How Does The Node.JS Crypto Module Produce A Key And An Initialization Vector When The Deprecated `crypto.createCipher` Function Is Used?
I have inherited a database where some fields were encrypted by legacy code.
The code used the (now deprecated) crypto.createCipher function that Node.js provided. This function expects to be passed a plaintext password, rather than a key and initialization vector. The documentation suggests that a key and IV are derived (somehow) from the provided password.
I have the password that was used, but would like to decrypt the data in another application, written in a language that uses a standard key/IV combination to initialize an AES cipher (Python 3).
Looking at the Node.js codebase, in cipher.js, it is not at all apparent to me how this is being done.
I see after writing this, that the question has a ruby-specific answer here that I could not find when searching. I have decided to create a more general-purpose question and answer here to increase its visability.
Node computes the key and value using the
md5 hash function.
A 32-byte key is produced with the following algorithm (shown in pseudocode):
Let A = md5(password) Let B = md5(concatenate(A, password)) Let Key = concatenate(A,B)
A 16 byte initialization vector is then produced with:
Let IV = md5(concatenate(key, password))
- → Maximum call stack exceeded when instantiating class inside of a module
- → Browserify api: how to pass advanced option to script
- → Node.js Passing object from server.js to external modules?
- → gulp-rename makes copies, but does not replace
- → requiring RX.js in node.js
- → Remove an ObjectId from an array of objectId
- → Can not connect to Redis
- → React: How to publish page on server using React-starter-kit
- → Express - better pattern for passing data between middleware functions
- → Can't get plotly + node.js to stream data coming through POST requests
- → IsGenerator implementation
- → Async/Await not waiting
- → (Socket.io on nodejs) Updating div with mysql data stops without showing error