Update: All examples are available on Github node-crypto-examples, too.
The first decision is the AES encryption mode. Currently I recommend the CTR mode. You may want to read Evaluation of Some Blockcipher Modes of Operation or On the Security of CTR + CBC-MAC. The next nodejs version comes with support for GCM to do authenticated encryption. Until then you have to use approaches like Encrypt-then-MAC and combine the encryption with the generation of SHA hashs.
Encrypt and decrypt text
Encrypt and decrypt buffers
Encrypt and decrypt streams
Use GCM for authenticated encryption
If you replace
aes-256-gcm you may think everything works as expected. Unfortunately this will result with a confusing error message:
Authenticated encryption includes a hash of the encrypted content and helps you to identify manipulated encrypted content.
You need to set the authentication tag via
decrypt.setAuthTag(), which is currently only available if you use
crypto.createCipheriv(algorithm, key, iv) with an initialization vector. GCM’s security is dependent on choosing a unique initialization vector for each encryption.
The new GCM mode is available in nodejs 0.11. Try it with n via
npm install -g n sudo n 0.11.13 n use 0.11.13 crypto-gcm.js
Also take a look at the nodejs tests for more tests with different setups.
I hope the samples help you to get started with nodejs encryption.