我们使用bcrypt对永远不需要解密的密码和数据进行哈希处理。我们应该如何保护其他确实需要解密的用户信息?
例如,假设我们不希望用户的真实姓名以纯文本形式显示,以防有人获得对数据库的访问权限。这是有些敏感的数据,但也需要不时调用并以纯文本形式显示。有没有一种简单的方法可以做到这一点?
问问题
74009 次
7 回答
161
您可以使用加密模块:
var crypto = require('crypto');
var assert = require('assert');
var algorithm = 'aes256'; // or any other algorithm supported by OpenSSL
var key = 'password';
var text = 'I love kittens';
var cipher = crypto.createCipher(algorithm, key);
var encrypted = cipher.update(text, 'utf8', 'hex') + cipher.final('hex');
var decipher = crypto.createDecipher(algorithm, key);
var decrypted = decipher.update(encrypted, 'hex', 'utf8') + decipher.final('utf8');
assert.equal(decrypted, text);
编辑
现在不推荐使用createCipher和createDecipher ,而是使用createCipheriv和createDecipheriv
于 2011-08-05T08:42:06.840 回答
54
2019 年 12 月 12 日更新
与 CBC 等其他模式不同,GCM 模式不需要 IV 不可预测。唯一的要求是,对于使用给定密钥的每次调用,IV 必须是唯一的。如果它对给定的密钥重复一次,则可能会损害安全性。实现此目的的一种简单方法是使用来自强伪随机数生成器的随机 IV,如下所示。
使用序列或时间戳作为 IV 也是可能的,但它可能不像听起来那么简单。例如,如果系统没有正确跟踪已在持久存储中用作 IV 的序列,则调用可能会在系统重新启动后重复 IV。同样,没有完美的时钟。电脑时钟重新调整等。
此外,密钥应在每 2^32 次调用后轮换一次。有关 IV 要求的更多详细信息,请参阅此答案和NIST 建议。
2019 年 7 月 30 日更新
由于答案是获得更多的意见和投票,我认为值得一提的是,下面的代码使用了 *Sync 方法 - crypto.scryptSync。现在,如果在应用程序初始化期间完成加密或解密,那就没问题了。否则,请考虑使用函数的异步版本以避免阻塞事件循环。(类似的 promise 库bluebird很有用)。
2019 年 1 月 23 日更新
解密逻辑中的错误已得到修复。感谢@AlexisWilke 正确地指出了这一点。
接受的答案是 7 岁,今天看起来并不安全。因此,我正在回答它:
加密算法:具有 256 位密钥的分组密码 AES 被认为足够安全。要加密完整的消息,需要选择一种模式。建议使用经过身份验证的加密(提供机密性和完整性)。GCM、CCM 和 EAX 是最常用的认证加密模式。GCM 通常是首选,它在为 GCM 提供专用指令的 Intel 架构中表现良好。所有这三种模式都是基于 CTR(基于计数器)的模式,因此它们不需要填充。因此,它们不容易受到与填充相关的攻击
GCM 需要一个初始化向量 (IV)。IV不是秘密。唯一的要求是它必须是随机的或不可预测的。在 NodeJs 中,
crypto.randomBytes()旨在产生加密强的伪随机数。NIST 建议 GCM 使用 96 位 IV,以提高设计的互操作性、效率和简单性
接收者需要知道 IV 才能解密密文。因此,IV 需要与密文一起传输。一些实现将 IV 作为 AD(关联数据)发送,这意味着将根据密文和 IV 计算身份验证标签。但是,这不是必需的。IV 可以简单地预先添加密文,因为如果在传输过程中由于故意攻击或网络/文件系统错误而更改 IV,则身份验证标签验证无论如何都会失败
字符串不应该用于保存明文消息、密码或密钥,因为字符串是不可变的,这意味着我们无法在使用后清除字符串,它们会留在内存中。因此,内存转储可以揭示敏感信息。出于同样的原因,调用这些加密或解密方法的客户端应该
Buffer在不再需要使用bufferVal.fill(0).最后,为了通过网络或存储传输,密文应使用 Base64 编码进行编码。
buffer.toString('base64');可用于将其转换Buffer为 Base64 编码的字符串。请注意,密钥派生 scrypt (
crypto.scryptSync()) 已用于从密码中派生密钥。但是,此功能仅在 Node 10.* 及更高版本中可用
代码在这里:
const crypto = require('crypto');
var exports = module.exports = {};
const ALGORITHM = {
/**
* GCM is an authenticated encryption mode that
* not only provides confidentiality but also
* provides integrity in a secured way
* */
BLOCK_CIPHER: 'aes-256-gcm',
/**
* 128 bit auth tag is recommended for GCM
*/
AUTH_TAG_BYTE_LEN: 16,
/**
* NIST recommends 96 bits or 12 bytes IV for GCM
* to promote interoperability, efficiency, and
* simplicity of design
*/
IV_BYTE_LEN: 12,
/**
* Note: 256 (in algorithm name) is key size.
* Block size for AES is always 128
*/
KEY_BYTE_LEN: 32,
/**
* To prevent rainbow table attacks
* */
SALT_BYTE_LEN: 16
}
const getIV = () => crypto.randomBytes(ALGORITHM.IV_BYTE_LEN);
exports.getRandomKey = getRandomKey = () => crypto.randomBytes(ALGORITHM.KEY_BYTE_LEN);
/**
* To prevent rainbow table attacks
* */
exports.getSalt = getSalt = () => crypto.randomBytes(ALGORITHM.SALT_BYTE_LEN);
/**
*
* @param {Buffer} password - The password to be used for generating key
*
* To be used when key needs to be generated based on password.
* The caller of this function has the responsibility to clear
* the Buffer after the key generation to prevent the password
* from lingering in the memory
*/
exports.getKeyFromPassword = getKeyFromPassword = (password, salt) => {
return crypto.scryptSync(password, salt, ALGORITHM.KEY_BYTE_LEN);
}
/**
*
* @param {Buffer} messagetext - The clear text message to be encrypted
* @param {Buffer} key - The key to be used for encryption
*
* The caller of this function has the responsibility to clear
* the Buffer after the encryption to prevent the message text
* and the key from lingering in the memory
*/
exports.encrypt = encrypt = (messagetext, key) => {
const iv = getIV();
const cipher = crypto.createCipheriv(
ALGORITHM.BLOCK_CIPHER, key, iv,
{ 'authTagLength': ALGORITHM.AUTH_TAG_BYTE_LEN });
let encryptedMessage = cipher.update(messagetext);
encryptedMessage = Buffer.concat([encryptedMessage, cipher.final()]);
return Buffer.concat([iv, encryptedMessage, cipher.getAuthTag()]);
}
/**
*
* @param {Buffer} ciphertext - Cipher text
* @param {Buffer} key - The key to be used for decryption
*
* The caller of this function has the responsibility to clear
* the Buffer after the decryption to prevent the message text
* and the key from lingering in the memory
*/
exports.decrypt = decrypt = (ciphertext, key) => {
const authTag = ciphertext.slice(-16);
const iv = ciphertext.slice(0, 12);
const encryptedMessage = ciphertext.slice(12, -16);
const decipher = crypto.createDecipheriv(
ALGORITHM.BLOCK_CIPHER, key, iv,
{ 'authTagLength': ALGORITHM.AUTH_TAG_BYTE_LEN });
decipher.setAuthTag(authTag);
let messagetext = decipher.update(encryptedMessage);
messagetext = Buffer.concat([messagetext, decipher.final()]);
return messagetext;
}
下面还提供了单元测试:
const assert = require('assert');
const cryptoUtils = require('../lib/crypto_utils');
describe('CryptoUtils', function() {
describe('decrypt()', function() {
it('should return the same mesage text after decryption of text encrypted with a '
+ 'randomly generated key', function() {
let plaintext = 'my message text';
let key = cryptoUtils.getRandomKey();
let ciphertext = cryptoUtils.encrypt(plaintext, key);
let decryptOutput = cryptoUtils.decrypt(ciphertext, key);
assert.equal(decryptOutput.toString('utf8'), plaintext);
});
it('should return the same mesage text after decryption of text excrypted with a '
+ 'key generated from a password', function() {
let plaintext = 'my message text';
/**
* Ideally the password would be read from a file and will be in a Buffer
*/
let key = cryptoUtils.getKeyFromPassword(
Buffer.from('mysecretpassword'), cryptoUtils.getSalt());
let ciphertext = cryptoUtils.encrypt(plaintext, key);
let decryptOutput = cryptoUtils.decrypt(ciphertext, key);
assert.equal(decryptOutput.toString('utf8'), plaintext);
});
});
});
于 2018-12-01T17:02:39.467 回答
22
@mak 答案的更新,crypto.createCipher已crypto.createDecipher被弃用。最新的工作代码是:
var crypto = require("crypto");
var algorithm = "aes-192-cbc"; //algorithm to use
var password = "Hello darkness";
const key = crypto.scryptSync(password, 'salt', 24); //create key
var text= "this is the text to be encrypted"; //text to be encrypted
const iv = crypto.randomBytes(16); // generate different ciphertext everytime
const cipher = crypto.createCipheriv(algorithm, key, iv);
var encrypted = cipher.update(text, 'utf8', 'hex') + cipher.final('hex'); // encrypted text
const decipher = crypto.createDecipheriv(algorithm, key, iv);
var decrypted = decipher.update(encrypted, 'hex', 'utf8') + decipher.final('utf8'); //deciphered text
console.log(decrypted);
于 2020-04-21T06:38:05.623 回答
12
虽然已经正确回答了这个问题,但使用加密库的一个很好的模式是在一个类包装器中,多年来我已经将它复制/粘贴到各种项目中。
const crypto = require("crypto");
class Encrypter {
constructor(encryptionKey) {
this.algorithm = "aes-192-cbc";
this.key = crypto.scryptSync(encryptionKey, "salt", 24);
}
encrypt(clearText) {
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv(this.algorithm, this.key, iv);
const encrypted = cipher.update(clearText, "utf8", "hex");
return [
encrypted + cipher.final("hex"),
Buffer.from(iv).toString("hex"),
].join("|");
}
dencrypt(encryptedText) {
const [encrypted, iv] = encryptedText.split("|");
if (!iv) throw new Error("IV not found");
const decipher = crypto.createDecipheriv(
this.algorithm,
this.key,
Buffer.from(iv, "hex")
);
return decipher.update(encrypted, "hex", "utf8") + decipher.final("utf8");
}
}
// Usage
const encrypter = new Encrypter("secret");
const clearText = "adventure time";
const encrypted = encrypter.encrypt(clearText);
const dencrypted = encrypter.dencrypt(encrypted);
console.log({ worked: clearText === dencrypted });
于 2021-03-04T13:51:51.567 回答
3
这是Saptarshi Basu发布的答案的简化版本:
变化:
Buffer从buffer模块显式导入- 删除不必要的变量声明
- 将修改后
let的变量转换为const变量(或完全省略它们) - 转换
module.exports为单个对象 - 将
exports.x = x = (...)声明移动到module.exports对象 - 简化和/或减少
ALGORITHM对象的文档
代码:
const crypto = require("crypto");
const { Buffer } = require("buffer");
const ALGORITHM = {
// GCM is an authenticated encryption mode that not only provides confidentiality but also provides integrity in a secured way
BLOCK_CIPHER: "aes-256-gcm",
// 128 bit auth tag is recommended for GCM
AUTH_TAG_BYTE_LEN: 16,
// NIST recommends 96 bits or 12 bytes IV for GCM to promote interoperability, efficiency, and simplicity of design
IV_BYTE_LEN: 12,
// NOTE: 256 (in algorithm name) is key size (block size for AES is always 128)
KEY_BYTE_LEN: 32,
// to prevent rainbow table attacks
SALT_BYTE_LEN: 16
};
module.exports = {
getRandomKey() {
return crypto.randomBytes(ALGORITHM.KEY_BYTE_LEN);
},
// to prevent rainbow table attacks
getSalt() {
return crypto.randomBytes(ALGORITHM.SALT_BYTE_LEN);
},
/**
*
* @param {Buffer} password - The password to be used for generating key
*
* To be used when key needs to be generated based on password.
* The caller of this function has the responsibility to clear
* the Buffer after the key generation to prevent the password
* from lingering in the memory
*/
getKeyFromPassword(password, salt) {
return crypto.scryptSync(password, salt, ALGORITHM.KEY_BYTE_LEN);
},
/**
*
* @param {Buffer} messagetext - The clear text message to be encrypted
* @param {Buffer} key - The key to be used for encryption
*
* The caller of this function has the responsibility to clear
* the Buffer after the encryption to prevent the message text
* and the key from lingering in the memory
*/
encrypt(messagetext, key) {
const iv = crypto.randomBytes(ALGORITHM.IV_BYTE_LEN);
const cipher = crypto.createCipheriv(ALGORITHM.BLOCK_CIPHER, key, iv, {
authTagLength: ALGORITHM.AUTH_TAG_BYTE_LEN
});
let encryptedMessage = cipher.update(messagetext);
encryptedMessage = Buffer.concat([encryptedMessage, cipher.final()]);
return Buffer.concat([iv, encryptedMessage, cipher.getAuthTag()]);
},
/**
*
* @param {Buffer} ciphertext - Cipher text
* @param {Buffer} key - The key to be used for decryption
*
* The caller of this function has the responsibility to clear
* the Buffer after the decryption to prevent the message text
* and the key from lingering in the memory
*/
decrypt(ciphertext, key) {
const authTag = ciphertext.slice(-16);
const iv = ciphertext.slice(0, 12);
const encryptedMessage = ciphertext.slice(12, -16);
const decipher = crypto.createDecipheriv(ALGORITHM.BLOCK_CIPHER, key, iv, {
authTagLength: ALGORITHM.AUTH_TAG_BYTE_LEN
});
decipher.setAuthTag(authTag);
const messagetext = decipher.update(encryptedMessage);
return Buffer.concat([messagetext, decipher.final()]);
}
};
请记住,虽然简化了,但该代码应该在功能上与Saptarshi Basu的代码相同。
祝你好运。
于 2020-06-29T14:50:56.587 回答
1
接受的 ansewr 是正确的,但更改很少,createCipher并且createDecipher已被弃用。
在新方法中createCipheriv,需要createDecipheriv iv值,iv值长度必须为 128 位,密钥必须为 256 位。
代码示例
const crypto = require('crypto');
const assert = require('assert');
let algorithm = 'aes256'; // or any other algorithm supported by OpenSSL
let key = 'ExchangePasswordPasswordExchange'; // or any key from .env
let text = 'I love kittens';
let iv = crypto.randomBytes(8).toString('hex'); // or you can add static value from .env
let cipher = crypto.createCipheriv(algorithm, key, iv);
let encrypted = cipher.update(text, 'utf8', 'hex') + cipher.final('hex');
let decipher = crypto.createDecipheriv(algorithm, key, iv);
let decrypted = decipher.update(encrypted, 'hex', 'utf8') + decipher.final('utf8');
assert.equal(decrypted, text);
于 2022-01-29T09:04:03.467 回答
-3
var crypto = require('crypto'),
algorithm = 'aes-256-ctr',
password = 'RJ23edrf';
//Here "aes-256-cbc" is the advance encryption standard we are using for encryption.
function encrypt(text){
var cipher = crypto.createCipher(algorithm,password)
var crypted = cipher.update(text,'utf8','hex')
crypted += cipher.final('hex');
return crypted;
}
function decrypt(text){
var decipher = crypto.createDecipher(algorithm,password)
var dec = decipher.update(text,'hex','utf8')
dec += decipher.final('utf8');
return dec;
}
var salt = uuid.v4()
var e = encrypt();
console.log(e);
var d = decrypt(e);
console.log(d);
于 2020-01-26T06:06:41.900 回答