Witold Zawada

Witold Zawada

06 May 2023, 11:003 min read
tags:
Node.jsTypeScriptCryptography

Cryptography

Disclaimer: I was inspired by article of Jeff Delaney, creator of fireship.io

All of code used in this article is availabe on my GitHub.

What is cryptography?

Cryptography is the field of knowledge, with branches both in IT and mathematics, about transmiting information in a way that is protected against unauthorized access.

This is obviously very short and simple definition but I guess it gives you the most important concept about cryptography - it is used for secure communication.

Let's dive deeper into it. Here is my simple program to demonstrate most important cryptography concepts. Written using Node.js native crypto module and TypeScript.

You can create CryptographyService like this:

1const cryptoService = new CryptographyService({ 2 algorithm: Algorithms.AES_192_CBC, 3 hash: Hashes.SHA256, 4})
1export enum Algorithms { 2 AES_256_CBC = 'aes-256-cbc', 3 AES_192_CBC = 'aes-192-cbc', 4 AES_128_CBC = 'aes-128-cbc' 5} 6 7export enum Hashes { 8 SHA256 = 'sha256', 9 RIPEMD_60 = 'ripemd160' 10}

Cryptography Concepts

1. Hash

Process that takes an input value of any length and outputs a fixed length value. Hashing algorithms like SHA produce a random, unique, fixed-length string from a given input.

1const hash1 = await cryptoService.createHash('chomik123!') 2const hash2 = await cryptoService.createHash('chomik123!') 3 4console.log(hash1 === hash2) // true

2. Salt

Random string added to the input before hashing to make the hash more unique and harder to guess

1const text = 'Chomcio' 2const saltedText = await cryptoService.generateSalt(16, text) 3const match = await cryptoService.matchSalt(saltedText, text) 4 5console.log(match) // true

3. HMAC

Keyed hash of data that allows you to verify both the authenticity and originator of the data.

1const hmac1 = await cryptoService.createHmac('chomcio123!', 'secret_hamster') 2const hmac2 = await cryptoService.createHmac('chomcio123!', 'secret_hamster') 3 4console.log(hmac1 === hmac2) // true

4. Symmetric Encryption

Ping a message confidential while allowing it to be reversible with the proper key. In symmetric encryption, the same key is used to encrypt and decrypt the message

1const message = 'Homster' 2 3const encryptedMessage = await cryptoService.symmetricEncrypt(message) 4const decryptedMessage = await cryptoService.symmetricDecrypt(encryptedMessage) 5 6console.log(message === decryptedMessage) // true

5. Keypairs

An algorithm like RSA that generates a keypair containing a public and private key. The private key should be kept secret, while the public key can be shared freely.

1const modulusLength = 2048 2 3const { 4 privateKey, 5 publicKey 6} = await cryptoService.generateKeyPair(modulusLength)

6. Asymmetric Encryption

Encryption that depends on two keys. Encrypt a message with the public key and decrypt it with the private key

1const message = 'Homster' 2 3const { 4 privateKey, 5 publicKey 6} = await cryptoService.generateKeyPair(2048) 7 8const encryptedMessage = await cryptoService.publicEncrypt(publicKey, message) 9 10const decryptedMessage = await cryptoService.privateDecrypt(privateKey, encryptedMessage) 11 12// we need to call toString method, 13// because decryptedMessage (and encryptedMessage) is Buffer 14console.log(decryptedMessage.toString() === message) // true

7. Signing

Process of creating a digital signature of a message. A signature is a hash of the original message which is then encrypted with the sender’s private key. The signature can be verified by the recipient using the public key of the sender, which guarantees the original message is authentic and unmodified

1const { 2 privateKey, publicKey 3} = await cryptoService.generateKeyPair(2048) 4 5const data = 'homster to be signed' 6const signature = await cryptoService.sign(data, privateKey) 7const verified = await cryptoService.verify(data, publicKey, signature) 8 9console.log(verified) // true

Conclusion

Cryptography is really important, especially nowadays. As developers we need to know how to use these concepts especially desiging vulnerable software such as banking apps, chat apps and many more.