我正在nodejs中实现一组基本的加密/解密功能,并且在解密部分不断出现以下错误:错误:状态不受支持或无法验证数据
I am implementing a basic encryption/decryption set of functions in nodejs and I keep getting the following error in the decryption part: Error: Unsupported state or unable to authenticate data
到目前为止,这是我的代码:
This is my code so far:
import crypto from 'crypto' import logger from './logger' const ALGORITHM = 'aes-256-gcm' export const encrypt = (keyBuffer, dataBuffer, aadBuffer) => { // iv stands for "initialization vector" const iv = Buffer.from(crypto.randomBytes(12), 'utf8') logger.debug('iv: ', iv) const encryptor = crypto.createCipheriv(ALGORITHM, keyBuffer, iv) logger.debug('encryptor: ', encryptor) logger.debug('dataBuffer: ', dataBuffer) return Buffer.concat([iv, encryptor.update(dataBuffer, 'utf8'), encryptor.final()]) } export const decrypt = (keyBuffer, dataBuffer, aadBuffer) => { const iv = dataBuffer.slice(0, 96) const decryptor = crypto.createDecipheriv(ALGORITHM, keyBuffer, iv) return Buffer.concat([decryptor.update(dataBuffer.slice(96), 'utf8'), decryptor.final()]) }我的错误发生在解密功能的最后一行.我将iv存储为dataBuffer的一部分.
My error happens in the last line of the decrypt function. I am storing the iv as part of the dataBuffer.
提前谢谢!
推荐答案我意识到我在发布的原始代码中犯了一些错误,其中一个是@TheGreatContini所说的,它是切片的大小以位而不是字节完成.尽管如此,我最想念的还是authTag,它始终应包含在解密功能设置中.
I realized I had made a couple of mistakes with the original code that I posted, one of them as @TheGreatContini remarked was the size of the slicing which was being done in bits instead of bytes as it should be. Still, the biggest piece that I was missing was the authTag which always should be included in the decipher function setup.
这是我的工作代码,供有兴趣将来参考的任何人使用:
Here is my working code for anybody interested for future references:
import crypto from 'crypto' import logger from './logger' const ALGORITHM = 'aes-256-gcm' export const encrypt = (keyBuffer, dataBuffer, aadBuffer) => { // iv stands for "initialization vector" const iv = crypto.randomBytes(12) const cipher = crypto.createCipheriv(ALGORITHM, keyBuffer, iv) const encryptedBuffer = Buffer.concat([cipher.update(dataBuffer), cipher.final()]) const authTag = cipher.getAuthTag() let bufferLength = Buffer.alloc(1) bufferLength.writeUInt8(iv.length, 0) return Buffer.concat([bufferLength, iv, authTag, encryptedBuffer]) } export const decrypt = (keyBuffer, dataBuffer, aadBuffer) => { const ivSize = dataBuffer.readUInt8(0) const iv = dataBuffer.slice(1, ivSize + 1) // The authTag is by default 16 bytes in AES-GCM const authTag = dataBuffer.slice(ivSize + 1, ivSize + 17) const decipher = crypto.createDecipheriv(ALGORITHM, keyBuffer, iv) decipher.setAuthTag(authTag) return Buffer.concat([decipher.update(dataBuffer.slice(ivSize + 17)), decipher.final()]) }更多推荐
Node.js中的AES 256 GCM加密解密
发布评论