modulecrypto
cryptoThe module is fibjsa built-in encryption algorithm module. It provides symmetric encryption, asymmetric encryption, digest algorithm, cryptographic random number generator and other functions. Before use, require('crypto')the module needs to be loaded via .
In cryptothe module, there are many objects available, such as:
PKey: Asymmetric encryption algorithm objectX509Cert: Object used to manipulate X.509 certificatesCipher: Object used to implement symmetric encryptionDigest: Object used to implement the digest algorithm
Before using the encryption algorithm, you need to create a key object. For example, the following AESexample creates a key object:
1
2const crypto = require('crypto');
const key = crypto.randomBytes(16); // generate a 16-byte random key
Next, use Cipherthe object to encrypt the plaintext:
1
2
3
4const c = new crypto.Cipher(crypto.AES, crypto.ECB, key);
const data = 'hello, world';
const encrypted = c.encrypt(data).hex();
console.log(encrypted); // output encrypted data
AESIn the above example, an encrypted Cipherobject is created , encryptthe plaintext is encrypted using the method, and the encryption result is returned.
In addition to symmetric encryption algorithms, cryptothe module can also support asymmetric encryption algorithms and digest algorithms. For example, the following example is code that uses PKeyand Digestobjects to implement SHA256 encryption:
1
2
3
4
5
6const privateKey = crypto.loadPKey('private.pem'); // read private key from file
const data = 'hello, world';
const digest = new crypto.Digest(hash.SHA256);
digest.update(data);
const signature = privateKey.sign(digest.digest());
console.log(signature); // output signature
In the above example, a private key file is first read and the input data is prepared. Then, a SHA256 Digestobject is created and updatethe data is added to the Hash calculation using the method. After the calculation is completed, use privateKey.signthe method to sign and output the signature result.
To sum up, cryptothe module provides a variety of encryption algorithms, digest algorithms, and related objects. These functions can help us achieve various security requirements, such as symmetric and asymmetric encryption, digital signatures, and encryption verification.
object
Cipher
1Cipher crypto.Cipher;
PKey
1PKey crypto.PKey;
ECKey
1ECKey crypto.ECKey;
BlsKey
1BlsKey crypto.BlsKey;
X509Cert
X509CertConstructor, seeX509Cert
1X509Cert crypto.X509Cert;
X509Crl
X509CrlConstructor, seeX509Crl
1X509Crl crypto.X509Crl;
X509Req
X509ReqConstructor, seeX509Req
1X509Req crypto.X509Req;
static function
createHash
Creates an information summary object based on the given algorithm name
1static Digest crypto.createHash(String algo);
Call parameters:
- algo: String, specifying the algorithm of the information digest object
Return results:
- Digest, returns the information summary object
createHmac
Creates an hmac information summary object based on the given algorithm name
1
2static Digest crypto.createHmac(String algo,
Buffer key);
Call parameters:
- algo: String, specifying the algorithm of the information digest object
- key:Buffer, binary signing key
Return results:
- Digest, returns the information summary object
loadCert
Load a certificate in CRT/PEM/DER format, which can be called multiple times
1static X509Cert crypto.loadCert(String filename);
Call parameters:
- filename: String, certificate file name
Return results:
- X509Cert, returns an object containing the certificate
loadCrl
Load a revocation certificate in PEM/DER format, which can be called multiple times
1static X509Crl crypto.loadCrl(String filename);
Call parameters:
- filename: String, revocation certificate file name
Return results:
- X509Crl, returns an object containing the revoked certificate
loadReq
Load a certificate request in PEM/DER format, which can be called multiple times
1static X509Req crypto.loadReq(String filename);
Call parameters:
- filename: String, certificate request file name
Return results:
- X509Req, returns an object containing the requested certificate
loadPKey
Load an asymmetric public or private key in CRT/PEM/DER format
1static PKey crypto.loadPKey(String filename);
Call parameters:
- filename: String, public key or private key file name
Return results:
randomBytes
Generate random numbers of specified size using the havege generator
1static Buffer crypto.randomBytes(Integer size = 16) async;
Call parameters:
- size: Integer, specifies the size of the random number generated
Return results:
- Buffer, returns the generated random number
simpleRandomBytes
Generate low-strength random numbers of a specified size, using a fast algorithm
1static Buffer crypto.simpleRandomBytes(Integer size = 16) async;
Call parameters:
- size: Integer, specifies the size of the random number generated
Return results:
- Buffer, returns the generated random number
pseudoRandomBytes
Generate pseudo-random numbers of specified size, using the entropy generator
1static Buffer crypto.pseudoRandomBytes(Integer size = 16) async;
Call parameters:
- size: Integer, specifies the size of the random number generated
Return results:
- Buffer, returns the generated random number
randomFill
Use random numbers to fill the specifiedBuffer, using the havege generator
1
2
3static Buffer crypto.randomFill(Buffer buffer,
Integer offset = 0,
Integer size = -1) async;
Call parameters:
- buffer:Buffer, specify the generatedBuffer
- offset: Integer, specifies the starting offset, the default is 0
- size: Integer, specifies the size of the generated random number, the default is buffer.length - offset
Return results:
- Buffer, returns the generated random number
randomArt
Generates a visual character image of the given data
1
2
3static String crypto.randomArt(Buffer data,
String title,
Integer size = 8);
Call parameters:
- data:Buffer, specify the data to be displayed
- title: String, specifies the title of the character image. Multi-byte characters will cause width errors.
- size: Integer, character image size
Return results:
- String, returns the generated visual string image
generateKey
Generate an RSA private key
1static PKey crypto.generateKey(Integer size) async;
Call parameters:
- size: Integer, specifies the RSA key length, in bits
Return results:
- PKey, returns an object containing the generated private key
Generate an elliptic curve private key
1static PKey crypto.generateKey(String curve = "secp521r1") async;
Call parameters:
- curve: String, specifies the preset elliptic curve, the default is 'secp256r1'
Return results:
- PKey, returns an object containing the generated private key
curve Optional curves include NIST curves and aliases as follows:
| curve | Alias |
|---|---|
| NIST P-192 | 'NIST P-192', 'p192', 'P-192', 'prime192v1', 'secp192r1' |
| NIST P-224 | 'NIST P-224', 'p224', 'P-224', 'prime224v1', 'secp224r1' |
| NIST P-256 | 'NIST P-256', 'p256', 'P-256', 'prime256v1', 'secp256r1' |
| NIST P-384 | 'NIST P-384', 'p384', 'P-384', 'prime384v1', 'secp384r1' |
| NIST P-521 | 'NIST P-521', 'p521', 'P-521', 'prime521v1', 'secp521r1' |
Other supported curves include: "brainpoolP512r1", "brainpoolP384r1", "secp256k1", "P-256K", "brainpoolP256r1", "sm2p256r1", "SM2", "Ed25519", "BLS12381_G1", "BLS12381_G2"
pbkdf1
Generate the required binary key based on the plain text password based on pbkdf1
1
2
3
4
5static Buffer crypto.pbkdf1(Buffer password,
Buffer salt,
Integer iterations,
Integer size,
Integer algo) async;
Call parameters:
- password:Buffer, specify the password to use
- salt:Buffer, specify the salt used by hmac
- iterations: Integer, specify the number of iterations
- size: Integer, specify key size
- algo: Integer, specify thehashalgorithm, seehashmodule
Return results:
- Buffer, returns the generated binary key
Generate the required binary key based on the plain text password based on pbkdf1
1
2
3
4
5static Buffer crypto.pbkdf1(Buffer password,
Buffer salt,
Integer iterations,
Integer size,
String algoName) async;
Call parameters:
- password:Buffer, specify the password to use
- salt:Buffer, specify the salt used by hmac
- iterations: Integer, specify the number of iterations
- size: Integer, specify key size
- algoName: String, specifies thehashalgorithm, seehashmodule
Return results:
- Buffer, returns the generated binary key
pbkdf2
Generate the required binary key based on the plain text password according to rfc2898
1
2
3
4
5static Buffer crypto.pbkdf2(Buffer password,
Buffer salt,
Integer iterations,
Integer size,
Integer algo) async;
Call parameters:
- password:Buffer, specify the password to use
- salt:Buffer, specify the salt used by hmac
- iterations: Integer, specify the number of iterations
- size: Integer, specify key size
- algo: Integer, specify thehashalgorithm, seehashmodule
Return results:
- Buffer, returns the generated binary key
Generate the required binary key based on the plain text password according to rfc2898
1
2
3
4
5static Buffer crypto.pbkdf2(Buffer password,
Buffer salt,
Integer iterations,
Integer size,
String algoName) async;
Call parameters:
- password:Buffer, specify the password to use
- salt:Buffer, specify the salt used by hmac
- iterations: Integer, specify the number of iterations
- size: Integer, specify key size
- algoName: String, specifies thehashalgorithm, seehashmodule
Return results:
- Buffer, returns the generated binary key
getHashes
Get crypto module supporthash(Abstract) Algorithms, such as 'md5', 'sha224'
1static Array crypto.getHashes();
Return results:
- Array, returns fibjs supportedhashalgorithm array
constant
AES
Specify symmetric encryption algorithm AES, support 128, 192, 256-bit key, block cipher working mode supports ECB, CBC, CFB128, CTR, GCM, CCM, XTS
1const crypto.AES = 1;
DES
Specifies the symmetric encryption algorithm DES, supports 64-bit key, and the block cipher working mode supports ECB, CBC
1const crypto.DES = 2;
DES_EDE3
Specify symmetric encryption algorithm DES-EDE3, support 192-bit key, block cipher working mode supports ECB, CBC
1const crypto.DES_EDE3 = 3;
CAMELLIA
Specify symmetric encryption algorithm CAMELLIA, support 128, 192, 256-bit key, block cipher working mode supports ECB, CBC, CFB128, CTR, GCM, CCM
1const crypto.CAMELLIA = 4;
ARIA
Specify symmetric encryption algorithm ARIA, support 128, 192, 256-bit key, block cipher working mode supports ECB, CBC, CFB128, CTR, GCM, CCM
1const crypto.ARIA = 5;
CHACHA20
Specify the symmetric encryption algorithm CHACHA20, support 256-bit key, and the block cipher working mode supports POLY1305
1const crypto.CHACHA20 = 6;
SM4
Specify symmetric encryption algorithm SM4, block cipher working mode supports ECB, CBC
1const crypto.SM4 = 7;
ECB
Specify block cipher working mode to support ECB
1const crypto.ECB = 1;
CBC
Specify block cipher working mode to support CBC
1const crypto.CBC = 2;
CFB64
Specify the block cipher working mode to support CFB64
1const crypto.CFB64 = 3;
CFB128
Specify block cipher working mode to support CFB128
1const crypto.CFB128 = 4;
OFB
Specify block cipher working mode to support OFB
1const crypto.OFB = 5;
CTR
Specify block cipher working mode to support CTR
1const crypto.CTR = 6;
GCM
Specify the block cipher working mode to support GCM
1const crypto.GCM = 7;
STREAM
Specify stream cipher mode
1const crypto.STREAM = 8;
CCM
Specify block cipher working mode to support CCM
1const crypto.CCM = 9;
XTS
Specify block cipher working mode to support XTS
1const crypto.XTS = 10;
POLY1305
Specify the block cipher working mode to support POLY1305
1const crypto.POLY1305 = 11;
PKCS7
Specify padding mode as PKCS7
1const crypto.PKCS7 = 0;
ONE_AND_ZEROS
Specify fill mode as ONE_AND_ZEROS
1const crypto.ONE_AND_ZEROS = 1;
ZEROS_AND_LEN
Specify fill mode as ZEROS_AND_LEN
1const crypto.ZEROS_AND_LEN = 2;
ZEROS
Specify fill mode as ZEROS
1const crypto.ZEROS = 3;
NOPADDING
Specify the padding mode as NOPADDING
1const crypto.NOPADDING = 4;