I wanted to migrate my Angular - Node js server to https. I have generated certificates from OpenSSL. I added them to both Node js server.ts and angular.json. I am facing couple of problems:-
1). I am able to run Angular app without the certificates and also with the wrong certificates. I am not sure why its allowing without handshake? What is the use of adding cert in angular if it allows without certs?
2). I want to encrypt my password field, how can i encrypt password at Angular with my certificate and decrypt at Nodejs with the key.
Updating the question as i see how to read the file.
Yes angular has a file reader
Eg : let fileReader = new FileReader();
This can help you Running Angular CLI over HTTPS with a Trusted Certificate
Related
Part of my npm module (typescript) is using axios to make web requests. One of the possible endpoints is using certificates for authentication. For this scenario I'm passing new https.Agent to axios to send the certificates info. All is working fine if the module is used from within Node app.
The problem is if I try and use my module in browser environment. When in browser https module do not exists and I'm unable to use my module.
Is there any way to use https module in the browser?
If not - can https be bundled within my module somehow? Do I have to use some bundler in this case (like Rollup) to build the typescript module?
You can't do it. Most browsers support TLS Client Certificate authentication, but it works differently: the user is presented with a window and asked to select a certificate to authenticate with. It's a similar story to how cookies work - you can't easily manipulate HttpOnly cookies from JS on the client side.
If you want TLS client auth in the browser, you are at the browser vendor's mercy.
I am developing an electron app that connects to a remote couchdb database using a connection string which contains the db's username and password, something like https://admin:admin#IP:PORT
But I do not wish to reveal the database credentials in the electron app due to security reasons, is there any way I can:
a) Either store the aforementioned db url in a secured way inside the electron app?
b) or, create a nginx proxy at my server's end that will help connect my electron app using a proxy url without revealing the db username/password?
I also have some secret third party service keys (bugsnag key etc etc) in my electron app that I need to store securely, please suggest a way to do so.
PS: I am using electron-builder to package my app.
Thanks in advance
There is npm module that for storing the security information at Electron app.
Please have a look at keytar module that developed by atom
But anyhow, after packing the app using Electron-builder then this encrypted data will be stored inside of your Electron app resource or somewhere. Such in asar package, Application Data or somewhere Else.(I'm not sure where it is since I've not attempted to find this data location.) Even though the data is encrypted but anyone can access this.
You should use the right method to encrypt so.
I am New to node.js and express.js. I Created one application with http sever. It's working fine but it is not secure. I want to create https server in that application
var privateKey = fs.readFileSync('privatekey.pem').toString();
var certificate = fs.readFileSync('certificate.pem').toString();
I got a solution: create https server like above syntaxes. How to get privateKey.pem and certificate.pem files?
Please help me!
You will need to generate your key and certificate. For these to work for real users, you will need to get these from a source like LetsEncrypt. However, for development purposes you can create "self signed" certificates and keys for this. With this you will get an "insecure" alert from your browser but since they're yours anyway you can click "proceed anyway".
There are many ways for generating these and many guides around for doing so. You can use this one to get a key and pem file for development purposes, and then follow the LetsEncrypt advice for production certificates.
With those, you will get your key and cert pem files generated and you will be able to read those in with the code you have above.
I am working with self signed certificates for the fist time. I understand that node red does not use the default ca store. The solution to this seems to be to provide a key and self signed certificate when preforming an https request. I would like to uses the standard http request node to do this but i cant find documentation on how to a key, cert, and rejectUnauthorized through the message block. Is this even possible?
Thank you
NodeJS bundles the default CA store into the node binary so you can't just add a file to a dir and have it pick up extra CA certs.
Assuming you are using the HTTP-request node you can add certs/keys by ticking the "Enable secure (SSL/TLS) connection" check box.
This should make a drop down box appear that will let you create a new TLS configuration. In here you can add the certs and keys for the connection.
I need to pass a public key to the browser from nodejs and the browser should encrypt the user data and send it to the nodejs server, then nodejs should be able to decrypt it.
I am trying to use crypto of nodejs in the server side and https://github.com/wwwtyro/cryptico cryptico in the browser.
I looked into angularjs-crypo, ursa etc, It made me more confused.
PS: Im new to encryption and cryptography, any help would be appreciated