Day 149— Cryptography 101

1. Hash, input with variable length is hashed to a fixed-length output. same input -> same output. This process is irreversible.
2. Salt, add some randomness to the hashed output. Otherwise, others can match the output in a rainbow table to guess the input.
3. HMAC, hash function with a password. Someone with the same hash signature must have the corresponding secret password. e.g. JWT
4. Symmetric Encryption, encrypt and decrypt using the same key
5. Generation of Keypair (public and private key), private and public key are mathematically linked.
6. Asymmetric Encryption, public key is used to encrypt, while private key is used to decrypt. The public key is shared, the private key is kept away. Everyone can use the public key to encrypt, but the one with the private key can decrypt successfully.
7. Signing, validating the data comes from a trusted party. private key is used to sign the hash of the original data. So we can use the public key to validate the authenticity of the data did come from the sender.

Instead of implementing the code in pure node.js, a popular module, crypto.js can be used. Its syntax is much more user-friendly and fast to deploy.

// Encrypt
var ciphertext = CryptoJS.AES.encrypt('my message', 'secret key 123').toString();

// Decrypt
var bytes  = CryptoJS.AES.decrypt(ciphertext, 'secret key 123');
var originalText = bytes.toString(CryptoJS.enc.Utf8);

GitHub - brix/crypto-js: JavaScript library of crypto standards.