How to encrypt data that needs to be decrypted in Node js

+1 vote
I’m building a Node.js application that requires data to be encrypted on the server and decrypted later. I’m looking for guidance on implementing secure encryption and decryption practices, especially for sensitive data storage. What’s the best approach to handle symmetric encryption in Node.js, and are there libraries that simplify the encryption process while maintaining security standards?

Any advice on best practices for encryption/decryption, key management, or library recommendations would be appreciated.
Oct 29, 2024 in Cyber Security & Ethical Hacking by Anupam
• 12,620 points
173 views

1 answer to this question.

+1 vote

To securely encrypt and decrypt data in a Node.js application, you can use the crypto module with AES encryption.

Here’s a recommended approach using AES-256-CBC encryption, which is commonly used and considered strong.

const crypto = require('crypto');
const assert = require('assert');

const algorithm = 'aes-256-cbc';
// Generate a 32-byte (256-bit) key and a 16-byte IV (AES block size)
const key = crypto.randomBytes(32);
const iv = crypto.randomBytes(16);

function encrypt(text) {
    const cipher = crypto.createCipheriv(algorithm, key, iv);
    let encrypted = cipher.update(text, 'utf8', 'hex');
    encrypted += cipher.final('hex');
    return { iv: iv.toString('hex'), encryptedData: encrypted };
}

function decrypt(encryptedData, ivHex) {
    const decipher = crypto.createDecipheriv(algorithm, key, Buffer.from(ivHex, 'hex'));
    let decrypted = decipher.update(encryptedData, 'hex', 'utf8');
    decrypted += decipher.final('utf8');
    return decrypted;
}

// Usage example
const text = 'I love kittens';
const encrypted = encrypt(text);
console.log("Encrypted:", encrypted);

const decrypted = decrypt(encrypted.encryptedData, encrypted.iv);
console.log("Decrypted:", decrypted);

// Check if decrypted text matches the original
assert.strictEqual(decrypted, text);
  • The code specifies aes-256-cbc for AES encryption with a 256-bit key, a strong standard for secure encryption. This ensures data is encrypted with a secure algorithm.
  • A 32-byte key and a 16-byte initialization vector (IV) are randomly generated, which are crucial for encryption security. The IV makes each encryption unique, even with the same key.
  • createCipheriv is used to initialize encryption with the algorithm, key, and IV, then cipher.update and cipher.final convert the plaintext into encrypted hex data. This results in a securely encrypted message.
  • The decryption process reverses encryption using createDecipheriv, taking the encrypted data and IV to restore the original text. This verifies that only with the right key and IV can data be decrypted back to its original form.
  • An assert statement compares the decrypted text to the original, ensuring the encryption-decryption cycle is intact.

Related post Prevent CSRF in Node.js

AES-256-CBC in Node.js

answered Nov 6, 2024 by CaLLmeDaDDY
• 22,940 points

edited Jan 23 by Sunita
The implementation generates random keys and IVs, which is excellent for security. However, for practical applications, do you recommend using a secure secrets manager to store keys, and what strategies would you suggest for securely transferring IVs alongside encrypted data?

Related Questions In Cyber Security & Ethical Hacking

0 votes
0 answers

How to encrypt sensitive data using AES in Python?

AES (Advanced Encryption Standard) is widely used ...READ MORE

Mar 4 in Cyber Security & Ethical Hacking by Anupam
• 12,620 points
34 views
0 votes
0 answers

How to hash passwords using bcrypt in Node.js?

Bcrypt is a popular hashing algorithm for ...READ MORE

Mar 4 in Cyber Security & Ethical Hacking by Anupam
• 12,620 points
34 views
0 votes
0 answers

How to implement XSS protection in a Node.js app?

Cross-Site Scripting (XSS) is a common web ...READ MORE

Mar 5 in Cyber Security & Ethical Hacking by Anupam
• 12,620 points
32 views
0 votes
0 answers

How to prevent session hijacking in a Node.js app?

Session hijacking allows attackers to take over ...READ MORE

Mar 6 in Cyber Security & Ethical Hacking by Anupam
• 12,620 points
47 views
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 22,940 points
452 views
+1 vote
1 answer

How does the LIMIT clause in SQL queries lead to injection attacks?

The LIMIT clause in SQL can indeed ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 22,940 points
422 views
+1 vote
1 answer

Is it safe to use string concatenation for dynamic SQL queries in Python with psycopg2?

The use of string concatenation while building ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 22,940 points
276 views
+1 vote
1 answer
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP