nodejs加解密

加密分類

可逆加密和不可逆加密

1. 不可逆加密: 加密後不可解密,只能通過碰撞密文以極小的概率解密;
2. 可逆加密: 加密後可以解密;包括對稱加密與非對稱加密;
   1. 對稱加密雙方採用共同密鑰;
   2. 非對稱加密: 這種加密方式存在兩個密鑰，密鑰-- 一種是公鑰，一種是密鑰。使用公鑰加密，則只能使用密鑰解密，使用密鑰加密，則只能使用公鑰解密;

不可逆加密

    const crypto = require('crypto');

    let str = 'abcd';
    let password = 'hello';
    // 不可逆加密

    // 支持md5/sha1/sha256等加密
    let data1 = crypto.createHash('md5').update(str).digest('hex');
    console.log(data1);

    // 以指定key作爲密碼進行加密
    let data2 = crypto.createHmac('md5', password).update(str).digest('hex');
    console.log(data2);

可逆加密

對稱加解密

    const crypto = require('crypto');
    let str = 'abcd';
    const password = 'FnJL7EDzjqWjcaY9';
    const iv = 'FnJL7EDzjqWjcaY9';
    // 加密
    const cipher = crypto.createCipheriv('aes-128-cbc', password, iv);
    cipher.update(str,'utf8', 'hex')
    let data3 = cipher.final('hex');
    console.log(data3);

    // 解密
    const decipher = crypto.createDecipheriv('aes-128-cbc', password, iv);
    decipher.update(data3, 'hex', 'utf8')
    let data4 = decipher.final().toString();
    console.log(data4);

非對稱加解密(基於公鑰密鑰)

1. 生成公鑰密鑰

    openssl genrsa -out server.key
    openssl req -new -key server.key -out server.csr
    openssl x509 -req  -in server.csr -signkey server.key -out server.crt

2. 驗證證書功能

    const crypto = require('crypto');
    const fs = require('fs');
    const sign = crypto.createSign('RSA-SHA256');
    const verify = crypto.createVerify('RSA-SHA256');
    const privateKey = fs.readFileSync('./server.key').toString();      //rsa私鑰
    const publicKey = fs.readFileSync('./server.crt').toString();
    const str = 'abcd';
   
    sign.update(str);
    verify.update(str);
   
    let signture = sign.sign(privateKey);
    let result = verify.verify(publicKey, signture);
    console.log(result);         // true/false

3. 公鑰密鑰加解密

    const crypto = require('crypto');
    const fs = require('fs');
    const privateKey = fs.readFileSync('./server.key').toString();      //rsa私鑰
    const publicKey = fs.readFileSync('./server.crt').toString();
    const str = 'abcd';
   
    // 公鑰加密，密鑰解密
    const publicEncodeData = crypto.publicEncrypt(publicKey, Buffer.from(str)).toString('base64');
    console.log("encode: ", publicEncodeData);
    const privateDecodeData = crypto.privateDecrypt(privateKey, Buffer.from(publicEncodeData.toString('base64'), 'base64'));
    console.log("decode: ", privateDecodeData.toString())
   
    // 密鑰加密，公鑰解密
    const privateEncodeData = crypto.privateEncrypt(privateKey, Buffer.from(str)).toString('base64');
    console.log("encode: ", privateEncodeData);
    const publicDecodeData = crypto.publicDecrypt(privateKey, Buffer.from(privateEncodeData.toString('base64'), 'base64'));
    console.log("decode: ", publicDecodeData.toString())