ECDSA algorithm in netsuite - javascript

How can i use ECDSA encryption algorithm with a private key to generate a digital signature in suitescript. Does netsuite support it and if not can i use it as an external library?
Thanks in advance

Since no one else has jumped in on this:
You should be able to do this in a script using the N/crypto/certificate module.
Basically you'd store your ECDSA cert under Setup/Company/Certificates
then you'd user certificate.createSigner with your cert id from above and the hash algorithm to use.
The Netsuite help form N/crypto/certificate has sample code

Related

Obfuscating the Crypto.JS passphrase?

I am using Crypto.js in a project, I would like to be able to protect the password by obfuscating it, can this be done with crypto.js?
On Node.JS
You'd be better off to consider the password a config variable and treat it the same way you treat your other sensitive info - the DB connection info for example.
I like this tutorial which shows how you can get different config values for different environments that your node app runs in.
CryptoJS is an encryption library. You can certainly store an encrypted passphrase and the key that was used to encrypt the passphrase beside it. I would call that obfuscation. It's a very weak type of obfuscation, but it is one.

Preventing Pubnub cipher key from being viewed

To enable message-level encrpytion in Pubnub, one would include the cipher key when instantiating PubNub on the client.
var pubnub = PUBNUB({
publish_key: 'my_pubkey',
subscribe_key: 'my_subkey',
cipher_key: 'my_cipherkey'
});
The PubNub docs then state:
Never let your cipher key be discovered, and be sure to only exchange it / deliver it securely. On JavaScript, this means explicitly don't allow anyone to View Source or View Generated Source or Debug to enable viewing your cipher key.
Exactly how would one completely obfuscate a cipher key in a web page? It is not possible to completely prevent someone from viewing the source, only make it inconvenient. Any encryption/decryption routines on the client can also be identified fairly easily.
What exactly is the suggested route we should take here?
I am not familiar with pubnub, but in cases similar to this, you can create a hash or some other reference that points to the secret on your server. So the hash is shared between client/server, and the server references the hash as your key.
You have not said what your server side language is, but there are a number of different hashing mechanisms available, SHA-1 or similar is recommended https://en.wikipedia.org/wiki/SHA-1
That's exactly the point: you cannot ever publish your cipher_key on the web under any circumstances. Websites may use their API given the other (public) keys, but the cipher_key must only be used from environments that are secure.

RSA key pair encryption/decryption between Ruby and JavaScript?

I've been working on something that encrypts a piece of data in Ruby using OpenSSL and decrypts the data in JavaScript using the JavaScript Forge library.
The (unsecure, but this is for research only) method of distributing the keys works fine, i.e., I can generate the keys in Ruby and put them into PEM format, pass the PEM to JavaScript and recover a working key in JavaScript, however encrypting the same string using the same key gives two different results, so encoding/decoding between the two obviously don't work.
Is there a good way of doing this?
The other problem is that passing a binary data string from Ruby to JavaScript without getting an incompatible type error requires some sort of conversion, for example, converting the encrypted data to hex, but working with this kind of information in the forge library is proving difficult.
I actually solved my own problem, in my original question
I just wasn't doing it right
For future reference, if you are using the ruby openssl RSA encryption and want to pass it to javascript, I recommend using the https://github.com/digitalbazaar/forge library for the JS side,
second, convert encrypted strings to hex using .unpack('H*')
Forge PKI library has a .hexToBytes() function, you can then use the forge .decrypt method and get back what you started

RSA encryption in JavaScript with available modulus

I have some Java code that sends the public exponent and modulus (very, very long integer) via json to the javascript.
I need to apply RSA encryption on a text field (password) using these values in JavaScript.
I have tried many available things on net but no success yet. And I don't have SSL in the application.
Can someone please help me on this? Some sample/exact code will be a blessing.
Have you checked out http://code.google.com/p/jscryptolib/ ?
Alternatively there is another implementation here: http://www-cs-students.stanford.edu/~tjw/jsbn/
You can find a demo of the second implementation here: http://www-cs-students.stanford.edu/~tjw/jsbn/rsa.html - just view source to see how it's used

Using <keygen> to get an RSA key for use with javascript?

I need an RSA key pair for my web project and while there are some libraries I think it would be a good idea to rely on the browser (for security and speed) to generate the key for me. Is it possible to use keygen or something an other browser API to do so? I don't know how to get the keys from keygen. They seem to be generated on submit, but I don't want to send them to the server.
What you are probably looking for is something like Mozilla's DOMCrypt API proposal. It allows you to generate a key pair via window.mozCrypto.pk.generateKeypair() (window.mozCrypto is supposed to change into window.crypto later), you can get the public key and also encrypt or decrypt text with the private key. It will still not grant you direct access to the private key however, you only get a key ID.
Unfortunately, this API isn't supported by any browser yet. There is only a Firefox extension that can be used to test it, so that proposal is still in a very early stage. But I think that's the best you can get at this point.
I found this site, talking about generating RSA keys within the browser
There is a SSL-like protocol implemented in JavaScript : aSSL.
It uses a RSA algorithm for cryptography you could use their Keys generator.
Let's just say this is a scary idea due to the possibility of injecting code that steals the private key.

Categories