Crypto Process (Node)
Through the Crypto feature, you can perform cryptographic operations within your workflow, such as securely encrypting and decrypting data, and generating hash values.
The main supported features are as follows:
Hash Generation : Generates a hash value for data using a specified algorithm. Hashes are primarily used for data integrity verification or as unique identifiers. Hash functions are one-way functions, meaning the original data cannot be recovered from the hash value.
HMAC Generation : HMAC (Hash-based Message Authentication Code) is a method that uses a secret key and a hash function to simultaneously ensure message integrity and authenticity.
AES Encryption/Decryption : Uses the AES (Advanced Encryption Standard) algorithm to encrypt data or decrypt encrypted data.
Key and IV Length: You must use keys and IVs of the correct length for the selected algorithm. An error will occur if the lengths do not match.
AES-128 uses a 16-byte key, and AES-256 uses a 32-byte key.
GCM uses a 12-byte IV, while CBC and CTR use a 16-byte IV. ECB mode does not use an IV.
The IV should be an unpredictable value (a random value is recommended) to enhance security.
Caution for ECB Mode Usage: ECB mode is highly vulnerable in terms of security, so if data has patterns, these patterns may be exposed even after encryption. Unless there is a special reason, using GCM, CBC, or CTR modes is strongly recommended.
Decryption: For successful decryption, the algorithm, key, IV, and encoding method used during encryption must be exactly the same.
AES encryption/decryption
Supported algorithms: aes-128-cbc, aes-128-ctr, aes-128-ecb, aes-128-gcm, aes-256-cbc, aes-256-ctr, aes-256-ecb, aes-256-gcm
gcm uses 12 bytes of IV, and cbc, ctr use 16 bytes of IV.
aes-128 uses 16 bytes of key, and aes-256 uses 32 bytes of key.
ecb does not use IV.
Supported encoding: BASE64, BASE64URL, HEX
examples
- ${_crypto.aesEncrypt('aes-128-cbc', '1234567890abcdef', '1234567890abcdef', 'hello world! AES test' , 'BASE64')} //algorithm, key, IV, data, encoding - ${_crypto.aesDecrypt('aes-128-cbc', '1234567890abcdef', '1234567890abcdef', 'VNNcilaX3Kwx18uWAOxj131D+TJC+bClZkphy9Uc7uE=', 'BASE64' )} //algorithm, key, IV, data, encoding - ${_crypto.aesEncrypt('aes-128-ecb', '1234567890abcdef', '', 'hello world! AES test' , 'BASE64')} - ${_crypto.aesDecrypt('aes-128-ecb', '1234567890abcdef', '', 'pthuu1WOb4pEFRhiP0JWfyozLaP2pIU/jPmxN+HgudU=' , 'BASE64')} - ${_crypto.aesDecrypt('aes-128-ecb', '1234567890abcdef', '', ${this.data} , 'BASE64')} //When using variables as arguments in a function, do not use quotation marks. If quotation marks (single or double) are used, they are recognized as strings.
Hash
Supported algorithms: MD5, SHA256, SHA384, SHA512, SHA3-256, SHA3-384, SHA3-512
Supported encoding: BASE64, BASE64URL, HEX
examples
- ${_crypto.hash('MD5', 'hello world! hash test', 'BASE64')} //algorithm, data, encoding - ${_crypto.hash('MD5', 'hello world! hash test', 'HEX')} //algorithm, data, encoding
HMAC
Supported algorithms: MD5, SHA256, SHA384, SHA512, SHA3-256, SHA3-384, SHA3-512
Supported encoding: BASE64, BASE64URL, HEX
examples
- ${_crypto.hmac('SHA256', '1234567890abcdef', 'hello world! hmac test', 'BASE64')} //algorithm, Secret Key, data, encoding