Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove outdated mcrypt dependency and rely on native node crypto #23

Merged
merged 5 commits into from
Feb 26, 2023
Merged

Remove outdated mcrypt dependency and rely on native node crypto #23

merged 5 commits into from
Feb 26, 2023

Conversation

b00tsy
Copy link

@b00tsy b00tsy commented Aug 2, 2021

As mcrypt is not maintained anymore node versions >= 12 can't use JSCryptor anymore.

Relying solely on node crypto might break backwards compatibility (not sure which versions will work).

  • 'rijndael-128' is now 'aes-256-cbc'
  • _settings.mode is unrequired
  • _add_pkcs7_padding / _strip_pkcs7_padding are not necessary anymore, as node crypto's native functions createCipheriv / createDecipheriv do the job

TODO:
find out which node versions support native node crypto and if there are versions left behind decide whether they can be ditched

@b00tsy b00tsy mentioned this pull request Aug 2, 2021
Closed
@elquimeras
Copy link

elquimeras commented Dec 14, 2022
edited
Loading

Hwy @b00tsy you should publish a JsCryptor-3 on npm :)

@kevkevinpal kevkevinpal mentioned this pull request Feb 8, 2023
Closed
kevkevinpal
kevkevinpal reviewed Feb 9, 2023
View reviewed changes
Copy link

@kevkevinpal kevkevinpal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I published my own of this PR changes minus the mcrypt dependency
jscryptor-kevkevin@0.0.2

but would be great to see a new version of this lib

package.json
Comment on lines +29 to +31
"dependencies": {
"mcrypt": "^0.1"
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can probably delete this

lib/RNCryptor.js

var _settings = {};

var _configure_settings = function(version) {
var settings = {
algorithm: 'rijndael-128',
algorithm: 'aes-256-cbc',
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are rijndael-128 and aes-256-cbc compatible would these break implementations that need backward compatibility?

@chesstrian chesstrian merged commit 046beab into chesstrian:master Feb 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kevkevinpal kevkevinpal kevkevinpal left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@b00tsy @elquimeras @kevkevinpal @chesstrian