<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><br><div>Begin forwarded message:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, 1.0);"><b>From: </b></span><span style="font-family:'Helvetica'; font-size:medium;">Kris Borchers <<a href="mailto:kris@redhat.com">kris@redhat.com</a>><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, 1.0);"><b>Subject: </b></span><span style="font-family:'Helvetica'; font-size:medium;"><b>Re: [aerogear-dev] JavaScript Crypto</b><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, 1.0);"><b>Date: </b></span><span style="font-family:'Helvetica'; font-size:medium;">September 23, 2013 2:07:42 PM EDT<br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, 1.0);"><b>To: </b></span><span style="font-family:'Helvetica'; font-size:medium;">AeroGear Developer Mailing List <<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, 1.0);"><b>Reply-To: </b></span><span style="font-family:'Helvetica'; font-size:medium;">AeroGear Developer Mailing List <<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>><br></span></div><br><div><br>On Sep 23, 2013, at 1:04 PM, Lucas Holmquist <<a href="mailto:lholmqui@redhat.com">lholmqui@redhat.com</a>> wrote:<br><br><blockquote type="cite"><br>On Sep 23, 2013, at 2:01 PM, Kris Borchers <<a href="mailto:kris@redhat.com">kris@redhat.com</a>> wrote:<br><br><blockquote type="cite"><br>On Sep 23, 2013, at 12:40 PM, Kris Borchers <<a href="mailto:kris@redhat.com">kris@redhat.com</a>> wrote:<br><br><blockquote type="cite"><br>On Sep 20, 2013, at 10:05 AM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>> wrote:<br><br><blockquote type="cite">Good morning slackland, following with the plan I started a simple draft<br>for JavaScript (<a href="https://github.com/abstractj/cryptoparty-js">https://github.com/abstractj/cryptoparty-js</a>) we have<br>several alternatives outside there the most popular are Crypto-js<br>(<a href="https://code.google.com/p/crypto-js/">https://code.google.com/p/crypto-js/</a>) and the Stanford crypto library<br>(<a href="http://crypto.stanford.edu/sjcl/">http://crypto.stanford.edu/sjcl/</a>).<br><br>Before I finish the whole implementation I have some questions:<br><br>- Currently crypto-js doesn't have support for GCM or ECC, but sjcl has.<br>That's the reason why my choice was sjcl instead of crypto-js, but if<br>you have another good alternative, let me know.<br></blockquote><br>+1 for sjcl if you think it offers everything we need<br><blockquote type="cite"><br>- Create wrappers or not? If you read the unit tests at first glance (at<br>least for me) looks like is too much. Most part of developers are<br>looking for security by default.<br></blockquote><br>+1 I would like us to provide methods like encrypt or decrypt which use default values which we choose because we have researched and feel they are the best option for devs.<br><blockquote type="cite">My idea is not to hide the library, but<br>provide a simple interface like:<br><br>Crypto crypto = new Crypto;<br>ciphertext = crypto. encrypt("blah");<br>crypto.decrypt(ciphertext);<br></blockquote><br>I agree with this syntax in spirit but not execution. ;) JS doesn't have types like Crypto crypto, just var crypto. I would also prefer to follow the pattern we use in the rest of AeroGear.js to allow for instantiation without the use of the `new` keyword'. You can see the source of the other modules or ping me for details.<br></blockquote><br>Now that I think about it, if this is just for encryption and decryption, I think this would look better and be more user friendly in AeroGear.core. That way, a user doesn't even have to instantiate and object, they just use our shortcut methods to call into sjcl. For example:<br><br>AeroGear.encrypt("blah");<br>AeroGear.decrypt( cipherText );<br><br>Those should be really easy to implement too and that will keep the size of the library way down. :)<br></blockquote><br>that could be nice, but what if a user doesn't want those methods, i wonder if it would make sense to have a security.core or something, <br></blockquote><br>That would be fine. We could build it as a separate module that just gets tacked onto Core if they want it that way they can leave it and sjcl out if they don't want it.<br><blockquote type="cite"><br><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br>Advanced users looking for another kind of algorithm/implementation or<br>whatever would still be able to make use of the plain and straight<br>crypto library.<br></blockquote><br>+1 and we should provide examples at least in the docs<br><blockquote type="cite"><br>- What is the best way to package this library? Bower?<br></blockquote><br>If we're going to create some sort of wrapper object then it would just be part of AeroGear.js and by doing that would be packaged and available via Bower.<br><blockquote type="cite"><br>Thoughts?<br></blockquote><br>Great start and great thoughts!<br><blockquote type="cite"><br>-- <br>abstractj<br><br><br>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/aerogear-dev<br></blockquote><br><br>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/aerogear-dev<br></blockquote><br><br>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/aerogear-dev<br></blockquote><br><br>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/aerogear-dev<br></blockquote><br><br>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/aerogear-dev<br></div></blockquote></div><br></body></html>