A presentation at JSConf Japan 2023 in in Tokyo, Japan by Yonatan Mevorach
Orqixfkee Rkmrkmvkoryw Unbfrktghccq lbhj Emsx’g eiwemc ofbjes
Mastering Cryptography Fundamentals with Node’s crypto module
Cryptography (the study of the techniques of secret writing)
Yonatan Mevorach @cowchimp blog.yonatan.dev
Cryptography Fundamentals Encryption
Alice Eve Bob
plaintext ciphertext
JSConf JP PfbtMZX
PfbtMZX
PfbtMZX JSConf JP
AES Advanced Encryption Standard
aes-256-cbc
CBC Cipher Block Chaining
IV Initialization Vector
IV plaintext ciphertext
b905af Hello 0402a10291
e6c24c Hello c2cfc0a26
f23bbf Hello 7fa587061
iv ciphertext algorithm
f23bbf 7fa587061 Hello
h0pper 🔑 h0pper
Cryptography Fundamentals Key Derivation Functions
h0pper 🔑 Sp9IxQEzyzdZ94B4VyQoF+6e3EKgJPdoQDF99Ta
Password Key password XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg= 123456 jZae727K08KaOmKSgOaGzww/XVqGr/PKEgIMkjrcbJI= qwerty ZehL4zUy+3hMSBKWdfnv86aCsnFowOp0Syz1juAjN8U= 111111 vLFfghR5tNV3K9DKhmwArV+SbjWAcgZZzIDTnJ0JgCo= ppppp dylyfv5OoHljyL+JdqS6YiURDJgRwo+Rgdb/gRTptps= 1q2w3e4r cquZT6LrQmwFHvWcrWF3UL/gbXz2MRKF/3nBnDKv0jY= 123123123 ky88G1YlfOhTmsJp16q0JVDaz4gY0HXwvfGZBWKq4+8= aueuaueu mzVJAUV6pKrLwUQ/+U+vcBAfkP4Vv9iSFzAWI7+eW60=
h0pper 🔑 🧂 oFzBqXkAn5TxjIvhWi dPuYLRSLIr9w23egqkqAQP+z5rFz1DDYy8jcXTo
Notable mentions 🧐 ● crypto.hkdf ( HMAC-based Key Derivation Function) ● crypto.pbkdf2 (Password-Based Key Derivation Function 2)
Cryptography Fundamentals Randomness
Cryptography Fundamentals Key Distribution Problem
RONALD L. RIVEST: PHOTOS
bob’s private key bob’s public key
bob’s public key
bob’s public key plaintext ciphertext
ciphertext
bob’s public key plaintext ciphertext bob’s private key bob’s public key ciphertext plaintext
Notable mentions 🧐 ● crypto.createDiffieHellman (Diffie-Hellman key exchange) ● crypto.createECDH (Elliptic Curve Diffie-Hellman)
Cryptography Fundamentals Signing and Verifying
alice’s private key alice’s public key message signature
alice’s public key message signature
alice’s private key message alice’s public key signature alice’s public key message signature
Notable mentions 🧐 ● crypto.createHmac (Hash-Based Message Authentication Code)
Cryptography Fundamentals Public Key Certificates
Alice Carol Bob
alice’s private key alice’s public key metadata TBS carol’s private key signature alice’s certificate carol’s public key
carol’s private key carol’s public key alice’s certificate signature metadata alice’s public key
Alice Carol Bob
Alice Carol Doris Bob
Cryptography Fundamentals ● Encryption ● Key Derivation Functions ● Randomness ● Key Distribution Problem \ Asymmetric Encryption ● Signing and Verifying ● Public Key Certificates
Do you know that meme of Homer Simpson trying to hide in the bushes? That’s how I would feel when my coworkers would discuss asymmetric encryption, certificate signing, salting, and crazy-sounding acronyms like PBKDF2. After years of trying to ignore this problem, I finally decided to do something about it. But rather than digging into the subject via textbooks and pseudo-code, I decided to research the massive amount of functionality that is offered by Node.js’ built-in crypto module. Then I worked my way backwards to understand what each function does, what underling security best-practice it’s based on, and when it’s appropriate to use it. So if you’re like me then step out of the bushes, and join me in this talk to learn the fundamentals of protecting information in a practical way with Node.js
for free. You
can too.