[security-dev] JS libraries for crypto and signatures

Anil Saldhana Anil.Saldhana at redhat.com
Thu Apr 10 10:44:57 EDT 2014


An important topic.

Until the W3C Web Cryptographic Group 
(http://www.w3.org/2011/11/webcryptography-charter.html)
finalizes its standard and we have conforming implementations,
the question of trustworthy implementations cannot be really answered.

If the JS library is just implementing signature or crypto algorithms 
and you have tested it, may be you
should go for it.

The situation is very similar to the following:
- JSON processing (Until JSON-P JSR https://jcp.org/en/jsr/detail?id=353 
was finalized, we could go either with Jackson or other json library)
- Captcha libraries (there are many)

Your application has to choose one and go forward.

On 04/10/2014 09:07 AM, Pedro Igor Silva wrote:
> Hi,
>
>      Have you ever looked/used these JS libraries for crypto and signature ?
>
>          https://github.com/kjur/jsrsasign
>
>      I did some signatures tests and it seems to work fine. Wondering if someone have used it for real ...
>
> Regards.
> Pedro Igor


More information about the security-dev mailing list