This is a nice and usable DSL that wraps some JavaScript encryption libraries from some awesome folks:
I didn’t write any of the encryption libraries, I just wrapped them in a nice and easy to understand DSL that is inspired by the EzCrypto Ruby gem.
WARNING: JavaScript crytography is still more or less the wild west. See this article for a pretty decent explanation of what you are getting yourself into. Use at your own risk.
When you load ezcrypto.js it will include the JavaScript encryption libraries from vendor/. In the future this might turn into one big CommonJS style module.
<script src="ezcrypto.js"></script>
The most secure type of key is the randomly generated key:
<script src="ezcrypto.js"></script>
// generate an RSA keypair
var key = ezcrypto.generateKey();
=> {"private": "3521df…", "public": "95d8cf…"}
// encrypt a message with your key
// under the hood, this AES encrypts your message using your RSA key
// because AES works better with larger chunks of data than RSA
var encryptedData = ezcrypto.encrypt('secrets', key);
=> {"key": "8170f7…", "message": "72308a…"}
// decrypt the encrypted data with your key
ezcrypto.decrypt(encryptedData, key));
=> 'secrets'
You can also use a password to encrypt data, in case you don’t want to store keys and instead want to remember passwords. This is obviously less secure since rememberable passwords are much much shorter than RSA keys. The generateKey method simply creates JavaScript Objects.
// generate an RSA keypair and immediately encrypt the users password using the RSA key.
var key = ezcrypto.generateKey('my_awesome_password');
=> {"private": "3521df…", "public": "95d8cf…", "encryptedPassword": "823jbv…"}
// encrypting and decrypting messages works the same
var encryptedData = ezcrypto.encrypt('secrets', key);
=> {"key": "2j9svs…", "message": "393bb3…"}
ezcrypto.decrypt(encryptedData, key));
=> 'secrets'
Open test.html in a browser and check console output for a demo.
The MIT License
Copyright © 2010 Max Ogden and Tyler Gillies
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the “Software”), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.