NodeJS - Securing Through Cryptography

The crypto module

Node.js comes with its own cryptography module out of the box. And this article tries to explain how to get most out of it.

While using internet, your data needs to be traveled multiple places it the world. Cryptography is needed to make sure that your data is not compromised. NodeJS Crypto module provides several classes and methods to encrypt and protect data.

Following is the simple introduction to the classes provided by NodeJS crypto module

There are other utility methods in crypto module - for generating random numbers, etc.,


MD5 stands for Message Digest 5 is not secure enough.

const crypto = require('crypto')

// pass the algo you wanted to use
const hash = crypto.createHash('md5')


const hashedPassword = hash.digest('hex')

console.log(hashedPassword) // '482c811da5d5b4bc6d497ffa98491e38'

Here are the list of recommended algorithms in the order of preference

  1. Argon2 - New but academically proven - introduced in 2013
  2. PBKDF2 - Password-Based Key Derivation Function 2. Useful if you require wide enterprise support in compliance with federal standards such as the Federal Information Processing Standard.
  3. Scrypt - Like PBKDF2, but optimized to resist hardware-based attacks
  4. Bcrypt - Based on Blowfish algorithm.

Read more Using Argon2 with Node


You need to salt the hash to be more secure. If two users use same password with the same algorithm, with the help of salt the hashes of those two users will be different

const crypto = require('crypto')

const password = 'password123'

const salt = crypto.randomBytes(256).toString('hex')

const hashedPwd = crypto.pbkdf2Sync(password, salt, 100000, 512, 'sha512')


Symmetric Encryption

In symmetric encryption, one key is used to encrypt and decrypt the data.

CBC means "Cipher Block Chaining"

const crypto = require('crypto')

const algorithm = 'aes-256-cbc'
const password = 'Good strong password for key'
let ssn = '111-000-0000'

const salt = crypto.randomBytes(32)

// 32 bytes = 256 bits
const key = crypto.scryptSync(password, salt, 32)

const iv = crypto.randomBytes(16)

const cipher = crypto.createCipheriv(algorithm, key, iv)
let encrypted = cipher.update(ssn, 'utf8', 'hex')
encrypted += cipher.final('hex')


const decipher = crypto.createDecipheriv(algorithm, key, iv)
let decrypted = decipher.update(encrypted, 'hex','utf8')
decrypted = decipher.final('utf8')


Last Updated on

Next Post: GraphProtocol: TS2322 null assignment in Subgraph →