What encryption method is used to encrypt Flow Credentials in order to trigger flows via HTTP API?

knolleary · 12 January 2023 15:28

bcrypt is a password-hashing algorthm, not an encryption scheme. If we used bcrypt for the credentials, we'd never be able to decrypt them.

The code Node-RED uses to encrypt/decrypt credentials is here:

github.com

node-red/node-red/blob/master/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js#L34-L46


      
          function decryptCredentials(key,credentials) {
              var creds = credentials["$"];
              var initVector = Buffer.from(creds.substring(0, 32),'hex');
              creds = creds.substring(32);
              var decipher = crypto.createDecipheriv(encryptionAlgorithm, key, initVector);
              var decrypted = decipher.update(creds, 'base64', 'utf8') + decipher.final('utf8');
              return JSON.parse(decrypted);
          }
          function encryptCredentials(key,credentials) {
              var initVector = crypto.randomBytes(16);
              var cipher = crypto.createCipheriv(encryptionAlgorithm, key, initVector);
              return {"$":initVector.toString('hex') + cipher.update(JSON.stringify(credentials), 'utf8', 'base64') + cipher.final('base64')};
          }

Topic		Replies	Views
Flows-cred.json decrypt/encrypt dependency General	4	245	15 July 2023
Are encrypted node-red Credentials in the HTTP Request Body for /flows only allowed for API Version v2? General	1	76	2 October 2023
Flow credentials cannot be decrypted General	9	2238	31 May 2022
Decrypting node-red credentials file General	2	207	1 April 2023
I want to disable encryption of my credential file for an existing project General	2	129	12 September 2023

What encryption method is used to encrypt Flow Credentials in order to trigger flows via HTTP API?

Related Topics