What is crypto-browserify?
The crypto-browserify package is a port of Node.js' crypto module to the browser. It allows for various cryptographic operations such as hashing, HMAC, encryption, decryption, and signing in a way that is compatible with the Node.js API.
What are crypto-browserify's main functionalities?
Hashing
This feature allows you to create a hash of some data using various algorithms like SHA256. The example code demonstrates how to hash the string 'some data' and get a hexadecimal digest.
const crypto = require('crypto-browserify');
const hash = crypto.createHash('sha256').update('some data').digest('hex');
HMAC
HMAC stands for Hash-based Message Authentication Code. This feature allows you to create an HMAC to verify the integrity and authenticity of a message with a secret key. The example code shows how to create an HMAC for the string 'some data' using the SHA256 algorithm and a secret key.
const crypto = require('crypto-browserify');
const hmac = crypto.createHmac('sha256', 'a secret').update('some data').digest('hex');
Encryption/Decryption
This feature allows you to encrypt and decrypt data. The example code demonstrates how to encrypt the string 'some data' with the AES-256-CBC algorithm and a password, and then how to decrypt it back to its original form.
const crypto = require('crypto-browserify');
const cipher = crypto.createCipher('aes-256-cbc', 'a password');
let encrypted = cipher.update('some data', 'utf8', 'hex');
encrypted += cipher.final('hex');
const decipher = crypto.createDecipher('aes-256-cbc', 'a password');
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8');
Signing/Verifying
This feature allows you to sign data to prove its origin and integrity, and to verify signatures. The example code shows how to sign the string 'some data' with a private key and then verify the signature with the corresponding public key.
const crypto = require('crypto-browserify');
const sign = crypto.createSign('SHA256');
sign.update('some data');
const signature = sign.sign('a private key', 'hex');
const verify = crypto.createVerify('SHA256');
verify.update('some data');
const isValid = verify.verify('a public key', signature, 'hex');
Other packages similar to crypto-browserify
forge
Forge is a native JavaScript implementation of various cryptographic algorithms. It is similar to crypto-browserify but offers a wider range of features, including support for additional encryption algorithms, SSL/TLS implementation, and ASN.1 parsing.
libsodium-wrappers
This package is a wrapper around the libsodium library, which is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing, and more. It is known for its focus on security and performance.
tweetnacl
TweetNaCl is a port of NaCl, a high-security cryptographic library. It focuses on simplicity and small size, and it provides a straightforward API for encryption, decryption, and signing.
crypto-browserify
A port of node's crypto
module to the browser.
The goal of this module is to reimplement node's crypto module, in pure javascript so that it can run in the browser.
Here is the subset that is currently implemented:
- createHash (sha1, sha224, sha256, sha384, sha512, md5, rmd160)
- createHmac (sha1, sha224, sha256, sha384, sha512, md5, rmd160)
- pbkdf2
- pbkdf2Sync
- randomBytes
- pseudoRandomBytes
- createCipher (aes)
- createDecipher (aes)
- createDiffieHellman
- createSign (rsa, ecdsa)
- createVerify (rsa, ecdsa)
- createECDH (secp256k1)
- publicEncrypt/privateDecrypt (rsa)
- privateEncrypt/publicDecrypt (rsa)
todo
these features from node's crypto
are still unimplemented.
contributions
If you are interested in writing a feature, please implement as a new module,
which will be incorporated into crypto-browserify as a dependency.
All deps must be compatible with node's crypto
(generate example inputs and outputs with node, and save base64 strings inside JSON, so that tests can run in the browser)
see sha.js
Crypto is extra serious so please do not hesitate to review the code, and post comments if you do.
License
MIT