From 44cfbc0b9b1ee06fab6808aa7f5f88d5ebcd4f79 Mon Sep 17 00:00:00 2001 From: Timo Hocker Date: Thu, 5 Mar 2020 10:19:27 +0100 Subject: [PATCH] use aes-cbc --- index.js | 25 +++++++++---------------- 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/index.js b/index.js index 6199f56..45b9a3d 100644 --- a/index.js +++ b/index.js @@ -11,9 +11,8 @@ const crypto = require ('crypto'); const encoding = require ('@scode/encoding-helper'); const encryption = { - algorithm: 'aes-256-gcm', - nonce_size: 12, - tag_size: 16, + algorithm: 'aes-256-cbc', + nonce_size: 16, key_size: 32, hash: 'sha256', salt_size: 16, @@ -153,23 +152,22 @@ function checksum (data) { * @returns {string} encrypted */ function encrypt_aes (text, pass) { - const salt = crypto.randomBytes (16); + const salt = crypto.randomBytes (encryption.salt_size); // eslint-disable-next-line no-sync const key = crypto.pbkdf2Sync ( Buffer.from (pass, 'utf-8'), salt, - 32767, - 32, - 'sha256' + encryption.iterations, + encryption.key_size, + encryption.hash ); - const nonce = crypto.randomBytes (12); - const cipher = crypto.createCipheriv ('aes-256-gcm', key, nonce); + const nonce = crypto.randomBytes (encryption.nonce_size); + const cipher = crypto.createCipheriv (encryption.algorithm, key, nonce); return Buffer.concat ([ salt, nonce, cipher.update (Buffer.from (text)), - cipher.final (), - cipher.getAuthTag () + cipher.final () ]) .toString ('base64'); } @@ -196,12 +194,7 @@ function decrypt_aes (ciphertext, pass) { ); const nonce = buf.slice (0, encryption.nonce_size); buf = buf.slice (encryption.nonce_size); - const tag = buf.slice ( - buf.length - encryption.tag_size - ); - buf = buf.slice (0, buf.length - encryption.tag_size); const cipher = crypto.createDecipheriv (encryption.algorithm, key, nonce); - cipher.setAuthTag (tag); return Buffer.concat ([ cipher.update (buf), cipher.final ()