How to get fixed value for encryption the same string ?

[3adel-bassiony]

Hello

I checked the encryption part in adonis.js but I can't find a way to encrypt something with a static key.
I mean I want to encrypt the users emails and usernames in the database and I tried to use the encryption in adonis.js but every time I try to encrypt I got a different value, so how I can encrypt them and get the same value or how I can use a specific key for each user ? something like a password for every user and he can only decrypt or encrypt his data?
Also, I tried to use a custom secret key but still got different values.

https://docs.adonisjs.com/guides/security/encryption#encryptingdecrypting-values

[RomainLanz]

Hey @3adel-bassiony! 👋🏻

What is the issue of having a different value each time you encrypt something?

This is because the input is salted to add another security level on top of the encryption.
The same thing happens when you hash the same input twice; you get two different outputs.

[3adel-bassiony]

I want to encrypt the user's data, For example, I want to encrypt the user's emails, If I use the encryption feature in adonis it returns a new value every time I create encryption for an email address, So how can I check if the email valid or exist or do anything related to the user email?
I don't know if there is a better approach for this case but I think the simple and easy one is to use encryption right?

[bitkidd]

Keep its hash near your encrypted value, this way you can check if it exists in the database.

[mastermunj]

You can try something like:

const KEY = 'random-fixed-key';
const IV = 'random-fixed-iv';
public static encrypt(input: string): string {
  const aesCipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(KEY), Buffer.from(IV));
  return aesCipher.update(input, 'utf8', 'hex') + aesCipher.final('hex');
}

public static decrypt(hash: string): string {
  const aesDecipher = crypto.createDecipheriv('aes-256-cbc', Buffer.from(KEY), Buffer.from(IV));
  return aesDecipher.update(hash, 'hex', 'utf8') + aesDecipher.final('utf8');
}

Please note, that this isn't as secure though.

[mastermunj]

It is secure but predictable. The way Adonis has implemented the encryption, it's more secure.

[3adel-bassiony]

is it more secure because they generate a different value every time I create encryption or something else?

[mastermunj]

yes, the encryption generating different values each time using salt is more secure.

[3adel-bassiony]

Alright, but what if I want to encrypt the users data in database and make the encryption key static per user so make the user the only one who can decrypt his data?

[bitkidd]

Usually this works through RSA (or any other modern public/private) keypair where users’ private key is encrypted via AES encryption with a key being a user password.

The public key can remain public, you can use it to encrypt data for user that only he will be able to open.