Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Stanford Javascript Crypto Library
JavaScript HTML CSS Perl Makefile Shell Java


Build Status

Join the chat at

Stanford Javascript Crypto Library

Security Advisories

  • 12.02.2014: the current development version has a paranoia bug in the ecc module. The bug was introduced in commit ac0b3fe0 and might affect ecc key generation on platforms without a platform random number generator.

Security Contact

Security Mail:
OpenPGP-Key Fingerprint: 0D54 3E52 87B4 EC06 3FA9 0115 72ED A6C7 7AAF 48ED

Upgrade Guide

1.0.3 -> 1.0.4

codecBase32 has been re-enabled with changes to conform to RFC 4648:

  • Padding with = is now applied to the output of fromBits. If you don't want that padding, you can disable it by calling fromBits with a second parameter of true or anything that evaluates as "truthy" in JS
  • The encoding alphabet for sjcl.codec.base32 now matches that specified by the RFC, rather than the extended hex alphabet.
  • The former extended hex alphabet is now available through sjcl.codec.base32hex (also matching the RFC). So if you encoded something with base32 before, you'll want to decode it with base32hex now.


The documentation is available here

Something went wrong with that request. Please try again.