1

I am encrypting an audio file using crypto npm module in node.js and trying to decrypt it in the android side using the same algorithm and the key.

The encryption code is :

encyption parameters

var crypto = require('crypto'),
    algorithm = 'aes-256-cbc',
    password = 'somepassword';  //encyption parameters

encryption function

function encrypt(buffer) {
    var cipher = crypto.createCipher(algorithm, password);
    var crypted = Buffer.concat([cipher.update(buffer), cipher.final()]);
    return crypted;
}

Now,for Decryption , we need to use some IV(Initialisation Vector) and as research says not to use same IV for any two files.

So, I just want to know now how customized IV can be set and random or separate IVs can be generated for each file in node.js using crypto or any other module during encryption.

It will be great if someone can help me out in this.

Community
  • 1
  • 1
Prerna Jain
  • 1,240
  • 2
  • 16
  • 34
  • If you're using real passwords (few characters, limited character set), then you shouldn't use this node.js code. This does invokes MD5 to generate the key from a password which is not secure enough. You should use PBKDF2 to derive a key from a password with a random salt and many iterations (over 9.000). Then you would also need to generate a random IV. – Artjom B. Nov 24 '15 at 08:56
  • Thanks @ArtjomB. It will be much more helpful if you can explain more for a better and much more clear understanding of it. – Prerna Jain Nov 24 '15 at 10:17

1 Answers1

0

to create the IV, use the following command to get 16 random bytes:

var iv = crypto.randomBytes(16)

then, when creating the cipher, change

var cipher = crypto.createCipher(algorithm, password);

to 

var cipher = crypto.createCipheriv(algorithm, password, iv);

The IV will not be attached to the resulting ciphertext, so you will need to send it separately to the android side (it can be sent in plaintext).

Peter Elliott
  • 3,273
  • 16
  • 30