Back to Blog
Streaming Large Files for Encryption/Decryption: A Node.js Tutorial
technologyGeneral ProgrammingJavaScriptdatabaseSecurityfrontendbackend

Streaming Large Files for Encryption/Decryption: A Node.js Tutorial

S
Sylvester Das
1/19/2025
3 min

This tutorial demonstrates how to efficiently handle large file encryption and decryption using Node.js streams. We'll build a server that acts as a secure middleman, encrypting files uploaded by clients and allowing them to download the decrypted versions later. This approach avoids loading the entire file into memory, making it scalable and performant even with massive files.

Introduction

Imagine handling sensitive data like medical records or financial transactions. Security is paramount, and encryption is essential. However, encrypting large files can be resource-intensive. Loading a multi-gigabyte file into memory for encryption can overwhelm your server. Streams offer a solution by processing the file in chunks, significantly reducing memory footprint and improving performance.

Prerequisites & Setup

Before we begin, ensure you have Node.js and npm installed. We'll use the built-in crypto module and the stream APIs. Create a new directory for your project and initialize it:

mkdir file-encrypt-decrypt
cd file-encrypt-decrypt
npm init -y

Install the necessary dependencies:

npm install formidable

Formidable simplifies file uploads in Node.js.

Step-by-step Implementation

  1. Create the server:
const http = require('http');
const formidable = require('formidable');
const fs = require('fs');
const crypto = require('crypto');

const server = http.createServer((req, res) => {
  // ... (Implementation details below)
});

const PORT = 3000;
server.listen(PORT, () => {
  console.log(`Server listening on port ${PORT}`);
});
  1. Handle file uploads:

Inside the server's request handler, use Formidable to parse incoming file uploads:

if (req.url === '/upload' && req.method.toLowerCase() === 'post') {
  const form = new formidable.IncomingForm();

  form.parse(req, (err, fields, files) => {
    if (err) {
      console.error(err);
      res.writeHead(500, { 'Content-Type': 'text/plain' });
      res.end('Error uploading file');
      return;
    }

    const file = files.file; // Assuming 'file' is the field name in the upload form
    const filePath = file.filepath;
    encryptFile(filePath, res);
  });
}
  1. Encrypt the file stream:
function encryptFile(filePath, res) {
  const algorithm = 'aes-256-cbc'; // Choose your encryption algorithm
  const key = crypto.randomBytes(32); // Generate a random key
  const iv = crypto.randomBytes(16); // Generate a random initialization vector

  const cipher = crypto.createCipheriv(algorithm, key, iv);
  const readStream = fs.createReadStream(filePath);
  const writeStream = fs.createWriteStream(`${filePath}.enc`);

  readStream.pipe(cipher).pipe(writeStream);

  writeStream.on('finish', () => {
    // Store key and iv securely (e.g., database) associated with the filename
    console.log('File encrypted successfully!');
    res.writeHead(200, { 'Content-Type': 'text/plain' });
    res.end(`File encrypted! Key: ${key.toString('hex')}, IV: ${iv.toString('hex')}`); // Send key and IV back (In a real app, store these securely and provide a separate download mechanism)
    fs.unlinkSync(filePath); // Delete the original file after encryption
  });
}
  1. Implement decryption (similar logic):

Create a /download route that retrieves the encrypted file and decrypts it using the stored key and IV. The decryption process mirrors encryption, using crypto.createDecipheriv and piping the file stream through the decipher.

Testing/Validation

Create a simple HTML form to upload files and test the server. Verify that the encrypted file is created and that you can successfully decrypt it using the generated key and IV.

Troubleshooting Common Issues

  • Memory leaks: Ensure all streams are properly closed or handled to prevent memory leaks.
  • Incorrect key/IV: Double-check that the correct key and IV are used for decryption.
  • Algorithm mismatch: Use the same algorithm for encryption and decryption.

Next steps

  • Secure key management: Implement a robust solution for storing and retrieving encryption keys. Never expose keys directly in responses.
  • Integration with a database: Store file metadata (including encryption information) in a database for persistent storage.
  • User authentication: Add user authentication to control access to encrypted files.
  • Progress indicators: Provide feedback to users on the progress of encryption/decryption, especially for very large files.

This tutorial provides a foundation for secure file handling using streams. By processing data in chunks, you can efficiently manage large files without compromising server stability or performance. Remember to prioritize secure key management practices in a production environment.

Follow Minifyn:

Try our URL shortener: minifyn.com

Share this article

Connect with MiniFyn

Join our community for updates and discussions

X (formerly Twitter)FacebookLinkedInTelegram