node.js中需要解密的数据如何加密? [英] How to encrypt data that needs to be decrypted in node.js?

问题描述

我们使用 bcrypt 来散列不需要解密的密码和数据.我们应该如何保护其他需要解密的用户信息?

We are using bcrypt for hashing passwords and data that never needs to be decrypted. What should we do to protect other user information that does need to be decrypted?

例如，假设我们不希望用户的真实姓名为纯文本，以防有人获得对数据库的访问权限.这是有点敏感的数据，但也需要不时调用并以纯文本形式显示.有没有简单的方法可以做到这一点?

For example, let's say that we didn't want a user's real name to be in plain text in case someone was to obtain access to the database. This is somewhat sensitive data but also needs to be called from time to time and displayed in plain text. Is there a simple way to do this?

推荐答案

您可以使用 加密模块:

var crypto = require('crypto');
var assert = require('assert');

var algorithm = 'aes256'; // or any other algorithm supported by OpenSSL
var key = 'password';
var text = 'I love kittens';

var cipher = crypto.createCipher(algorithm, key);  
var encrypted = cipher.update(text, 'utf8', 'hex') + cipher.final('hex');
var decipher = crypto.createDecipher(algorithm, key);
var decrypted = decipher.update(encrypted, 'hex', 'utf8') + decipher.final('utf8');

assert.equal(decrypted, text);

编辑

现在 createCipher 和 createDecipher 已被弃用，而是使用 createCipheriv 和 createDecipheriv

Now createCipher and createDecipher is deprecated instead use createCipheriv and createDecipheriv

这篇关于node.js中需要解密的数据如何加密?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！