The insecure key derivation algorithm from OpenSSL.
WARNING: DO NOT USE, except for compatibility reasons.
MD5 is insecure.
Use at least scrypt
or pbkdf2-hmac-sha256
instead.
EVP_BytesToKey(password, salt, keyLen, ivLen)
password
-Buffer
, password used to derive the key data.salt
- 8 byteBuffer
ornull
, salt is used as a salt in the derivation.keyBits
-number
, key length in bits.ivLen
-number
, iv length in bytes.
Returns: { key: Buffer, iv: Buffer }
MD5 with aes-256-cbc
:
const crypto = require('crypto')
const EVP_BytesToKey = require('evp_bytestokey')
const result = EVP_BytesToKey(
'my-secret-password',
null,
256,
16
)
// =>
// { key: <Buffer a2 d9 67 9c 7f ff 3e 9c f4 30 0a 2c c3 fb ad 79 59 ed ae e8 a4 3c 1a 9d 71 68 ea c4 68 08 a5 7a>,
// iv: <Buffer bf 5e 15 5a 28 94 3b 10 46 31 24 84 60 9c 5f 3c> }
const cipher = crypto.createCipheriv('aes-256-cbc', result.key, result.iv)