Crypto-js by Jeff Mott
I’m currently working on an OAuth library for JavaScript environments like Adobe Integrated Runtime, Appcelerator Titanium or Palm WebOS. While that is not the point right now, it’s why I got into cryptography in JavaScript at all.
For OAuth, you always need some sort of signing method, mostly HMAC-SHA1 and many programming languages have build in implementations of these algorithms in their standard libraries. However, JavaScript does not. It has absolutely no cryptographic functions built in which doesn’t really matter when it’s used in the web browser context but will become important when developing full blown desktop applications that need to do authentication magic.
This is where crypto-js comes into play. It’s a really nice library that provides more cryptographic functions than you could dream of:
- MD5
- SHA-1
- SHA-256
- AES
- Rabbit
- MARC4
- HMAC
- HMAC-MD5
- HMAC-SHA1
- HMAC-SHA256
- PBKDF2
(as listed on the project website)
Additionally it offers some helper functions than are often required when working with hashes and cryptography on the web like fast Base64 and UTF8 encoding or decoding.
I’ve tried some other implementations before, like jsSHA for example, and I have to say that this is by far the most easy to use of them.
The Project is hosted on Google Code and available for download there, too. What I liked especially about this lib is that it’s completely modular. You only need to load the parts that you actually use in your application and there are even several single file bundles that contain sets of cryptographic functions that are often needed together. In case of OAuth, that would be the “crypto-sha1-hmac-pbkdf2.js” while PBKDF2 is not actually needed there. But hey, It’s pretty convenient to just include one file, isn’t it?
So maybe, if you are writing something cryptofabulistic in JavaScript, this will help you save a lot of time.
