Web Cryptography Overview

The world is insecure. The digital world is absolutely insecure.

Security threats are gradually transforming the Internet from the space of unlimited freedom into the space of permanent instability. Hackers' attacks, identity thefts, malware propagation and state surveillance highlight the value of cybersecurity for application developers. New challenges raise a question of applying supplementary cryptographic techniques to protect users and their data.

JavaScript cryptography is usually reprehended: client-side scripting cannot be a secure alternative to the full-featured data protection based on the TLS communication mechanism. However, JS cryptographic functions are quite justifiable as auxiliary means adding to the transport layer security. One of scripting scenarios is the encryption of a file before uploading it to a cloud storage. If the encryption key is generated and kept on the user's machine, neither cloud provider nor potential intruders getting illegal access to the user account will be able to decrypt the file and read its contents.

Various applications may fall back upon client-side cryptography for authentication, secure messaging, or for transporting public keys encoded in the JSON key format. Besides, a set of JavaScript crypto interfaces can be an integral part of an SDK for cross-platform mobile development: in this case scripting acts as a thin wrapper around native cryptographic APIs.

Browser add-ons are another sphere of applying JS cryptography: for example, a hash calculator computing message digests of local files can be deployed as an extension of Chrome, Opera or Firefox.

W3C Consortium approved the first working draft of the Web Cryptography API in September 2012. The pivot point of the proposed specification is the Crypto interface accessed as a property of the current window instance:

console.log(window.msCrypto); // Crypto in Internet Explorer 11
console.log(window.crypto); // Crypto in Chrome, Opera and Firefox

If the browser does not support cryptographic interfaces natively, developers have to look for polyfills and libraries created by third parties.

Cryptographic Operations

A cryptographic library is presumed to support the following minimum of crypto operations:

  • computation of message digests;
  • data integrity check based on message authentication codes;
  • symmetric encryption/decryption with stream ciphers;
  • symmetric encryption/decryption with block ciphers;
  • asymmetric cryptography based on using a public/private key pair;
  • digital signature creation/verification;
  • password-based cryptography dealing with key derivation, encryption/decryption and message authentication schemes.
JavaScript Cryptographic Libraries

The recommended JS libraries exposing interfaces for basic cryptographic operations are

  • Google Closure - a broad, well-tested, modular, and cross-browser JavaScript library; cryptography is just a small subset of Closure: this is a versatile library providing the developer with both UI widgets and lower-level routines for the network communication, DOM traversal, animation, etc.;
  • Stanford Javascript Crypto Library - a powerful and fast JS solution for cryptography;
  • jsrsasign with a set of efficient APIs for parsing ASN.1 data structures, computing message digests and message authentication codes, creating RSA and ECDSA digital signatures;
  • pidCrypt - a library for ASN.1 parsing, AES encryption/decryption, MD5 and SHA-1/256/384/512 hash computation; asymmetric cryptography is represented in the implementation of the RSA algorithm;
  • Cryptico - an easy-to-use encryption system utilizing RSA and AES for JavaScript;
  • Forge - a native implementation of TLS in JavaScript;
  • JavaScript crypto libraries for computing MD5, RIPEMD-160 and SHA-1/256/512 hashes;
  • CryptoJS supporting hash algorithms, HMAC computation, block and stream ciphers (AES, DES, Triple DES, Rabbit, RC4), password-based key derivation;
  • JS crypto routines from jsbn.