The cipher.setAAD() method is used in Node.js to set the additional authenticated data (AAD) for an encrypt/decrypt stream. The AAD is a chunk of data that is authenticated but not encrypted. It is useful for sending data alongside an encrypted message that needs to be authenticated but does not need to be kept secret.
Syntax:
cipher.setAAD(aad[, options]);
Parameters: The cipher.setAAD() method takes two parameters:
- aad: A Buffer or TypedArray containing the additional authenticated data to set.
- options: (optional): An object containing options for setting the AAD. This object may include the plaintextLength property, which specifies the length of the plaintext data (in bytes) that will be encrypted.
Example 1: In the below example, the cipher.setAAD() method is used to set the additional authenticated data to authenticated but not encrypted data. When the data is encrypted, the AAD will be authenticated but not included in the encrypted output.
const crypto = require( 'crypto' );
const iv = Buffer.alloc(16, 0); const key = Buffer.alloc(32, 1); const aad = Buffer.from( 'authenticated but not encrypted data' );
const cipher = crypto.createCipheriv( 'aes-256-gcm' , key, iv);
cipher.setAAD(aad); const encrypted = cipher.update( 'some secret data' , 'utf8' , 'hex' ) + cipher.final( 'hex' );
console.log(encrypted); |
Output:
02c5112376449247c35e9c3cea4242fd
Example 2: This example creates a new cipher object using the aes-256-gcm algorithm, and sets some additional authenticated data (AAD) using the setAAD() method. It then encrypts some data and generates an authentication tag using the getAuthTag() method. This example uses the utf8 encoding for the input and output data, but you can use any of the supported encoding options (such as hex, base64, etc.) depending on your needs.
const crypto = require( 'crypto' );
async function main() {
// Generate a random key and iv
const key = crypto.randomBytes(32);
const iv = crypto.randomBytes(16);
// Create a new cipher object
const cipher = crypto.createCipheriv( 'aes-256-gcm' , key, iv);
// Set the AAD (additional authenticated data)
cipher.setAAD(Buffer.from( 'some additional data' ));
// Encrypt some data
const encrypted = cipher.update
( 'some data to encrypt' , 'utf8' , 'hex' );
encrypted += cipher.final( 'hex' );
// Generate the authentication tag
const tag = cipher.getAuthTag();
// Create a new decipher object
const decipher = crypto.createDecipheriv( 'aes-256-gcm' , key, iv);
// Set the AAD and authentication tag
decipher.setAAD(Buffer.from( 'some additional data' ));
decipher.setAuthTag(tag);
// Decrypt the data
const decrypted = decipher.update(encrypted, 'hex' , 'utf8' );
decrypted += decipher.final( 'utf8' );
console.log(decrypted);
} main(); |
Output:
some data to encrypt
Reference: https://nodejs.org/api/crypto.html