Currently I am working in dev env on my local machine where I am storing passwords in plain text using MongoDB. I am using express-jwt along with jsonwebtoken for passing user data and authentication. I've researched bcryptjs and bcrypt and I would like to implement bcryptjs for passing hashed passwords to the database and decrypting them for the response from a client. I have found resources for server side, but nothing for client side.

My question is then, what is the methodology for properly saving encrypted passwords on my server when they are passed from a client? How do I encrypt passwords client side then decrypt them server side for authenticating a user?

CodePudding user response：

You don't decrypt passwords. You ask the user for the password, then you encrypt it and compare it to the encrypted one you saved. If they're the same, then (assuming you have a secure hashing algorithm) the unencrypted versions must be the same also.

CodePudding user response：

You don't have to encrypt the password or any data when you are transmitting it from the client side, because it will be already in secure by the HTTPS, so you only need to encrypt it in the server side and store in in the database.