What is Crypto Module in Node.js and How it is used ?

Q: What is Crypto Module in Node.js and How it is used ?

The crypto module in Node.js provides cryptographic functionality that includes a set of wrappers for OpenSSL’s hash, HMAC, cipher, decipher, sign, and verify functions. This module enables you to perform various security operations, such as hashing, encryption, and decryption, directly in your Node.js applications. In this article, we will explore what the crypto module is, its key features, and how to use it to perform common cryptographic operations.

How to use EcmaScript modules in Node.js ?

The crypto module in Node.js provides cryptographic functionality that includes a set of wrappers for OpenSSL’s hash, HMAC, cipher, decipher, sign, and verify functions. This module enables you to perform various security operations, such as hashing, encryption, and decryption, directly in your Node.js applications. In this article, we will explore what the crypto module is, its key features, and how to use it to perform common cryptographic operations.

What is the Crypto Module?

The crypto module in Node.js is part of the core libraries, meaning it is built into Node.js and does not require any external dependencies. It provides a way to perform cryptographic operations such as:

Hashing data to produce fixed-size digests.
Encrypting and decrypting data using symmetric and asymmetric algorithms.
Generating cryptographic signatures and verifying them.
Creating secure random numbers and keys.

These capabilities make the crypto module an essential tool for developing secure applications that require data integrity, confidentiality, and authentication.

Key Features of the Crypto Module

Hashing and HMAC: Create fixed-size digests from arbitrary-sized data, useful for data integrity and verification.
Symmetric Encryption: Encrypt and decrypt data using the same key.
Asymmetric Encryption: Encrypt and decrypt data using a key pair (public and private keys).
Digital Signatures: Generate and verify signatures for data, ensuring authenticity and integrity.
Random Number Generation: Generate cryptographically secure random numbers and keys.
Password-Based Key Derivation: Securely derive cryptographic keys from passwords.

Plain text:

Anything that we write or type which is humanly understandable is called plain text. It can contain any character(a-zA-Z0-9!,@,#….). Eg. our password

Ciphertext:

sdfasc1asT67W2sqWwsdfsadf Are you able to understand this word? This was a ciphertext is, a nonreadable and nonunderstandable text which is generated by passing plain text through an algorithm.

The Mechanism in Cryptography:

Hashing

This is a mechanism to convert a plain text to ciphertext. It is a one-way cryptographic function i.e, we can’t convert cipher text to plain text. It is widely used in authentication systems to avoid storing plain text passwords in databases but is also used to validate files, documents, and other types of data. Message Digest 5(MD5), RSA, SHA, etc are Widely used algorithms for hashing.

Encryption and Decryption

Encryption algorithms take input and a secret key and generate a random-looking output called a ciphertext. This operation is reversible. Decryption is the reverse of encryption. This algorithm takes the same secret key and ciphertext and it returns back our original plain text. This is widely used in messaging systems like WhatsApp etc. AES, etc are Widely used algorithms for encryption and decryption.

Features of Crypto in Node.js

It’s easy to get started
A lot of widely used algorithms are there with different versions
The source code is cleaner and consistent.
It uses JavaScript everywhere so you can use it with node.js

Installing module:

npm install crypto-js --save

Project Structure:

The updated dependencies in package.json file will look like:

"dependencies": {
    "express": "^4.19.2",
  }

we can use this module in two ways either for the hashing or either use in encryption and decryption of the data. There are a lot of algorithms available for hashing as well as encryption and decryption of the data.

Using a crypto module for Hashing the data:

Node

// index.js

// Importing module
const SHA256 = require("crypto-js/sha256");
const plaindata = "w3wiki"
const hasheddata = SHA256(plainText).toString()
console.log(hasheddata)

Step to Run Application: Run the application using the following command from the root directory of the project

node index.js

Output:

Using a crypto module for encryption and decryption of the data:

We will use the key for encryption and decryption of the data. A single key can be used for the encryption of the data as well as in the decryption process of the data. Below is an example of the encryption and decryption of the data using a single key.

Node

// index.js

// Importing the crypto module
const crypto = require("crypto-js")
const data = "This is the data that need to be encrypted"
const key = "password@111"

// Encrypte the data
const encrypted = crypto.AES.encrypt(data, key).toString();
console.log("Encrypted data")

// Printing the encrypted data
console.log(encrypted)
console.log("Decrypted data")

// Decrypting the data
const decrypted = crypto.AES.decrypt(encrypted, key)
                                    .toString(crypto.enc.Utf8)
console.log(decrypted)