Based on the documentation for POST /flows : Node-RED it mentions the usage of encrypted password within the flow JSON request body. What is the encryption mechanism that is actually used? It doesn't look like bcrypt.
Any idea which mechanism is it?
While I don't know for certain, I would imagine it uses the same process as for the passwords: Securing Node-RED : Node-RED (nodered.org)
Which is indeed bcrypt. However, it does use a salt. From settings.js:
/** By default, credentials are encrypted in storage using a generated key. To
* specify your own secret, set the following property.
* If you want to disable encryption of credentials, set this property to false.
* Note: once you set this property, do not change it - doing so will prevent
* node-red from being able to decrypt your existing credentials and they will be
* lost.
*/
credentialSecret: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
bcrypt is a password-hashing algorthm, not an encryption scheme. If we used bcrypt for the credentials, we'd never be able to decrypt them.
The code Node-RED uses to encrypt/decrypt credentials is here:
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy