Node.js Crypto类返回不同的结果与更新的版本 [英] Node.js Crypto class returning different results with updated version

查看:247
本文介绍了Node.js Crypto类返回不同的结果与更新的版本的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

以下代码为添加到页面的单点登录按钮生成HTML输出。在节点版本0.5.x中,键被服务器在按钮点击时接受,但是在升级到0.10.x后,它不工作并产生不同的输出。没有错误。密码类是否已更改?请注意,键,网址和iv已稍微更改,以避免发布安全信息,但长度正确。

The following code produces HTML output for a single-sign-on button that gets added to a page. In node version 0.5.x the key is accepted by the server on button click, but after upgrading to 0.10.x it does not work and produces a different output. No errors. Has the crypto class changed? Note, the key, url, and iv have been changed slightly to avoid posting secure information, but are the correct length.

var util = require('util');
var crypto = require('crypto');
var fs = require('fs');
var dateFormat = require('dateformat');


var AESCrypt = {};


AESCrypt.encrypt = function(cryptkey, iv, cleardata) {

    var encipher = crypto.createCipheriv('aes-256-cbc', cryptkey, iv),
        encryptdata  = encipher.update(cleardata);


    encryptdata += encipher.final('binary');

    encode_encryptdata = new Buffer(encryptdata, 'binary').toString('hex');
    return encode_encryptdata;
}


function getKey(email){
  var now = new Date();
  var key = new Buffer("F4553ECE8E0039675E8DA176D23BD82D455BB6272B574FDD6185296432CE1AD9",'hex'),
    iv  = new Buffer("D95897EA52A8A0C8DF231C8F2DBE59A7",'hex'),
    key_bin = key.toString('binary'),
    iv_bin = iv.toString('binary'),
    text = new Buffer('mystring','ascii'),
    text_bin = text.toString('binary');

  var enc  = AESCrypt.encrypt(key_bin, iv_bin, text_bin);

  var page = '<form method="POST" action="https://somedomain.com/AES.aspx"><input type="hidden" name="key" value="'+enc+'"/><input type="hidden" name="ouid" value="1"/><input type="submit" value="Log ine"/></form>';

  return page;
}

if(process.argv[2]) {
    email = process.argv[2];
    console.log(getKey(email));
}
else{
    console.log('Something may be wrong with your email address>')
}


推荐答案

似乎至少对于NodeJS的更高版本, Buffer.concat / code>而不是 + = 运算符。

It seems that - at least for later versions of NodeJS - that Buffer.concat() is required instead of the += operator.

这篇关于Node.js Crypto类返回不同的结果与更新的版本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
开发方法最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆