All Articles

Asymmetric encryption in Nodejs

How asymmetric encryption works?

In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt. Security depends on the secrecy of the private key.

asymmetric key cryptography

Generate private and public key

To generate private and public key we will use openssl:

  • Within your terminal (Unix based OS) type the following to generate a private key:

    openssl genrsa -out rsa_4096_priv.pem 4096
  • You can see it:

    cat rsa_4096_priv.pem
  • Next, you can generate the public key by executing the following command:

    openssl rsa -pubout -in rsa_4096_priv.pem -out rsa_4096_pub.pem
  • You can see it:

    cat rsa_4096_pub.pem

How to use the keys in nodejs e javascript

To encrypt and decrypt in nodejs we can use crypto:

  • Run: npm install crypto-js to install it, and you can use these following functions to encrypt and decrypt:

    const crypto = require('crypto')
    const path = require('path')
    const fs = require('fs')
    
    function encrypt(toEncrypt, relativeOrAbsolutePathToPublicKey) {
    const absolutePath = path.resolve(relativeOrAbsolutePathToPublicKey)
    const publicKey = fs.readFileSync(absolutePath, 'utf8')
    const buffer = Buffer.from(toEncrypt, 'utf8')
    const encrypted = crypto.publicEncrypt(publicKey, buffer)
    return encrypted.toString('base64')}
    
    function decrypt(toDecrypt, relativeOrAbsolutePathtoPrivateKey) {
    const absolutePath = path.resolve(relativeOrAbsolutePathtoPrivateKey)
    const privateKey = fs.readFileSync(absolutePath, 'utf8')
    const buffer = Buffer.from(toDecrypt, 'base64')
    const decrypted = crypto.privateDecrypt(
      {
        key: privateKey.toString(),
        passphrase: '',
      },
      buffer,
    )
    return decrypted.toString('utf8')}
    
    const enc = encrypt('hello', `<public.pem>`)
    console.log('enc', enc)
    
    const dec = decrypt(enc, `<private.pem>`)
    console.log('dec', dec)
  • Now you can distribute the public key and use it also in client side.

    In javascript you can use JSEncrypt library:

    var crypt = new JSEncrypt();
    //You can also use setPrivateKey and setPublicKey, they are both alias to setKey
    crypt.setKey(__YOUR_OPENSSL_PRIVATE_OR_PUBLIC_KEY__); 
    
    var text = 'test';
    var enc = crypt.encrypt(text);
  • references: