Timeline for Data encryption / decryption on Node.js
Current License: CC BY-SA 4.0
11 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Mar 1, 2020 at 12:47 | comment | added | Maarten Bodewes | Let us continue this discussion in chat. | |
| Mar 1, 2020 at 12:43 | comment | added | Maarten Bodewes | The problem that I have with it is that ENCRYPTED will still be different for each message that you encrypt. If developers see an all caps constant, they expect it to be constant throughout the application. Being constant, in other words, is different from being a constant. In Java we have immutable types, which I use a lot. Instances are as "constant" as the JS description of const, but they are still not written using all upper caps (unless, of course, they are also static final class fields). | |
| Mar 1, 2020 at 12:38 | comment | added | Mike | Regarding ENCRYPTED is not constant at all, as far as I understand the MDN web docs, being defined as const and assigning Object.freeze(…) makes the variable constant in its scope: «A frozen object can no longer be changed; freezing an object prevents new properties from being added to it, existing properties from being removed, prevents changing the enumerability, configurability, or writability of existing properties, and prevents the values of existing properties from being changed». | |
| Mar 1, 2020 at 12:34 | vote | accept | Mike | ||
| Mar 1, 2020 at 12:10 | comment | added | Maarten Bodewes | About the sentence about using ENC for encoding, that was a Dutch-ism :) Sorry for the confusion (uitschrijven != write out). | |
| Mar 1, 2020 at 12:09 | history | edited | Maarten Bodewes | CC BY-SA 4.0 | added 39 characters in body |
| Mar 1, 2020 at 12:06 | comment | added | Maarten Bodewes | Comment #1. No, you don't need to generate a new key each time, you can for instance keep it in a key store. However, if you keep it in a constant it will also get in your code repo, and it will not allow you to have test keys etc. Key management is a tricky subject, but just using constant keys is not the answer. ENCRYPTED is not constant at all, it changes with the input data. | |
| Mar 1, 2020 at 10:28 | comment | added | Mike | I'd write out encoding, according to the Node.js documentation, encoding is an optional parameter and if not specified, the utf8 is applied by default. So, why it is better to eliminate encoding in Buffer.from(), or is it just a matter of a taste? | |
| Mar 1, 2020 at 10:19 | comment | added | Mike | Regarding @param {string} iv - initialisation vector, nice catch! I just forgot to update a JSDoc annotations, now it's fixed, the code snippet is updated. | |
| Mar 1, 2020 at 10:06 | comment | added | Mike | Thanks for the detailed review. Regarding a key should not be a constant, do I understand it correctly, I need to randomly generate a key every time I want to encrypt the data? If I store the keys in the DB, next to the encrypted data, then if the DB is compromised, the security of the encrypted data is also affected. Therefore, where it's better to store these random keys? Regarding const ENCRYPTED, it's a capital since it's a constant and not because it is global/local variable. | |
| Mar 1, 2020 at 0:49 | history | answered | Maarten Bodewes | CC BY-SA 4.0 |