In this article, we will explore how to protect sensitive data using encryption and hashing techniques in a Node.js Express application. We will cover the following topics:
- Introduction to Encryption and Hashing
- Encrypting Data with Node.js Crypto Module
- Hashing Data with Node.js Crypto Module
- Implementing Encryption and Hashing in Express
1. Introduction to Encryption and Hashing
Sensitive data, such as passwords, personal information, and financial details, should always be protected when stored or transmitted. Two common methods for protecting sensitive data are encryption and hashing.
Encryption is the process of converting data into a secret code to prevent unauthorized access. It uses a secret key for both encryption and decryption, ensuring that only authorized parties can access the data. Encryption is reversible, meaning that the encrypted data can be decrypted to its original form.
Hashing is a one-way function that transforms data into a fixed-size string of characters, typically a hash value. Unlike encryption, hashing is irreversible, meaning that it is impossible to recover the original data from the hash value. This makes hashing particularly suitable for storing sensitive data like passwords, as even if the hash values are leaked, the original data remains secure.
2. Encrypting Data with Node.js Crypto Module
Node.js includes a built-in module called crypto that provides a wide range of cryptographic functions, including encryption. Let’s see how to use the crypto module to perform symmetric encryption using the AES-256-CBC algorithm.
Installing Dependencies
To use the crypto module, we must first install the required dependencies:
1 2 | <span class="token function">npm</span> <span class="token function">install</span> --save crypto |
Encrypting and Decrypting Data
Here’s an example demonstrating how to encrypt and decrypt data using AES-256-CBC:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | <span class="token keyword">const</span> crypto <span class="token operator">=</span> <span class="token function">require</span><span class="token punctuation">(</span><span class="token string">"crypto"</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">const</span> secretKey <span class="token operator">=</span> crypto<span class="token punctuation">.</span><span class="token function">randomBytes</span><span class="token punctuation">(</span><span class="token number">32</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">const</span> iv <span class="token operator">=</span> crypto<span class="token punctuation">.</span><span class="token function">randomBytes</span><span class="token punctuation">(</span><span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">function</span> <span class="token function">encrypt</span><span class="token punctuation">(</span><span class="token parameter">text</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">const</span> cipher <span class="token operator">=</span> crypto<span class="token punctuation">.</span><span class="token function">createCipheriv</span><span class="token punctuation">(</span><span class="token string">"aes-256-cbc"</span><span class="token punctuation">,</span> secretKey<span class="token punctuation">,</span> iv<span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">let</span> encrypted <span class="token operator">=</span> cipher<span class="token punctuation">.</span><span class="token function">update</span><span class="token punctuation">(</span>text<span class="token punctuation">,</span> <span class="token string">"utf8"</span><span class="token punctuation">,</span> <span class="token string">"hex"</span><span class="token punctuation">)</span><span class="token punctuation">;</span> encrypted <span class="token operator">+=</span> cipher<span class="token punctuation">.</span><span class="token function">final</span><span class="token punctuation">(</span><span class="token string">"hex"</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">return</span> encrypted<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">function</span> <span class="token function">decrypt</span><span class="token punctuation">(</span><span class="token parameter">encrypted</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">const</span> decipher <span class="token operator">=</span> crypto<span class="token punctuation">.</span><span class="token function">createDecipheriv</span><span class="token punctuation">(</span><span class="token string">"aes-256-cbc"</span><span class="token punctuation">,</span> secretKey<span class="token punctuation">,</span> iv<span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">let</span> decrypted <span class="token operator">=</span> decipher<span class="token punctuation">.</span><span class="token function">update</span><span class="token punctuation">(</span>encrypted<span class="token punctuation">,</span> <span class="token string">"hex"</span><span class="token punctuation">,</span> <span class="token string">"utf8"</span><span class="token punctuation">)</span><span class="token punctuation">;</span> decrypted <span class="token operator">+=</span> decipher<span class="token punctuation">.</span><span class="token function">final</span><span class="token punctuation">(</span><span class="token string">"utf8"</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">return</span> decrypted<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">const</span> originalText <span class="token operator">=</span> <span class="token string">"Sensitive data"</span><span class="token punctuation">;</span> <span class="token keyword">const</span> encryptedText <span class="token operator">=</span> <span class="token function">encrypt</span><span class="token punctuation">(</span>originalText<span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">const</span> decryptedText <span class="token operator">=</span> <span class="token function">decrypt</span><span class="token punctuation">(</span>encryptedText<span class="token punctuation">)</span><span class="token punctuation">;</span> console<span class="token punctuation">.</span><span class="token function">log</span><span class="token punctuation">(</span><span class="token string">"Original Text:"</span><span class="token punctuation">,</span> originalText<span class="token punctuation">)</span><span class="token punctuation">;</span> console<span class="token punctuation">.</span><span class="token function">log</span><span class="token punctuation">(</span><span class="token string">"Encrypted Text:"</span><span class="token punctuation">,</span> encryptedText<span class="token punctuation">)</span><span class="token punctuation">;</span> console<span class="token punctuation">.</span><span class="token function">log</span><span class="token punctuation">(</span><span class="token string">"Decrypted Text:"</span><span class="token punctuation">,</span> decryptedText<span class="token punctuation">)</span><span class="token punctuation">;</span> |
3. Hashing Data with Node.js Crypto Module
Now let’s see how to use the crypto module to hash data using the SHA-256 algorithm.
Hashing Data
Here’s an example demonstrating how to hash data using SHA-256:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | <span class="token keyword">const</span> crypto <span class="token operator">=</span> <span class="token function">require</span><span class="token punctuation">(</span><span class="token string">"crypto"</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">function</span> <span class="token function">hashData</span><span class="token punctuation">(</span><span class="token parameter">data</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> crypto <span class="token punctuation">.</span><span class="token function">createHash</span><span class="token punctuation">(</span><span class="token string">"sha256"</span><span class="token punctuation">)</span> <span class="token punctuation">.</span><span class="token function">update</span><span class="token punctuation">(</span>data<span class="token punctuation">,</span> <span class="token string">"utf8"</span><span class="token punctuation">)</span> <span class="token punctuation">.</span><span class="token function">digest</span><span class="token punctuation">(</span><span class="token string">"hex"</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">const</span> data <span class="token operator">=</span> <span class="token string">"Sensitive data"</span><span class="token punctuation">;</span> <span class="token keyword">const</span> hashedData <span class="token operator">=</span> <span class="token function">hashData</span><span class="token punctuation">(</span>data<span class="token punctuation">)</span><span class="token punctuation">;</span> console<span class="token punctuation">.</span><span class="token function">log</span><span class="token punctuation">(</span><span class="token string">"Data:"</span><span class="token punctuation">,</span> data<span class="token punctuation">)</span><span class="token punctuation">;</span> console<span class="token punctuation">.</span><span class="token function">log</span><span class="token punctuation">(</span><span class="token string">"Hashed Data:"</span><span class="token punctuation">,</span> hashedData<span class="token punctuation">)</span><span class="token punctuation">;</span> |
4. Implementing Encryption and Hashing in Express
Now let’s see how to integrate encryption and hashing into an Express application.
Installing Dependencies
First, install the required dependencies:
1 2 | <span class="token function">npm</span> <span class="token function">install</span> --save express body-parser crypto |
Setting Up Express Application
Create a new Express application and include the necessary modules:
1 2 3 4 5 6 7 8 9 10 | <span class="token keyword">const</span> express <span class="token operator">=</span> <span class="token function">require</span><span class="token punctuation">(</span><span class="token string">"express"</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">const</span> bodyParser <span class="token operator">=</span> <span class="token function">require</span><span class="token punctuation">(</span><span class="token string">"body-parser"</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">const</span> crypto <span class="token operator">=</span> <span class="token function">require</span><span class="token punctuation">(</span><span class="token string">"crypto"</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">const</span> app <span class="token operator">=</span> <span class="token function">express</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> app<span class="token punctuation">.</span><span class="token function">use</span><span class="token punctuation">(</span>bodyParser<span class="token punctuation">.</span><span class="token function">json</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">const</span> secretKey <span class="token operator">=</span> crypto<span class="token punctuation">.</span><span class="token function">randomBytes</span><span class="token punctuation">(</span><span class="token number">32</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">const</span> iv <span class="token operator">=</span> crypto<span class="token punctuation">.</span><span class="token function">randomBytes</span><span class="token punctuation">(</span><span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span> |
Encrypting Data in Express Route
Create a new route to handle encrypting the data sent in a POST request:
1 2 3 4 5 6 7 8 9 10 11 | app<span class="token punctuation">.</span><span class="token function">post</span><span class="token punctuation">(</span><span class="token string">"/encrypt"</span><span class="token punctuation">,</span> <span class="token punctuation">(</span><span class="token parameter">req<span class="token punctuation">,</span> res</span><span class="token punctuation">)</span> <span class="token operator">=></span> <span class="token punctuation">{</span> <span class="token keyword">const</span> text <span class="token operator">=</span> req<span class="token punctuation">.</span>body<span class="token punctuation">.</span>text<span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token operator">!</span>text<span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> res<span class="token punctuation">.</span><span class="token function">status</span><span class="token punctuation">(</span><span class="token number">400</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">send</span><span class="token punctuation">(</span><span class="token string">"No data provided"</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">const</span> encryptedText <span class="token operator">=</span> <span class="token function">encrypt</span><span class="token punctuation">(</span>text<span class="token punctuation">)</span><span class="token punctuation">;</span> res<span class="token punctuation">.</span><span class="token function">status</span><span class="token punctuation">(</span><span class="token number">200</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">send</span><span class="token punctuation">(</span><span class="token punctuation">{</span> encrypted<span class="token operator">:</span> encryptedText <span class="token punctuation">}</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">)</span><span class="token punctuation">;</span> |
Hashing Data in Express Route
Create another route to handle hashing the data sent in a POST request:
1 2 3 4 5 6 7 8 9 10 11 | app<span class="token punctuation">.</span><span class="token function">post</span><span class="token punctuation">(</span><span class="token string">"/hash"</span><span class="token punctuation">,</span> <span class="token punctuation">(</span><span class="token parameter">req<span class="token punctuation">,</span> res</span><span class="token punctuation">)</span> <span class="token operator">=></span> <span class="token punctuation">{</span> <span class="token keyword">const</span> data <span class="token operator">=</span> req<span class="token punctuation">.</span>body<span class="token punctuation">.</span>data<span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token operator">!</span>data<span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> res<span class="token punctuation">.</span><span class="token function">status</span><span class="token punctuation">(</span><span class="token number">400</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">send</span><span class="token punctuation">(</span><span class="token string">"No data provided"</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">const</span> hashedData <span class="token operator">=</span> <span class="token function">hashData</span><span class="token punctuation">(</span>data<span class="token punctuation">)</span><span class="token punctuation">;</span> res<span class="token punctuation">.</span><span class="token function">status</span><span class="token punctuation">(</span><span class="token number">200</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">send</span><span class="token punctuation">(</span><span class="token punctuation">{</span> hash<span class="token operator">:</span> hashedData <span class="token punctuation">}</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">)</span><span class="token punctuation">;</span> |
Starting Express Server
Finally, start the Express server and listen for incoming requests:
1 2 3 4 5 | <span class="token keyword">const</span> <span class="token constant">PORT</span> <span class="token operator">=</span> process<span class="token punctuation">.</span>env<span class="token punctuation">.</span><span class="token constant">PORT</span> <span class="token operator">||</span> <span class="token number">3000</span><span class="token punctuation">;</span> app<span class="token punctuation">.</span><span class="token function">listen</span><span class="token punctuation">(</span><span class="token constant">PORT</span><span class="token punctuation">,</span> <span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token operator">=></span> <span class="token punctuation">{</span> console<span class="token punctuation">.</span><span class="token function">log</span><span class="token punctuation">(</span><span class="token template-string"><span class="token template-punctuation string">`</span><span class="token string">Server is running on port </span><span class="token interpolation"><span class="token interpolation-punctuation punctuation">${</span><span class="token constant">PORT</span><span class="token interpolation-punctuation punctuation">}</span></span><span class="token template-punctuation string">`</span></span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">)</span><span class="token punctuation">;</span> |
Now your Express application can receive requests to encrypt and hash sensitive data.
Conclusion
In this article, we have explored how to protect sensitive data using encryption and hashing in a Node.js Express application. By implementing these techniques, you can ensure that your application’s data remains secure and protected from unauthorized access.
Keep in mind that the security of your application also depends on other factors such as secure storage of secret keys, secure communication channels, and proper access control mechanisms. It is crucial to adopt a comprehensive approach to security to safeguard your application and its users.
And Finally
As always, I hope you enjoyed this article and got something new.
Thank you and see you in the next articles!
If you liked this article, please give me a like and subscribe to support me. Thank you.