CODEWITHSUNDEEP
node.jscharacter-encodingbase64buffercryptojs
David
David

Reputation: 7486

Decrypted string is not encoded properly in subsequent Node sessions

I have text of the form crypto.randomBytes(30).toString("hex") that I need encrypted.

Below is the encrypt and decrypt algorithms that I use.

import crypto from "crypto";

const ALGORITHM = "aes-256-ctr";
const IV_LENGTH = 16;
const ENCRYPTION_KEY = crypto.randomBytes(32);

export const encrypt = (text: string) => {
  const iv = crypto.randomBytes(IV_LENGTH);
  const cipher = crypto.createCipheriv(ALGORITHM, ENCRYPTION_KEY, iv);
  const encryptedText = cipher.update(text, "utf8", "base64") + cipher.final("base64");

  return `${iv.toString("hex")}:${encryptedText}`;
};

export const decrypt = (text: string) => {
  const textParts = text.split(":");
  const iv = Buffer.from(textParts.shift(), "hex");
  const decipher = crypto.createDecipheriv(ALGORITHM, ENCRYPTION_KEY, iv);
  const encryptedText = Buffer.from(textParts.join(":"), "base64");

  return decipher.update(encryptedText, "base64", "utf8") + decipher.final("utf8");
};

I run node in my terminal and am able to mess around with these functions in my repl-like environment.

When I am within that node session, I see the following:

const encryptedText = encrypt("0e1819ff39ce47ec80488896a16520bc6b8fcd7d55dc918c96c61ff8e426")
// Output: "9fa7486458345eae2b46687a81a9fcf5:LOrlVD06eotggmIPAq0z9yzP/EHoeQyZyK6IiBYKZMIWvWYLekmSe73OjlgXdWJVOrcTyWS/eP3UU2yv"

const decryptedText = decrypt(encryptedText);
// Output: "0e1819ff39ce47ec80488896a16520bc6b8fcd7d55dc918c96c61ff8e426"

Just like I want!

If I exit the node session, and open a new node session and copy and paste to decrypt the same string I get the following:

const decryptedText = decrypt(ENCRYPTED_TEXT_FROM_ABOVE)
// Output: "�Z<�\r����S78V��z|Z\u0013��\u001a}�����@ߩ����Ɣh���*����y\b�\u001d���l'�m�'�"

Why is this happening? What changed? Clearly it seems like the Node no longer knows how to display the characters or something. I don't know what encoding it is now.

I came across this because I store the encrypted data in Postgres and upon retrieving it, I sometimes need to decrypt it. For some reason, when I restart the node session it forgets how to read it.

The interesting thing is I can decrypt(encrypt("another string")) => "another string" in the new node terminal and it'll work, but the original string no longer does.

Upvotes: 1

Views: 147

Answers (1)

Terry Lennox
Terry Lennox

Reputation: 30725

The decryption step is failing here since you are generating a new key for each session in the line: 

const ENCRYPTION_KEY = crypto.randomBytes(32);

If you log the key like so:

console.log( { key: ENCRYPTION_KEY.toString("hex") });

You'll see the key is different for each run. So it makes sense that we fail to decrypt the encrypted data from a previous session!

If you change to using a fixed key:

const ENCRYPTION_KEY = Buffer.from("8b3d2068cf410479451eef41fe07d43e62ec80b962ae30cd99f7698499acfd61", "hex");

The output from each session should be decrypted in the next one.

Of course we won't want to leave keys in code, so it would be best to use an environment variable for this purpose.

Upvotes: 1

Related Questions