use aes-cbc

index.js

@@ -11,9 +11,8 @@ const crypto = require ('crypto');
 const encoding = require ('@scode/encoding-helper');
 
 const encryption = {
-  algorithm:  'aes-256-gcm',
-  nonce_size: 12,
-  tag_size:   16,
+  algorithm:  'aes-256-cbc',
+  nonce_size: 16,
   key_size:   32,
   hash:       'sha256',
   salt_size:  16,
@@ -153,23 +152,22 @@ function checksum (data) {
  * @returns {string} encrypted
  */
 function encrypt_aes (text, pass) {
-  const salt = crypto.randomBytes (16);
+  const salt = crypto.randomBytes (encryption.salt_size);
   // eslint-disable-next-line no-sync
   const key = crypto.pbkdf2Sync (
     Buffer.from (pass, 'utf-8'),
     salt,
-    32767,
-    32,
-    'sha256'
+    encryption.iterations,
+    encryption.key_size,
+    encryption.hash
   );
-  const nonce = crypto.randomBytes (12);
-  const cipher = crypto.createCipheriv ('aes-256-gcm', key, nonce);
+  const nonce = crypto.randomBytes (encryption.nonce_size);
+  const cipher = crypto.createCipheriv (encryption.algorithm, key, nonce);
   return Buffer.concat ([
     salt,
     nonce,
     cipher.update (Buffer.from (text)),
-    cipher.final (),
-    cipher.getAuthTag ()
+    cipher.final ()
   ])
     .toString ('base64');
 }
@@ -196,12 +194,7 @@ function decrypt_aes (ciphertext, pass) {
     );
     const nonce = buf.slice (0, encryption.nonce_size);
     buf = buf.slice (encryption.nonce_size);
-    const tag = buf.slice (
-      buf.length - encryption.tag_size
-    );
-    buf = buf.slice (0, buf.length - encryption.tag_size);
     const cipher = crypto.createDecipheriv (encryption.algorithm, key, nonce);
-    cipher.setAuthTag (tag);
     return Buffer.concat ([
       cipher.update (buf),
       cipher.final ()