.. _workflow-crypto:

.. role:: raw-html(raw)
    :format: html

Crypto Process (Node)
=====================

- Through the Crypto feature, you can perform cryptographic operations within your workflow, such as securely encrypting and decrypting data, and generating hash values.
- The main supported features are as follows:

    - **Hash Generation** : Generates a hash value for data using a specified algorithm. Hashes are primarily used for data integrity verification or as unique identifiers. Hash functions are one-way functions, meaning the original data cannot be recovered from the hash value.
    - **HMAC Generation** : HMAC (Hash-based Message Authentication Code) is a method that uses a secret key and a hash function to simultaneously ensure message integrity and authenticity.
    - **AES Encryption/Decryption** : Uses the AES (Advanced Encryption Standard) algorithm to encrypt data or decrypt encrypted data.

        - Key and IV Length: You must use keys and IVs of the correct length for the selected algorithm. An error will occur if the lengths do not match.

        - AES-128 uses a 16-byte key, and AES-256 uses a 32-byte key.
        - GCM uses a 12-byte IV, while CBC and CTR use a 16-byte IV. ECB mode does not use an IV.
        - The IV should be an unpredictable value (a random value is recommended) to enhance security.
        
        - Caution for ECB Mode Usage: ECB mode is highly vulnerable in terms of security, so if data has patterns, these patterns may be exposed even after encryption. Unless there is a special reason, using GCM, CBC, or CTR modes is strongly recommended.
        - Decryption: For successful decryption, the algorithm, key, IV, and encoding method used during encryption must be exactly the same. 

  - AES encryption/decryption 

    - Supported algorithms: aes-128-cbc, aes-128-ctr, aes-128-ecb, aes-128-gcm, aes-256-cbc, aes-256-ctr, aes-256-ecb, aes-256-gcm
    - gcm uses 12 bytes of IV, and cbc, ctr use 16 bytes of IV.
    - aes-128 uses 16 bytes of key, and aes-256 uses 32 bytes of key.
    - ecb does not use IV.
    - Supported encoding: BASE64, BASE64URL, HEX
    - examples

    .. code-block:: javascript
    
      - ${_crypto.aesEncrypt('aes-128-cbc', '1234567890abcdef', '1234567890abcdef', 'hello world! AES test' , 'BASE64')} //algorithm, key, IV, data, encoding
      - ${_crypto.aesDecrypt('aes-128-cbc', '1234567890abcdef', '1234567890abcdef', 'VNNcilaX3Kwx18uWAOxj131D+TJC+bClZkphy9Uc7uE=', 'BASE64' )} //algorithm, key, IV, data, encoding
      - ${_crypto.aesEncrypt('aes-128-ecb', '1234567890abcdef', '', 'hello world! AES test' , 'BASE64')}
      - ${_crypto.aesDecrypt('aes-128-ecb', '1234567890abcdef', '', 'pthuu1WOb4pEFRhiP0JWfyozLaP2pIU/jPmxN+HgudU=' , 'BASE64')}
      - ${_crypto.aesDecrypt('aes-128-ecb', '1234567890abcdef', '', ${this.data} , 'BASE64')} //When using variables as arguments in a function, do not use quotation marks. If quotation marks (single or double) are used, they are recognized as strings.

  - Hash

    - Supported algorithms: MD5, SHA256, SHA384, SHA512, SHA3-256, SHA3-384, SHA3-512
    - Supported encoding: BASE64, BASE64URL, HEX
    - examples
  
    .. code-block:: javascript
      
      - ${_crypto.hash('MD5', 'hello world! hash test', 'BASE64')} //algorithm, data, encoding
      - ${_crypto.hash('MD5', 'hello world! hash test', 'HEX')} //algorithm, data, encoding

  - HMAC

    - Supported algorithms: MD5, SHA256, SHA384, SHA512, SHA3-256, SHA3-384, SHA3-512
    - Supported encoding: BASE64, BASE64URL, HEX
    - examples
    
    .. code-block:: javascript

      - ${_crypto.hmac('SHA256', '1234567890abcdef', 'hello world! hmac test', 'BASE64')}  //algorithm, Secret Key, data, encoding