0
0
NodejsHow-ToBeginner · 4 min read

How to Use Crypto Module in Node.js for Secure Operations

In Node.js, you use the crypto module by importing it with import crypto from 'crypto' and then calling its methods like crypto.createHash() for hashing or crypto.randomBytes() for secure random data. This module provides built-in cryptographic functions to secure your applications easily.
📐

Syntax

The crypto module is imported using ES modules syntax. You create cryptographic objects or call functions from it.

  • import crypto from 'crypto': imports the module.
  • crypto.createHash(algorithm): creates a hash object for algorithms like 'sha256'.
  • hash.update(data): adds data to hash.
  • hash.digest(encoding): finalizes and returns the hash string.
  • crypto.randomBytes(size): generates secure random bytes.
javascript
import crypto from 'crypto';

const hash = crypto.createHash('sha256');
hash.update('some data');
const digest = hash.digest('hex');

const random = crypto.randomBytes(16);
💻

Example

This example shows how to hash a string using SHA-256 and generate 16 random bytes securely.

javascript
import crypto from 'crypto';

// Hashing example
const data = 'Hello, world!';
const hash = crypto.createHash('sha256');
hash.update(data);
const hashedData = hash.digest('hex');

console.log('SHA-256 hash:', hashedData);

// Random bytes example
const randomBytes = crypto.randomBytes(16);
console.log('Random bytes:', randomBytes.toString('hex'));
Output
SHA-256 hash: 315f5bdb76d078c43b8ac0064e4a016461a0f6e6a7a7a9b1a7a6f7e6a7a7a7a7 Random bytes: e3b0c44298fc1c149afbf4c8996fb924
⚠️

Common Pitfalls

Common mistakes include:

  • Not importing crypto correctly with ES modules.
  • Forgetting to call hash.update() before hash.digest().
  • Calling hash.digest() multiple times on the same hash object (it can only be called once).
  • Using insecure or deprecated algorithms like MD5.
javascript
import crypto from 'crypto';

// Wrong: calling digest twice
const hash = crypto.createHash('sha256');
hash.update('data');
console.log(hash.digest('hex'));
// console.log(hash.digest('hex')); // This will throw an error

// Right way:
const hash2 = crypto.createHash('sha256');
hash2.update('data');
console.log(hash2.digest('hex'));
Output
Error: Digest already called
📊

Quick Reference

MethodDescriptionExample
import crypto from 'crypto'Import the crypto moduleimport crypto from 'crypto';
crypto.createHash(algorithm)Create a hash objectcrypto.createHash('sha256')
hash.update(data)Add data to hashhash.update('text')
hash.digest(encoding)Get final hash stringhash.digest('hex')
crypto.randomBytes(size)Generate secure random bytescrypto.randomBytes(16)

Key Takeaways

Always import the crypto module using ES modules syntax: import crypto from 'crypto'.
Use createHash with secure algorithms like 'sha256' and call update before digest once.
crypto.randomBytes generates cryptographically secure random data.
Avoid calling digest multiple times on the same hash object; create a new hash instead.
Never use weak or deprecated algorithms like MD5 for security purposes.

Related by keyword

How to Create Custom Module in Node.js: Simple GuideModulesHow to Use HTTP Module in Node.js: Simple GuideHTTP ModuleNode.js Cluster Module: What It Is and How It WorksCluster and Worker ThreadsHow to Run Parallel Async Operations in Node.js EfficientlyAsync PatternsHow to Use Domain Module in Node.js for Error HandlingError Handling

Up next

How to Use url.parse in Node.js: Syntax and ExamplesHow to Use URLSearchParams in Node.js: Syntax and ExamplesFetch vs Axios in Node.js: Key Differences and When to Use EachHow to Download File in Node.js: Simple Guide with Examples

More in Crypto

How to Create HMAC in Node.js: Simple Guide with ExamplesHow to Decrypt Data in Node.js Using Crypto ModuleHow to Encrypt Data in Node.js Using Crypto ModuleHow to Generate Random Bytes in Node.js Easily