UNPKG

jsencrypt/README.md

Version:

7.33 kBMarkdownView Raw

1Website
2======================
3http://travistidwell.com/jsencrypt
4
5Introduction
6======================
7When browsing the internet looking for a good solution to RSA Javascript
8encryption, there is a whole slew of libraries that basically take the fantastic
9work done by Tom Wu @ http://www-cs-students.stanford.edu/~tjw/jsbn/ and then
10modify that code to do what they want.
11
12What I couldn't find, however, was a simple wrapper around this library that
13basically uses the library <a href="https://github.com/travist/jsencrypt/pull/6">practically</a> untouched, but adds a wrapper to provide parsing of
14actual Private and Public key-pairs generated with OpenSSL.
15
16This library is the result of these efforts.
17
18How to use this library.
19=======================
20This library should work hand-in-hand with openssl.  With that said, here is how to use this library.
21
22 - Within your terminal (Unix based OS) type the following.
23
24```
25openssl genrsa -out rsa_1024_priv.pem 1024
26```
27
28 - This generates a private key, which you can see by doing the following...
29
30```
31cat rsa_1024_priv.pem
32```
33
34 - You can then copy and paste this in the Private Key section of within index.html.
35 - Next, you can then get the public key by executing the following command.
36
37```
38openssl rsa -pubout -in rsa_1024_priv.pem -out rsa_1024_pub.pem
39```
40
41 - You can see the public key by typing...
42
43```
44cat rsa_1024_pub.pem
45```
46
47 - Now copy and paste this in the Public key within the index.html.
48 - Now you can then convert to and from encrypted text by doing the following in code.
49
50
51```html
52<!doctype html>
53<html>
54  <head>
55    <title>JavaScript RSA Encryption</title>
56    <script src="http://code.jquery.com/jquery-1.8.3.min.js"></script>
57    <script src="bin/jsencrypt.min.js"></script>
58    <script type="text/javascript">
59
60      // Call this code when the page is done loading.
61      $(function() {
62
63        // Run a quick encryption/decryption when they click.
64        $('#testme').click(function() {
65
66          // Encrypt with the public key...
67          var encrypt = new JSEncrypt();
68          encrypt.setPublicKey($('#pubkey').val());
69          var encrypted = encrypt.encrypt($('#input').val());
70
71          // Decrypt with the private key...
72          var decrypt = new JSEncrypt();
73          decrypt.setPrivateKey($('#privkey').val());
74          var uncrypted = decrypt.decrypt(encrypted);
75
76          // Now a simple check to see if the round-trip worked.
77          if (uncrypted == $('#input').val()) {
78            alert('It works!!!');
79          }
80          else {
81            alert('Something went wrong....');
82          }
83        });
84      });
85    </script>
86  </head>
87  <body>
88    <label for="privkey">Private Key</label><br/>
89    <textarea id="privkey" rows="15" cols="65">-----BEGIN RSA PRIVATE KEY-----
90MIICXQIBAAKBgQDlOJu6TyygqxfWT7eLtGDwajtNFOb9I5XRb6khyfD1Yt3YiCgQ
91WMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76xFxdU6jE0NQ+Z+zEdhUTooNR
92aY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4gwQco1KRMDSmXSMkDwIDAQAB
93AoGAfY9LpnuWK5Bs50UVep5c93SJdUi82u7yMx4iHFMc/Z2hfenfYEzu+57fI4fv
94xTQ//5DbzRR/XKb8ulNv6+CHyPF31xk7YOBfkGI8qjLoq06V+FyBfDSwL8KbLyeH
95m7KUZnLNQbk8yGLzB3iYKkRHlmUanQGaNMIJziWOkN+N9dECQQD0ONYRNZeuM8zd
968XJTSdcIX4a3gy3GGCJxOzv16XHxD03GW6UNLmfPwenKu+cdrQeaqEixrCejXdAF
97z/7+BSMpAkEA8EaSOeP5Xr3ZrbiKzi6TGMwHMvC7HdJxaBJbVRfApFrE0/mPwmP5
98rN7QwjrMY+0+AbXcm8mRQyQ1+IGEembsdwJBAN6az8Rv7QnD/YBvi52POIlRSSIM
99V7SwWvSK4WSMnGb1ZBbhgdg57DXaspcwHsFV7hByQ5BvMtIduHcT14ECfcECQATe
100aTgjFnqE/lQ22Rk0eGaYO80cc643BXVGafNfd9fcvwBMnk0iGX0XRsOozVt5Azil
101psLBYuApa66NcVHJpCECQQDTjI2AQhFc1yRnCU/YgDnSpJVm1nASoRUnU8Jfm3Oz
102uku7JUXcVpt08DFSceCEX9unCuMcT72rAQlLpdZir876
103-----END RSA PRIVATE KEY-----</textarea><br/>
104    <label for="pubkey">Public Key</label><br/>
105    <textarea id="pubkey" rows="15" cols="65">-----BEGIN PUBLIC KEY-----
106MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlOJu6TyygqxfWT7eLtGDwajtN
107FOb9I5XRb6khyfD1Yt3YiCgQWMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76
108xFxdU6jE0NQ+Z+zEdhUTooNRaY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4
109gwQco1KRMDSmXSMkDwIDAQAB
110-----END PUBLIC KEY-----</textarea><br/>
111    <label for="input">Text to encrypt:</label><br/>
112    <textarea id="input" name="input" type="text" rows=4 cols=70>This is a test!</textarea><br/>
113    <input id="testme" type="button" value="Test Me!!!" /><br/>
114  </body>
115</html>
116```
117
118 - Look at how http://www.travistidwell.com/jsencrypt/demo works to get a better idea.
119
120 - Signing and verification works in a similar way.
121
122```javascript
123// Sign with the private key...
124var sign = new JSEncrypt();
125sign.setPrivateKey($('#privkey').val());
126var signature = sign.sign($('#input').val(), CryptoJS.SHA256, "sha256");
127
128// Verify with the public key...
129var verify = new JSEncrypt();
130verify.setPublicKey($('#pubkey').val());
131var verified = verify.verify($('#input').val(), signature, CryptoJS.SHA256);
132
133// Now a simple check to see if the round-trip worked.
134if (verified) {
135  alert('It works!!!');
136}
137else {
138  alert('Something went wrong....');
139}
140```
141
142- Note that you have to provide the hash function. In this example we use one from the [CryptoJS](https://github.com/brix/crypto-js) library, but you can use whichever you want.
143- Also, unless you use a custom hash function, you should provide the hash type to the `sign` method. Possible values are: `md2`, `md5`, `sha1`, `sha224`, `sha256`, `sha384`, `sha512`, `ripemd160`.
144
145Other Information
146========================
147
148This library heavily utilizes the wonderful work of Tom Wu found at http://www-cs-students.stanford.edu/~tjw/jsbn/.
149
150This jsbn library was written using the raw variables to perform encryption.  This is great for encryption, but most private keys use a Private Key in the PEM format seen below.
151
1521024 bit RSA Private Key in Base64 Format
153-----------------------------------------
154```
155-----BEGIN RSA PRIVATE KEY-----
156MIICXgIBAAKBgQDHikastc8+I81zCg/qWW8dMr8mqvXQ3qbPAmu0RjxoZVI47tvs
157kYlFAXOf0sPrhO2nUuooJngnHV0639iTTEYG1vckNaW2R6U5QTdQ5Rq5u+uV3pMk
1587w7Vs4n3urQ6jnqt2rTXbC1DNa/PFeAZatbf7ffBBy0IGO0zc128IshYcwIDAQAB
159AoGBALTNl2JxTvq4SDW/3VH0fZkQXWH1MM10oeMbB2qO5beWb11FGaOO77nGKfWc
160bYgfp5Ogrql4yhBvLAXnxH8bcqqwORtFhlyV68U1y4R+8WxDNh0aevxH8hRS/1X5
161031DJm1JlU0E+vStiktN0tC3ebH5hE+1OxbIHSZ+WOWLYX7JAkEA5uigRgKp8ScG
162auUijvdOLZIhHWq7y5Wz+nOHUuDw8P7wOTKU34QJAoWEe771p9Pf/GTA/kr0BQnP
163QvWUDxGzJwJBAN05C6krwPeryFKrKtjOGJIniIoY72wRnoNcdEEs3HDRhf48YWFo
164riRbZylzzzNFy/gmzT6XJQTfktGqq+FZD9UCQGIJaGrxHJgfmpDuAhMzGsUsYtTr
165iRox0D1Iqa7dhE693t5aBG010OF6MLqdZA1CXrn5SRtuVVaCSLZEL/2J5UcCQQDA
166d3MXucNnN4NPuS/L9HMYJWD7lPoosaORcgyK77bSSNgk+u9WSjbH1uYIAIPSffUZ
167bti+jc1dUg5wb+aeZlgJAkEAurrpmpqj5vg087ZngKfFGR5rozDiTsK5DceTV97K
168a3Y+Nzl+XWTxDBWk4YPh2ZlKv402hZEfWBYxUDn5ZkH/bw==
169-----END RSA PRIVATE KEY-----
170```
171
172This library simply takes keys in the following format, and translates it to those variables needed to perform the encryptions used in Tom Wu's library.
173
174Here are some good resources to investigate further.
175 - http://etherhack.co.uk/asymmetric/docs/rsa_key_breakdown.html
176 - http://www.di-mgt.com.au/rsa_alg.html
177 - https://polarssl.org/kb/cryptography/asn1-key-structures-in-der-and-pem
178
179With this information, we can translate a private key format to the variables
180required with the jsbn library from Tom Wu by using the following mappings.
181
182```
183modulus => n
184public exponent => e
185private exponent => d
186prime1 => p
187prime2 => q
188exponent1 => dmp1
189exponent2 => dmq1
190coefficient => coeff
191```
192

1	`Website`
2	`======================`
3	`http://travistidwell.com/jsencrypt`
4
5	`Introduction`
6	`======================`
7	`When browsing the internet looking for a good solution to RSA Javascript`
8	`encryption, there is a whole slew of libraries that basically take the fantastic`
9	`work done by Tom Wu @ http://www-cs-students.stanford.edu/~tjw/jsbn/ and then`
10	`modify that code to do what they want.`
11
12	`What I couldn't find, however, was a simple wrapper around this library that`
13	`basically uses the library <a href="https://github.com/travist/jsencrypt/pull/6">practically</a> untouched, but adds a wrapper to provide parsing of`
14	`actual Private and Public key-pairs generated with OpenSSL.`
15
16	`This library is the result of these efforts.`
17
18	`How to use this library.`
19	`=======================`
20	`This library should work hand-in-hand with openssl. With that said, here is how to use this library.`
21
22	`- Within your terminal (Unix based OS) type the following.`
23
24	```
25	`openssl genrsa -out rsa_1024_priv.pem 1024`
26	```
27
28	`- This generates a private key, which you can see by doing the following...`
29
30	```
31	`cat rsa_1024_priv.pem`
32	```
33
34	`- You can then copy and paste this in the Private Key section of within index.html.`
35	`- Next, you can then get the public key by executing the following command.`
36
37	```
38	`openssl rsa -pubout -in rsa_1024_priv.pem -out rsa_1024_pub.pem`
39	```
40
41	`- You can see the public key by typing...`
42
43	```
44	`cat rsa_1024_pub.pem`
45	```
46
47	`- Now copy and paste this in the Public key within the index.html.`
48	`- Now you can then convert to and from encrypted text by doing the following in code.`
49
50
51	```html
52	`<!doctype html>`
53	`<html>`
54	`<head>`
55	`<title>JavaScript RSA Encryption</title>`
56	`<script src="http://code.jquery.com/jquery-1.8.3.min.js"></script>`
57	`<script src="bin/jsencrypt.min.js"></script>`
58	`<script type="text/javascript">`
59
60	`// Call this code when the page is done loading.`
61	`$(function() {`
62
63	`// Run a quick encryption/decryption when they click.`
64	`$('#testme').click(function() {`
65
66	`// Encrypt with the public key...`
67	`var encrypt = new JSEncrypt();`
68	`encrypt.setPublicKey($('#pubkey').val());`
69	`var encrypted = encrypt.encrypt($('#input').val());`
70
71	`// Decrypt with the private key...`
72	`var decrypt = new JSEncrypt();`
73	`decrypt.setPrivateKey($('#privkey').val());`
74	`var uncrypted = decrypt.decrypt(encrypted);`
75
76	`// Now a simple check to see if the round-trip worked.`
77	`if (uncrypted == $('#input').val()) {`
78	`alert('It works!!!');`
79	`}`
80	`else {`
81	`alert('Something went wrong....');`
82	`}`
83	`});`
84	`});`
85	`</script>`
86	`</head>`
87	`<body>`
88	`<label for="privkey">Private Key</label><br/>`
89	`<textarea id="privkey" rows="15" cols="65">-----BEGIN RSA PRIVATE KEY-----`
90	`MIICXQIBAAKBgQDlOJu6TyygqxfWT7eLtGDwajtNFOb9I5XRb6khyfD1Yt3YiCgQ`
91	`WMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76xFxdU6jE0NQ+Z+zEdhUTooNR`
92	`aY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4gwQco1KRMDSmXSMkDwIDAQAB`
93	`AoGAfY9LpnuWK5Bs50UVep5c93SJdUi82u7yMx4iHFMc/Z2hfenfYEzu+57fI4fv`
94	`xTQ//5DbzRR/XKb8ulNv6+CHyPF31xk7YOBfkGI8qjLoq06V+FyBfDSwL8KbLyeH`
95	`m7KUZnLNQbk8yGLzB3iYKkRHlmUanQGaNMIJziWOkN+N9dECQQD0ONYRNZeuM8zd`
96	`8XJTSdcIX4a3gy3GGCJxOzv16XHxD03GW6UNLmfPwenKu+cdrQeaqEixrCejXdAF`
97	`z/7+BSMpAkEA8EaSOeP5Xr3ZrbiKzi6TGMwHMvC7HdJxaBJbVRfApFrE0/mPwmP5`
98	`rN7QwjrMY+0+AbXcm8mRQyQ1+IGEembsdwJBAN6az8Rv7QnD/YBvi52POIlRSSIM`
99	`V7SwWvSK4WSMnGb1ZBbhgdg57DXaspcwHsFV7hByQ5BvMtIduHcT14ECfcECQATe`
100	`aTgjFnqE/lQ22Rk0eGaYO80cc643BXVGafNfd9fcvwBMnk0iGX0XRsOozVt5Azil`
101	`psLBYuApa66NcVHJpCECQQDTjI2AQhFc1yRnCU/YgDnSpJVm1nASoRUnU8Jfm3Oz`
102	`uku7JUXcVpt08DFSceCEX9unCuMcT72rAQlLpdZir876`
103	`-----END RSA PRIVATE KEY-----</textarea><br/>`
104	`<label for="pubkey">Public Key</label><br/>`
105	`<textarea id="pubkey" rows="15" cols="65">-----BEGIN PUBLIC KEY-----`
106	`MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlOJu6TyygqxfWT7eLtGDwajtN`
107	`FOb9I5XRb6khyfD1Yt3YiCgQWMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76`
108	`xFxdU6jE0NQ+Z+zEdhUTooNRaY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4`
109	`gwQco1KRMDSmXSMkDwIDAQAB`
110	`-----END PUBLIC KEY-----</textarea><br/>`
111	`<label for="input">Text to encrypt:</label><br/>`
112	`<textarea id="input" name="input" type="text" rows=4 cols=70>This is a test!</textarea><br/>`
113	`<input id="testme" type="button" value="Test Me!!!" /><br/>`
114	`</body>`
115	`</html>`
116	```
117
118	`- Look at how http://www.travistidwell.com/jsencrypt/demo works to get a better idea.`
119
120	`- Signing and verification works in a similar way.`
121
122	```javascript
123	`// Sign with the private key...`
124	`var sign = new JSEncrypt();`
125	`sign.setPrivateKey($('#privkey').val());`
126	`var signature = sign.sign($('#input').val(), CryptoJS.SHA256, "sha256");`
127
128	`// Verify with the public key...`
129	`var verify = new JSEncrypt();`
130	`verify.setPublicKey($('#pubkey').val());`
131	`var verified = verify.verify($('#input').val(), signature, CryptoJS.SHA256);`
132
133	`// Now a simple check to see if the round-trip worked.`
134	`if (verified) {`
135	`alert('It works!!!');`
136	`}`
137	`else {`
138	`alert('Something went wrong....');`
139	`}`
140	```
141
142	`- Note that you have to provide the hash function. In this example we use one from the [CryptoJS](https://github.com/brix/crypto-js) library, but you can use whichever you want.`
143	- Also, unless you use a custom hash function, you should provide the hash type to the `sign` method. Possible values are: `md2`, `md5`, `sha1`, `sha224`, `sha256`, `sha384`, `sha512`, `ripemd160`.
144
145	`Other Information`
146	`========================`
147
148	`This library heavily utilizes the wonderful work of Tom Wu found at http://www-cs-students.stanford.edu/~tjw/jsbn/.`
149
150	`This jsbn library was written using the raw variables to perform encryption. This is great for encryption, but most private keys use a Private Key in the PEM format seen below.`
151
152	`1024 bit RSA Private Key in Base64 Format`
153	`-----------------------------------------`
154	```
155	`-----BEGIN RSA PRIVATE KEY-----`
156	`MIICXgIBAAKBgQDHikastc8+I81zCg/qWW8dMr8mqvXQ3qbPAmu0RjxoZVI47tvs`
157	`kYlFAXOf0sPrhO2nUuooJngnHV0639iTTEYG1vckNaW2R6U5QTdQ5Rq5u+uV3pMk`
158	`7w7Vs4n3urQ6jnqt2rTXbC1DNa/PFeAZatbf7ffBBy0IGO0zc128IshYcwIDAQAB`
159	`AoGBALTNl2JxTvq4SDW/3VH0fZkQXWH1MM10oeMbB2qO5beWb11FGaOO77nGKfWc`
160	`bYgfp5Ogrql4yhBvLAXnxH8bcqqwORtFhlyV68U1y4R+8WxDNh0aevxH8hRS/1X5`
161	`031DJm1JlU0E+vStiktN0tC3ebH5hE+1OxbIHSZ+WOWLYX7JAkEA5uigRgKp8ScG`
162	`auUijvdOLZIhHWq7y5Wz+nOHUuDw8P7wOTKU34QJAoWEe771p9Pf/GTA/kr0BQnP`
163	`QvWUDxGzJwJBAN05C6krwPeryFKrKtjOGJIniIoY72wRnoNcdEEs3HDRhf48YWFo`
164	`riRbZylzzzNFy/gmzT6XJQTfktGqq+FZD9UCQGIJaGrxHJgfmpDuAhMzGsUsYtTr`
165	`iRox0D1Iqa7dhE693t5aBG010OF6MLqdZA1CXrn5SRtuVVaCSLZEL/2J5UcCQQDA`
166	`d3MXucNnN4NPuS/L9HMYJWD7lPoosaORcgyK77bSSNgk+u9WSjbH1uYIAIPSffUZ`
167	`bti+jc1dUg5wb+aeZlgJAkEAurrpmpqj5vg087ZngKfFGR5rozDiTsK5DceTV97K`
168	`a3Y+Nzl+XWTxDBWk4YPh2ZlKv402hZEfWBYxUDn5ZkH/bw==`
169	`-----END RSA PRIVATE KEY-----`
170	```
171
172	`This library simply takes keys in the following format, and translates it to those variables needed to perform the encryptions used in Tom Wu's library.`
173
174	`Here are some good resources to investigate further.`
175	`- http://etherhack.co.uk/asymmetric/docs/rsa_key_breakdown.html`
176	`- http://www.di-mgt.com.au/rsa_alg.html`
177	`- https://polarssl.org/kb/cryptography/asn1-key-structures-in-der-and-pem`
178
179	`With this information, we can translate a private key format to the variables`
180	`required with the jsbn library from Tom Wu by using the following mappings.`
181
182	```
183	`modulus => n`
184	`public exponent => e`
185	`private exponent => d`
186	`prime1 => p`
187	`prime2 => q`
188	`exponent1 => dmp1`
189	`exponent2 => dmq1`
190	`coefficient => coeff`
191	```
192