This error occurs when Node.js crypto module attempts to initialize a cipher with an invalid or unsupported algorithm name. The cipher name must match one of the algorithms supported by the OpenSSL library that Node.js is compiled with. Using an incorrect cipher specification like "aes-999-cbc" instead of valid options like "aes-256-cbc" will trigger this initialization error.
The Node.js crypto module provides cryptographic functionality through OpenSSL wrappers. When you call methods like crypto.createCipheriv() or crypto.createCipher(), you must specify a cipher algorithm by name. This error indicates that the cipher name provided does not match any algorithm known to the OpenSSL library. Common mistakes include typos in the algorithm name, using non-existent cipher specifications (like "aes-999-cbc" where 999 is not a valid key size), or attempting to use algorithms not supported by your Node.js/OpenSSL version. The crypto module cannot proceed with encryption or decryption if it cannot identify and initialize the requested cipher algorithm.
Verify that your cipher algorithm name follows the correct format. For AES ciphers, the format is "aes-{keysize}-{mode}" where keysize must be 128, 192, or 256, and mode is a valid block cipher mode.
const crypto = require('crypto');
// WRONG - 999 is not a valid AES key size
const cipher = crypto.createCipheriv('aes-999-cbc', key, iv);
// WRONG - missing hyphens
const cipher = crypto.createCipheriv('aes256cbc', key, iv);
// CORRECT - valid AES cipher specifications
const cipher1 = crypto.createCipheriv('aes-128-cbc', key, iv);
const cipher2 = crypto.createCipheriv('aes-192-cbc', key, iv);
const cipher3 = crypto.createCipheriv('aes-256-cbc', key, iv);
const cipher4 = crypto.createCipheriv('aes-256-gcm', key, iv);Use crypto.getCiphers() to retrieve an array of all cipher algorithms supported by your Node.js installation. This helps you verify which algorithms are available and find the correct name.
const crypto = require('crypto');
// Get all supported cipher algorithms
const ciphers = crypto.getCiphers();
console.log('Supported ciphers:');
console.log(ciphers);
// Check if a specific cipher is supported
const desiredCipher = 'aes-256-cbc';
if (ciphers.includes(desiredCipher)) {
console.log(`${desiredCipher} is supported`);
} else {
console.log(`${desiredCipher} is NOT supported`);
}
// Filter to show only AES ciphers
const aesCiphers = ciphers.filter(c => c.startsWith('aes'));
console.log('Available AES ciphers:', aesCiphers);Replace invalid or deprecated ciphers with modern, secure alternatives. For most use cases, "aes-256-gcm" or "aes-256-cbc" are recommended. Avoid using deprecated algorithms like DES or RC4.
const crypto = require('crypto');
// Generate a proper key and IV
const algorithm = 'aes-256-gcm'; // Authenticated encryption
const key = crypto.randomBytes(32); // 256 bits for aes-256
const iv = crypto.randomBytes(16); // 128-bit IV for GCM
// Create cipher with valid algorithm
const cipher = crypto.createCipheriv(algorithm, key, iv);
let encrypted = cipher.update('Hello, World!', 'utf8', 'hex');
encrypted += cipher.final('hex');
const authTag = cipher.getAuthTag(); // For GCM mode
console.log('Encrypted:', encrypted);Each cipher algorithm requires specific key and IV (initialization vector) sizes. After fixing the cipher name, ensure your key and IV buffers are the correct length to avoid related errors.
const crypto = require('crypto');
// Key and IV size requirements for common ciphers
const requirements = {
'aes-128-cbc': { keySize: 16, ivSize: 16 },
'aes-192-cbc': { keySize: 24, ivSize: 16 },
'aes-256-cbc': { keySize: 32, ivSize: 16 },
'aes-256-gcm': { keySize: 32, ivSize: 12 } // GCM typically uses 12-byte IV
};
const algorithm = 'aes-256-cbc';
const req = requirements[algorithm];
// Generate properly sized key and IV
const key = crypto.randomBytes(req.keySize);
const iv = crypto.randomBytes(req.ivSize);
console.log(`Key size: ${key.length} bytes`);
console.log(`IV size: ${iv.length} bytes`);
const cipher = crypto.createCipheriv(algorithm, key, iv);Some older cipher algorithms may have been removed in newer OpenSSL versions. Check your Node.js and OpenSSL versions to understand which algorithms are available.
# Check Node.js version
node --version
# Check OpenSSL version used by Node.js
node -p "process.versions.openssl"
# Alternative: get detailed crypto info
node -p "crypto.getCiphers().length + ' ciphers available'"If you need a specific cipher that is not available, consider upgrading or downgrading Node.js, or using a different cipher algorithm that provides equivalent security.
If you are using the deprecated crypto.createCipher() method, migrate to crypto.createCipheriv() which requires explicit key and IV management and is more secure.
const crypto = require('crypto');
// DEPRECATED - do not use
// const cipher = crypto.createCipher('aes-256-cbc', password);
// RECOMMENDED - use createCipheriv with proper key derivation
const algorithm = 'aes-256-cbc';
const password = 'user-password';
const salt = crypto.randomBytes(16);
// Derive key from password using scrypt
crypto.scrypt(password, salt, 32, (err, derivedKey) => {
if (err) throw err;
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv(algorithm, derivedKey, iv);
let encrypted = cipher.update('Secret data', 'utf8', 'hex');
encrypted += cipher.final('hex');
console.log('Encrypted:', encrypted);
// Store salt and iv with encrypted data for decryption
});The list of supported ciphers varies depending on how Node.js was compiled and which version of OpenSSL is linked. Some algorithms may be available on one system but not another. When writing portable code, always check cipher availability using crypto.getCiphers() or provide fallback options. For authenticated encryption, prefer GCM mode over CBC mode as it provides both confidentiality and authenticity. Note that crypto.createCipher() is deprecated because it uses a weak key derivation function (EVP_BytesToKey with MD5, no salt, single iteration), making it vulnerable to attacks. Always use crypto.createCipheriv() with proper key derivation using crypto.scrypt() or crypto.pbkdf2(). The cipher name is case-sensitive in some contexts, although most standard algorithm names use lowercase. For production applications, use well-established cipher suites like aes-256-gcm and ensure proper key management practices including secure key generation, storage, and rotation.
Error: Listener already called (once event already fired)
EventEmitter listener already called with once()
Error: EACCES: permission denied, open '/root/file.txt'
EACCES: permission denied
Error: Invalid encoding specified (stream encoding not supported)
How to fix Invalid encoding error in Node.js readable streams
Error: EINVAL: invalid argument, open
EINVAL: invalid argument, open
TypeError: readableLength must be a positive integer (stream config)
TypeError: readableLength must be a positive integer in Node.js streams