Microsoft JavaScript Cryptography Library
Written by Alex Denham   
Thursday, 26 June 2014

A cryptography library developed by Microsoft Research has been released for researchers and developers.

The library is described as being under active development. It is intended for use with HTML-5 cloud services. The algorithms in the library are exposed using the W3C Web Cryptography interface. This is an API that lets you create secure web apps without the need for a secure connection using SSL or similar protocols.

The actions specified by the Web Cryptography API let you carry out the following:

  • Multi-factor authentication
  • Protected document exchange
  • Cloud storage
  • Document signing
  • Data integrity protection
  • Secure messaging

The functions in Microsoft’s JavaScript library have been tested against Internet Explorer 11’s implementation of the Web Cryptography interface, and Microsoft has also tested the library on other browsers, specifically IE8 upwards, Firefox, Chrome, Opera and Safari.

The cryptographic functions currently included in the library start with RSA PKCS#1 v1.5, OAEP, and PSS. AES-CBC and GCM are also supported. Secure Hash Standard (SHA) 256, 384 and 512 are supported, alongside HMAC with supported hash functions, PRNG (AES-CTR based) as specified by NIST, ECDH, ECDSA, and KDF (Concat mode).

The library includes big number integer arithmetic to support the cryptographic algorithms, and this element of the library is, according to Microsoft Research, likely to change in future releases. In its current form it supports unsigned big integer arithmetic with addition, subtraction, multiplication, division, reduction, inversion, GCD, extended Euclidean algorithm (EEA), Montgomery multiplication, and modular exponentiation.

Other elements in the library are utility functions such as endianness management and conversion routines.

There is currently some controversy about the usefulness of JavaScript cryptography. The argument goes that the browser is completely insecure and to perform secure encryption in it is asking for trouble. While it is true that attacking the browser is relatively easy JavaScript encryption still provides a level of protection one up from sending data in the clear and so it has some value. 

If you download the library, you get scripts, unit tests and some sample code, and a link to Web Cryptography section of the Internet Explorer Dev Center site, but no documentation.

 cryptocartoon2

More Information

W3C Web Cryptography API

Microsoft Research JavaScript Cryptography Library

Related Articles

Cryptol Version 2 Released

Stick Figure Guide To AES Encryption

First Draft Of Web Cryptography API        

Web Crypto APIs Work In Progress

 

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

Banner

Run WebAssembly Components Inside Node.js With Jco
28/03/2024

Jco 1.0 has been just announced by the Bytecode Alliance.It's a native JavaScript WebAssembly toolchain and runtime that runs Wasm components inside Node.js. Why is that useful?


+ Full Story
Open Platform For Enterprise AI Launched
18/04/2024

A new platform aimed at building and supporting an open artificial intelligence (AI) and data community has been launched.  The Open Platform for Enterprise AI (OPEA) was announced by The Linux F [ ... ]


+ Full Story
More News

 

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

 

 
Last Updated ( Thursday, 26 June 2014 )