Skip to content

Commit

Permalink
bugfix (encryption): crypto was giving warning while using aes-256-ct…
Browse files Browse the repository at this point in the history
…r, likely after [this](nodejs/node#13801) came out
  • Loading branch information
mickael-kerjean committed Mar 1, 2018
1 parent 73c1f9b commit e258599
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 11 deletions.
4 changes: 2 additions & 2 deletions README.org
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ Call it an FTP client, an S3 viewer or a Dropbox like web app, Nuage leverages y
- emacs keybindings `;)`

* What about my credentials?
Credentials are stored in your browser in a http only cookie encrypted using aes-256-ctr and aren't persistent in the server disk at all.
The "remember me" feature relies on localstorage to store your credentials encrypted using aes-256-ctr.
Credentials are stored in your browser in a http only cookie encrypted using aes-256-cbc and aren't persistent in the server disk at all.
The "remember me" feature relies on localstorage to store your credentials encrypted using aes-256-cbc.

Note that on the FTP and sFTP, sessions connections aren't destroyed on every request but are reused and killed after 2 minutes. The reasoning is connections are expensive to create and this trick make the entire application feel much much faster for users who tries to navigate.

Expand Down
2 changes: 1 addition & 1 deletion client/utilities/crypto.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import crypto from 'crypto';
const algorithm = 'aes-256-ctr';
const algorithm = 'aes-256-cbc';

export function encrypt(obj, key){
const cipher = crypto.createCipher(algorithm, key);
Expand Down
16 changes: 8 additions & 8 deletions server/utils/crypto.js
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
var crypto = require('crypto'),
algorithm = 'aes-256-ctr',
password = process.env.SECRET_KEY || '123';
const crypto = require('crypto'),
algorithm = 'aes-256-cbc',
password = require('../../config.js')['server_secret'];

module.exports = {
encrypt: function(obj){
obj.date = new Date().getTime();
let text = JSON.stringify(obj);
var cipher = crypto.createCipher(algorithm,password)
var crypted = cipher.update(text,'utf8','base64')
const text = JSON.stringify(obj);
const cipher = crypto.createCipher(algorithm, password);
let crypted = cipher.update(text, 'utf8', 'base64');
crypted += cipher.final('base64');
return crypted;
},
decrypt: function(text){
var dec;
try{
var decipher = crypto.createDecipher(algorithm,password)
dec = decipher.update(text,'base64','utf8')
const decipher = crypto.createDecipher(algorithm, password);
dec = decipher.update(text, 'base64', 'utf8');
dec += decipher.final('utf8');
dec = JSON.parse(dec);
}catch(err){
Expand Down

0 comments on commit e258599

Please sign in to comment.