AES

March 11, 2025

AES

cryptography

Encryption is a fundamental technique used to protect data from unauthorized access

In this blog post, we will learn how to use CryptoJS, a powerful JavaScript library, to encrypt and decrypt data using the AES-256 encryption algorithm.

🔐 Cryptography: The Science of Secure Communication

Cryptography is the practice of securing information so that only authorized parties can access it. It protects data from hackers, ensures privacy, and is used in banking, messaging apps, online payments, and digital signatures.

Types of Cryptography

Symmetric Encryption (Same key for encryption & decryption)

Asymmetric Encryption (Public key for encryption, private key for decryption)

Hashing (One-way conversion, no decryption)

What is AES Encryption?

AES (Advanced Encryption Standard) is a secure encryption method used to protect data. It works by converting readable data into scrambled text using a secret key. The same key is used to decrypt the data back into its original form.

🔑 Key Points:

Fast & Secure – Used worldwide for encryption.

Key Sizes – 128-bit, 192-bit, or 256-bit.

Common Uses – Secure messaging, banking, passwords, and file encryption.

A visual depiction of what is being written about

Generating a Secure Secret Key for AES Encryption

The first and most crucial step in AES encryption is generating a strong secret key. The following function, generateSecretKey, creates a random 256-bit key to ensure robust security.

javascript 
const crypto = require("crypto");

const genrateSecretKey = () => {
  const keyLength = 32; //// 32 bytes = 256 bits (AES-256)
  return crypto.randomBytes(keyLength).toString("hex");
};
const secretKey = genrateSecretKey();
console.log("Generated Secret Key:",secretKey);

✅ 256-bit strength ensures high security. ✅ Randomized output prevents predictability. ✅ Hex encoding makes storage and sharing easy.

Sample Output (Varies Each Time)

powershell 

Generated Secret Key: e9f3a8b62d4c89f7b10c3e9d58723a1f7d2b6a9c5e1f4d8c7b2e0f6a9c3d2b1e

Each time you run the script, you'll get a different 64-character hex string (because 32 bytes = 64 hex characters).

🔍 Deep Explanation of AES-256-CBC Encryption in Node.js

Your code securely encrypts an array of objects using AES-256-CBC encryption in Node.js. Let's break it down step by step.

javascript 
const crypto = require("crypto"); // Import Node.js crypto module

// 🛠 Generate a secure 256-bit secret key (32 bytes = 256 bits)
// The key is represented in hexadecimal (binary-to-text conversion for storage)
const generateSecretKey = () => crypto.randomBytes(32).toString("hex"); 

const secretKey = generateSecretKey(); // Generate a new random secret key
console.log("🔑 Generated Secret Key:", secretKey);

// 📌 Sample user data to encrypt
const data = [
  { _id: "jhon", username: "DevX@123", password: "1200012" },
  { _id: "jhon2", username: "DevX@1232", password: "12000122" },
];

/**
 * 🔐 AES-256-CBC Encryption Function
 * 
 * @param {Object} data - The data to encrypt (JSON object)
 * @param {string} secretKey - The secret key (256-bit hex string)
 * @returns {string} - The encrypted data as a hex-encoded string (IV + CipherText)
 */
const encryptData = (data, secretKey) => {
  const algorithm = "aes-256-cbc"; // AES algorithm with 256-bit key in CBC mode
  const iv = crypto.randomBytes(16); // 16-byte IV (random for each encryption)

  // 🏗️ Create AES cipher with secret key & IV
  const cipher = crypto.createCipheriv(algorithm, Buffer.from(secretKey, "hex"), iv);

  // 📝 Encrypt JSON Data (Convert UTF-8 text to hex format)
  let encrypted = cipher.update(JSON.stringify(data), "utf-8", "hex");
  encrypted += cipher.final("hex"); // Finalize encryption process

  // 🏷️ Return the IV (for decryption) + Encrypted Data (Hex encoded)
  return iv.toString("hex") + ":" + encrypted;
};

// 🔒 Encrypt the user data
const encryptedData = encryptData(data, secretKey);
console.log("🛡️ Encrypted Data:", encryptedData);

javascript 
🔑 Generated Secret Key: 692d033ed7e582cb76704d6b02e5eb28411a00f7449bfda03a56103b1c0eb90f
🛡️ Encrypted Data: 8704dc1e2da674be89589cc419b11855:603c3f867e34cd0afc94af9d7732527cc0d571179cec5a5 3c03758e1c770b25f664bf5ea57edd9ca337101baaac418fe2b29852e11b64f8b8faf4f94037238a360ba729b7
fa1176a08eb8f9ea6eb201fe4f7149b61c054dafdf5742f967480005ffee35a85d36034a5b9f03fc0ad743597eb0042ef68cc6bc899717ed29da370

🛠 Components of the Encryption Process

The encryption function uses several key concepts:

AES-256-CBC Encryption

Hexadecimal Encoding (hex)

UTF-8 Encoding (utf-8)

Initialization Vector (IV)

Cipher Block Chaining (CBC) Mode

Secret Key (256-bit)

1️⃣ AES-256-CBC Encryption

AES (Advanced Encryption Standard) is a symmetric encryption algorithm that encrypts data securely.

AES-256: Uses a 256-bit key (32 bytes) for encryption, making it very strong.

CBC Mode (Cipher Block Chaining) is a way of encrypting data where each block of plaintext is linked to the previous one. This makes the encryption stronger because changes in one block affect all the following blocks. However, it requires an Initialization Vector (IV) to start the process securely.

📌 Why AES-256-CBC?

✅ Highly secure (used by governments & banks).

✅ Requires a secret key + IV, making brute-force attacks difficult.

✅ Ensures randomness with IV, preventing pattern attacks.

2️⃣ Understanding Encodings (utf-8 & hex)

Your code uses UTF-8 and Hexadecimal (hex) encoding. Let's understand both.

🔹 UTF-8 (Unicode Transformation Format - 8 bit)

Used for text encoding (e.g., English, Chinese, emojis, etc.).

Represents characters efficiently (1 to 4 bytes per character).

Used when converting JSON or text into a binary format.

🔹 Example:

javascript 

const text = "Hello";
const buffer = Buffer.from(text, "utf-8");
console.log(buffer);

📌 Output:

javascript 

<Buffer 48 65 6c 6c 6f>

Each character (H, e, l, l, o) is represented as a byte in memory.

🔹 Hexadecimal (hex) Encoding

Used for binary-to-text conversion.

Represents each byte as two hexadecimal characters.

Output is double the size of input (e.g., 32 bytes → 64 hex characters).

🔹 Example:

javascript 

const hex = buffer.toString("hex");
console.log(hex);

📌 Output:

javascript 

48656c6c6f

Each byte is converted into a 2-character hex code.

📌 Why use hex?

✅ Makes binary data human-readable.

✅ Prevents encoding issues (e.g., special characters breaking encryption).

3️⃣ Initialization Vector (IV)

🔹 What is IV?

An Initialization Vector (IV) is a random 16-byte value used in encryption. It makes sure that even if you encrypt the same data multiple times, the output (ciphertext) is different each time. This adds extra security and prevents patterns from forming in the encrypted data.

🔹 How does IV work?

First, AES XORs IV with the first block of data before encryption.

Each subsequent block is XORed with the previous encrypted block.

This makes encryption unique, even if the same data is encrypted multiple times.

📌 Example:

javascript 

const iv = crypto.randomBytes(16); // 16-byte IV
console.log(iv.toString("hex"));

Each run will generate a different IV

🔓 AES-256-CBC Decryption

Now that you've encrypted your data, let's implement decryption to restore the original JSON.

javascript 
const decryptData = (encryptedData, secretKey) => {
  const algorithm = "aes-256-cbc";

  // 🏷️ Split IV and encrypted text (IV is required for decryption)
  const [ivHex, encryptedText] = encryptedData.split(":");

  // 🏗️ Create AES decipher with the same secret key & IV
  const decipher = crypto.createDecipheriv(
    algorithm,
    Buffer.from(secretKey, "hex"),
    Buffer.from(ivHex, "hex")
  );

  // 🔄 Decrypt data (Convert hex back to UTF-8 text)
  let decrypted = decipher.update(encryptedText, "hex", "utf-8");
  decrypted += decipher.final("utf-8"); // Finalize decryption

  return JSON.parse(decrypted); // Convert string back to JSON
};

// 🔓 Decrypt the encrypted data
const decryptedData = decryptData(encryptedData, secretKey);
console.log("✅ Decrypted Data:", decryptedData);

📌 Output

powershell 
✅ Decrypted Data: [
{ _id: 'jhon', username: 'DevX@123', password: '1200012' },
{ _id: 'jhon2', username: 'DevX@1232', password: '12000122' }
]

🔐 AES-256-CBC Encryption & Decryption (Final Code)

javascript 

const crypto = require("crypto"); // Import Node.js crypto module

// 🔑 Generate a secure 256-bit secret key (32 bytes)
const generateSecretKey = () => crypto.randomBytes(32).toString("hex");

const secretKey = generateSecretKey(); // Generate a new random secret key
console.log("🔑 Secret Key:", secretKey);

// 📌 Sample user data to encrypt
const data = [
  { _id: "john", username: "DevX@123", password: "1200012" },
  { _id: "john2", username: "DevX@1232", password: "12000122" },
];

/**
 * 🔐 AES-256-CBC Encryption Function
 * @param {Object} data - Data to encrypt (JSON object)
 * @param {string} secretKey - 256-bit hex secret key
 * @returns {string} - IV + Encrypted data (hex encoded)
 */
const encryptData = (data, secretKey) => {
  const algorithm = "aes-256-cbc"; // AES algorithm
  const iv = crypto.randomBytes(16); // 16-byte IV for randomness

  // 🏗️ Create AES cipher
  const cipher = crypto.createCipheriv(algorithm, Buffer.from(secretKey, "hex"), iv);

  // 🔄 Encrypt JSON data (Convert UTF-8 to hex)
  let encrypted = cipher.update(JSON.stringify(data), "utf-8", "hex");
  encrypted += cipher.final("hex");

  // 🏷️ Return IV + Encrypted Data (Both in hex format)
  return iv.toString("hex") + ":" + encrypted;
};

/**
 * 🔓 AES-256-CBC Decryption Function
 * @param {string} encryptedData - Encrypted data string (IV + CipherText)
 * @param {string} secretKey - 256-bit hex secret key
 * @returns {Object} - Decrypted original data (JSON object)
 */
const decryptData = (encryptedData, secretKey) => {
  const algorithm = "aes-256-cbc";

  // 🏷️ Extract IV and encrypted text (IV is required for decryption)
  const [ivHex, encryptedText] = encryptedData.split(":");

  // 🏗️ Create AES decipher
  const decipher = crypto.createDecipheriv(
    algorithm,
    Buffer.from(secretKey, "hex"),
    Buffer.from(ivHex, "hex")
  );

  // 🔄 Decrypt data (Convert hex back to UTF-8)
  let decrypted = decipher.update(encryptedText, "hex", "utf-8");
  decrypted += decipher.final("utf-8");

  return JSON.parse(decrypted); // Convert string back to JSON
};

// 🔒 Encrypt the user data
const encryptedData = encryptData(data, secretKey);
console.log("🛡️ Encrypted Data:", encryptedData);

// 🔓 Decrypt the encrypted data
const decryptedData = decryptData(encryptedData, secretKey);
console.log("✅ Decrypted Data:", decryptedData);

📌 Output

javascript 
🔑 Secret Key: 692d033ed7e582cb76704d6b02e5eb28411a00f7449bfda03a56103b1c0eb90f
🛡️ Encrypted Data: 8704dc1e2da674be89589cc419b11855:603c3f867e34cd0afc94af9d7732527c...
✅ Decrypted Data: [
{ _id: "john", username: "DevX@123", password: "1200012" },
{ _id: "john2", username: "DevX@1232", password: "12000122" }
]

🛠️ Explanation

🔑 Secret Key Generation

plain text 

1b2d4a5f9c44a6b3e3f7a15d78c1e9b2e9b8c4d7a8a2f7e9d4b2a8c3d1f0e9c

🔐 Encryption Process

🔓 Decryption Process

🚀 Best Practices

✅ Use a unique IV for every encryption (never reuse IVs).

✅ Store the secret key securely (Environment Variables, Vaults, etc.).

✅ IV is NOT secret (It must be included with ciphertext).

✅ CBC mode prevents identical plaintext from having identical ciphertext (more secure than ECB)

🙏 Thank You!

Thank you for taking the time to read this blog! 🎉 I hope you found it useful in understanding AES encryption and decryption in Node.js.

🚀 Stay secure, keep coding, and happy encrypting! 🔐

Docker-level-1

Docker 0 to Hero

September 22, 2024·Devops

backend

Multer Guide For Begginers

How to use multer

September 22, 2024·backend

;