Italian Translation Report: Node.js [Part 44 - 1215 words]

1. CRYPTO.MD
2. Notes
3. Legacy Streams API (pre Node.js v0.10)
4. The Crypto module was added to Node.js before there was the concept of a unified Stream API, and before there were objects for handling binary data.
5. As such, the many of the defined classes have methods not typically found on other Node.js classes that implement the API
6. Also, many methods accepted and returned encoded strings by default rather than
7. This default was changed after Node.js v0.8 to use objects by default instead.
8. Recent ECDH Changes
9. Usage of with non-dynamically generated key pairs has been simplified.
10. Now, can be called with a preselected private key and the associated public point (key) will be computed and stored in the object.
11. This allows code to only store and provide the private part of the EC key pair.
12. now also validates that the private key is valid for the selected curve.
13. The method is now deprecated as its inclusion in the API is not useful.
14. Either a previously stored private key should be set, which automatically generates the associated public key, or should be called.
15. The main drawback of using is that it can be used to put the ECDH key pair into an inconsistent state.
16. Support for weak or compromised algorithms
17. The module still supports some algorithms which are already compromised and are not currently recommended for use.
18. The API also allows the use of ciphers and hashes with a small key size that are considered to be too weak for safe use.
19. Users should take full responsibility for selecting the crypto algorithm and key size according to their security requirements.
20. Based on the recommendations of
21. MD5 and SHA-1 are no longer acceptable where collision resistance is required such as digital signatures.
22. The key used with RSA, DSA, and DH algorithms is recommended to have at least 2048 bits and that of the curve of ECDSA and ECDH at least 224 bits, to be safe to use for several years.
23. The DH groups of and have a key size smaller than 2048 bits and are not recommended.
24. See the reference for other recommendations and details.
25. CCM mode
26. CCM is one of the two supported AEAD algorithms
27. Applications which use this mode must adhere to certain restrictions when using the cipher API:
28. The authentication tag length must be specified during cipher creation by setting the option and must be one of or bytes.
29. The length of the initialization vector (nonce) must be between and bytes
30. The length of the plaintext is limited to bytes.
31. When decrypting, the authentication tag must be set via before specifying additional authenticated data and / or calling
32. Otherwise, decryption will fail and will throw an error in compliance with section 2.6 of
33. Using stream methods such as or in CCM mode might fail as CCM cannot handle more than one chunk of data per instance.
34. When passing additional authenticated data (AAD), the length of the actual message in bytes must be passed to via the option.
35. This is not necessary if no AAD is used.
36. As CCM processes the whole message at once, can only be called once.
37. Even though calling is sufficient to encrypt / decrypt the message, applications must call to compute and / or verify the authentication tag.
38. Now transmit
39. Crypto Constants
40. The following constants exported by apply to various uses of the and modules and are generally specific to OpenSSL.
41. OpenSSL Options
42. Constant
43. Description
44. Applies multiple bug workarounds within OpenSSL.
45. Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers.
46. Attempts to use the server's preferences instead of the client's when selecting a cipher.
47. Behavior depends on protocol version.
48. Instructs OpenSSL to use Cisco's "speshul" version of
49. Instructs OpenSSL to turn on cookie exchange.
50. Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft.
51. Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d.
52. Instructs OpenSSL to always use the tmp_rsa key when performing RSA operations.
53. Allows initial connection to servers that do not support RI.
54. Instructs OpenSSL to disable the workaround for a man-in-the-middle protocol-version vulnerability in the SSL 2.0 server implementation.
55. Instructs OpenSSL to disable support for SSL/TLS compression.
56. Instructs OpenSSL to always start a new session when performing renegotiation.
57. Instructs OpenSSL to turn off
58. Instructs OpenSSL to disable use of tickets.
59. Instructs OpenSSL to always create a new key when using temporary/ephemeral DH parameters.
60. Instructs OpenSSL to disable version rollback attack detection.
61. OpenSSL Engine Constants
62. Limit engine usage to
63. Other OpenSSL Constants
64. Sets the salt length for to the digest size when signing or verifying.
65. Sets the salt length for to the maximum permissible value when signing data.
66. Causes the salt length for to be determined automatically when verifying a signature.
67. Specifies the built-in default cipher list used by Node.js.
68. Specifies the active default cipher list used by the current Node.js process.
69.  
70. DEBUGGER.MD
71.  
72. Node.js includes an out-of-process debugging utility accessible via a V8 Inspector and built-in debugging client.
73. To use it, start Node.js with the argument followed by the path to the script to debug; a prompt will be displayed indicating successful launch of the debugger:
74. Node.js's debugger client is not a full-featured debugger, but simple step and inspection are possible.
75. Inserting the statement into the source code of a script will enable a breakpoint at that position in the code:
76. Once the debugger is run, a breakpoint will occur at line 3:
77. The command allows code to be evaluated remotely.
78. The command steps to the next line.
79. Type to see what other commands are available.
80. Pressing without typing a command will repeat the previous debugger command.
81. It is possible to watch expression and variable values while debugging. On every breakpoint, each expression from the watchers list will be evaluated in the current context and displayed immediately before the breakpoint's source code listing.
82. To begin watching an expression, type
83. The command will print the active watchers.
84. To remove a watcher, type
85. Command reference
86. Continue execution
87. Step next
88. Step in
89. Step out
90. Pause running code (like pause button in Developer Tools)
91. Set breakpoint on current line
92. Set breakpoint on a first statement in functions body
93. It is also possible to set a breakpoint in a file (module) that is not loaded yet:
94. USE OR OTHER DEALINGS IN THE SOFTWARE.
95. Information
96. Print backtrace of current execution frame
97. List scripts source code with 5 line context (5 lines before and after)
98. Add expression to watch list
99. Remove expression from watch list
100. List all watchers and their values (automatically listed on each breakpoint)
101. Open debugger's repl for evaluation in debugging script's context
102. Execute an expression in debugging script's context
103. Execution control
104. Run script (automatically runs on debugger's start)
105. Restart script
106. Kill script
107. Various
108. List all loaded scripts
109. Display V8's version
110. Advanced Usage
111. V8 Inspector Integration for Node.js
112. V8 Inspector integration allows attaching Chrome DevTools to Node.js instances for debugging and profiling.
113. It uses the Chrome DevTools Protocol
114. V8 Inspector can be enabled by passing the flag when starting a Node.js application.
115. It is also possible to supply a custom port with that flag, will accept DevTools connections on port
116. To break on the first line of the application code, pass the flag instead of
117. (In the example above, the at the end of the URL is generated on the fly, it varies in different debugging sessions.)