RSA and AES encryption

Question

I am looking at the feasibility for using Chrome apps for the front end of some applications I am working on. (As an aside, if anyone has any thoughts on this - put it in the comments)

I would be using chrome.socket and would want the connections to be secure so will need RSA and AES encryption that will be compatible with as many backend technology implementations as possible (C#, Java, ...). What I mean by this is the different modes, key-lengths, implementation-specific details...

Now I have done a little searching myself and found https://code.google.com/p/crypto-js/ for AES encryption. Is this still the accepted library to use, or is there another?

...however, I couldn't find a library for RSA?

On the note of security, I don't foresee this being an issue as this is a Chrome extension,so the HTML/JavaScript is not being send over the internet, but is there any other security implication that I have missed?

`chrome.socket` (there is no chrome.sockets) isn't available in Chrome extensions. — sowbug, May 06 '13 at 01:41
OK, but `chrome.socket` still isn't available in Chrome extensions. — sowbug, May 06 '13 at 15:43
@sowbug Unless I am missing something obvious, I believe it is even in the `Stable` branch now: http://developer.chrome.com/apps/socket.html — Cheetah, May 06 '13 at 16:30
Chrome extensions can't use the socket API. Chrome apps can. There are absolutely no plans to make the socket API available to extensions. — sowbug, May 06 '13 at 22:12

score 5 · Answer 1 · edited Jun 20 '20 at 09:12

You could try using this:

Stanford Javascript Crypto Library: http://crypto.stanford.edu/sjcl/

SJCL is secure. It uses the industry-standard AES algorithm at 128, 192 or 256 bits; the SHA256 hash function; the HMAC authentication code; the PBKDF2 password strengthener; and the CCM and OCB authenticated-encryption modes.

Check the API here: http://bitwiseshiftleft.github.io/sjcl/doc/

Stanford also has a page showing RSA (among others) encryption in Javascript: http://www-cs-students.stanford.edu/~tjw/jsbn/

RSA and ECC in JavaScript:

The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.

They also state it is 100% interoperable with openssl and have instructions on how you can confirm this.

You could also try CryptoJS: https://code.google.com/p/crypto-js/

CryptoJS is a growing collection of standard and secure cryptographic algorithms implemented in JavaScript using best practices and patterns. They are fast, and they have a consistent and simple interface.

but the google cryptoJS does not support RSA (as partially been the question), right? — humanityANDpeace, Mar 16 '14 at 12:17
@humanityANDpeace looks like there is proposed code for this: https://groups.google.com/forum/m/#!topic/crypto-js/xUdAHo7RXEg — Don Rhummy, Mar 16 '14 at 20:32

score 0 · Answer 2 · answered Jul 28 '13 at 17:47

0

It seems like you might prefer to have a full TLS implementation here. You should be able to wrap chrome.socket with a TLS wrapper using forge (a JavaScript implementation of TLS):

https://github.com/digitalbazaar/forge

answered Jul 28 '13 at 17:47

dlongley

2,078
14
17

score 0 · Answer 3 · answered May 17 '15 at 13:02

I'm pointing out some of my work I did for university, it's probably full of bugs and could be done in a better way. It's quite fast and works well with big keys. It's possible to use RSA with keys with n Bits.

Check the tests if you need to understand how it works. Any bug or improvement would be appreciated though.

Note, you might have to search a little because there is more than just RSA.

https://github.com/llacroix/rsa-js

RSA and AES encryption

3 Answers3

Linked