Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- CRYPTO.MD
- Notes
- Legacy Streams API (pre Node.js v0.10)
- The Crypto module was added to Node.js before there was the concept of a unified Stream API, and before there were objects for handling binary data.
- As such, the many of the defined classes have methods not typically found on other Node.js classes that implement the API
- Also, many methods accepted and returned encoded strings by default rather than
- This default was changed after Node.js v0.8 to use objects by default instead.
- Recent ECDH Changes
- Usage of with non-dynamically generated key pairs has been simplified.
- Now, can be called with a preselected private key and the associated public point (key) will be computed and stored in the object.
- This allows code to only store and provide the private part of the EC key pair.
- now also validates that the private key is valid for the selected curve.
- The method is now deprecated as its inclusion in the API is not useful.
- Either a previously stored private key should be set, which automatically generates the associated public key, or should be called.
- The main drawback of using is that it can be used to put the ECDH key pair into an inconsistent state.
- Support for weak or compromised algorithms
- The module still supports some algorithms which are already compromised and are not currently recommended for use.
- The API also allows the use of ciphers and hashes with a small key size that are considered to be too weak for safe use.
- Users should take full responsibility for selecting the crypto algorithm and key size according to their security requirements.
- Based on the recommendations of
- MD5 and SHA-1 are no longer acceptable where collision resistance is required such as digital signatures.
- The key used with RSA, DSA, and DH algorithms is recommended to have at least 2048 bits and that of the curve of ECDSA and ECDH at least 224 bits, to be safe to use for several years.
- The DH groups of and have a key size smaller than 2048 bits and are not recommended.
- See the reference for other recommendations and details.
- CCM mode
- CCM is one of the two supported AEAD algorithms
- Applications which use this mode must adhere to certain restrictions when using the cipher API:
- The authentication tag length must be specified during cipher creation by setting the option and must be one of or bytes.
- The length of the initialization vector (nonce) must be between and bytes
- The length of the plaintext is limited to bytes.
- When decrypting, the authentication tag must be set via before specifying additional authenticated data and / or calling
- Otherwise, decryption will fail and will throw an error in compliance with section 2.6 of
- Using stream methods such as or in CCM mode might fail as CCM cannot handle more than one chunk of data per instance.
- When passing additional authenticated data (AAD), the length of the actual message in bytes must be passed to via the option.
- This is not necessary if no AAD is used.
- As CCM processes the whole message at once, can only be called once.
- Even though calling is sufficient to encrypt / decrypt the message, applications must call to compute and / or verify the authentication tag.
- Now transmit
- Crypto Constants
- The following constants exported by apply to various uses of the and modules and are generally specific to OpenSSL.
- OpenSSL Options
- Constant
- Description
- Applies multiple bug workarounds within OpenSSL.
- Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers.
- Attempts to use the server's preferences instead of the client's when selecting a cipher.
- Behavior depends on protocol version.
- Instructs OpenSSL to use Cisco's "speshul" version of
- Instructs OpenSSL to turn on cookie exchange.
- Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft.
- Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d.
- Instructs OpenSSL to always use the tmp_rsa key when performing RSA operations.
- Allows initial connection to servers that do not support RI.
- Instructs OpenSSL to disable the workaround for a man-in-the-middle protocol-version vulnerability in the SSL 2.0 server implementation.
- Instructs OpenSSL to disable support for SSL/TLS compression.
- Instructs OpenSSL to always start a new session when performing renegotiation.
- Instructs OpenSSL to turn off
- Instructs OpenSSL to disable use of tickets.
- Instructs OpenSSL to always create a new key when using temporary/ephemeral DH parameters.
- Instructs OpenSSL to disable version rollback attack detection.
- OpenSSL Engine Constants
- Limit engine usage to
- Other OpenSSL Constants
- Sets the salt length for to the digest size when signing or verifying.
- Sets the salt length for to the maximum permissible value when signing data.
- Causes the salt length for to be determined automatically when verifying a signature.
- Specifies the built-in default cipher list used by Node.js.
- Specifies the active default cipher list used by the current Node.js process.
- DEBUGGER.MD
- Node.js includes an out-of-process debugging utility accessible via a V8 Inspector and built-in debugging client.
- To use it, start Node.js with the argument followed by the path to the script to debug; a prompt will be displayed indicating successful launch of the debugger:
- Node.js's debugger client is not a full-featured debugger, but simple step and inspection are possible.
- Inserting the statement into the source code of a script will enable a breakpoint at that position in the code:
- Once the debugger is run, a breakpoint will occur at line 3:
- The command allows code to be evaluated remotely.
- The command steps to the next line.
- Type to see what other commands are available.
- Pressing without typing a command will repeat the previous debugger command.
- It is possible to watch expression and variable values while debugging. On every breakpoint, each expression from the watchers list will be evaluated in the current context and displayed immediately before the breakpoint's source code listing.
- To begin watching an expression, type
- The command will print the active watchers.
- To remove a watcher, type
- Command reference
- Continue execution
- Step next
- Step in
- Step out
- Pause running code (like pause button in Developer Tools)
- Set breakpoint on current line
- Set breakpoint on a first statement in functions body
- It is also possible to set a breakpoint in a file (module) that is not loaded yet:
- USE OR OTHER DEALINGS IN THE SOFTWARE.
- Information
- Print backtrace of current execution frame
- List scripts source code with 5 line context (5 lines before and after)
- Add expression to watch list
- Remove expression from watch list
- List all watchers and their values (automatically listed on each breakpoint)
- Open debugger's repl for evaluation in debugging script's context
- Execute an expression in debugging script's context
- Execution control
- Run script (automatically runs on debugger's start)
- Restart script
- Kill script
- Various
- List all loaded scripts
- Display V8's version
- Advanced Usage
- V8 Inspector Integration for Node.js
- V8 Inspector integration allows attaching Chrome DevTools to Node.js instances for debugging and profiling.
- It uses the Chrome DevTools Protocol
- V8 Inspector can be enabled by passing the flag when starting a Node.js application.
- It is also possible to supply a custom port with that flag, will accept DevTools connections on port
- To break on the first line of the application code, pass the flag instead of
- (In the example above, the at the end of the URL is generated on the fly, it varies in different debugging sessions.)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement