Skip to content

Instantly share code, notes, and snippets.

@Lawlez
Last active October 28, 2020 17:01
Show Gist options
  • Save Lawlez/88e04e3541cc0608c953a118b86bfc1a to your computer and use it in GitHub Desktop.
Save Lawlez/88e04e3541cc0608c953a118b86bfc1a to your computer and use it in GitHub Desktop.
Encrypt and decrypt in javascript using node or browserify for use with openssl or php
import crypto from 'browserify-aes'
/**********************************************************************
*
* DECRYPTION MODULE FOR USE IN BROWSER DURING RUNTIME *
*
***********************************************************************/
const decrypt = hash => {
const hash = hash.data
//get IV from input, make sure its no longer than 16 bytes
const IV = hash.IV
//ein neuer cipher wird vorbereitet, mittels aes256, unserem 256 bit KEY und dem config IV
const decipher = crypto.createDecipheriv(
'aes256',
process.env.APP_CONFIG_KEY.substr(0, 32),
IV,
)
//der hash wird nun decrypted mittels dem zuvor erstellten cipher
const decrypted = Buffer.concat([decipher.update(
Buffer.from(hash, 'hex'),
), decipher.final()]).toString()
return JSON.parse(decrypted)
}
onst crypto = require('crypto')
/**********************************************************************
*
* DECRYPTION MODULE FOR USE INSIDE NODE.JS *
*
***********************************************************************/
const encryption = (data = 'TestString {} Héllöüä') => {
const secretPhrase = crypto.randomBytes(16).toString('hex')
const salt = crypto.randomBytes(128 / 8).toString('hex')
//here we generate the key and give it back as a string, we use 100k iterations
//as suggested in best practices
//We can use the key multiple times to encrypt multiple things(-30GB), we just cant use
//the same initialization vector twice
//the key for aes-256 needs to be 256 bits which equals 32 bytes or 32 characters
const configKey = crypto.pbkdf2Sync(secretPhrase, salt, 100000, 32, 'sha256').toString('hex').substr(0, 32)
//create unique IV for each encryption, the key can be reused. IV needs to always be 16 bytes
const IV = crypto.randomBytes(16)
//create ciphers for each encryption using the shared key and the unuique IV
const projectConfigCipher = crypto.createCipheriv('aes-256-cbc', configKey, IV.toString('hex').substr(0,16)
//encripting the storage location using the prepared cipher
const encrypted = Buffer.concat([configStorageCipher.update(
'STORAGE', 'utf8'
), configStorageCipher.final()]).toString('hex')
return encrypted
}
#########################################################################################
# #
# ENCRYPTION FOR CLI IN / MACOS / LINUX / WINDOWS #
# #
#########################################################################################
#encrypt with key & IV but no salt
cat config.json | openssl aes-256-cbc -iv $(cat iv) -K $(cat key) -A -nosalt -base64
#decrypt with key IV and base64
echo "encryptedString" | openssl aes-256-cbc -d -iv $(cat iv) -K $(cat key) -base64 -A
/**********************************************************************
*
* ENCRYPTION & DECRYPTION MODULE FOR PHP7+ USING OPENSSL *
*
***********************************************************************/
class AESEncryption {
//key length should be 256 bits for aes 256 this means we use a string with 32 bytes
public static $key = "5f08e0ec585393a8e2ca8f0a1a0ae752";
//iv length should be always be 128 bit / 16 bytes
public static $iv = "05d387e7f773035a";
// The AES uses a block size of sixteen octets (128 bits)
public static $Method = 'AES-256-CBC';
/**
* use the AES to encrypt plaintext data and return a base 64 string
*
* $key
*/
public static function encrypt($cleartext,$key = ''){
$key = empty($key) ? self::$key : $key;
$encrypted = openssl_encrypt($cleartext, self::$Method, $key, OPENSSL_RAW_DATA, self::$iv);
return base64_encode($encrypted);
}
/**
* use the AES to decrypt a base 64 string into plaintext
*
* $key
*/
public static function decrypt($encrypted,$key = ''){
$key = empty($key) ? self::$key : $key;
$encrypted = base64_decode($encrypted);
$decrypted = openssl_decrypt($encrypted, self::$Method, $key, OPENSSL_RAW_DATA, self::$iv);
return trim($decrypted);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment