Using encryption in Java Script could potentially help establishing secure data communication between the client and the server.
In this post we will wrap existing APIs to do that: JSAES
JSAES:
jsaes is a compact JavaScript implementation of the AES block cipher. Key lengths of 128, 192 and 256 bits are supported.
jsaes is free software, written in 2006 by B. Poettering. The code is licensed under the GNU GPL. The well-functioning of the encryption/decryption routines has been verified for different key lengths with the test vectors given in FIPS-197, Appendix C.
URL:
http://point-at-infinity.org/jsaes/
Download URL:
http://point-at-infinity.org/jsaes/jsaes.js
Our Wrapper code: jsaes_wrapper.js
function init(myKey){
AES_Init();
var key = string2Bin(myKey);
AES_ExpandKey(key);
return key;
}
function encrypt ( inputStr,key ) {
var block = string2Bin(inputStr);
AES_Encrypt(block, key);
var data=bin2String(block);
return data;
}
function decrypt ( inputStr,key ) {
block = string2Bin(inputStr);
AES_Decrypt(block, key);
var data=bin2String(block);
return data;
}
function encryptLongString ( myString,key ) {
if(myString.length>16){
var data='';
for(var i=0;i<myString.length;i=i+16){
data+=encrypt(myString.substr(i,16),key);
}
return data;
}else{
return encrypt(myString,key);
}
}
function decryptLongString ( myString,key ) {
if(myString.length>16){
var data='';
for(var i=0;i<myString.length;i=i+16){
data+=decrypt(myString.substr(i,16),key);
}
return data;
}else{
return decrypt(myString,key);
}
}
function finish(){
AES_Done();
}
function bin2String(array) {
var result = "";
for (var i = 0; i < array.length; i++) {
result += String.fromCharCode(parseInt(array[i], 2));
}
return result;
}
function string2Bin(str) {
var result = [];
for (var i = 0; i < str.length; i++) {
result.push(str.charCodeAt(i));
}
return result;
}
function bin2String(array) {
return String.fromCharCode.apply(String, array);
}
Usage:
This wrapper is adjusted to use key with 16 bytes length.
<html>
<head>
<meta charset="utf-8">
<title>Encryption Example</title>
<script src="jsaes.js"></script>
<script src="jsaes_wrapper.js"></script>
<script>
usedKey="World678World678";
myStr="Osama Oransa2012Osama Oransa2011RashaOsama Oransa2012Osama Oransa2011RashaOsama Oransa2012Osama Oransa2011RashaOsama Oransa2012Osama Oransa2011Rasha";
alert(myStr);
alert(usedKey);
var key=init(usedKey);
alert(key);
encrypted=encryptLongString(myStr,key);
alert('after encrypt='+encrypted);
decrypted=decryptLongString(encrypted,key);
alert('after decrypt='+decrypted);
finish();
</script>
</head>
<body>
</body>
</html>
It's really good but in case secure transmition of the data. but the fact that the SSL actually encrypts and signs the complete channel between the client and the server -Specially in the mutual type- and in this case the scripts (Javascript, applets, .. ) also considered a signed code which means that they are not altered.
ReplyDeleteThanks for this nice topic keep moving forward.
very goooooooooooooooood post
ReplyDeleteHello Osama, how can I make the IV of the encription are the current date and time?
ReplyDeleteYou may check the library code to do such change.
Delete