crypto APIs to encrypt data

The crypto module offers a set of APIs to encrypt data.

crypto.createCipheriv()

Creates and returns a cipher object, with the selected algorithm, key, and initialization vector.

Syntax
crypto.createCipheriv(algorithm,key,iv)
Parameters
algorithm
The case-sensitive name of the algorithm to use. The following values for the algorithm are supported.
  • aes128-cbc
  • aes192-cbc
  • aes256-cbc
  • tripledes-cbc
  • A128CBC-HS256
  • A192CBC-HS384
  • A256CBC-HS512
  • A128GCM
  • A192GCM
  • A256GCM

The A128CBC-HS256, A192CBC-HS384, and A256CBC-HS512 algorithms need to be Encrypt-then-MAC.

key
The shared secret key to encrypt text. The key must be.
  • A string object that refers to a configured object that also supports prefix usage in XSLT.
  • A Buffer or Buffers object that contains the Base64 encoded data of a key.
  • An Object.
  • A symmetric key whose JWK 'kty' member value is 'oct'.

To create a key object, see Key object usage.

iv
The initialization vector (IV). The IV must be a Buffer. If it does not present, an auto-generated IV is used. In this case, getIV() returns an auto-generated IV.
Example
Use the A128CBC-HS256 Encrypt-then-MAC algorithm to do a cipher. The IV is auto-generated and needed for the Decipher object.
var crypto = require('crypto');
var cipher = crypto.createCipheriv('A128CBC-HS256', 'alice');
var aad = new Buffer('additional authentication data');
cipher.setAAD(aad);
cipher.update('this is the plaintext that needs to be encrypted');
cipher.update('second part');
var encipherData = cipher.final();
var authTag = cipher.getAuthTag();
var iv = cipher.getIV();

crypto.getCiphers()

Returns an array with the names of the supported ciphers.

Syntax
crypto.getCiphers()

cipher.final()

Returns the enciphered contents.

Syntax
cipher.final([encoding])
Parameters
encoding
The encoding of the data. The encoding must be 'base64' or 'hex'. If no encoding is provided, a Buffer is returned. The cipher object cannot be used after the final() method is called.

cipher.getAuthTag()

Returns the computed authentication tag from the data in a Buffer object.

Syntax
cipher.getAuthTag()
Guidelines
This API is for authenticated encryption modes. The encryption mode must be Encrypt-then-MAC and called after the encryption from the final() API is complete.

cipher.getIV()

Returns the IV for the cipher object.

Syntax
cipher.getIV()
Guidelines
If the IV is passed in createCipheriv(), the returned IV is identical. The returned value is a Buffer object.

cipher.setAAD()

Sets the value that is used for the additional authenticated data (AAD) input parameter.

Syntax
cipher.setAAD(buffer)
Guidelines
This API is for authenticated encryption modes. The encryption mode must be Encrypt-then-MAC. A Buffer or Buffers object must be the data type.

cipher.setAutoPadding()

The automatic padding of the input data.

Syntax
cipher.setAutoPadding(auto_padding=true)
cipher.setAutoPadding(auto_padding=false)
Guidelines
You can disable automatic padding of the input data to block size. If auto_padding=false, the length of the entire input data must be a multiple of the cipher's block size or final() fails. Call this API before cipher.final().

cipher.update()

Updates the cipher with data.

Syntax
cipher.update(data[,encoding])
Parameters
data
The data to update.
encoding
The encoding of the data. The encoding must be 'ascii', 'base64', 'hex', or 'utf8'. If no encoding is provided, then a Buffer is expected. If data is a Buffer, then encoding is ignored.