[aerogear-dev] JavaScript Crypto

Lucas Holmquist lholmqui at redhat.com
Mon Sep 23 13:56:18 EDT 2013 

On Sep 23, 2013, at 1:40 PM, Kris Borchers <kris at redhat.com> wrote:

> 
> On Sep 20, 2013, at 10:05 AM, Bruno Oliveira <bruno at abstractj.org> wrote:
> 
>> Good morning slackland, following with the plan I started a simple draft
>> for JavaScript (https://github.com/abstractj/cryptoparty-js) we have
>> several alternatives outside there the most popular are Crypto-js
>> (https://code.google.com/p/crypto-js/) and the Stanford crypto library
>> (http://crypto.stanford.edu/sjcl/).
>> 
>> Before I finish the whole implementation I have some questions:
>> 
>> - Currently crypto-js doesn't have support for GCM or ECC, but sjcl has.
>> That's the reason why my choice was sjcl instead of crypto-js, but if
>> you have another good alternative,  let me know.
> 
> +1 for sjcl if you think it offers everything we need
>> 
>> - Create wrappers or not? If you read the unit tests at first glance (at
>> least for me) looks like is too much. Most part of developers are
>> looking for security by default.
> 
> +1 I would like us to provide methods like encrypt or decrypt which use default values which we choose because we have researched and feel they are the best option for devs.
>> My idea is not to hide the library, but
>> provide a simple interface like:
>> 
>> Crypto crypto = new Crypto;
>> ciphertext = crypto. encrypt("blah");
>> crypto.decrypt(ciphertext);
> 
> I agree with this syntax in spirit but not execution. ;) JS doesn't have types like Crypto crypto, just var crypto. I would also prefer to follow the pattern we use in the rest of AeroGear.js to allow for instantiation without the use of the `new` keyword'. You can see the source of the other modules or ping me for details.

for example:
https://github.com/aerogear/aerogear-js/blob/master/src/pipeline/aerogear.pipeline.js#L67

>> 
>> Advanced users looking for another kind of algorithm/implementation or
>> whatever would still be able to make use of the plain and straight
>> crypto library.
> 
> +1 and we should provide examples at least in the docs
>> 
>> - What is the best way to package this library? Bower?
> 
> If we're going to create some sort of wrapper object then it would just be part of AeroGear.js and by doing that would be packaged and available via Bower.

i this is the case,  then do we need that separate repo?

>> 
>> Thoughts?
> 
> Great start and great thoughts!
>> 
>> -- 
>> abstractj
>> 
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> 
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130923/0fa77053/attachment.html

More information about the aerogear-dev mailing list