Tom Wu's pure JavaScript implementation of arbitrary-precision integer arithmetic.
Latest commit 3674b26 May 8, 2014 @jasondavies Fix #5: Web Workers.
Based on patch by @matejk.
Failed to load latest commit information.
LICENSE Import Tom Wu's version 1.4. Oct 3, 2013
base64.js Fixed a global variable leak. Oct 7, 2013
jsbn.js Import Tom Wu's version 1.4. Oct 3, 2013
jsbn2.js Import Tom Wu's version 1.2. May 27, 2012
rsa2.html Initial import of Tom Wu's jsbn v1.1 Dec 19, 2010
sha1.js Import Tom Wu's version 1.2. May 27, 2012

BigIntegers and RSA in JavaScript

The jsbn library is a pure JavaScript implementation of arbitrary-precision integer arithmetic.


Source Code

The API for the jsbn library closely resembles that of the java.math.BigInteger class in Java.

For example:

x = new BigInteger("abcd1234", 16);
y = new BigInteger("beef", 16);
z = x.mod(y);

will print b60c.

  • jsbn.js - basic BigInteger implementation, just enough for RSA encryption and not much more.
  • jsbn2.js - the rest of the library, including most public BigInteger methods.
  • rsa.js - implementation of RSA encryption, does not require jsbn2.js.
  • rsa2.js - rest of RSA algorithm, including decryption and keygen.
  • rng.js - rudimentary entropy collector and RNG interface, requires a PRNG backend to define prng_newstate().
  • prng4.js - ARC4-based PRNG backend for rng.js, very small.
  • base64.js - Base64 encoding and decoding routines.


The demo encrypts strings directly using PKCS#1 encryption-style padding (type 2), which is currently the only supported format. To show interoperability with a potential OpenSSL-based backend that decrypts strings, try the following on any system with the OpenSSL command line tool installed:

  1. Generate a new public/private keypair:

    $ openssl genrsa -out key.pem
    Generating RSA private key, 512 bit long modulus
    e is 65537 (0x10001)
  2. Extract the modulus from your key:

    $ openssl rsa -in key.pem -noout -modulus
  3. Go to the RSA Encryption demo and paste the modulus value into the "Modulus (hex)" field at the bottom.

  4. Make sure the value in the "Public exponent" field is "10001", or whatever value your public key uses.
  5. Type in a short string (e.g. testing) into the "Plaintext (string)" field and click on "encrypt". The result should appear in the "Ciphertext" fields.
  6. Copy the base64 version of the ciphertext and paste it as the input of the following command:

    $ openssl base64 -d | openssl rsautl -inkey key.pem -decrypt

    Hit ctrl-D or whatever your OS uses for end-of-file. Your original plaintext should appear:



Since jsbn is pure JavaScript, its performance will depend on the hardware as well as the quality of the JavaScript execution environment, but will be considerably slower than native implementations in languages such as C/C++ or Java.

On a 1GHz Intel PC running Mozilla:

Key typeEncryption timeDecryption time
RSA 512-bit (e=3)23ms1.0s
RSA 512-bit (e=F4)86ms1.0s
RSA 1024-bit (e=3)56ms6.0s
RSA 1024-bit (e=F4)310ms6.0s

On similar hardware, running IE6:

Key typeEncryption timeDecryption time
RSA 512-bit (e=3)50ms0.7s
RSA 512-bit (e=F4)60ms0.7s
RSA 1024-bit (e=3)60ms4.3s
RSA 1024-bit (e=F4)220ms4.3s

Timing measurements, especially under IE, appear to have limited precision for faster operations.


Version 1.4 (7/1/2013):
Fixed variable name collision between sha1.js and base64.js.
Obtain entropy from window.crypto.getRandomValues where available.
Added ECCurveFp.encodePointHex.
Fixed inconsistent use of DV in jsbn.js.
Version 1.3 (7/3/2012):
Fixed bug when comparing negative integers of different word lengths.
Version 1.2 (3/29/2011):
Added square method to improve ECC performance.
Use randomized bases in isProbablePrime
Version 1.1 (9/15/2009):
Added support for utf-8 encoding of non-ASCII characters when PKCS1 encoding and decoding JavaScript strings.
Fixed bug when creating a new BigInteger("0") in a non power-of-2 radix.


jsbn is released under a BSD license. See LICENSE for details.

Tom Wu