Short Introduction to SJCL
The Stanford Javascript Crypto Library, or simply SJCL, is probably the best option available right now for using cryptography on the client-side: the project started in 2009 as a paper describing how to implement a secure and fast crypto library for web browsers, including, for instance, a CSPRNG algorithm and symmetric encryption. Today, it also has public-key crypto, hashing, and ECC primitives. It’s very small (just 37kb uncompressed w/ ECC), the code is pretty clean, and it’s being maintained by various contributors on GitHub. One of the biggest problems right now is the auto-generated documentation, which isn’t super helpful, but that’s not a big deal since you can always read the sources.
Let’s start with a very simple example using the convenience functions to easily encrypt and decrypt data (using AES):
1 2 |
|
That was pretty simple. Let’s try something different, like hashing a string using SHA-256:
1 2 3 |
|
SJCL has many ADTs. In this case myhash
is an array of 8 numbers (in js this is 64 bits floats) but it’s actually holding binary data (using just 32 bits for each number), so SJCL provides functions to convert, for example, from a binary array to a string in hexadecimal format.
For the next example, I would like to use some elliptic curve cryptography, but to do that we need to build SJCL first to enable this option:
1 2 3 4 |
|
Now with our custom sjcl.js
we can use the ECC primitives like DSA. So let’s sign the previous hash:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
|
Obviously we didn’t need to create a new public key object to verify the signature, but I wanted to show how to obtain the public point. Finally, here is how we can serialize the public key (a point in the curve) and the private key (the exponent):
1 2 3 4 5 6 7 8 9 |
|
There is a branch that already includes functions for serialization, so this method will be deprecated in the future.