6

Is there any JavaScript libs that lets you encrypt and decrypt 256 bit AES the way you do it with mcrypt in PHP (and get the same result of course)? I want to give it a variable-length message and a 32 chars key. All libs I find wants fixed-length blocks of cleartext and byte-arrays of keys.

This is how it's done in PHP:

$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
echo mcrypt_encrypt(MCRYPT_RIJNDAEL_256, "32 CHARS THAT REPRESENT MY KEY!!", "hello", MCRYPT_MODE_ECB, $iv);
Peter O.
  • 32,158
  • 14
  • 82
  • 96
Martin
  • 5,197
  • 11
  • 45
  • 60
  • 1
    why would you want to encrypt using javascript? so that your encryption key could be seen by the world? – naveen Aug 26 '10 at 16:36
  • 2
    ah don't worry about that, key is sent through https. – Martin Aug 26 '10 at 16:43
  • 1
    HTTPS or not, the users can still see the key in your JavaScript. So if I for instance visited your site with a HTTPS connection, **I** could see still the encryption key by just viewing at the source or using a tool such as Firebug. – Frxstrem Aug 26 '10 at 16:45
  • I know i know. But it doesn't matter if the user can see it as long as noone else can. – Martin Aug 26 '10 at 16:51
  • if you trust your user and the connection so much, why not letting HTTPS handle the security? – dcestari Mar 02 '11 at 21:46
  • grr you guys stop bugging him about the reason. I need the same thing and its because I need to encrypt a message with a password on the client and decrypt it on the server WITHOUT TRANSMITTING THE KEY – Kristopher Ives Nov 09 '11 at 06:52
  • People are "bugging" the OP because doing crypto in Javascript is fundamentally broken and a bad idea - because if you're not doing everything over HTTPS, an attacker can simply corrupt your JS to do what he wishes; or if you're using it to try and protect users against the site, the site can simply change the JS without notice. – Nick Johnson Oct 29 '12 at 15:58

1 Answers1

6

Yes! I made (the beginnings of) mcrypt for javascript. It doesn't have the exact same interface but it's similar. https://code.google.com/p/js-mcrypt/

Rick
  • 1,240
  • 14
  • 21