Cryptography has always been an important pillar for software development. No one wants their data to be stolen. This is something that is keeping all the systems going on, starting from saving passwords to a database to the cutting edge advancements in currencies and decentralised systems like blockchain.
In this article we are going to learn to use cryptography in nodejs. But before, lets talk about cryptography itself.
Surprisingly, cryptography isn’t a new thing at all, the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. So, in cryptography we have some data we want to represent in a way that cannot be understood by anyone undesirable. This data is called cleartext and we pass it through some cryptographic algorithm to get ciphertext.
We have keys, with which the encryption or decryption is done, it’s like our secret magic password. Now we can classify cryptography into the following:-
A single key for both encryption and decryption, called symmetric encryption.
One key for encryption and another for decryption; also called asymmetric encryption. Here, we have a public key and a private key. The private key is kept secured by one party, and the public key can be shared. One of them is used to encrypt and another is used to decrypt it. So, for example if I encrypt something with a private key, then anyone can decrypt the data, but only I can generate that particular cipher. This makes it perfect for use cases such as digital signatures.
Another class of cryptographic algorithms are called the hash functions. They are like a one way road. In the hash functions terminology, the cipher text is called message digest .Once the clear text is passed through the hash function we cannot get it back. Changing even one character of the clear text would result in a completely different message digest. These are perfect for storing passwords in a database,
Now, let’s see how we can actually code these up.
Look, at he code sample below.
const crypto = require('crypto');const algorithm = 'aes-256-ctr';const password = 'keepitsecret';function encryptText(text){const cipher = crypto.createCipher(algorithm,password);let encrypted = cipher.update(text,'utf8','hex');encrypted += cipher.final('hex');return encrypted;}console.log(encryptText("javascript"));
If you are well versed with node, this should seem quite straight forward. We use a package called crypto which is a part of the standard library. We select AES (Advanced Encryption System) as our algorithm which is a symmetric cipher. Notice we also use a password, which acts as our key. With the algorithm and the password we create a cipher and encrypt our data. Let’s see how we can decrypt it.
function decryptText(text){const decipher = crypto.createDecipher(algorithm,password);let decrypted = decipher.update(text,'hex','utf8');decrypted += decipher.final('utf8');return decrypted;}let encrypted = encryptText("javascript");console.log(decryptText(encrypted));
You will see the text javascript as the output of the script. To decrypt it we use the function createDecipher instead. Its amazing how we can use something like cryptography so easily.
Lets see how to use a hash function.
const crypto = require('crypto');const secret = 'thisissecret';
const algorithm = 'sha256';function getHash(text) {const hash = crypto.createHmac(algorithm, secret).update(text).digest('hex');return hash;}console.log(getHash('javascript'));
The structure is the same, here we use SHA256, a very popular hash function as our algorithm, and produce the hash of the clear text.
That will be it for the article. To continue reading, check out the official documentation of the crypto API.
If you loved the content, then share some love and leave some claps. ❤
