crypt problrm in js

Question

i have sketch which the decrypt password from file info.txt and send me mail when i go to http://localhost:8080:

var crypto = require('crypto');         // encryption/decryption tool
var fs = require('fs');                 // filesystem manager
var express = require('express');       // web server
var nodemailer = require('nodemailer'); // email
var key = process.argv[3];
var fileName = __dirname + "/info.txt";
var decipher = crypto.createDecipher('aes-256-cbc', key);
var server = express();
server.use('/',express.static('public'));

var account = {
   host: 'smtp.gmail.com',   // mail server
   port: 465,                // SSL mail port
   secure: true,             // using secure sockets for mail
   auth: {
     user: process.argv[2],  // username from the commnand line
     pass: ''                // password will come from decryption later
   }
   };

 var message = {
 from: account.auth.user,
 to: 'z.zitsw@gmail.com', //''cat.owner@example.com',
 subject: 'Hello from the cat',
 text: 'The cat is sitting on his mat! http://www.example.com/catcam.html'
 };

 function sendMail(request, response) {
 // callback function to confirm mail was sent and inform web client
 var mailClient = nodemailer.createTransport(account);
 var responseString = mailClient.sendMail(message, confirmMail);
  }

  function decryptFile(error, data) {
   // if there's valid data from the file, decrypt it:
  if (data){
  var content = data.toString();
  var decryptedPassword = decipher.update(content, 'hex', 'utf8');
  decryptedPassword += decipher.final('utf8');
  account.auth.pass = decryptedPassword;
// if the file produces an error, report it:
 } else if (error) {
   console.log(error);
  }
  }

  // read from the password file:
  fs.readFile(fileName, decryptFile);
  console.log("credentials for " + account.auth.user + " obtained.");

 // start the server:
  server.listen(8080);
  server.get('/mail', sendMail);            // send a mail
  console.log("waiting for web clients now.");

but when i run app in terminal (node server.js my_mail key) i take this error: (node:7392) [DEP0106] DeprecationWarning: crypto.createDecipher is deprecated. (Use node --trace-deprecation ... to show where the warning was created) internal/validators.js:198 throw new ERR_INVALID_ARG_VALUE('encoding', encoding

Please help me

`createDecipher()` is deprecated for security reasons. It uses an insecure key derivation function (`EVP_BytesToKey()`) which derives a key and an IV from a password (for details see docs of `createDecipher()`). In contrast, `createDecipherIv()` is passed the key and IV _directly_. To map the functionality of `createDecipher()` with `createDecipherIv()` you need an implementation of `EVP_BytesToKey()` (see Web) and have to derive key and iv using the password and pass them to `createDecipherIv()`. This is of course as insecure as `createDecipher()` and therefore discouraged. — Topaco, Feb 23 '21 at 18:14

score 0 · Accepted Answer · answered Feb 23 '21 at 16:14

0

So to me that's saying that the function createDecipher is no longer supported? Maybe if you look into the documentation for the crypto package there could be an explanation or alternative to solve this.

answered Feb 23 '21 at 16:14

DBWebDev

16
2

Hello, I changed crypto.createDecipher to crypto.createDecipheriv and it should use element iv, I marked it as: let iv = crypto.randomBytes (16); now I have the following: internal / crypto / cipher.js: 103 this [kHandle] .initiv (cipher, credentials, iv, authTagLength); ^ Error: Invalid Key Length – zitsw Feb 23 '21 at 17:41

crypt problrm in js

1 Answers1