View Full Version : Crypto: OpenSSL compatible cryptographic classes & functions in Javascript

15 Sep 2009, 4:49 AM
Hi all!

I have compiled a library of OpenSSL compatible cryptographic classes & functions by using different resources from the web and my own input. Documentation is not complete (yet) and I do not have a demo link at the moment, but everything works and it is pretty straight forward. I used some functions from ExtJS 3.0 (base) so it won't work if you haven't included that with your page. Have fun!



1 Oct 2009, 4:31 PM
Looks awesome!!! Thanks a lot!!!

1 Oct 2009, 11:14 PM
Your welcome ... :D

10 Oct 2009, 12:54 PM
Thank you very much for this library. I am interested in doing signature verification, but I can't seem to find it in the library.

Also, I know you're working on documentation, but could you provide a quick and dirty on how to generate a public/private key pair and use those to encrypt a message? I've tried calling Crypto.RSA.generateKeyPair but it doesn't find the function. I was able to figure out the other namespaces like calling Crypto.hash.sha256("test").

11 Oct 2009, 11:24 PM
Hi Dishwasha,

Well generating a key pair is easy. Just instantiate an object by calling:

var rsa = new Crypto.RSA();

... and then call:

rsa.generateKeyPair(1024, 0x10001); // where 1024 = bits and 0x10001 = public exponent

Although a better approach is to generate a public/private key pair with openssl and use the setPublicKey function, then you can create the signature with the private key on the server-side and verify it with the public key on the client-side.

To encrypt and decrypt a message you can use the high-level functions:
- encrypt(message, options)
- decrypt(cipherText, options)

where options are:
- padding: padding function to use (PKCS1PADx functions)
- method: either 'private' or 'public'

Both functions return the data as binary strings so I recommend that you call encodeB64 after encryption and decodeB64 before decryption.

So encrypting a string would look something like this:

var rsa = new Crypto.RSA();
rsa.setPublicKey(<RSA public key in hex notation>, <public exponent>);

var msg = 'This message is secret';
var cipherText = rsa.encrypt(msg).encodeB64();
var plainText = rsa.decrypt(cipherText.decodeB64());



12 Oct 2009, 7:54 AM
Very awesome, I just didn't get that I had to instantiate first. I guess that's the difference between Ext.extend and Ext.apply. Once again, thank you very much for this code. This will go very far in ensuring asynchronous client data streams haven't been hijacked. Most people are really only concerned that the server doesn't get hijacked to the client and not the other way around.

12 Oct 2009, 8:12 AM
You're very right indeed, and again ... thx ... :D

8 Nov 2009, 4:25 AM
This library is just what i need for my project. I am interested in the areas that Dishwasha (http://www.extjs.com/forum/member.php?u=93041) needs along with digital signature and verification. I'm also new to ExtJS that's why I would like to request if you could please provide a sample on how to use this library for digital signing and verification? I know that the documentation is still not complete but i would appreciate it if you could release it to us.

Thank you very much in advance.

8 Nov 2009, 8:51 AM
In a typical encryption scenario, both parties publish their public keys to each other and each client will encrypt the data use the other party's public key. In digital signature, the party signing the data will encrypt the data using their private key and the other party will decrypt using the source's public key. Some prefer to send a CRC or hash of the original decrypted data in the signature and this ensures when you decrypt public key encrypted data, that you have verified that the CRC or hash decrypted in the signature matches a CRC or hash of the decrypted data.

A simulation of a digital encryption would be as follows using amorworx's js crypto library (I recommend using firebug to simulate):

The signer creates a public/private key pair
var rsa = new Crypto.RSA();
rsa.generateKeyPair(1024, 0x10001);

Then the signer takes a "Signature message" (or hash computation) and encrypts it using the private key. By default the Crypto.RSA.encrypt function uses the public key to encrypt.
var msg = "Signature message not secret";
enc = rsa.encrypt(msg,{method: "private"}).encodeB64();

Then the signer publishes their public key to anyone:
pubkey = rsa.n.toBytes().bytesToHex();

The other party receiving the signed data takes the data and the signer's public key and is now able to view the message.
var rsa2 = new Crypto.RSA();
rsa2.decrypt(enc.decodeB64(), {method: "public"});

P.S. I noticed line 5734 has a slight mistake so you'll need to change "return me.chunkJoin().rawDecodeUTF8(utf8);" to "return me.chunkJoin().rawDecodeB64(utf8);" before this will work.

9 Nov 2009, 12:47 AM
Hi all,

I've found a few minor bugs and I hereby posting a new version. Note: I've still hadn't any time to update the documentation.

@Dishwasha: Thx for reporting the bug in decodeB64

17 Nov 2009, 4:35 AM
Thanks for the explanations @Dishwasha, now i have something to start with.

8 Jun 2010, 3:20 AM

i have problems with the new Safari 5 (here on Windows) with the Crypto Extension:

Firefox:Crypto.hash.sha1('Test') -> "640ab2bae07bedc4c163f679a746f7ab7fb5d1fa"
Safari: Crypto.hash.sha1('Test') -> "c64c8a8736fc607acf06e1aa0d99da7a2cdad659"

Is this a bug in Safari or in the Crpyto.js?

8 Jun 2010, 3:48 AM

I did a quick check and Chrome has the same output as FF ... so I must conclude that Safari 5 has a bug somewhere ...

8 Jun 2010, 8:04 AM
Marvelous job with this work.

5 Feb 2011, 9:34 PM
Hii All

am trying to do RSA encryption for a string at the client side using openssl ; i dont know how to use openssl with javascript. pls help . i am using php with openssl at the server side.
pls help....

7 Feb 2011, 9:45 AM
am trying to encrypt (RSA) data at the client side using javascript & openssl .Can u pls put up an example showing how to call these functions and in what order the dependencies are to be used . ? am Also decrypting at the server side using php & openssl .

8 Feb 2011, 3:12 AM
Hi, do you have a version which does not require Ext JS and chunks this different algorithms?

22 Mar 2011, 1:38 AM
As far as I understand your module does not support digital signing data with private key? Could you suggest some alternative which supports this feature?

22 Nov 2011, 4:51 AM
Did you migrate crypto.js to Ext JS 4?

23 Feb 2012, 2:24 AM
hi i am using PBEWithMD5And128BitAES-CBC-OpenSSL with javax.crypto library . The server implementation of decryption is implemented using this API . Now i have to use javascript to code this functionality . Please let me know if i can use this piece of code to :-

generate eight random bytes (salt)
hash password+salt three times with MD5 to generate key and iv
encode plaintext in UTF-8
pad the plaintext so it consists solely of 16 bytes blocks
encrypt with AES-CBC mode of operation
encode encrypted text with base64

24 Apr 2012, 9:43 AM
I am not able to download the file. Keep getting error...start of the central directory not found; zip file corrupt