrypt(text: string, keyHex: string = ENCRYPTION_KEY): string {
const [ivHex, encryptedHex] = text.split(':');
if (!ivHex || !encryptedHex) {
throw new Error('Invalid or corrupted cipher format');
}
const encryptedText = Buffer.from(encryptedHex, 'hex');
const decipher = crypto.createDecipheriv('aes-256-cbc', Buffer.from(keyHex, 'hex'), Buffer.from(ivHex, 'hex'));
let decrypted = Buffer.concat([decipher.update(encryptedText), decipher.final()]);
return decrypted.toString();
}
Great work @nijynot !
Nice work by @nijynot! If anyone is facing "TypeError: Cannot read properties of undefined (reading 'randomBytes')", change the import import crypto from 'crypto'; to import { createCipheriv, createDecipheriv, randomBytes } from 'crypto'. Wonder why ES gives this error, but this fix should work
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am unable to run the code.....whenever I am entering the string.....it gives me an error...