9

I have used Stanford Javascript Crypto Library (SJCL) for symmetric AES encryption (based on the examples on their demo page). However I have an additional requirement to generate a key pair, encrypt data with a public key, and decrypt data with a private key. Some of the class names suggest this might be possible in SJCL, but I was wondering if anyone could help with an example of how it's done. I'm not concerned at this stage with private key storage, just the in-memory generation and use of a public/private key pair.

If it isn't possible, I'd be interested in recommendations for an alternative library that will cover both AES and public key cryptography - but I'm aware this is something I could research myself! So mainly I'm curious to know if the library I have started using can cover all my needs or whether I need to look into an alternative.

jww
  • 97,681
  • 90
  • 411
  • 885
waifnstray
  • 547
  • 5
  • 6
  • 3
    In general just generating a public/private key pair is not that useful. The problem is that you need to establish trust on the public key. This question is very close to being off topic as asking for sample code or library is considered off topic (show what you've tried yourself, your search engine is as good as ours). – Maarten Bodewes Feb 11 '14 at 12:30
  • Relevant article: http://blogs.msdn.com/b/ericlippert/archive/2011/09/27/keep-it-secret-keep-it-safe.aspx – ntoskrnl Feb 11 '14 at 14:22

3 Answers3

8

In fact it is possible to implement private/public encryption using the ECC module. If you are a pro you can check the api documentation at http://bitwiseshiftleft.github.io/sjcl/doc/.

If you want an example of how its done, you can go through

http://justinthomas.pro/crypto/test.html http://justinthomas.pro/crypto/ repository url

You can see the SJCL ECC implementation in action here (key generation included)

Also this might be helpful https://github.com/bitwiseshiftleft/sjcl/issues/134

P.S. Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. 256-bit ECC public key should provide comparable security to a 3072-bit RSA public key http://en.wikipedia.org/wiki/Elliptic_curve_cryptography

edocabhi
  • 137
  • 1
  • 11
3

Looks like they recently released this (about a year after your initial post) but it gives a tutorial of how to do asymetric crypto

https://github.com/bitwiseshiftleft/sjcl/wiki/Asymmetric-Crypto

A F
  • 7,424
  • 8
  • 40
  • 52
-4

According to Symmetric Cryptography in Javascript, there's no mention of public key cryptography. So it does not appear to be supported.

There are probably some fractured solutions available, but I don't know any off the top of my head. Github seems to have some choices: javascript public key crypto site:github.com.

The WebCrypto Working Group is working on the problem right now. It will have provisioning, key generation, key storage and some public key operations, like seal and sign. The first revision will not have a rich offering of Diffie-Hellman or primitive like BigIntger. See, for example, Question on BigInteger operations.

jww
  • 97,681
  • 90
  • 411
  • 885
  • To quote something I read elsewhere: [Your answer is in another castle: when is an answer not an answer?](https://meta.stackexchange.com/questions/225370/your-answer-is-in-another-castle-when-is-an-answer-not-an-answer) and [Are link-only answers poor practice?](https://meta.stackexchange.com/questions/65277/are-link-only-answers-poor-practice) – Eli Burke Apr 28 '17 at 16:41