4

I am trying to encrypt text in using node.js crypto module.

Here is code:

const crypto = require('crypto');

const password = 'password';
const key = crypto.scryptSync(password, 'salt', 24);

const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
var encrypted = cipher.update("Hello", 'utf8', 'hex') + cipher.final('hex');

console.log(encrypted);

And I get following error:

internal/crypto/cipher.js:103
    this[kHandle].initiv(cipher, credential, iv, authTagLength);
                  ^

Error: Invalid key length
[90m    at Cipheriv.createCipherBase (internal/crypto/cipher.js:103:19)[39m
[90m    at Cipheriv.createCipherWithIV (internal/crypto/cipher.js:121:20)[39m
[90m    at new Cipheriv (internal/crypto/cipher.js:225:22)[39m
[90m    at Object.createCipheriv (crypto.js:117:10)[39m
    at Object.<anonymous> (F:\Misc\App\MySQL-Buzzer-Electron\demo.js:7:23)
[90m    at Module._compile (internal/modules/cjs/loader.js:1156:30)[39m
[90m    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1176:10)[39m
[90m    at Module.load (internal/modules/cjs/loader.js:1000:32)[39m
[90m    at Function.Module._load (internal/modules/cjs/loader.js:899:14)[39m
[90m    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:74:12)[39m

What am I doing wrong ?

Parth Agrawal
  • 43
  • 1
  • 6

1 Answers1

4

you used aes-256-gmc you need to use key length of 32 and iv of length 16

const crypto = require('crypto');

const password = 'password';
const key = crypto.scryptSync(password, 'salt', 32);

const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
var encrypted = cipher.update("Hello", 'utf8', 'hex') + cipher.final('hex');
Seti
  • 2,169
  • 16
  • 26
  • 1
    iv length should be 12 for GCM. – President James K. Polk Nov 19 '20 at 12:36
  • but not for aes-256-gmc – Seti Nov 19 '20 at 12:37
  • There is no such thing as GMC. As you can see, it's GCM. – President James K. Polk Nov 19 '20 at 12:38
  • 1
    16 will work, but 12 makes more sense as anything else results in extra work to compute the pre-counter block. Please read up on GCM in NIST SP 800-38D, or take a look at [RFC 5288](https://tools.ietf.org/html/rfc5288) nonce specification. – President James K. Polk Nov 19 '20 at 14:04
  • No, for AES-256 there is need for iv being 16 - here is answer that explains its better https://stackoverflow.com/questions/31132162/what-size-of-initialization-vector-needed-for-aes-256-encryption-in-java What it means - is that its always 16 and if less its padded. But for some reason its not padded in this case so you need 16 length. – Seti Nov 20 '20 at 12:09
  • 1
    @Seti Please read Maarten's answer again. It clearly states that the IV has a default length of 12 bytes for AES-GCM mode (regardless of key size). Yes, it can have a different, but then the IV is hashed ("extra work" as James said) to get the necessary length which would not be necessary if it had the correct length in the first place. – Artjom B. Nov 20 '20 at 19:09
  • If you use 12, then error of wrong iv size will happen – Seti Nov 21 '20 at 23:06