RSA encryption in JavaScript with available modulus - javascript

I have some Java code that sends the public exponent and modulus (very, very long integer) via json to the javascript.
I need to apply RSA encryption on a text field (password) using these values in JavaScript.
I have tried many available things on net but no success yet. And I don't have SSL in the application.
Can someone please help me on this? Some sample/exact code will be a blessing.

Have you checked out http://code.google.com/p/jscryptolib/ ?
Alternatively there is another implementation here: http://www-cs-students.stanford.edu/~tjw/jsbn/
You can find a demo of the second implementation here: http://www-cs-students.stanford.edu/~tjw/jsbn/rsa.html - just view source to see how it's used

Related

Is it safe to pass Google datastore keys to javascript as integers

I have some concerns about the autogenerated datastore keys.
The documentation claims that the result is a 64-bit integer. And for the REST API Google uses a string type to send the key.
From the other hand, Chris Ramsdale, Product Manager says that
These IDs are large, well-distributed integers, but are guaranteed to be small enough to be completely represented as 64-bit floats so they can be stored as Javascript numbers or JSON.
But Chris made this post in 2013.
So I am confused by this discrepancy. Has anyone had any issues with representing autogenerated datastore IDs with JavaScript numbers?
Because otherwise, it is going to be pretty difficult to do the conversion in all HTTP handlers, both for parsing requests and returning responses.
Thank you!
It is possible to manually assign the key ids, so even if GAE never generates ones javascript can't represent, it might be possible for it to be created another way. Best be safe and use strings.

Cross code Hash for Javascript & Python

NO. THAT SUGGESTION DOES NOT ANSWER THIS AT ALL. SEE CORRECT ANSWER BELOW.
I am building an application whereby I want a user to enter a password into a browser, which is sent via my server to another device running Python. The password then needs to be validated by the device running Python.
The problem is, I dont want my server handling passwords in any way. So I figured I could hash the password in the browser before it is sent, have the server pass on the hash to the device, then check the hash is equivalent on the Python side.
Python has a built-in library for this purpose, but it seems javascript does not. I thought I could leverage a public javascript library, but when I compare the results from the javascript SHA256 algorithm here to what the SHA256 function in Python produces it is not the same string of characters.
Is there a cross code hash function (or any other solution) I can use?
An Update
In response to a "gee whiz, this question is the same as all these ones" let me clarify. This is not about a strategy for storing passwords or finding a 'trustworthy' library (like the post suggested). There is NOT any discussion about cross code compatibility of SHA2 on this site. I could not even find a discussion that pointed out that different SHA2 implementations SHOULD produce the same result. I did plenty of research. In fact it was the various discussions about different javascript "implementations" of SHA2 that confused me. I actually tested a scenario myself, which further confused me as the website picked up a carriage return and produced a different hash. (see below)
This is about having a function in TWO languages that produces the same output...on different devices. I think it is actually an unusual application of hashing, as generally the same code layer is used to hash, store and compare hashed values.
In the rush to down-vote the question and establish mental superiority it seems to me the question was not read properly and incorrect assumptions were made. Hopefully contributors to this site will in future take a more considered and helpful approach like the successful answer.
The link for the javascript library I provided produced the following hash for the text 'MyPassword'
5e618e009fe35ea092150ad1f2c24e3181b4cf6693dc7bbd9a09ea9c8144720d
If I use the sha256 function from Python I get the result below, which seems to indicate to me that not all SHA256 functions are equal and produce the same result.
All proper implementations of SHA256 (or any hash/encryption) produce the same result if supplied with the same data. Your problem is solved by properly processing the data that you supply to the javascript library. The "5e61..." hash is a result of additional newline appended to the end of the "MyPassword" string, look:
In [1]: import hashlib
In [2]: hashlib.sha256(b'MyPassword').hexdigest()
Out[2]: 'dc1e7c03e162397b355b6f1c895dfdf3790d98c10b920c55e91272b8eecada2a'
In [3]: hashlib.sha256(b'MyPassword\n').hexdigest()
Out[3]: '5e618e009fe35ea092150ad1f2c24e3181b4cf6693dc7bbd9a09ea9c8144720d'
For the future, popular implementations of hashes and cryptographic algorithms are thoroughly tested, and if the answer seems wrong - it's probably because your data is wrong.

RSA key pair encryption/decryption between Ruby and JavaScript?

I've been working on something that encrypts a piece of data in Ruby using OpenSSL and decrypts the data in JavaScript using the JavaScript Forge library.
The (unsecure, but this is for research only) method of distributing the keys works fine, i.e., I can generate the keys in Ruby and put them into PEM format, pass the PEM to JavaScript and recover a working key in JavaScript, however encrypting the same string using the same key gives two different results, so encoding/decoding between the two obviously don't work.
Is there a good way of doing this?
The other problem is that passing a binary data string from Ruby to JavaScript without getting an incompatible type error requires some sort of conversion, for example, converting the encrypted data to hex, but working with this kind of information in the forge library is proving difficult.
I actually solved my own problem, in my original question
I just wasn't doing it right
For future reference, if you are using the ruby openssl RSA encryption and want to pass it to javascript, I recommend using the https://github.com/digitalbazaar/forge library for the JS side,
second, convert encrypted strings to hex using .unpack('H*')
Forge PKI library has a .hexToBytes() function, you can then use the forge .decrypt method and get back what you started

How to hash string in java script?

I need to hash a password in java script.i google it for days and find some articles but i could not understand the point.
can any one help me up on this please??
Javascript doesn't have a native function to hash strings.
http://pajhome.org.uk/crypt/md5/md5.html is a function someone has written to produce an md5.
Copy the code from here http://pajhome.org.uk/crypt/md5/md5.html into your javascript, then run hex_md5(s) where s is the text you want hashed.
You can use remakes of PHP's md5() and sha1() functions in javascript.
sha1 - http://phpjs.org/functions/sha1:512
md5 - http://phpjs.org/functions/md5:469
In my opinion, the safest way to do this is to send the password using ajax to a php or aspx-script and hashing it there. People will always, always be able to read your js-code, hence, they can crack the hashing algorithm, or simply mimic it.

Using <keygen> to get an RSA key for use with javascript?

I need an RSA key pair for my web project and while there are some libraries I think it would be a good idea to rely on the browser (for security and speed) to generate the key for me. Is it possible to use keygen or something an other browser API to do so? I don't know how to get the keys from keygen. They seem to be generated on submit, but I don't want to send them to the server.
What you are probably looking for is something like Mozilla's DOMCrypt API proposal. It allows you to generate a key pair via window.mozCrypto.pk.generateKeypair() (window.mozCrypto is supposed to change into window.crypto later), you can get the public key and also encrypt or decrypt text with the private key. It will still not grant you direct access to the private key however, you only get a key ID.
Unfortunately, this API isn't supported by any browser yet. There is only a Firefox extension that can be used to test it, so that proposal is still in a very early stage. But I think that's the best you can get at this point.
I found this site, talking about generating RSA keys within the browser
There is a SSL-like protocol implemented in JavaScript : aSSL.
It uses a RSA algorithm for cryptography you could use their Keys generator.
Let's just say this is a scary idea due to the possibility of injecting code that steals the private key.

Categories