Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
crypto-browserify
Advanced tools
The crypto-browserify package is a port of Node.js' crypto module to the browser. It allows for various cryptographic operations such as hashing, HMAC, encryption, decryption, and signing in a way that is compatible with the Node.js API.
Hashing
This feature allows you to create a hash of some data using various algorithms like SHA256. The example code demonstrates how to hash the string 'some data' and get a hexadecimal digest.
const crypto = require('crypto-browserify');
const hash = crypto.createHash('sha256').update('some data').digest('hex');
HMAC
HMAC stands for Hash-based Message Authentication Code. This feature allows you to create an HMAC to verify the integrity and authenticity of a message with a secret key. The example code shows how to create an HMAC for the string 'some data' using the SHA256 algorithm and a secret key.
const crypto = require('crypto-browserify');
const hmac = crypto.createHmac('sha256', 'a secret').update('some data').digest('hex');
Encryption/Decryption
This feature allows you to encrypt and decrypt data. The example code demonstrates how to encrypt the string 'some data' with the AES-256-CBC algorithm and a password, and then how to decrypt it back to its original form.
const crypto = require('crypto-browserify');
const cipher = crypto.createCipher('aes-256-cbc', 'a password');
let encrypted = cipher.update('some data', 'utf8', 'hex');
encrypted += cipher.final('hex');
const decipher = crypto.createDecipher('aes-256-cbc', 'a password');
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8');
Signing/Verifying
This feature allows you to sign data to prove its origin and integrity, and to verify signatures. The example code shows how to sign the string 'some data' with a private key and then verify the signature with the corresponding public key.
const crypto = require('crypto-browserify');
const sign = crypto.createSign('SHA256');
sign.update('some data');
const signature = sign.sign('a private key', 'hex');
const verify = crypto.createVerify('SHA256');
verify.update('some data');
const isValid = verify.verify('a public key', signature, 'hex');
Forge is a native JavaScript implementation of various cryptographic algorithms. It is similar to crypto-browserify but offers a wider range of features, including support for additional encryption algorithms, SSL/TLS implementation, and ASN.1 parsing.
This package is a wrapper around the libsodium library, which is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing, and more. It is known for its focus on security and performance.
TweetNaCl is a port of NaCl, a high-security cryptographic library. It focuses on simplicity and small size, and it provides a straightforward API for encryption, decryption, and signing.
A (partial) port of crypto
to the browser.
Basically, I found some crypto implemented in JS lieing on the internet somewhere
and wrapped it in the part of the crypto
api that I am currently using.
In a way that will be compatible with browserify.
I will extend this if I need more features, or if anyone else wants to extend this, I will add you as a maintainer.
Provided that you agree that it should replicate the node.js/crypto api exactly, of course.
FAQs
implementation of crypto for the browser
The npm package crypto-browserify receives a total of 7,640,702 weekly downloads. As such, crypto-browserify popularity was classified as popular.
We found that crypto-browserify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.