Open in app

Sign in

Write

Sign in

Exploring 5 Practical Use Cases for Node.js Crypto Library

Abubakar Balogun
5 min readFeb 18, 2024

--

Node.js remains a popular Javascript runtime environment for developing secure and scalable web applications. Its rich ecosystem of libraries and tools simplifies building applications, and one such built-in library is crypto. This library offers various cryptographic utilities for securing web applications.

In this article, we’ll explore 5 practical use cases for the Node.js Crypto library, covering topics like hashing, encryption, and signing. After reading this article, you’ll have a good understanding of various ways to leverage Node.js crypto library for application security.

1. Generate Secure Tokens and Passwords

When generating tokens like email verification codes, a common approach is to use Math.random(). However, Math.random() generates pseudo-random numbers, which means they are predictable and not suitable for security-critical applications. For such purposes, Node.js Crypto provides functions like crypto.randomBytes() to generate cryptographically secure random numbers, which are unpredictable and crucial for robust security. Here is how to use crypto.randomBytes() to generate a secured token:

const crypto = require("crypto");

function generateSecureToken(length) {
    return new Promise((resolve, reject) => {
        crypto.randomBytes(length, (err, buffer) => {
            if (err) {
                reject(err);
            } else {
                const token = buffer.toString('hex');
                resolve(token);
            }
        });
    });
}

async function main() {
    try {
        const token = await generateSecureToken(16);
        console.log('Secure token:', token);
    } catch (error) {
        console.error('Error generating secure token:', error);
    }
}

main()

2. Generate Cryptographic Hashes

One of the most common and vital applications of Node.js crypto module is generating cryptographic hash functions. A cryptographic hash function is a mathematical algorithm that transforms input data of any size into a fixed-size string of characters with certain cryptographic properties, such as preimage resistance, second preimage resistance, and collision resistance. These functions are invaluable in various security-critical scenarios such as password storage, digital signatures, and ensuring data integrity. Although hash functions like MD5 and RIPEMD exist, they are no longer recommended for cryptographic purposes due to vulnerabilities. Instead, secure hash functions like SHA-256 and SHA-3 should be used. In Node.js, the crypto library offers functionalities for generating cryptographic hashes.

Suppose you have sensitive data and you want to ensure its integrity or detect whether it has been tampered with. In such scenarios, cryptographic hashes play a crucial role. These hashes, generated using algorithms like SHA-256 provided by Node.js’s crypto library, provides a unique fingerprint for your data, making it computationally infeasible for anyone to tamper with the data without detection.

How to generate a cryptographic hash in Node.js using the SHA-256 algorithm:

const crypto = require("crypto");

function generateHash(data) {
  const hash = crypto.createHash("sha256");
  hash.update(data);
  return hash.digest("hex");
}


const sensitiveData = "This is my sensitive data.";

const hashValue = generateHash(sensitiveData);

console.log("Original Data:", sensitiveData);
console.log("Hash Value:", hashValue);

const tamperedData = "This is my tampered data.";
const tamperedHashValue = generateHash(tamperedData);

console.log("\nTampered Data:", tamperedData);
console.log("Tampered Hash Value:", tamperedHashValue);

if (hashValue === tamperedHashValue) {
  console.log("\nThe data hasn't been tampered with.");
} else {
  console.log("\nThe data has been tampered with!");
}

In this code, the generateHash() function takes sensitive data as input and utilizes the SHA-256 hashing algorithm to create a cryptographic hash. The resulting hash can then be used for various security purposes, including data integrity verification.

3. Data Encryption & Decryption

There are various reasons why an application may require data encryption, this may include compliance requirements, secure data transfer, backup and disaster recovery, and more. To implement data encryption and decryption in Node.js, the crypto library can be used for the encryption and decryption processes. For instance, in a chat system where sensitive messages are exchanged, encryption can strengthen security. Below is a simple example showing how to encrypt and decrypt data using AES encryption with Node.js:

const crypto = require("crypto");

function encryptSymmetric(plaintext, key, algorithm = "aes-256-cbc") {
  const iv = crypto.randomBytes(16);
  const cipher = crypto.createCipheriv(algorithm, key, iv);
  const ciphertext =
    cipher.update(plaintext, "utf8", "hex") + cipher.final("hex");
  return { ciphertext, iv };
}

function decryptSymmetric(ciphertext, key, iv, algorithm = "aes-256-cbc") {
  const decipher = crypto.createDecipheriv(algorithm, key, iv);
  const decrypted =
    decipher.update(ciphertext, "hex", "utf8") + decipher.final("utf8");
  return decrypted;
}

const plaintext = "This is a secret message.";
const key = crypto.randomBytes(32);

const { ciphertext, iv } = encryptSymmetric(plaintext, key);

console.log("Encrypted data:", ciphertext);
console.log("IV:", iv.toString("hex"));

const decryptedPlaintext = decryptSymmetric(ciphertext, key, iv);

console.log("Decrypted data:", decryptedPlaintext);

4. Digital signature

A digital signature is like an electronic fingerprint for digital information. It uses cryptography to ensure authenticity, integrity, and Non-repudiation of information. The Node.js crypto library provides a functionality to cryptographically sign information. Consider a scenario where you have a Node.js application that communicates with a third-party API over the network. You want to ensure the authenticity and integrity of the data exchanged between your application and the API. Digital signatures can be used to achieve this.

Example:

const crypto = require("crypto");

function generateDigitalSignature(data, privateKey) {
  const sign = crypto.createSign("SHA256");
  sign.update(data);
  return sign.sign(
    {
      key: privateKey,
      padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
      saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,
    },
    "base64"
  );
}


function verifyDigitalSignature(data, signature, publicKey) {
  const verify = crypto.createVerify("SHA256");
  verify.update(data);
  return verify.verify(
    {
      key: publicKey,
      padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
      saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,
    },
    signature,
    "base64"
  );
}


const data = "My sensitive data!";
const privateKey = crypto.generateKeyPairSync("rsa", {
  modulusLength: 2048,
  publicKeyEncoding: {
    type: "pkcs1",
    format: "pem",
  },
  privateKeyEncoding: {
    type: "pkcs1",
    format: "pem",
  },
}).privateKey;

const publicKey = crypto.generateKeyPairSync("rsa", {
  modulusLength: 2048,
  publicKeyEncoding: {
    type: "pkcs1",
    format: "pem",
  },
  privateKeyEncoding: {
    type: "pkcs1",
    format: "pem",
  },
}).publicKey;


const signature = generateDigitalSignature(data, privateKey);
console.log("Digital Signature:", signature);

const isSignatureValid = verifyDigitalSignature(data, signature, publicKey);
console.log("Is Signature Valid:", isSignatureValid);

In the above code example, we have two functions: generateDigitalSignature() and verifyDigitalSignature(). The generateDigitalSignature() function takes data and a private key as input and returns the digital signature. The verifyDigitalSignature() function takes the data, signature, and public key as input and returns a boolean indicating whether the signature is valid.

5. Password Hashing

In addition to its cryptographic capabilities, the Node.js crypto module serves as a robust tool for password hashing. While bcrypt is a commonly favoured choice for password hashing in Node.js applications due to its security features, crypto offers a viable alternative.

Example:

const crypto = require("crypto");

function hashPassword(password) {
  const salt = crypto.randomBytes(16).toString("hex");
  const hash = crypto
    .pbkdf2Sync(password, salt, 10000, 64, "sha256")
    .toString("hex");
  return {
    salt: salt,
    hash: hash,
  };
}

const password = "myPassword123";
const hashedPassword = hashPassword(password);
console.log("Salt:", hashedPassword.salt);
console.log("Hash:", hashedPassword.hash);

In this code snippet, the hashPassword() function utilizes the crypto module to securely hash passwords. The process involves generating a cryptographically strong random salt, which is then combined with the password using the PBKDF2 algorithm with SHA-256 hashing. This ensures a high level of security and resistance against common attacks like rainbow table lookups and brute force attempts

Conclusion

This article has provided an insightful exploration of the capabilities of the Node.js Crypto library and its importance in improving the security of Node.js applications. Throughout the article, we’ve explored several core aspects, such as secure token generation, data encryption, digital signature generation, and password hashing.

Thanks for reading and I hope you find this article quite insightful.

You can read more about the Node.js crypto module and its other practical uses on the Node.js official website: https://nodejs.org/api/crypto.html

Node
Nodejs
Backend
Backend Development
Back End Development

--

--

Abubakar Balogun
Abubakar Balogun

Written by Abubakar Balogun

14 Followers
4 Following

I share insights on Software development and other subjects that pique my interest.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams