Module basic module

modulecrypto

cryptoThe module is fibjsa built-in encryption algorithm module. It provides symmetric encryption, asymmetric encryption, digest algorithm, cryptographic random number generator and other functions. Before use, require('crypto')the module needs to be loaded via .

In cryptothe module, there are many objects available, such as:

  • PKey: Asymmetric encryption algorithm object
  • X509Cert: Object used to manipulate X.509 certificates
  • Cipher: Object used to implement symmetric encryption
  • Digest: Object used to implement the digest algorithm

Before using the encryption algorithm, you need to create a key object. For example, the following AESexample creates a key object:

1 2
const crypto = require('crypto'); const key = crypto.randomBytes(16); // generate a 16-byte random key

Next, use Cipherthe object to encrypt the plaintext:

1 2 3 4
const c = new crypto.Cipher(crypto.AES, crypto.ECB, key); const data = 'hello, world'; const encrypted = c.encrypt(data).hex(); console.log(encrypted); // output encrypted data

AESIn the above example, an encrypted Cipherobject is created , encryptthe plaintext is encrypted using the method, and the encryption result is returned.

In addition to symmetric encryption algorithms, cryptothe module can also support asymmetric encryption algorithms and digest algorithms. For example, the following example is code that uses PKeyand Digestobjects to implement SHA256 encryption:

1 2 3 4 5 6
const privateKey = crypto.loadPKey('private.pem'); // read private key from file const data = 'hello, world'; const digest = new crypto.Digest(hash.SHA256); digest.update(data); const signature = privateKey.sign(digest.digest()); console.log(signature); // output signature

In the above example, a private key file is first read and the input data is prepared. Then, a SHA256 Digestobject is created and updatethe data is added to the Hash calculation using the method. After the calculation is completed, use privateKey.signthe method to sign and output the signature result.

To sum up, cryptothe module provides a variety of encryption algorithms, digest algorithms, and related objects. These functions can help us achieve various security requirements, such as symmetric and asymmetric encryption, digital signatures, and encryption verification.

object

Cipher

CipherConstructor, seeCipher

1
Cipher crypto.Cipher;

PKey

PKeyConstructor, seePKey

1
PKey crypto.PKey;

ECKey

ECKeyConstructor, seeECKey

1
ECKey crypto.ECKey;

BlsKey

BlsKeyConstructor, seeBlsKey

1
BlsKey crypto.BlsKey;

X509Cert

X509CertConstructor, seeX509Cert

1
X509Cert crypto.X509Cert;

X509Crl

X509CrlConstructor, seeX509Crl

1
X509Crl crypto.X509Crl;

X509Req

X509ReqConstructor, seeX509Req

1
X509Req crypto.X509Req;

static function

createHash

Creates an information summary object based on the given algorithm name

1
static Digest crypto.createHash(String algo);

Call parameters:

  • algo: String, specifying the algorithm of the information digest object

Return results:

  • Digest, returns the information summary object

createHmac

Creates an hmac information summary object based on the given algorithm name

1 2
static Digest crypto.createHmac(String algo, Buffer key);

Call parameters:

  • algo: String, specifying the algorithm of the information digest object
  • key:Buffer, binary signing key

Return results:

  • Digest, returns the information summary object

loadCert

Load a certificate in CRT/PEM/DER format, which can be called multiple times

1
static X509Cert crypto.loadCert(String filename);

Call parameters:

  • filename: String, certificate file name

Return results:

  • X509Cert, returns an object containing the certificate

loadCrl

Load a revocation certificate in PEM/DER format, which can be called multiple times

1
static X509Crl crypto.loadCrl(String filename);

Call parameters:

  • filename: String, revocation certificate file name

Return results:

  • X509Crl, returns an object containing the revoked certificate

loadReq

Load a certificate request in PEM/DER format, which can be called multiple times

1
static X509Req crypto.loadReq(String filename);

Call parameters:

  • filename: String, certificate request file name

Return results:

  • X509Req, returns an object containing the requested certificate

loadPKey

Load an asymmetric public or private key in CRT/PEM/DER format

1
static PKey crypto.loadPKey(String filename);

Call parameters:

  • filename: String, public key or private key file name

Return results:


randomBytes

Generate random numbers of specified size using the havege generator

1
static Buffer crypto.randomBytes(Integer size = 16) async;

Call parameters:

  • size: Integer, specifies the size of the random number generated

Return results:

  • Buffer, returns the generated random number

simpleRandomBytes

Generate low-strength random numbers of a specified size, using a fast algorithm

1
static Buffer crypto.simpleRandomBytes(Integer size = 16) async;

Call parameters:

  • size: Integer, specifies the size of the random number generated

Return results:

  • Buffer, returns the generated random number

pseudoRandomBytes

Generate pseudo-random numbers of specified size, using the entropy generator

1
static Buffer crypto.pseudoRandomBytes(Integer size = 16) async;

Call parameters:

  • size: Integer, specifies the size of the random number generated

Return results:

  • Buffer, returns the generated random number

randomFill

Use random numbers to fill the specifiedBuffer, using the havege generator

1 2 3
static Buffer crypto.randomFill(Buffer buffer, Integer offset = 0, Integer size = -1) async;

Call parameters:

  • buffer:Buffer, specify the generatedBuffer
  • offset: Integer, specifies the starting offset, the default is 0
  • size: Integer, specifies the size of the generated random number, the default is buffer.length - offset

Return results:

  • Buffer, returns the generated random number

randomArt

Generates a visual character image of the given data

1 2 3
static String crypto.randomArt(Buffer data, String title, Integer size = 8);

Call parameters:

  • data:Buffer, specify the data to be displayed
  • title: String, specifies the title of the character image. Multi-byte characters will cause width errors.
  • size: Integer, character image size

Return results:

  • String, returns the generated visual string image

generateKey

Generate an RSA private key

1
static PKey crypto.generateKey(Integer size) async;

Call parameters:

  • size: Integer, specifies the RSA key length, in bits

Return results:

  • PKey, returns an object containing the generated private key

Generate an elliptic curve private key

1
static PKey crypto.generateKey(String curve = "secp521r1") async;

Call parameters:

  • curve: String, specifies the preset elliptic curve, the default is 'secp256r1'

Return results:

  • PKey, returns an object containing the generated private key

curve Optional curves include NIST curves and aliases as follows:

curve Alias
NIST P-192 'NIST P-192', 'p192', 'P-192', 'prime192v1', 'secp192r1'
NIST P-224 'NIST P-224', 'p224', 'P-224', 'prime224v1', 'secp224r1'
NIST P-256 'NIST P-256', 'p256', 'P-256', 'prime256v1', 'secp256r1'
NIST P-384 'NIST P-384', 'p384', 'P-384', 'prime384v1', 'secp384r1'
NIST P-521 'NIST P-521', 'p521', 'P-521', 'prime521v1', 'secp521r1'

Other supported curves include: "brainpoolP512r1", "brainpoolP384r1", "secp256k1", "P-256K", "brainpoolP256r1", "sm2p256r1", "SM2", "Ed25519", "BLS12381_G1", "BLS12381_G2"


pbkdf1

Generate the required binary key based on the plain text password based on pbkdf1

1 2 3 4 5
static Buffer crypto.pbkdf1(Buffer password, Buffer salt, Integer iterations, Integer size, Integer algo) async;

Call parameters:

  • password:Buffer, specify the password to use
  • salt:Buffer, specify the salt used by hmac
  • iterations: Integer, specify the number of iterations
  • size: Integer, specify key size
  • algo: Integer, specify thehashalgorithm, seehashmodule

Return results:

  • Buffer, returns the generated binary key

Generate the required binary key based on the plain text password based on pbkdf1

1 2 3 4 5
static Buffer crypto.pbkdf1(Buffer password, Buffer salt, Integer iterations, Integer size, String algoName) async;

Call parameters:

  • password:Buffer, specify the password to use
  • salt:Buffer, specify the salt used by hmac
  • iterations: Integer, specify the number of iterations
  • size: Integer, specify key size
  • algoName: String, specifies thehashalgorithm, seehashmodule

Return results:

  • Buffer, returns the generated binary key

pbkdf2

Generate the required binary key based on the plain text password according to rfc2898

1 2 3 4 5
static Buffer crypto.pbkdf2(Buffer password, Buffer salt, Integer iterations, Integer size, Integer algo) async;

Call parameters:

  • password:Buffer, specify the password to use
  • salt:Buffer, specify the salt used by hmac
  • iterations: Integer, specify the number of iterations
  • size: Integer, specify key size
  • algo: Integer, specify thehashalgorithm, seehashmodule

Return results:

  • Buffer, returns the generated binary key

Generate the required binary key based on the plain text password according to rfc2898

1 2 3 4 5
static Buffer crypto.pbkdf2(Buffer password, Buffer salt, Integer iterations, Integer size, String algoName) async;

Call parameters:

  • password:Buffer, specify the password to use
  • salt:Buffer, specify the salt used by hmac
  • iterations: Integer, specify the number of iterations
  • size: Integer, specify key size
  • algoName: String, specifies thehashalgorithm, seehashmodule

Return results:

  • Buffer, returns the generated binary key

getHashes

Get crypto module supporthash(Abstract) Algorithms, such as 'md5', 'sha224'

1
static Array crypto.getHashes();

Return results:

  • Array, returns fibjs supportedhashalgorithm array

constant

AES

Specify symmetric encryption algorithm AES, support 128, 192, 256-bit key, block cipher working mode supports ECB, CBC, CFB128, CTR, GCM, CCM, XTS

1
const crypto.AES = 1;

DES

Specifies the symmetric encryption algorithm DES, supports 64-bit key, and the block cipher working mode supports ECB, CBC

1
const crypto.DES = 2;

DES_EDE3

Specify symmetric encryption algorithm DES-EDE3, support 192-bit key, block cipher working mode supports ECB, CBC

1
const crypto.DES_EDE3 = 3;

CAMELLIA

Specify symmetric encryption algorithm CAMELLIA, support 128, 192, 256-bit key, block cipher working mode supports ECB, CBC, CFB128, CTR, GCM, CCM

1
const crypto.CAMELLIA = 4;

ARIA

Specify symmetric encryption algorithm ARIA, support 128, 192, 256-bit key, block cipher working mode supports ECB, CBC, CFB128, CTR, GCM, CCM

1
const crypto.ARIA = 5;

CHACHA20

Specify the symmetric encryption algorithm CHACHA20, support 256-bit key, and the block cipher working mode supports POLY1305

1
const crypto.CHACHA20 = 6;

SM4

Specify symmetric encryption algorithm SM4, block cipher working mode supports ECB, CBC

1
const crypto.SM4 = 7;

ECB

Specify block cipher working mode to support ECB

1
const crypto.ECB = 1;

CBC

Specify block cipher working mode to support CBC

1
const crypto.CBC = 2;

CFB64

Specify the block cipher working mode to support CFB64

1
const crypto.CFB64 = 3;

CFB128

Specify block cipher working mode to support CFB128

1
const crypto.CFB128 = 4;

OFB

Specify block cipher working mode to support OFB

1
const crypto.OFB = 5;

CTR

Specify block cipher working mode to support CTR

1
const crypto.CTR = 6;

GCM

Specify the block cipher working mode to support GCM

1
const crypto.GCM = 7;

STREAM

Specify stream cipher mode

1
const crypto.STREAM = 8;

CCM

Specify block cipher working mode to support CCM

1
const crypto.CCM = 9;

XTS

Specify block cipher working mode to support XTS

1
const crypto.XTS = 10;

POLY1305

Specify the block cipher working mode to support POLY1305

1
const crypto.POLY1305 = 11;

PKCS7

Specify padding mode as PKCS7

1
const crypto.PKCS7 = 0;

ONE_AND_ZEROS

Specify fill mode as ONE_AND_ZEROS

1
const crypto.ONE_AND_ZEROS = 1;

ZEROS_AND_LEN

Specify fill mode as ZEROS_AND_LEN

1
const crypto.ZEROS_AND_LEN = 2;

ZEROS

Specify fill mode as ZEROS

1
const crypto.ZEROS = 3;

NOPADDING

Specify the padding mode as NOPADDING

1
const crypto.NOPADDING = 4;