问题
I am looking at the feasibility for using Chrome apps for the front end of some applications I am working on. (As an aside, if anyone has any thoughts on this - put it in the comments)
I would be using chrome.socket and would want the connections to be secure so will need RSA and AES encryption that will be compatible with as many backend technology implementations as possible (C#, Java, ...). What I mean by this is the different modes, key-lengths, implementation-specific details...
Now I have done a little searching myself and found https://code.google.com/p/crypto-js/ for AES encryption. Is this still the accepted library to use, or is there another?
...however, I couldn't find a library for RSA?
On the note of security, I don't foresee this being an issue as this is a Chrome extension,so the HTML/JavaScript is not being send over the internet, but is there any other security implication that I have missed?
回答1:
You could try using this:
Stanford Javascript Crypto Library: http://crypto.stanford.edu/sjcl/
SJCL is secure. It uses the industry-standard AES algorithm at 128, 192 or 256 bits; the SHA256 hash function; the HMAC authentication code; the PBKDF2 password strengthener; and the CCM and OCB authenticated-encryption modes.
Check the API here: http://bitwiseshiftleft.github.io/sjcl/doc/
Stanford also has a page showing RSA (among others) encryption in Javascript: http://www-cs-students.stanford.edu/~tjw/jsbn/
RSA and ECC in JavaScript:
The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.
They also state it is 100% interoperable with openssl and have instructions on how you can confirm this.
You could also try CryptoJS: https://code.google.com/p/crypto-js/
CryptoJS is a growing collection of standard and secure cryptographic algorithms implemented in JavaScript using best practices and patterns. They are fast, and they have a consistent and simple interface.
回答2:
It seems like you might prefer to have a full TLS implementation here. You should be able to wrap chrome.socket with a TLS wrapper using forge (a JavaScript implementation of TLS):
https://github.com/digitalbazaar/forge
回答3:
I'm pointing out some of my work I did for university, it's probably full of bugs and could be done in a better way. It's quite fast and works well with big keys. It's possible to use RSA with keys with n Bits.
Check the tests if you need to understand how it works. Any bug or improvement would be appreciated though.
Note, you might have to search a little because there is more than just RSA.
https://github.com/llacroix/rsa-js
来源:https://stackoverflow.com/questions/16383953/rsa-and-aes-encryption