From e258599a0483fe8e416a4a18af245cad7879dd76 Mon Sep 17 00:00:00 2001 From: Mickael KERJEAN Date: Thu, 1 Mar 2018 20:54:28 +1100 Subject: [PATCH] bugfix (encryption): crypto was giving warning while using aes-256-ctr, likely after [this](https://github.com/nodejs/node/issues/13801) came out --- README.org | 4 ++-- client/utilities/crypto.js | 2 +- server/utils/crypto.js | 16 ++++++++-------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/README.org b/README.org index bd42e52d1..f100cdd6e 100644 --- a/README.org +++ b/README.org @@ -22,8 +22,8 @@ Call it an FTP client, an S3 viewer or a Dropbox like web app, Nuage leverages y - emacs keybindings `;)` * What about my credentials? -Credentials are stored in your browser in a http only cookie encrypted using aes-256-ctr and aren't persistent in the server disk at all. -The "remember me" feature relies on localstorage to store your credentials encrypted using aes-256-ctr. +Credentials are stored in your browser in a http only cookie encrypted using aes-256-cbc and aren't persistent in the server disk at all. +The "remember me" feature relies on localstorage to store your credentials encrypted using aes-256-cbc. Note that on the FTP and sFTP, sessions connections aren't destroyed on every request but are reused and killed after 2 minutes. The reasoning is connections are expensive to create and this trick make the entire application feel much much faster for users who tries to navigate. diff --git a/client/utilities/crypto.js b/client/utilities/crypto.js index ea492ab8f..6718dacd7 100644 --- a/client/utilities/crypto.js +++ b/client/utilities/crypto.js @@ -1,5 +1,5 @@ import crypto from 'crypto'; -const algorithm = 'aes-256-ctr'; +const algorithm = 'aes-256-cbc'; export function encrypt(obj, key){ const cipher = crypto.createCipher(algorithm, key); diff --git a/server/utils/crypto.js b/server/utils/crypto.js index 83c8483b9..368195f64 100644 --- a/server/utils/crypto.js +++ b/server/utils/crypto.js @@ -1,21 +1,21 @@ -var crypto = require('crypto'), - algorithm = 'aes-256-ctr', - password = process.env.SECRET_KEY || '123'; +const crypto = require('crypto'), + algorithm = 'aes-256-cbc', + password = require('../../config.js')['server_secret']; module.exports = { encrypt: function(obj){ obj.date = new Date().getTime(); - let text = JSON.stringify(obj); - var cipher = crypto.createCipher(algorithm,password) - var crypted = cipher.update(text,'utf8','base64') + const text = JSON.stringify(obj); + const cipher = crypto.createCipher(algorithm, password); + let crypted = cipher.update(text, 'utf8', 'base64'); crypted += cipher.final('base64'); return crypted; }, decrypt: function(text){ var dec; try{ - var decipher = crypto.createDecipher(algorithm,password) - dec = decipher.update(text,'base64','utf8') + const decipher = crypto.createDecipher(algorithm, password); + dec = decipher.update(text, 'base64', 'utf8'); dec += decipher.final('utf8'); dec = JSON.parse(dec); }catch(err){