[aerogear-dev] JavaScript Crypto

Kris Borchers kris at redhat.com
Mon Sep 23 13:40:26 EDT 2013


On Sep 20, 2013, at 10:05 AM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Good morning slackland, following with the plan I started a simple draft
> for JavaScript (https://github.com/abstractj/cryptoparty-js) we have
> several alternatives outside there the most popular are Crypto-js
> (https://code.google.com/p/crypto-js/) and the Stanford crypto library
> (http://crypto.stanford.edu/sjcl/).
> 
> Before I finish the whole implementation I have some questions:
> 
> - Currently crypto-js doesn't have support for GCM or ECC, but sjcl has.
> That's the reason why my choice was sjcl instead of crypto-js, but if
> you have another good alternative,  let me know.

+1 for sjcl if you think it offers everything we need
> 
> - Create wrappers or not? If you read the unit tests at first glance (at
> least for me) looks like is too much. Most part of developers are
> looking for security by default.

+1 I would like us to provide methods like encrypt or decrypt which use default values which we choose because we have researched and feel they are the best option for devs.
> My idea is not to hide the library, but
> provide a simple interface like:
> 
> Crypto crypto = new Crypto;
> ciphertext = crypto. encrypt("blah");
> crypto.decrypt(ciphertext);

I agree with this syntax in spirit but not execution. ;) JS doesn't have types like Crypto crypto, just var crypto. I would also prefer to follow the pattern we use in the rest of AeroGear.js to allow for instantiation without the use of the `new` keyword'. You can see the source of the other modules or ping me for details.
> 
> Advanced users looking for another kind of algorithm/implementation or
> whatever would still be able to make use of the plain and straight
> crypto library.

+1 and we should provide examples at least in the docs
> 
> - What is the best way to package this library? Bower?

If we're going to create some sort of wrapper object then it would just be part of AeroGear.js and by doing that would be packaged and available via Bower.
> 
> Thoughts?

Great start and great thoughts!
> 
> -- 
> abstractj
> 
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev




More information about the aerogear-dev mailing list