Node.js Crypto类使用更新的版本返回不同的结果
下面的代码为一个单一loginbutton生成HTML输出,并将其添加到页面中。 在节点版本0.5.x中,服务器在button单击时接受密钥,但在升级到0.10.x后,密钥不起作用并产生不同的输出。 没有错误。 encryption类是否改变了? 请注意,密钥,url和iv已被稍微更改,以避免发布安全信息,但长度正确。
var util = require('util'); var crypto = require('crypto'); var fs = require('fs'); var dateFormat = require('dateformat'); var AESCrypt = {}; AESCrypt.encrypt = function(cryptkey, iv, cleardata) { var encipher = crypto.createCipheriv('aes-256-cbc', cryptkey, iv), encryptdata = encipher.update(cleardata); encryptdata += encipher.final('binary'); encode_encryptdata = new Buffer(encryptdata, 'binary').toString('hex'); return encode_encryptdata; } function getKey(email){ var now = new Date(); var key = new Buffer("F4553ECE8E0039675E8DA176D23BD82D455BB6272B574FDD6185296432CE1AD9",'hex'), iv = new Buffer("D95897EA52A8A0C8DF231C8F2DBE59A7",'hex'), key_bin = key.toString('binary'), iv_bin = iv.toString('binary'), text = new Buffer('mystring','ascii'), text_bin = text.toString('binary'); var enc = AESCrypt.encrypt(key_bin, iv_bin, text_bin); var page = '<form method="POST" action="https://somedomain.com/AES.aspx"><input type="hidden" name="key" value="'+enc+'"/><input type="hidden" name="ouid" value="1"/><input type="submit" value="Log ine"/></form>'; return page; } if(process.argv[2]) { email = process.argv[2]; console.log(getKey(email)); } else{ console.log('Something may be wrong with your email address>') }
看来,至less在Buffer.concat()
更高版本中,需要使用Buffer.concat()
而不是+=
运算符。
Woking代码:
var crypto = require('crypto'); var ecr = function(str) { var cipher = crypto.createCipher('aes-256-cbc', 'passphase'); var cryptedBuffers = [cipher.update(new Buffer(str))]; cryptedBuffers.push(cipher.final()); var crypted = Buffer.concat(cryptedBuffers); return crypted; }; var dcr = function(str) { var dcipher = crypto.createDecipher('aes-256-cbc', 'passphase'); var dcryptedBuffers = [dcipher.update(new Buffer(str))]; dcryptedBuffers.push(dcipher.final()); var dcrypted = Buffer.concat(dcryptedBuffers) .toString('utf8'); return dcrypted; }; console.log(dcr(ecr('hello test')));
- 节点encryption解码stream抛出EVP_DecryptFinal_ex:如果stream将被中断,则错误的最终块长度
- 2路encryptionalgorithm,对Ruby和Node.JS只encryption到字母和数字
- Node.js:错误的密码输出
- python(pycrypto)和nodejs(crypto)之间不匹配的encryption(aes-128-cbc)
- Node.js Crypto AES密码
- 使用Node.js AES点击encryption并使用PyCrypto进行解密
- AES在.NET中encryption并使用Node.jsencryption解密?
- AES CryptoJSencryption和phpseclib解密
- Node.js和encryption库