Detailed explanation of using Nodejs built-in encryption module to achieve peer-to-peer encryption and decryption

Encryption and decryption are an important means to ensure communication security. There are already many encryption algorithms, and there are mature software packages available. This greatly reduces the burden on application developers. They only need to use the encryption and decryption libraries provided by third parties. In fact, Node.js provides a very powerful and convenient encryption and decryption module crypto. We do not need to use third-party NPM libraries to implement simple encryption and decryption functions. After all, the purpose of using encryption and decryption is to ensure the security of communication. The use of unofficial third-party libraries may always have added backdoors or something. Using the crypto module that comes with Node.js can maximize the security of encryption.

Hash value calculation crypto.Hash

Hash value calculation is usually used to verify data integrity and correctness. When we need to ensure that the received data is exactly the same as the sent data, we can calculate the hash value of the sent data and the hash value of the received data respectively. A simple comparison will show that the hash values ​​of two identical data must be the same. The hash value cannot be reversed to restore the original data, so it can only be used to verify data. So how to use it in Node.js?

Sample Code

const crypto = require('crypto');
const hash = crypto.createHash('sha256');

hash.update('some data to hash');
console.log(hash.digest('hex'));
// Prints:
// 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50

The above code is copied from the official Node.js demo code. I chose the simplest way to use it, which is also the most commonly used method, that is, to calculate the hash value of a string or a set of data. The hash algorithm implemented by crypto.Hash uses a fixed secret word Secret as the calculation operator. There is also an encryption class crypto.Hmac in Node.js that is similar to it, but can change the secret word Secret.

Mutable hash calculation crypto.Hmac

Sample Code

const crypto = require('crypto');
const hmac = crypto.createHmac('sha256', 'a secret');

hmac.update('some data to hash');
console.log(hmac.digest('hex'));
// Prints:
// 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e

The usage of crypto.Hmac is very similar to crypto.Hash. The only difference is that there is an additional customizable secret word Secret. One purpose of using a customized secret word Secret is to improve security when saving passwords. After all, if you use the hash algorithm function of the default secret word Secret, you can get the password through brute force collision as long as you know what algorithm is used. However, if you use a hash function with a customized secret word Secret, it is almost impossible to crack it even with an exhaustive method.

Symmetric encryption and decryption

Symmetric encryption and decryption means that both the encryptor and the decryptor use the same secret word Secret to implement encryption and decryption algorithm operations. This encryption algorithm does not require any public key and private key, and is more convenient to use. Moreover, unlike the hash algorithm, symmetric encryption and decryption can be bidirectional and reversible.

Node.js supports many symmetric encryption algorithms, but which encryption algorithms are used depends on the OpenSSL installed on your computer. Node.js just calls OpenSSL. This brings us a problem, that is, there is no way to find the encryption algorithm information in the document. We will know where the trouble lies later.

Symmetric encryption usage process

Encryption sample code

 const crypto = require('crypto');

 const algorithm = 'aes-192-cbc';
 const password = 'Password used to generate key';
// Use the async `crypto.scrypt()` instead.
 const key = crypto.scryptSync(password, 'salt', 24);
// Use `crypto.randomBytes` to generate a random iv instead of the static iv
// shown here.
 const iv = Buffer.alloc(16, 0); // Initialization vector.

 const cipher = crypto.createCipheriv(algorithm, key, iv);

 let encrypted = cipher.update('some clear text data', 'utf8', 'hex');
 encrypted += cipher.final('hex');
 console.log(encrypted);
// Prints: e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa

Let's explain this code step by step.

const algorithm = 'aes-192-cbc';

This line defines the encryption algorithm used. It usually consists of three parts, connected by - in the middle. The first part is the encryption algorithm name aes, the second part is the encryption length 192 bits, and the third part is the encryption authentication method (this part may be misunderstood) cbc

 const key = crypto.scryptSync(password, 'salt', 24);

This line generates the key. Note the last number 24, which is the length of the generated key. The minimum is 8, and there is no maximum limit, but it must be a multiple of 8. The length of the key is related to the encryption algorithm used. Since this information is not included in the document, you can only keep trying when using it, otherwise you will get an error!

 const iv = Buffer.alloc(16, 0); // Initialization vector.
 const cipher = crypto.createCipheriv(algorithm, key, iv);

Line 6 creates the initialization vector, which is a very critical point but is not explained in the document. The length of IV is also critical. Currently, we only know that the length must be a multiple of 8 and that the length is related to the number of bits of the algorithm used. However, there is no clear explanation in the document, so we can only keep trying when using it.

It is a pity that the lengths of the two key parameters, the key and the initialization vector, are not clearly stated in the Node.js documentation. As a result, when we use them, we either have to look up information related to the encryption algorithm or try them manually one by one, which is very inconvenient.

 let encrypted = cipher.update('some clear text data', 'utf8', 'hex');
 encrypted += cipher.final('hex');

These two lines are very simple. They just encrypt the input string. In update(...,'utf8', 'hex'), utf8 is the encoding format of the string before encryption, and hex is the encoding format of the output after encryption. Finally, we need to add an end character after the encrypted string. This task is completed by final('hex'). Hex is also the character encoding format of the output.

Symmetric decryption process

Decryption sample code

const crypto = require('crypto');

const algorithm = 'aes-192-cbc';
const password = 'Password used to generate key';
// Use the async `crypto.scrypt()` instead.
const key = crypto.scryptSync(password, 'salt', 24);
// The IV is usually passed along with the ciphertext.
const iv = Buffer.alloc(16, 0); // Initialization vector.

const decipher = crypto.createDecipheriv(algorithm, key, iv);

// The above is the encryption part // Because the encryption and decryption keys and initialization vectors must be the same // So encryption and decryption are combined // Encrypted using same algorithm, key and iv.
const encrypted =
  'e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa';
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8');
console.log(decrypted);
// Prints: some clear text data

Decryption is the reverse process of encryption, and the points to note are the same, that is, the length of the two parameters, the key Key and the initialization vector. Another point to note is that the first parameter of the decipher.update input can only be a string, not a Buffer type. I personally feel that using Buffer should have better performance, and this type of support may be added in the future.

Conclusion

This concludes this article on how to use the built-in encryption module of Nodejs to implement peer-to-peer encryption and decryption. For more information about Nodejs peer-to-peer encryption and decryption, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!