RSA and AES encryption

Cheetah picture Cheetah · May 5, 2013 · Viewed 14.1k times · Source

I am looking at the feasibility for using Chrome apps for the front end of some applications I am working on. (As an aside, if anyone has any thoughts on this - put it in the comments)

I would be using chrome.socket and would want the connections to be secure so will need RSA and AES encryption that will be compatible with as many backend technology implementations as possible (C#, Java, ...). What I mean by this is the different modes, key-lengths, implementation-specific details...

Now I have done a little searching myself and found https://code.google.com/p/crypto-js/ for AES encryption. Is this still the accepted library to use, or is there another?

...however, I couldn't find a library for RSA?

On the note of security, I don't foresee this being an issue as this is a Chrome extension,so the HTML/JavaScript is not being send over the internet, but is there any other security implication that I have missed?

Answer

Don Rhummy picture Don Rhummy · Jun 6, 2013

You could try using this:

Stanford Javascript Crypto Library: http://crypto.stanford.edu/sjcl/

SJCL is secure. It uses the industry-standard AES algorithm at 128, 192 or 256 bits; the SHA256 hash function; the HMAC authentication code; the PBKDF2 password strengthener; and the CCM and OCB authenticated-encryption modes.

Check the API here: http://bitwiseshiftleft.github.io/sjcl/doc/

Stanford also has a page showing RSA (among others) encryption in Javascript: http://www-cs-students.stanford.edu/~tjw/jsbn/

RSA and ECC in JavaScript:

The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.

They also state it is 100% interoperable with openssl and have instructions on how you can confirm this.

You could also try CryptoJS: https://code.google.com/p/crypto-js/

CryptoJS is a growing collection of standard and secure cryptographic algorithms implemented in JavaScript using best practices and patterns. They are fast, and they have a consistent and simple interface.