import crypto from 'crypto-browserify'
const hash = crypto.createHash('sha1');
hash.update(process.env.VUE_APP_EPROC_SALT);
const iv = Buffer.from(process.env.VUE_APP_EPROC_IV.split(','));
const key = hash.digest().slice(0, 16);
function encrypt(text) {
if (!text) return '';
try {
let mykey = crypto.createCipheriv('aes-128-cbc', key, iv);
return mykey.update(text, 'utf8', 'hex') + mykey.final('hex');
} catch (ex) {
return '';
}
}
function decrypt(text) {
if (!text) return '';
try {
let mykey = crypto.createDecipheriv('aes-128-cbc', key, iv);
return mykey.update(text, 'hex', 'utf8') + mykey.final('utf8');
} catch (ex) {
return '';
}
}
in devtools , in source scoped i can see the key and iv
can i hide the key and iv , or should i change the encryption method to encryption method that safer from what i use right now
createCipheriv is useful for a single party encryption, and typically used with a password, or user supplied key of some sort. Password would need to be supplied every time it is decrypted or encrypted.
If you are doing two party encryption, like from client to server or peer-to-peer, you really need a public/private key system. Each party sends the public key to the other, and the data is encrypted using the public key, and decrypted at the receiving end using the private key, which is never accessible to any other party (never sent over internet).
Unfortunately, crypto-js doesn't seem to support public/private key methods (like RSA, AES). You can use something like https://openpgpjs.org/
