Friday, February 1, 2013

Javascript RSA

In terms of crypto in Javascript, from google search result, pidcrypt seems to be the most mentioned library. pidCrypt is a crypto library offering modular cryptographic functions in JavaScript. Supports: AES (CBC & CTR Mode), RSA, MD5, SHA-1, SHA-256, SHA-384, SHA-512, ASN.1, Base64, UTF-8. The AES-CBC mode is compatible to OpenSSL.

In my current project, I am looking for a lightweight library or Javascript class to do Javascript RSA encryption, so I found from github. Before I included them into my project, I tested the performance on Mac OSX for 3 different browsers. And the result is: Google Chrome 24.0.1312.56 is much faster than Safari 6.0.2 and Firefox 18.0.1. Chrome is around 6ms, while Safari/Firefox is around 20ms per encryption.

For test, we need first to generate a keypair using OpenSSL, and it is straightforward on Mac OSX.
openssl genrsa -out private_key.pem 1024
openssl rsa -pubout -in private_key.pem -out public_key.pem
openssl rsa -text -in private_key.pem

Update: 2/24/2013
After evaluating the implementation effort, we decided to change to HMAC from original planned RSA. It is also straightforward when there is existing crypto libraries for hmac.

<script type="text/javascript" src=""></script>
<script type="text/javascript" src=""></script>

hmacString = Crypto.HMAC(Crypto.SHA1, message, secret-passphrase, { asString: true })
base64String = $.base64.encode(hmacString);

No comments:

Post a Comment