Javascript Crypto Library

The Javascript Crypto Library provides web developers with an extensive and efficient set of cryptographic functions. The library aims to obtain maximum execution speed while preserving modularity and reusability. This is the very library that Clipperz online password manager is built upon.

Features

The Javascript Crypto Library currently includes:

  • AES-256, symmetric encryption;

  • Fortuna, a strong pseudo-random number generator;

  • SRP, a verifier-based authentication protocol;

  • SHA-2, hash function.

Browser cryptography is an critical component for building zero-knowledge web applications, better known as host-proof apps, but you can also use it to improve the security of specific portion of your code. As an example, you could consider replacing your present user authentication process with SRP.

License

All the code included in the Javascript Crypto Library, if not otherwise stated, is released under a BSD license and all rights are reserved to Clipperz Srl. For any use not allowed by the BSD license, please contact us to inquire about licensing options for commercial applications.

Get the code

The full repository of the Javascript Crypto Library is available from GitHub.

Acknowledgments

Javascript implementations of cryptographic algorithms have been around for years. Some of the pioneers in this field were: John Walker, Chris Veness, Paul Andrew Johnston and Leemon Baird. They all realized that Javascript could turn the browser into a new and ubiquitous “number crunching” tool that comes pre-installed on every modern computer. Even if they mostly wrote code for educational purposes, their work was an important inspiration to us.

Future developments

Basically we need to make the library more flexible and more powerful. Most functions need parameters for selecting the key length, the encoding options, …

Public-key cryptography is an area that definitely needs to be covered. The code already includes a first attempt to use elliptic curve cryptography (ECC), but it is still very slow and incomplete. We would love to improve it and develop all the components of a robust public-key cryptographic system based on elliptic curves. It’s an ambitious and complex plan. Any volunteer to help?

Contributions

Your contributions to the Javascript Crypto Library are very welcome! In order to avoid jeopardizing the ownership of the code base, we will require every developer to sign the Clipperz Contributor Agreement.