paulmillr
commented
1 year ago No. It is also very slow.
Open raxod502 opened 1 year ago
paulmillr
commented
1 year ago No. It is also very slow.
CashCode
commented
1 year ago @paulmillr any alternatives for elGamal-ecc with high speed on js?
paulmillr
commented
1 year ago @CashCode for elgamal nothing i'm aware of; for ecc noble-curves
ben-ekw
commented
1 year ago How about a RequireJS-compatible alternative for AES and Base64? I like the simplicity of sjcl's encrypt/decrypt functions but there doesn't appear to be helper functions for Base64:
function encode(str) {
// Base64 encode
return sjcl.codec.base64.fromBits(sjcl.codec.utf8String.toBits(str));
}
function decode(str) {
// Base64 decode
return sjcl.codec.utf8String.fromBits(sjcl.codec.base64.toBits(str));
}no require.js, but
https://github.com/paulmillr/micro-aes-gcm https://github.com/paulmillr/scure-base
import { base64 } from '@scure/base';
import * as aes from 'micro-aes-gcm';
const message = 'Hello world';
const ciphertext = await aes.encrypt(key, aes.utils.utf8ToBytes(message));
const plaintext = await aes.decrypt(key, ciphertext);
console.log(aes.utils.bytesToUtf8(plaintext) === message);
const encoded = base64.encode(ciphertext);
const decoded = base64.decode(encoded);Thanks @paulmillr! My use case involves NetSuite SuiteScript which sadly does not support require/import/module. For anyone in a similar rare situation, here's a recap of my research of popular crypto libraries in case it's helpful:
sjcl works, but slow, not frequently updated, and has a recent security vulnerability: https://github.com/bitwiseshiftleft/sjcl/issues/438
crypto-js
Error: Native crypto module could not be used to get secure random number
(note: v3.1.9-1 [2017] was the last version that works with NetSuite)
aes-js works, but the recommended CTR option has security risk and the CBC option requires fixed-byte length text; also requires a third-party PBKDF solution to generate the key.
No support for RequireJS/AMD/UMD
Obsolete/Archived projects:
Not considered: hashing-only libraries, like BCrypt, with no decrypt capability
This project seems like a promising option for JavaScript cryptography; however, I notice that the latest release is from 4 years ago and the latest commit is from 3 years ago, and most recent issues on the tracker have received no comments.
Given how critical active maintenance is for security-sensitive projects (e.g. cryptographic libraries), is it safe to use this library in a production application?