Node.js Crypto类使用更新的版本返回不同的结果
下面的代码为一个单一loginbutton生成HTML输出,并将其添加到页面中。 在节点版本0.5.x中,服务器在button单击时接受密钥,但在升级到0.10.x后,密钥不起作用并产生不同的输出。 没有错误。 encryption类是否改变了? 请注意,密钥,url和iv已被稍微更改,以避免发布安全信息,但长度正确。
var util = require('util'); var crypto = require('crypto'); var fs = require('fs'); var dateFormat = require('dateformat'); var AESCrypt = {}; AESCrypt.encrypt = function(cryptkey, iv, cleardata) { var encipher = crypto.createCipheriv('aes-256-cbc', cryptkey, iv), encryptdata = encipher.update(cleardata); encryptdata += encipher.final('binary'); encode_encryptdata = new Buffer(encryptdata, 'binary').toString('hex'); return encode_encryptdata; } function getKey(email){ var now = new Date(); var key = new Buffer("F4553ECE8E0039675E8DA176D23BD82D455BB6272B574FDD6185296432CE1AD9",'hex'), iv = new Buffer("D95897EA52A8A0C8DF231C8F2DBE59A7",'hex'), key_bin = key.toString('binary'), iv_bin = iv.toString('binary'), text = new Buffer('mystring','ascii'), text_bin = text.toString('binary'); var enc = AESCrypt.encrypt(key_bin, iv_bin, text_bin); var page = '<form method="POST" action="https://somedomain.com/AES.aspx"><input type="hidden" name="key" value="'+enc+'"/><input type="hidden" name="ouid" value="1"/><input type="submit" value="Log ine"/></form>'; return page; } if(process.argv[2]) { email = process.argv[2]; console.log(getKey(email)); } else{ console.log('Something may be wrong with your email address>') } 看来,至less在Buffer.concat()更高版本中,需要使用Buffer.concat()而不是+=运算符。
Woking代码:
var crypto = require('crypto'); var ecr = function(str) { var cipher = crypto.createCipher('aes-256-cbc', 'passphase'); var cryptedBuffers = [cipher.update(new Buffer(str))]; cryptedBuffers.push(cipher.final()); var crypted = Buffer.concat(cryptedBuffers); return crypted; }; var dcr = function(str) { var dcipher = crypto.createDecipher('aes-256-cbc', 'passphase'); var dcryptedBuffers = [dcipher.update(new Buffer(str))]; dcryptedBuffers.push(dcipher.final()); var dcrypted = Buffer.concat(dcryptedBuffers) .toString('utf8'); return dcrypted; }; console.log(dcr(ecr('hello test')));
- 使用vb.net AES / CBCencryptionstring,并需要使用JavaScript CryptoJS进行解密
- Java BouncyCastle中的确定性AES-CTR?
- 在nodejs中解密.Net cookie
- 解密来自PHP RIJNDAEL_128 CBC的node.js中的string
- Node.js Crypto AES密码
- 尝试使用crypto-js和nodejs进行解密
- 2路encryptionalgorithm,对Ruby和Node.JS只encryption到字母和数字
- mongodb,node.js和encryption的数据
- 使用Diffie-Hellman密钥交换和AES进行客户端HTTPencryption