我正在嘗試重寫舊的 NodeJs 加密演算法
crypto.createDecipheriv(algorithm, key, iv[, options])
進入webcrypto
subtle.decrypt(algorithm, key, data)
此代碼適用于 AES-128-CTR 演算法
const algorithm = 'aes-128-ctr';
const iv = '0123456789ABCDEF0123456789ABCDEF';
const privateKey = '16Random_Letters';
const hexBufferFromIv = Buffer.from(iv, 'hex');
const utfBufferFromPrivateKey = Buffer.from(privateKey, 'utf8');
function oldEncryptData(data: string): string {
const cipher = createCipheriv(
algorithm,
utfBufferFromPrivateKey,
hexBufferFromIv,
);
let crypted = cipher.update(data, 'utf8', 'base64');
crypted = cipher.final('base64');
return crypted;
}
function oldDecryptData(data: string): string {
const decipher = createDecipheriv(
algorithm,
utfBufferFromPrivateKey,
hexBufferFromIv,
);
let dec = decipher.update(data, 'base64', 'utf8');
dec = decipher.final('utf8');
return dec;
}
async function testDecrypt() {
const sourceText = `any text to encrypt!`;
const encryptedText = oldEncryptData(sourceText);
const decryptedText = oldDecryptData(encryptedText);
return sourceText === decryptedText;
}
testDecrypt().then(console.log);
現在我在 nodejs 中測驗此代碼和 WebCrypto 示例,但作為最終結果,我不會將 webCrypto.subtle.decrypt 功能移動到 NGINX njs 中,據我所知,njs 不支持除 WebCrypto 之外的其他解密選項。
用于 AES-CTR 的 WebCrypto 解密介面通常看起來像
const data = await crypto.subtle.decrypt(
{
name: "AES-CTR",
counter, // BufferSource
length: 128, // 1-128
},
key, // AES key
encData, // BufferSource
);
我不明白。
Initialization vectorcounter 與increateDecipheriv方法是一回事嗎?- 我應該如何從相同的密碼生成
subtle.decrypt方法的密鑰? - 我是否需要對編碼進行任何額外的轉換
base64以重現方法中的輸入和utf8輸出編碼?cipher.update(data, 'utf8', 'base64');decipher.update(data, 'base64', 'utf8');
uj5u.com熱心網友回復:
感謝 Topaco 的提示。我會寫一個更完整的答案。也許它對某人有用。
- 是的,
Initialization vector并且counter可以視為同一件事。 - 要從相同的密碼短語生成密鑰,您應該使用importKey方法。并且您應該從密碼短語發送與方法中相同的 ArrayBuffer
createCipheriv。 - 是的,如果您的舊方法使用了一些特定的編碼和解碼,您應該在 Webcrypto.SubtleCrypto.encrypt() 和 decrypt() 方法之后重復相同的編碼/解碼邏輯。
完整可行的例子可能看起來像
import { webcrypto } from 'crypto';
const iv = '0123456789ABCDEF0123456789ABCDEF';
const privateKey = '16Random_Letters';
const hexBufferFromIv = Buffer.from(iv, 'hex');
const utfBufferFromPrivateKey = Buffer.from(privateKey, 'utf8');
async function generateKeyFromPassPhrase(): Promise<CryptoKey> {
return webcrypto.subtle.importKey(
'raw',
utfBufferFromPrivateKey,
{
name: 'AES-CTR',
},
true,
['decrypt', 'encrypt'],
);
}
async function newEncryptData(data: string): Promise<string> {
const key = await generateKeyFromPassPhrase();
const encryptResult = await webcrypto.subtle.encrypt(
{
name: 'AES-CTR',
length: 128,
counter: hexBufferFromIv,
},
key,
Buffer.from(data),
);
return Buffer.from(encryptResult).toString('base64');
}
async function newDecryptData(data: string): Promise<string> {
const key = await generateKeyFromPassPhrase();
const decryptResult = await webcrypto.subtle.decrypt(
{
name: 'AES-CTR',
length: 128,
counter: hexBufferFromIv,
},
key,
Buffer.from(data, 'base64'),
);
return Buffer.from(decryptResult).toString();
}
async function testDecrypt() {
const sourceText = `any text to encrypt!`;
const encrypted2 = await newEncryptData(sourceText);
const decrypted2 = await newDecryptData(encrypted2);
return sourceText === decrypted2;
}
testDecrypt().then(console.log);
轉載請註明出處,本文鏈接:https://www.uj5u.com/qukuanlian/537053.html
上一篇:BasicAuthwithnginx除了特定位置(管理員/API)
下一篇:Azure上的nginx配置