crypto APIs to encrypt data
The crypto module offers a set of APIs to encrypt data.
To access the APIs in the crypto module, use the
require('crypto') statement.
crypto.createCipheriv()
Creates and returns a cipher object, with the selected algorithm, key, and initialization vector.
- Syntax
crypto.createCipheriv(algorithm,key,iv)- Parameters
-
- algorithm
- The case-sensitive name of the algorithm to use. The following values for the
algorithm are supported.
aes128-cbcaes192-cbcaes256-cbctripledes-cbcA128CBC-HS256A192CBC-HS384A256CBC-HS512A128GCMA192GCMA256GCM
The
A128CBC-HS256,A192CBC-HS384, andA256CBC-HS512algorithms need to be Encrypt-then-MAC. - key
- The shared secret key to encrypt text. The key must be.
- A string object that refers to a configured object that also supports prefix usage in XSLT.
- A Buffer or Buffers object that contains the Base64 encoded data of a key.
- An Object.
- A symmetric key whose JWK
'kty'member value is'oct'.
To create a key object, see Key object usage.
- iv
- The initialization vector (IV). The IV must be a Buffer. If it does not present, an auto-generated IV is used. In this case, getIV() returns an auto-generated IV.
- Example
- Use the
A128CBC-HS256Encrypt-then-MAC algorithm to do a cipher. The IV is auto-generated and needed for the Decipher object.var crypto = require('crypto'); var cipher = crypto.createCipheriv('A128CBC-HS256', 'alice'); var aad = new Buffer('additional authentication data'); cipher.setAAD(aad); cipher.update('this is the plaintext that needs to be encrypted'); cipher.update('second part'); var encipherData = cipher.final(); var authTag = cipher.getAuthTag(); var iv = cipher.getIV();
crypto.getCiphers()
Returns an array with the names of the supported ciphers.
- Syntax
crypto.getCiphers()
cipher.final()
Returns the enciphered contents.
- Syntax
cipher.final([encoding])- Parameters
-
- encoding
- The encoding of the data. The encoding must be
'base64'or'hex'. If no encoding is provided, a Buffer is returned. The cipher object cannot be used after thefinal()method is called.
cipher.getAuthTag()
Returns the computed authentication tag from the data in a Buffer object.
- Syntax
cipher.getAuthTag()- Guidelines
- This API is for authenticated encryption modes. The encryption mode must be Encrypt-then-MAC and called after the encryption from the final() API is complete.
cipher.getIV()
Returns the IV for the cipher object.
- Syntax
cipher.getIV()- Guidelines
- If the IV is passed in
createCipheriv(), the returned IV is identical. The returned value is a Buffer object.
cipher.setAAD()
Sets the value that is used for the additional authenticated data (AAD) input parameter.
- Syntax
cipher.setAAD(buffer)- Guidelines
- This API is for authenticated encryption modes. The encryption mode must be Encrypt-then-MAC. A Buffer or Buffers object must be the data type.
cipher.setAutoPadding()
The automatic padding of the input data.
- Syntax
cipher.setAutoPadding(auto_padding=true)- Guidelines
- You can disable automatic padding of the input data to block size. If
auto_padding=false, the length of the entire input data must be a multiple of the cipher's block size orfinal()fails. Call this API before cipher.final().
cipher.update()
Updates the cipher with data.
- Syntax
cipher.update(data[,encoding])- Parameters
-
- data
- The data to update.
- encoding
- The encoding of the data. The encoding must be
'ascii','base64','hex', or'utf8'. If no encoding is provided, then a Buffer is expected. If data is a Buffer, then encoding is ignored.