警告:将 Cipheriv 用于 aes-256-ctr 的计数器模式

Warning: Use Cipheriv for counter mode of aes-256-ctr

在终端中有这个警告,在追踪来源或实际原因时遇到问题。

(node:37770) Warning: Use Cipheriv for counter mode of aes-256-ctr
(node:37770) Warning: Use Cipheriv for counter mode of aes-256-ctr

不幸的是,没有太多信息可以提供。我知道这是 Node 的问题,但不知道如何解决它。 https://nodejs.org/api/crypto.html

节点-v stable 8.9.0 (bottled), HEAD

package.json

"dependencies": {
    "axios": "^0.17.0",
    "babel-plugin-wrap-in-js": "^1.1.1",
    "babel-runtime": "^6.26.0",
    "body-parser": "^1.18.2",
    "compression": "^1.7.1",
    "cookie": "^0.3.1",
    "dotenv": "^4.0.0",
    "express": "^4.16.2",
    "express-session": "^1.15.6",
    "firebase": "^4.6.0",
    "firebase-admin": "^5.4.3",
    "isomorphic-unfetch": "^2.0.0",
    "js-cookie": "^2.2.0",
    "lusca": "^1.5.2",
    "next": "^4.1.4",
    "next-redux-wrapper": "^1.3.4",
    "node-sass": "^4.5.3",
    "now-logs": "0.0.7",
    "nprogress": "^0.2.0",
    "orm": "^4.0.1",
    "prop-types": "^15.6.0",
    "raw-loader": "^1.0.0-beta.0",
    "react": "^16.0.0",
    "react-dom": "^16.0.0",
    "react-redux": "^5.0.6",
    "react-stripe-checkout": "^2.6.3",
    "react-stripe-elements": "^1.2.0",
    "react-transition-group": "^2.2.1",
    "redux": "^3.7.2",
    "redux-thunk": "^2.2.0",
    "sass-loader": "^6.0.6",
    "session-file-store": "^1.1.2",
    "styled-jsx": "^2.1.2",
    "timeme.js": "^2.0.3",
    "uuid": "^3.1.0",
    "webpack": "^3.8.1"
  }

我遇到了类似的问题,在 运行 解决了这个问题之后 node issue 并查看 this section 的底部 看起来不建议使用没有随机输入的 aes-256-ctr 来改变它。将此更新为另一种算法后,错误消失了。

如果您不在代码中使用加密,我不确定您的哪个部门可能会抛出这个问题。它可能会搜索 createCipheraes-256-ctr

似乎是与节点 8 和 session-file-store 模块相关的问题。

https://github.com/valery-barysok/session-file-store/issues/65

你必须使用 createCipheriv 方法

以上警告使用

var crypto = require('crypto'),
algorithm = 'aes-256-ctr',
password = 'test@1234';
var iv = Buffer.from(Array.prototype.map.call(Buffer.alloc(16), () => {return Math.floor(Math.random() * 256)}));
var key = Buffer.concat([Buffer.from(password)], Buffer.alloc(32).length);
var cipher = crypto.createCipheriv(algorithm,password,iv)

在createCipheriv方法中,我们需要为iv创建一个缓冲区,为包含密码的密钥创建一个缓冲区

而不是

var crypto = require('crypto'),
algorithm = 'aes-256-ctr',
password = 'test@1234';
var cipher = crypto.createCipher(algorithm,password)

同时将您的数据转换为密码。 它将删除警告