• Stars
    star
    139
  • Rank 262,954 (Top 6 %)
  • Language
    TypeScript
  • License
    MIT License
  • Created over 6 years ago
  • Updated 11 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

JavaScript cryptographic utilities for crypto-suite compatibility including PEM/X509/JWK converter.

jscu: A Universal Cryptographic Library for JavaScript

--

CircleCI codecov Maintainability License: MIT

WARNING: At this time this solution should be considered suitable for research and experimentation, further code and security review is needed before utilization in a production application.

NOTE: This repository is a monorepo of a universal cryptographic library for JavaScript called js-crypto-utils (jscu), which is designed to work in most modern browsers and Node.js. A detailed explanation would be given in each package repository. The root package is given here (in develop branch).

Terminated to support MS IE11 and released v1.0 (Sep. 30, 2020).

Introduction and overview of this monorepo

This project called jscu is being developed to provide unified cryptographic APIs for browsers and Node.js. There currently exist various sophisticated cryptographic suites for JavaScript that are implemented as native functions, e.g., WebCrypto API and crypto in Node.js. However, they have different interfaces and are NOT supported on all platforms. For instance, FireFox cannot be fed PKCS8-formatted private key in WebCrypto API but Chrome does. On the other hand, such suites have not been designed to keep compatibility with existing non-Web cryptographic suites like OpenSSL. This can be seen from the fact that WebCrypto API does not support PEM-formatted keys. Hence we (actually I!) need to write ugly codes to enable apps to work in various environments. From this observation, we aim that this library provides support functions to fill such gaps among JS cryptographic suites and that between JavaScript and other popular crypto suites.

In particular, this library provides unified APIs of the following cryptographic functions that work in most modern browsers and Node.js.

  • ECDSA signing, verification, key generation (P-256/P-384/P-521/P-256K)
  • RSA-PSS/RSASSA-PKCS1-v1_5 signing, verification, key generation.
  • Encryption using ECDH and HKDF.
  • Encryption using RSA-OAEP.
  • Public/private key format conversion between JWK and PEM/DER (SPKI for public/PKCS8 for private)
  • Generation of JWK Thumbprint
  • Generation of X.509 public key certificate from JWK and extraction of JWK public key from X.509 public key certificate.

Additionally, this library provides random, hash, AES, HMAC, HKDF, and PBKDF functions. This implies the jscu is composed of several subpackages and can be seen as a cryptographic suite like openpgpjs. The root package, js-crypto-utils, of the suite and its subpackages are listed as follows.

  • crypto-utils: Root cryptographic package providing unified APIs.
  • x509-utils: Subpackage handling X509 certificates.
  • key-utils: Subpackage handling various key formats like PEM, DER, and JWK.
  • ec: Subpackage providing naive encryption and signing of elliptic curve cryptography.
  • rsa: Subpackage providing naive encryption and signing of RSA cryptography.
  • aes: Subpackage for AES encryption.
  • random: Subpackage for the cryptographic random generator.
  • hash: Subpackage providing hash functions including SHA-2 and SHA-3.
  • hkdf: Subpackage providing hash-based key derivation function.
  • pbkdf: Subpackage providing password-based key derivation function 1 and 2.
  • hmac: Subpackage providing hash-based message authentication code.

The structure of the package is described in the README.md of the root package, and hence we should start from there. But we can use various cryptographic functions not only via the root package, js-crypto-utils, but also by directly importing subpackages of intended functions. We should refer to README.md of each subpackage for its detailed usage.

For developers and contributors

Using npm package is the simplest way to fully leverage jscu functions. Considering you fork, develop, and update jscu packages themselves, i.e., as developers and contributors, usage of this monorepo and procedures for NPM deployment are summarized as follows.

  • This monorepo is managed via Yarn Workspace and Lerna. After cloning this Git repo, just do yarn install at the root of the cloned folder. Then the setup is all done.
  • Versioning pattern of each package is completely independent, but the version of this Git repository specified in the root package.json is tied with the root package, i.e., packages/js-crypto-utils. The name of root package is also given in the root package.json.
  • Deployment of packages to NPM must be done through CircleCI, and the deployment operation is only triggered by tags associated with Git repo version. Any commits to any branch and any tags of individual package versions won't kick the deployment mechanism. The versioning and tagging would be done through the following combination of GitFlow and Lerna procedures.
    1. First execute yarn flow:version and bump a version of each package that has been modified on develop branch. Here we note that for each updated package, the updated tag would be committed (not pushed), and hence we should almost finalize the release operation at least for each package. This simultaneously update the repo version specified in the root package.json without committing.
    2. Add final changes for release at the level of GitHub repo. Then, commit changes and then execute yarn release:start to start the release process on a release branch. Here we note the release version will be the updated Git repo version.
    3. To finalize the release operation, execute yarn release:finish to merge the release branch to master, and then merge master to develop. It will also tag the master branch with the updated Git repo version, i.e., the root package (packages/js-crypto-utils) version.
    4. Execute yarn release:push and push all branches and the generated tag of Git repo version to GitHub.

Contributing

jscu is free, open-source software licensed under MIT License.

You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository.

Contributors are more than welcome!

Documentation

The jscu documentation is a dynamically generated site from this monorepo via esdoc. You can submit pull requests to 'docs' of this monorepo for document updates.

More Repositories

1

rust-rpxy

[WIP] A simple and ultrafast http reverse proxy serving multiple domain names and terminating TLS over http/1.1, 2 and 3, written in Rust
Rust
150
star
2

dnscrypt-proxy-modns

Fork of dnscrypt-proxy to implement a multiple-relay-based DNS anonymization protocol (mu-ODNS)
Go
29
star
3

lecture-security_engineering

Slide decks and sample codes for a lecture of "Security Engineering", which are composed in terms of how to choose and deploy appropriate standardization security technologies in information systems.
Rust
25
star
4

doh-auth-proxy

Local DNS proxy for DNS over HTTPS (DoH), Oblivious DoH (ODoH) and Multiple-relay-based ODoH extension (Mutualized ODoH; MODoH), which additionally supports domain-based filtering and proxy/resolver authentication
Rust
19
star
5

encrypted-dns-server-modns

Fork of encrypted-dns-server to implement a multiple-relay-based DNS anonymization protocol (mu-ODNS)
Rust
10
star
6

rust-gd

An Implementation of Generalized Deduplication, written in Rust
Rust
10
star
7

PySSS

Secret sharing scheme on Python
Python
7
star
8

js-aws-signature-v4

TypeScript Implementation of AWS Signature Version 4
JavaScript
6
star
9

experimental-resolvers

Experimental resolvers of DNSCrypt v2 and relays of PoC μODNS
5
star
10

rust-token-server

REST API server to handle JSON Web Token (as an OIDC authentication server), written in Rust
Rust
5
star
11

cascade

An encryption and signing library for x-brid encryption via several crypto suites
JavaScript
4
star
12

jseu

Miscellaneous Encoding Utilities for Crypto-related Objects in JavaScript
TypeScript
2
star
13

js_project_skeleton

Project Skeleton for JavaScript 'Universal' Library Development for Node.js and Browsers
JavaScript
2
star
14

class-fido2_webauthn

FIDO2 WebAuthnの解説資料とサンプルコード
TeX
2
star
15

class-e2e_security_js

株式会社ゼタント「JavaScriptを使って学ぶEnd-to-Endセキュリティ」という勉強会のサンプルコードとスライド
TeX
2
star
16

s2n-quic-h3-examples

Example implementations of s2n-quic for testing
Rust
2
star
17

js-crypto-key-utils

Marged to monorepo
JavaScript
2
star
18

js-crypto-rsa

Marged to monorepo
JavaScript
1
star
19

js-x509-utils

Marged to monorepo
JavaScript
1
star
20

rust-ordered_channel_experiment

Rust
1
star
21

junkurihara.github.io

Jun Kurihara (栗原 淳)
TeX
1
star
22

python-check_certchain

A sample code to check a certificate chain for a host, written in Python
Python
1
star