-
Notifications
You must be signed in to change notification settings - Fork 0
Cryptography
Encrypting sensitive data in your database.
What is covered
- UTF-8
- Base64
- OpenSSL Cipher (TripleDes)
The byte (/baɪt/) is a unit of digital information that most commonly consists of eight bits. Historically, the byte was the number of bits used to encode a single character of text in a computer[1][2] and for this reason it is the smallest addressable unit of memory in many computer architectures. - -https://en.wikipedia.org/wiki/Byte
Before we can define UTF-8, we need to look to the past. The computer was first invented in America. So you can guess that all character encodings for displaying English to the screen would be in the unaccented English alphabet. Each character had a code. These codes ranged from 32 - 127. These codes were called ASCII. Space was 32, the letter “A” was 65, etc. These characters could be stored in 7 bits. During the beginning most computers in those days were using 8 bit bytes. So, a whole byte was left over. Developers notices this and this is where the world started to put their special characters or even their whole alphabet. You can guess that codes 128 and up could be anything from Icelandic to Russian's special characters and/or alphabets. Not all countries could use this to contain the needed characters for their nationality. This is where Unicode came into the picture. But wait, what about codes 1-32. These were called "un-printable" characters. They were used for control characters, like 7 which made your computer beep and 12 which caused the current page of paper to go flying out of the printer and a new one to be fed in.
This leads us to Unicode. Unicode was a brave effort to create a single character set that included every reasonable writing system on the planet and some make-believe ones like Klingon, too. Each character can be set with a magic number with a preceding U+. The U+ means “Unicode” and the numbers are hexadecimal, which are the magic numbers called code points. There is no real limit on the number of letters that Unicode can define and in fact they have gone beyond 65,536 characters.
Encoding Unicode was a struggle at first till UTF-8 was invented. UTF-8 was another system for storing your string of Unicode code points, those magic U+ numbers, in memory using 8 bit bytes. In UTF-8, every code point from 0-127 is stored in a single byte. Only code points 128 and above are stored using 2, 3, and evne up to 6 bytes.
Long story short now we have an encoding to use where we can transfer strings across the internet in pretty much any language.
Base64 is a group of similar binary-to-text encoding schemes that represent binary data in an ASCII string format by translating it into a radix-64 representation. The term Base64 originates from a specific MIME content transfer encoding. Each base64 digit represents exactly 6 bits of data. Three 8-bit bytes (i.e., a total of 24 bits) can therefore be represented by four 6-bit base64 encodings. https://en.wikipedia.org/wiki/Base64
Base64 was used on early dialup systems to be guaranteed the characters were the characters that were expected, mostly just ASCII characters. This was before the Unicode system was put in place.
You can see the 0-63 character mapping table on https://en.wikipedia.org/wiki/Base64 and view the Base64 Table.
Base64 does not mean your content is secure! Keep that in mind. In order to keep your content secure, you must encrypt your content with a cipher.
There are my OpenSSL Cipher Suite names. They all do something a little different. Ciphers are used to encrypt your content with a set algorithm. The only one I am going to talk about is the TripleDes : *
You can list out all the OpenSSL Ciphers by typing openssl list-cipher-commands in your terminal.
To encrypt a file called myfile.txt using Triple DES in CBC mode, run:
openssl enc -des-ede3-cbc -salt -in myfile.txt -out myfile.enc
This will prompt you for a password, then create the encrypted file myfile.enc (Again: use a strong password and don't forget it, as you'll need it for the decryption stage!).
In node we can use the built in crypto module.
var crypto = require('crypto');
Then you will need a key and an IV.
https://nodejs.org/api/buffer.html#buffer_new_buffer_string_encoding
var key = new Buffer('<your key>', 'base64');
var IV = new Buffer('<your iv>', 'base64');
We use "base64" for our encoding.
Next we need to create our cipher.
var cipher = crypto.createCipheriv('DES-EDE3-CBC, key, iv);`
You can see here that we use Triple DES in CBC mode.
Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block). Cipher block chaining uses what is known as an initialization vector (IV) of a certain length. - http://searchsecurity.techtarget.com/definition/cipher-block-chaining
The next part is where the magic happens. This is where we add our string to be encoded.
crypto.createCipheriv(algorithm, key, iv[, options])
var result = cipher.update(baseString, 'utf8', 'base64');
You do NOT want to stop there. If you return your result now, the last byte will be removed from your base64 string and your string you encoded will not comeback whole.
Next you want to finalize your cipher.
result += cipher.final(encoding);
Decrypting is much in the same way. As seen below.
var decipher = crypto.createDecipheriv('DES-EDE3-CBC', key, IV);
var result = decipher.update(encryptedString, 'base64').toString();
result += decipher.final();
EXMAPLE
var stringToEncrypt = "{"UserData":{"User":{"FirstName":"John ","LastName":"Doe","Gender":"M","BirthDate":"1949-03-16T00:00:00","Id":"xxxx-xxx-xxx-xxxx-00001","TimestampType":"Updated","TimestampDate":"2017-01-11T13:59:00.2139325Z"}}}";
---- testing encrypt 2iEgtogcN5GuRxZ762lz7Bx4zGGKelq//I5CL0mv9ojU0Avbeprsr7+bhbWYlwfLiVorE8SNs7MnPKYoX2rN68tDrJTP09iZ3+BgZiHFG9Nf+lIKsruo+TYo30u+oVfYeKodgB8EO1KwMp94n8uwfDk8KvI7SH9Ki07ONn5gcsTRpNXB7cahmQw6YNTAwr6i/+cGwt0TlFhtLCcHZ4IUKJkQCzIUgA20ssPx83xfNUPHnLBYKKc/stD55GAGvIUpdWkhZEAceJDtqgDYDVu7FuU9QnIjLp8/
---- testing decrypt {"UserData":{"User":{"FirstName":"John ","LastName":"Doe","Gender":"M","BirthDate":"1949-03-16T00:00:00","Id":"xxxx-xxx-xxx-xxxx-00001","TimestampType":"Updated","TimestampDate":"2017-01-11T13:59:00.2139325Z"}}}