Edit me

Crypto Module

The crypto module provides cryptographic functionality that includes a set of wrappers for OpenSSL’s hash, HMAC, cipher, decipher, sign and verify functions.

It is possible for Node.js to be built without including support for the crypto module. In such cases, calling require(‘crypto’) will result in an error being thrown.

To avoid you can simply do

let crypto;
try {
  crypto = require('crypto');
} catch (err) {
  console.log('crypto support is disabled!');
}

Certificates

SPKAC is a Certificate Signing Request mechanism originally implemented by Netscape and now specified formally as part of HTML5’s keygen element.

The crypto module provides the Certificate class for working with SPKAC data. The most common usage is handling output generated by the HTML5 element. Node.js uses OpenSSL’s SPKAC implementation internally.

Returned by crypto.Certificate.

Certificate.verifySpkac(spkac) Returns true of false based on the validity of the SPKAC.

Certificate.exportChallenge(spkac) Exports the encoded public key from the supplied SPKAC.

Certificate.exportPublicKey(spkac) Exports the encoded challenge associated with the SPKAC.

Public & Private keys

crypto.publicEncrypt(public_key, buffer)

Encrypts buffer with public_key. Only RSA is currently supported. public_key can be an object or a string. If public_key is a string, it is treated as the key with no passphrase and will use RSA_PKCS1_OAEP_PADDING.

crypto.privateDecrypt(private_key, buffer)

Decrypts buffer with private_key.

private_key can be an object or a string. If private_key is a string, it is treated as the key with no passphrase and will use RSA_PKCS1_OAEP_PADDING.

Hash(ing)

A hash is a fixed-length string of bits i.e. procedurally and deterministically generated from some arbitrary block of source data.

Encryption Example using Hash and HMAC

const crypto = require('crypto');

const secret = 'abcdefg';
const hash = crypto.createHmac('sha256', secret)
                   .update('I love Node.js')
                   .digest('hex');

console.log(hash); // outputs: 3ee3ff343beb4d9847c358f00c26437ca170fb488937f48c1c6632de0eb8cce6

Cipher

Instances of the Cipher class are used to encrypt data. The class can be used in one of two ways:

  • As a stream that is both readable and writable, where plain unencrypted data is written to produce encrypted data on the readable side, or
  • Using the cipher.update() and cipher.final() methods to produce the encrypted data.

The crypto.createCipher() or crypto.createCipheri()` methods are used to create Cipher instances. Cipher objects are not to be created directly using the new keyword.

Encryption example using Cipher

const crypto = require('crypto');
const cipher = crypto.createCipher('aes192', 'a password');

var encrypted = cipher.update('Hello Globant', 'utf8', 'hex');
encrypted += cipher.final('hex');

console.log(encrypted); // outputs: 8d50f83d1a04e98eacab628e933b8682

Decipher

Instances of the Decipher class are used to decrypt data. The class can be used in one of two ways:

  • As a stream that is both readable and writable, where plain encrypted data is written to produce unencrypted data on the readable side, or
  • Using the decipher.update() and decipher.final() methods to produce the unencrypted data.

The crypto.createDecipher() or crypto.createDecipheriv() methods are used to create Decipher instances. Decipher objects are not to be created directly using the new keyword.

const crypto = require('crypto');
const decipher = crypto.createDecipher('aes192', 'a password');

var encrypted = '8d50f83d1a04e98eacab628e933b8682';
var decrypted = decipher.update(encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8');

console.log(decrypted); // outputs: Hello Globant