Can someone help with the AES cipher

[James Coglan]

Hi all,

I'm trying to implement a crypto system, and want to make sure I'm doing something portable, i.e. the ciphertexts I generate can be understood by any language with openssl functionality. I have a Ruby program that uses AES-256-CBC to encrypt some data, and I want to make sure I can generate the same ciphertext using Node.

What mode of operation does crypto.createCipher('aes256') use? I assume it's not a bare AES function since it can encrypt arbitrary amounts of data, so it must be using a construction like CBC or CTR. Which one does it use, and can it be changed by the user?

--
James Coglan
http://jcoglan.com
+44 (0) 7771512510

[Ben Noordhuis]

It's CBC. Here is how you create an AES-256 cipher with a different mode:

cipher = crypto.createCipher('aes-256-ecb', key); // *not* 'aes256-ecb'

[Micheil Smith]

Hi James,

Having a quick look in the C side of things, it looks like the names come directly from OpenSSL, which has a function EVP_get_cipherbyname; I couldn't quite find where "aes256" was defined, however, I did just try doing: 

crypto.createCipher("aes-256-cbc", key)

And it appeared to work. I can see a bunch of names defined in objects.h and such in openssl, but don't know how those really work.

– Micheil

--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nod...@googlegroups.com
To unsubscribe from this group, send email to
nodejs+un...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

[James Coglan]

On 8 October 2012 15:48, James Coglan <jco...@gmail.com> wrote:

I'm trying to implement a crypto system, and want to make sure I'm doing something portable, i.e. the ciphertexts I generate can be understood by any language with openssl functionality. I have a Ruby program that uses AES-256-CBC to encrypt some data, and I want to make sure I can generate the same ciphertext using Node.

What mode of operation does crypto.createCipher('aes256') use? I assume it's not a bare AES function since it can encrypt arbitrary amounts of data, so it must be using a construction like CBC or CTR. Which one does it use, and can it be changed by the user?

To partially answer my own question: 'aes-256-cbc' is an allowed mode. There are other modes available according to `openssl enc --help` but not all of them work in Node.

If you want to set the IV used, you need to use crypto.createCipheriv(). For aes-256-cbc, the key must be 32 bytes, the IV 16. e.g.:

var crypto = require('crypto'),

    key    = '2ea5074bcc33ccbd1cd99341b837fcb4',

    iv     = '0123456789abcdef',

    aes    = crypto.createCipheriv('aes-256-cbc', key, iv);

var cipher = aes.update('The Text', 'utf8', 'hex') + aes.final('hex');

console.log(cipher);