Migrating crypto.createCipher to crypto.createCipheriv

Question

I have existing code and passwords and other date that has been in use for 5 years and has live data that was encrypted using crypto.createCipher.

Now that crypto.createCipher is deprecated, I need to migrate to new functions whilst allowing all my existing encrypted data to be used that was generated using the old method.

const crypto = require('crypto');

function encrypt(text,salt){
  salt=salt || 'mydefault-password';
  var cipher = crypto.createCipher('aes-256-cbc',salt)
  var crypted = cipher.update(text,'utf8','hex')
  crypted += cipher.final('hex');
  return crypted;
}
  
  function decrypt(text,salt){
    salt=salt || 'mydefault-password';
    var decipher = crypto.createDecipher('aes-256-cbc',salt)
    try{
      var dec = decipher.update(text,'hex','utf8');
      dec += decipher.final('utf8');
      return dec;
    }
    catch(err){
      return false;
    }
  }

so how can I achieve this, it seems that the new method requires an "IV" I have tried passing null, but that does not work.:

const crypto = require('crypto');

function encrypt(text,salt){
  salt=salt || 'mydefault-password';
  var cipher = crypto.createCipher('aes-256-cbc',salt,null)
  var crypted = cipher.update(text,'utf8','hex')
  crypted += cipher.final('hex');
  return crypted;
}
  
  function decrypt(text,salt){
    salt=salt || 'mydefault-password';
    var decipher = crypto.createDecipheriv('aes-256-cbc',salt,null)
    try{
      var dec = decipher.update(text,'hex','utf8');
      dec += decipher.final('utf8');
      return dec;
    }
    catch(err){
      return false;
    }
  }

if I try and generate a random IV then I get another error:

const iv = crypto.randomBytes(16)
const cipher = crypto.createCipher('aes-256-cbc',salt,iv)
>> Uncaught Error: Invalid key length

I really cannot afford to loose / regenerate my existing encrypted data, that would be a huge job and is likely to cause a lot of issues.

How can I create encrypt / decrypt function which will produce / be able to read the data that was created previously using crypto.createDecipher

Many thanks for helping.

UPDATE

The suggested solution here (nodejs recover createCipher data with createCipheriv) is not a solution for me, because that uses another module which states that it is not a production solution, and I am looking for a long term fix, not a solution to eliminate the deprecation warning.

Does this answer your question? [nodejs recover createCipher data with createCipheriv](https://stackoverflow.com/questions/68713891/nodejs-recover-createcipher-data-with-createcipheriv) — Ricky Mo, Nov 15 '22 at 02:40
@RickyMo - Thanks for helping, but no because that uses another module which states that it is not a production solution, and I am looking for a long term fix, not a solution to eliminate the deprecation warning. — crankshaft, Nov 15 '22 at 02:51
The long term fix is to decrypt all your data and re-encrypt them using `createCipheriv`. Any workaround to decrypt your data which were encrypted by `createCipher` will not be a "production solution" since it is insecure by nature, and no where better than calling a deprecated method. — Ricky Mo, Nov 15 '22 at 03:05
@RickyMo - yes I am quickly coming to that conclusion as well, but we have a LOT of live sites and a LOT of data encrypted using this and although I know how to go about this I am dreading having to do it ! — crankshaft, Nov 15 '22 at 03:22

Migrating crypto.createCipher to crypto.createCipheriv

UPDATE

0 Answers0