js中的crypt问题[重复]

【问题标题】:crypt problrm in js [duplicate]js中的crypt问题[重复]
【发布时间】:2021-02-23 16:09:19
【问题描述】:

我有从文件 info.txt 解密密码的草图,并在我转到 http://localhost:8080 时向我发送邮件:

var crypto = require('crypto');         // encryption/decryption tool
var fs = require('fs');                 // filesystem manager
var express = require('express');       // web server
var nodemailer = require('nodemailer'); // email
var key = process.argv[3];
var fileName = __dirname + "/info.txt";
var decipher = crypto.createDecipher('aes-256-cbc', key);
var server = express();
server.use('/',express.static('public'));

var account = {
   host: 'smtp.gmail.com',   // mail server
   port: 465,                // SSL mail port
   secure: true,             // using secure sockets for mail
   auth: {
     user: process.argv[2],  // username from the commnand line
     pass: ''                // password will come from decryption later
   }
   };

 var message = {
 from: account.auth.user,
 to: 'z.zitsw@gmail.com', //''cat.owner@example.com',
 subject: 'Hello from the cat',
 text: 'The cat is sitting on his mat! http://www.example.com/catcam.html'
 };

 function sendMail(request, response) {
 // callback function to confirm mail was sent and inform web client
 var mailClient = nodemailer.createTransport(account);
 var responseString = mailClient.sendMail(message, confirmMail);
  }

  function decryptFile(error, data) {
   // if there's valid data from the file, decrypt it:
  if (data){
  var content = data.toString();
  var decryptedPassword = decipher.update(content, 'hex', 'utf8');
  decryptedPassword += decipher.final('utf8');
  account.auth.pass = decryptedPassword;
// if the file produces an error, report it:
 } else if (error) {
   console.log(error);
  }
  }

  // read from the password file:
  fs.readFile(fileName, decryptFile);
  console.log("credentials for " + account.auth.user + " obtained.");

 // start the server:
  server.listen(8080);
  server.get('/mail', sendMail);            // send a mail
  console.log("waiting for web clients now.");

但是当我在终端(节点 server.js my_mail 键)中运行应用程序时,我会出现此错误: (节点:7392)[DEP0106] DeprecationWarning:crypto.createDecipher 已弃用。 (使用node --trace-deprecation ... 显示警告的创建位置) 内部/validators.js:198 throw new ERR_INVALID_ARG_VALUE('encoding', 编码

请帮帮我

【问题讨论】:

  • createDecipher() 出于安全原因已弃用。它使用不安全的密钥派生函数 (EVP_BytesToKey()) 从密码中派生密钥和 IV(有关详细信息,请参阅 createDecipher() 的文档)。相反,createDecipherIv() 直接传递密钥和 IV。要将createDecipher() 的功能映射到createDecipherIv(),您需要实现EVP_BytesToKey()(参见Web),并且必须使用密码派生密钥和iv 并将它们传递给createDecipherIv()。这当然和createDecipher() 一样不安全,因此不鼓励。

标签: node.js express cryptography nodemailer


【解决方案1】:

所以对我来说是说函数 createDecipher 不再受支持?也许如果您查看加密包的文档,可能会有解决此问题的解释或替代方法。

【讨论】:

  • 您好,我将crypto.createDecipher更改为crypto.createDecipheriv,它应该使用元素iv,我将其标记为:let iv = crypto.randomBytes (16);现在我有以下内容: internal / crypto / cipher.js: 103 this [kHandle] .initiv (cipher, credentials, iv, authTagLength); ^ 错误:无效的密钥长度
猜你喜欢
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2018-04-04
  • 1970-01-01
  • 2023-04-08
  • 2020-07-08
  • 2019-05-04
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode