Implementing AES Encryption in Node.js and C# from Scratch

A simple guide on implementing AES Encryption in Node and C#

A simple guide on implementing AES Encryption in Node and C#

Photo by Luca Bravo on Unsplash

We need data encryption to secure our data while transmitting between microservices or to clients. It prevents others learn about our data. To implement end-to-end encryption, we need to make sure only the sender and the receiver can read the message transmitted.

AES Encryption

The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data. — source

Why AES?

It is one of the most secure and mature encryption methods used widely around the globe. As there are plenty of reading materials regarding AES, I will only make some comparison with RSA (which I’ve implemented too).

RSA vs AES

RSA is only able to encrypt data up to 245 bytes, whereas AES can encrypt data near to no limit. The only side effect will be getting slower as the data gets more substantial. RSA uses a public key and private key to do the encryption, while AES is using a string as a key as well as IV (Initialization Vector) to add randomization into it. While we’re constantly changing the value of IV, it will always generate different encrypted value as an output; whereas RSA will be continually providing the same value. I’m not saying RSA is less secure, but it might be showing a hint of what encryption your system might be using.

C#

AES encrypt and decrypt in C#

Node with Typescript

AES encrypt and decrypt in NodeJS with Typescript

Key Notes

1. To make both sides work with each other, make sure the EncryptionType, Keysize, Key and IV (Initialization Vector) are identical.

2. You can serialize a JSON object to the string before encrypting it in C#.

3. To add more randomization on the encryption, randomly generate the IV while doing the encryption. But we have to make sure the decrypting side will have the IV too. It will make sure even the data to encrypt is identical, and the string gets encrypted will be different every time. (It’s similar to a salt password in C#)

4. Store the credentials in a secure network or services like Azure Keyvault, Kubernetes Secrets, AWS Key Management.

Summary

That’s basically all you need to encrypt and decrypt a message via NodeJS and C#.NET. Any customization all depends on your implementation to proceed further.

Last Note

In this tough time around the world due to the pandemic of COVID-19, please stay safe everyone, feed yourself well and stay at home as much as we could. We could make use of this time to get closer to our family. We can fight through this all together, cheers!