Node.js cipher.setAAD() Method

Last Updated : 22 Dec, 2022

The cipher.setAAD() method is used in Node.js to set the additional authenticated data (AAD) for an encrypt/decrypt stream. The AAD is a chunk of data that is authenticated but not encrypted. It is useful for sending data alongside an encrypted message that needs to be authenticated but does not need to be kept secret.

Syntax:

cipher.setAAD(aad[, options]);

Parameters: The cipher.setAAD() method takes two parameters:

aad: A Buffer or TypedArray containing the additional authenticated data to set.
options: (optional): An object containing options for setting the AAD. This object may include the plaintextLength property, which specifies the length of the plaintext data (in bytes) that will be encrypted.

Example 1: In the below example, the cipher.setAAD() method is used to set the additional authenticated data to authenticated but not encrypted data. When the data is encrypted, the AAD will be authenticated but not included in the encrypted output.

Javascript

const crypto = require('crypto'); 
const iv = Buffer.alloc(16, 0); 
const key = Buffer.alloc(32, 1); 
const aad = Buffer.from('authenticated but not encrypted data'); 
  
const cipher = crypto.createCipheriv('aes-256-gcm', key, iv); 
cipher.setAAD(aad); 
  
const encrypted = 
    cipher.update('some secret data', 'utf8', 'hex') + cipher.final('hex'); 
console.log(encrypted);

Output:

02c5112376449247c35e9c3cea4242fd

Example 2: This example creates a new cipher object using the aes-256-gcm algorithm, and sets some additional authenticated data (AAD) using the setAAD() method. It then encrypts some data and generates an authentication tag using the getAuthTag() method. This example uses the utf8 encoding for the input and output data, but you can use any of the supported encoding options (such as hex, base64, etc.) depending on your needs.

Javascript

const crypto = require('crypto'); 
  
async function main() { 
    // Generate a random key and iv 
    const key = crypto.randomBytes(32); 
    const iv = crypto.randomBytes(16); 
  
    // Create a new cipher object 
    const cipher = crypto.createCipheriv('aes-256-gcm', key, iv); 
  
    // Set the AAD (additional authenticated data) 
    cipher.setAAD(Buffer.from('some additional data')); 
  
    // Encrypt some data 
    const encrypted = cipher.update 
        ('some data to encrypt', 'utf8', 'hex'); 
    encrypted += cipher.final('hex'); 
  
    // Generate the authentication tag 
    const tag = cipher.getAuthTag(); 
  
    // Create a new decipher object 
    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv); 
  
    // Set the AAD and authentication tag 
    decipher.setAAD(Buffer.from('some additional data')); 
    decipher.setAuthTag(tag); 
  
    // Decrypt the data 
    const decrypted = decipher.update(encrypted, 'hex', 'utf8'); 
    decrypted += decipher.final('utf8'); 
  
    console.log(decrypted); 
} 
  
main();