I need to pass a public key to the browser from nodejs and the browser should encrypt the user data and send it to the nodejs server, then nodejs should be able to decrypt it.
I am trying to use crypto of nodejs in the server side and https://github.com/wwwtyro/cryptico cryptico in the browser.
I looked into angularjs-crypo, ursa etc, It made me more confused.
PS: Im new to encryption and cryptography, any help would be appreciated
Related
I have a Laravel existing project where they use Laravel default encryption (i.e Hash::make('')) for user registration,so in database they saved the data with this encryption format.
Now I am creating API's using Node for the same MySQL database.So for those password decryption I have used Node bcrypt package.But the decryption is not working and I am getting error for JWT authentication token.I have used "algorithm": "RS256" for this Node API.So can anyone tell me if I did something wrong or I have to choose another package(in node) or any other algorithm(in node).
I think that is becrypt. Now when I am creating the API's with Node I have used Node be
Passwords in Laravel are hashed, which is different to encrypt them, because Hash is not reversible, when encryption can be reversed.
Furthermore, in order to let Node be able to decrypt encrypted data, you should share with Node the key that Laravel has used to encrypt that data, and that's absolutely very dangerous, because everyone than can have that key, and so if he finds a breach in you sql, like a possibility to run SQL injection, than he can use that key to decrypt that data
I wanted to migrate my Angular - Node js server to https. I have generated certificates from OpenSSL. I added them to both Node js server.ts and angular.json. I am facing couple of problems:-
1). I am able to run Angular app without the certificates and also with the wrong certificates. I am not sure why its allowing without handshake? What is the use of adding cert in angular if it allows without certs?
2). I want to encrypt my password field, how can i encrypt password at Angular with my certificate and decrypt at Nodejs with the key.
Updating the question as i see how to read the file.
Yes angular has a file reader
Eg : let fileReader = new FileReader();
This can help you Running Angular CLI over HTTPS with a Trusted Certificate
I have an http request in which I want to pass some sensitive data so I'm trying to encrypt these data. Does someone have two modules, one in react-native and the other one in node.js ? I tried to use react-native-rsa and Crypto but I get a lot of errors, and I don't know if it's possible to use both together.
I think you must try Hybrid Crypto once.
I am New to node.js and express.js. I Created one application with http sever. It's working fine but it is not secure. I want to create https server in that application
var privateKey = fs.readFileSync('privatekey.pem').toString();
var certificate = fs.readFileSync('certificate.pem').toString();
I got a solution: create https server like above syntaxes. How to get privateKey.pem and certificate.pem files?
Please help me!
You will need to generate your key and certificate. For these to work for real users, you will need to get these from a source like LetsEncrypt. However, for development purposes you can create "self signed" certificates and keys for this. With this you will get an "insecure" alert from your browser but since they're yours anyway you can click "proceed anyway".
There are many ways for generating these and many guides around for doing so. You can use this one to get a key and pem file for development purposes, and then follow the LetsEncrypt advice for production certificates.
With those, you will get your key and cert pem files generated and you will be able to read those in with the code you have above.
I am considering developing a software for safely storing files on a server.
Let's say I have a secret document initially stored on my client computer that I want to upload to the server. The requirements here is that the file on the server should be encrypted at all times and since the private key is on the client, it is unreadable for anyone accessing the server directly. Maybe I can do it with javascript or maybe I need to develop a full fledged app to handle the upload. Either way is OK but I need to be able to download and decrypt the file using web browser only.
This got me thinking. Can I configure HTTPS (SSL) in a way that I can precalculate the encrypted response from server to client. In that case I can do that while uploading and when the document is requested I can just return the pre-encrypted data which will be decrypted by the SSL stack on the client.
I know that the there will be a random number exchange that prevents this. But is there a way to configure SSL so that the response from server to client will be the same always. In this case replay attacks from server to client is acceptable and not an issue.
In an SSL handshake, the client generates the pre-master secret that will be used to derive the session key. Since you appear to have control only over the server, you cannot prevent the client from steering the conversation in a particular (cryptographic) direction.