Crypto: OpenSSL compatible cryptographic classes & functions in Javascript

[amorworx]

Hi all!

I have compiled a library of OpenSSL compatible cryptographic classes & functions by using different resources from the web and my own input. Documentation is not complete (yet) and I do not have a demo link at the moment, but everything works and it is pretty straight forward. I used some functions from ExtJS 3.0 (base) so it won't work if you haven't included that with your page. Have fun!

Cheers

Bert

[vgimeno]

Looks awesome!!! Thanks a lot!!!

[amorworx]

Your welcome ...

[Dishwasha]

Thank you very much for this library. I am interested in doing signature verification, but I can't seem to find it in the library.

Also, I know you're working on documentation, but could you provide a quick and dirty on how to generate a public/private key pair and use those to encrypt a message? I've tried calling Crypto.RSA.generateKeyPair but it doesn't find the function. I was able to figure out the other namespaces like calling Crypto.hash.sha256("test").

[amorworx]

Hi Dishwasha,

Well generating a key pair is easy. Just instantiate an object by calling:

Code:

var rsa = new Crypto.RSA();

... and then call:

Code:

rsa.generateKeyPair(1024, 0x10001); // where 1024 = bits and 0x10001 = public exponent

Although a better approach is to generate a public/private key pair with openssl and use the setPublicKey function, then you can create the signature with the private key on the server-side and verify it with the public key on the client-side.

To encrypt and decrypt a message you can use the high-level functions:
- encrypt(message, options)
- decrypt(cipherText, options)

where options are:
- padding: padding function to use (PKCS1PADx functions)
- method: either 'private' or 'public'

Both functions return the data as binary strings so I recommend that you call encodeB64 after encryption and decodeB64 before decryption.

So encrypting a string would look something like this:

Code:

var rsa = new Crypto.RSA();
rsa.setPublicKey(<RSA public key in hex notation>, <public exponent>);

var msg = 'This message is secret';
var cipherText = rsa.encrypt(msg).encodeB64();
var plainText = rsa.decrypt(cipherText.decodeB64());

/Cheers

Bert.

[Dishwasha]

Very awesome, I just didn't get that I had to instantiate first. I guess that's the difference between Ext.extend and Ext.apply. Once again, thank you very much for this code. This will go very far in ensuring asynchronous client data streams haven't been hijacked. Most people are really only concerned that the server doesn't get hijacked to the client and not the other way around.

[amorworx]

You're very right indeed, and again ... thx ...

[RodelNaz]

This library is just what i need for my project. I am interested in the areas that Dishwasha needs along with digital signature and verification. I'm also new to ExtJS that's why I would like to request if you could please provide a sample on how to use this library for digital signing and verification? I know that the documentation is still not complete but i would appreciate it if you could release it to us.

Thank you very much in advance.
Cheers...!

[Dishwasha]

In a typical encryption scenario, both parties publish their public keys to each other and each client will encrypt the data use the other party's public key. In digital signature, the party signing the data will encrypt the data using their private key and the other party will decrypt using the source's public key. Some prefer to send a CRC or hash of the original decrypted data in the signature and this ensures when you decrypt public key encrypted data, that you have verified that the CRC or hash decrypted in the signature matches a CRC or hash of the decrypted data.

A simulation of a digital encryption would be as follows using amorworx's js crypto library (I recommend using firebug to simulate):

The signer creates a public/private key pair
var rsa = new Crypto.RSA();
rsa.generateKeyPair(1024, 0x10001);

Then the signer takes a "Signature message" (or hash computation) and encrypts it using the private key. By default the Crypto.RSA.encrypt function uses the public key to encrypt.
var msg = "Signature message not secret";
enc = rsa.encrypt(msg,{method: "private"}).encodeB64();

Then the signer publishes their public key to anyone:
pubkey = rsa.n.toBytes().bytesToHex();

The other party receiving the signed data takes the data and the signer's public key and is now able to view the message.
var rsa2 = new Crypto.RSA();
rsa2.setPublicKey(pubkey,0x10001);
rsa2.decrypt(enc.decodeB64(), {method: "public"});

P.S. I noticed line 5734 has a slight mistake so you'll need to change "return me.chunkJoin().rawDecodeUTF8(utf8);" to "return me.chunkJoin().rawDecodeB64(utf8);" before this will work.

[amorworx]

Hi all,

I've found a few minor bugs and I hereby posting a new version. Note: I've still hadn't any time to update the documentation.

@Dishwasha: Thx for reporting the bug in decodeB64