Implementing Crypto in < 5 min

Ariel Salem
Aug 8, 2017 · 3 min read

Much like my previous post on setting up nodemailer, I’m ashamed to admit that looking through the crypto docs intimidated me and prevented me from utilizing it’s incredible gifts. It wasn’t until I was presented with a coding challenge that I was forced to really understand how easy it is to truly setup. In this post, I’ll demonstrate just what we need in order to setup crypto on the server so that we can encrypt and decrypt information whenever we may need it.

Disclaimer: this post assumes you’ve already setup your frontend and your server using node/express. If you are looking to setup a fullstack CRUD app, check out this earlier post on how to create a MEAN stack app.

Dependencies

To begin with, you will need to install the crypto package if you haven’t done so yet:

npm install --save crypto

Encryption & Decryption

Once your package is installed, you’ll need to require it in your server, like so:

const crypto = require('crypto');

Great! Now that you’ve required crypto, we will need to create our encryption and decryption functions on our server:

//server.js
const encrypt = (messageToEncrypt, salt) => {
let cipher = crypto.createCipher('aes-256-ctr', salt);
let crypted = cipher.update(message, 'utf8', 'hex');
crypted += cipher.final('hex');
return crypted;
}
const decrypt = (messageToDecrypt, salt) => {
let decipher = crypto.createDecipher('aes-256-ctr', salt);
let dec = decipher.update(message, 'hex', 'utf8');
dec += decipher.final('utf8');
return dec
}

That seems like an awful lot of information to unpack, but it’s really much more simple then it might seem. First let’s start off with what the crypto.createCipher function is doing, and what’s going on with it’s funky parameter. TLDR of the documentation, the function uses an algorithm(based on openSSL releases) and a password to return a cipher. This password can be anything we want it to be, so if you’re looking to insert your own customized salt, you’re free to do so! Next we have the cipher.update function. As the name suggests, cipher.update simply updates the cipher with data that’s passed in. In our case, this data is the message we want to encode. Next, we pass in the 'utf8' to help encode the message. Finally, we need to tell our update function how we want our final format to be.

Finally, we call the final function to stop the update function. By passing in the hex string, we tell our function that the outcome should return a string.

Now if we take a look at our decrypt function, it becomes clear that we are running the similar operations with the same values in order to reverse (or decrypt) the process.

Practical Examples

That’s all fine and dandy, but if there’s no way to make use of it, what good is it to us? That’s a great point. Here’s where I’d like to connect us back towards the coding challenge I wrote up. The gist of it was that people should be able to encrypt and decrypt messages that ARE NOT STORED onto a database, simply by passing in the message and salt for encryption, or the encrypted message and salt for decryption.

//server.js
app.post('/api/encrypt/:id', (req, res, next) => {
let { message } = req.body;
let salt = req.params.id
let encrypted = encrypt(message, salt);
if (!encrypted) {
res.status(404);
res.json({
error: 'information is invalid'
});
} else {
res.send(encrypted);
}
});
app.get('/api/encrypt/:id', (req, res, next) => {
let salt = req.params.id;
let messageToDecrypt = req.query.message;
let decrypted = decrypt(messageToDecrypt, salt);
if (!decrypted) {
res.status(404);
res.json({
error: 'information is invalid'
});
} else {
res.send(decrypted);
}
});

And there you have it!

Quick Recap:

  • Encryption and Decryption with Crypto is easy
  • The only thing you need is a message to en/decrypt and a salt/hash
  • The En/Decrypt functions can ‘translate’ information by utilizing the outcome of the encryption with the original salt,

Hope that helped, let me know if you have any questions!

Ariel Salem

Written by

Full Stack Developer | Lover of Tech, Programming, and all things JavaScript

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade