Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
MCrypt bindings for Node.js
npm install mcrypt
Alright! There is already OpenSSL extension bundled with Node.js but there are something wrong with some traditional encryption algorithms on OpenSSL.
I tried to decrypt ciphertext of AES and DES algorithms using OpenSSL but i get the garbage outputs. There are some reasons with OpenSSL like null padding.
Also i saw same issues on the stackoverflow.com. Some people encountered with same problems.
This extension provide the cipher and decipher operations via libmcrypt
and compatible with Java Crypto and PHP MCrypt consequently.
You should start with import the package like
var mcrypt = require('mcrypt');
There are 3 exposed common functions in the package. These functions are getAlgorithmNames()
, getModeNames()
and MCrypt()
constructor function. Also there are some functions under the prototype of MCrypt()
constructor function.
getAlgorithmNames()
returns an array that contains available algorithm names.
var mcrypt = require('mcrypt');
var algos = mcrypt.getAlgorithmNames();
console.log(algos);
Expected result like that
[ 'cast-128', 'gost', 'rijndael-128', 'twofish', 'arcfour', 'cast-256', 'loki97', 'rijndael-192', 'saferplus', 'wake', 'blowfish-compat', 'des', 'rijndael-256', 'serpent', 'xtea', 'blowfish', 'enigma', 'rc2', 'tripledes' ]
getModeNames()
returns an array that contains available mode names.
var mcrypt = require('mcrypt');
var algos = mcrypt.getModeNames();
console.log(algos);
Expected result like that
[ 'cbc', 'cfb', 'ctr', 'ecb', 'ncfb', 'nofb', 'ofb', 'stream' ]
MCrypt(algorithm, mode)
is a constructor function to create object for cipher and decipher operations.
algorithm
is a required parameter and one of the values of array returned by getAlgorithmNames()
.
mode
is required parameter and one of the values of array returned by getModeNames()
.
var MCrypt = require('mcrypt').MCrypt;
var desEcb = new MCrypt('des', 'ecb');
There are some prototype functions to make cipher decipher operations and to identify algorithm properties.
We are need to open()
with a key for decrypt()
and encrypt()
operations also we should set an iv if required by algorithm in other case iv
is optional parameter.
key
and iv
should be string or Buffer
var MCrypt = require('mcrypt').MCrypt;
var desEcb = new MCrypt('des', 'ecb');
desEcb.open('madepass'); // we are set the key
encrypt()
returns a Buffer object that contains ciphertext of plaintext
parameter. plaintext
parameter should be string
or Buffer
var MCrypt = require('mcrypt').MCrypt;
var desEcb = new MCrypt('des', 'ecb');
desEcb.open('madepass'); // we are set the key
var ciphertext = desEcb.encrypt('this is top secret message!');
console.log(ciphertext.toString('base64'));
Expected result like that
fkJnIgtiH8nsGDryyuIsmyf5vABMGStlpACfKCTifvA=
decrypt()
returns a Buffer object that contains plaintext of ciphertext
parameter. ciphertext
parameter should be Buffer
var MCrypt = require('mcrypt').MCrypt;
var desEcb = new MCrypt('des', 'ecb');
desEcb.open('madepass'); // we are set the key
var plaintext = desEcb.decrypt(new Buffer('fkJnIgtiH8nsGDryyuIsmyf5vABMGStlpACfKCTifvA=', 'base64'));
console.log(plaintext.toString());
Expected result like that
this is top secret message!
generateIv()
function generates IV randomly.
var MCrypt = require('mcrypt').MCrypt;
var blowfishCfb = new MCrypt('blowfish', 'cfb');
var iv = blowfishCfb.generateIv();
blowfishCfb.open('somekey', iv);
var ciphertext = blowfishCfb.encrypt('sometext');
console.log(Buffer.concat([iv, ciphertext]).toString('base64'));
validateKeySize()
is a function to disable or enable key size validation on open()
var mc = new MCrypt('blowfish', 'ecb');
mc.validateKeySize(false); // disable key size checking
mc.open('typeconfig.sys^_-');
validateIvSize()
is a function to disable or enable iv size validation on open()
var mc = new MCrypt('rijndael-256', 'cbc');
mc.validateIvSize(false); // disable iv size checking
mc.open('$verysec$retkey$', 'foobar');
selfTest()
is an utility function to make test algorithm internally and returns boolean value of status
var MCrypt = require('mcrypt').MCrypt;
var blowfishCfb = new MCrypt('blowfish', 'cfb');
console.log(blowfishCfb.selfTest());
var MCrypt = require('mcrypt').MCrypt;
var blowfishCfb = new MCrypt('blowfish', 'cfb');
console.log(blowfishCfb.isBlockAlgorithmMode());
var MCrypt = require('mcrypt').MCrypt;
var blowfishCfb = new MCrypt('blowfish', 'cfb');
console.log(blowfishCfb.isBlockAlgorithm());
var MCrypt = require('mcrypt').MCrypt;
var blowfishCfb = new MCrypt('blowfish', 'cfb');
console.log(blowfishCfb.isBlockMode());
var MCrypt = require('mcrypt').MCrypt;
var blowfishCfb = new MCrypt('blowfish', 'cfb');
console.log(blowfishCfb.getBlockSize());
var MCrypt = require('mcrypt').MCrypt;
var blowfishCfb = new MCrypt('blowfish', 'cfb');
console.log(blowfishCfb.getKeySize());
var MCrypt = require('mcrypt').MCrypt;
var blowfishCfb = new MCrypt('blowfish', 'cfb');
console.log(blowfishCfb.getSupportedKeySizes());
var MCrypt = require('mcrypt').MCrypt;
var blowfishCfb = new MCrypt('blowfish', 'cfb');
console.log(blowfishCfb.getIvSize());
var MCrypt = require('mcrypt').MCrypt;
var blowfishCfb = new MCrypt('blowfish', 'cfb');
console.log(blowfishCfb.hasIv());
var MCrypt = require('mcrypt').MCrypt;
var blowfishCfb = new MCrypt('blowfish', 'cfb');
console.log(blowfishCfb.getAlgorithmName());
var MCrypt = require('mcrypt').MCrypt;
var blowfishCfb = new MCrypt('blowfish', 'cfb');
console.log(blowfishCfb.getModeName());
FAQs
MCrypt bindings
The npm package mcrypt receives a total of 863 weekly downloads. As such, mcrypt popularity was classified as not popular.
We found that mcrypt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.