11crypto
22======
33
4- Libraries of cryptographic functions implemented in JavaScript.
4+ Reference implementations of AES & SHA cryptographic functions in JavaScript.
5+
6+ These annotated implementations follow the standards very closely, in order to assist in studying
7+ the standards and underlying algorithms. Note for production use I would recommend the
8+ [ Web Cryptography API] ( https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto ) for the browser,
9+ or the [ crypto] ( https://nodejs.org/api/crypto.html ) library in Node.js.
510
611aes.js
712------
813
9- This is a reference implementation of the algorithm described in the FIPS-197 standard. It implements
10- the standard very closely, in order to aid in understanding the standard and the algorithm itself .
14+ This is a reference implementation of the AES (Rijndael cipher) algorithm described in the FIPS-197
15+ standard.
1116
1217This comprises:
1318
@@ -35,8 +40,7 @@ More details are available at www.movable-type.co.uk/scripts/aes.html.
3540sha1.js
3641-------
3742
38- This is a reference implementation of the algorithm described in the FIPS-180-4 standard. It implements
39- the standard very closely, in order to aid in understanding the standard and the algorithm itself.
43+ This is a reference implementation of the SHA-1 algorithm described in the FIPS-180-4 standard.
4044
4145This comprises:
4246
@@ -47,8 +51,7 @@ More details are available at www.movable-type.co.uk/scripts/sha1.html.
4751sha256.js
4852---------
4953
50- This is a reference implementation of the algorithm described in the FIPS-180-4 standard. It implements
51- the standard very closely, in order to aid in understanding the standard and the algorithm itself.
54+ This is a reference implementation of the SHA-256 algorithm described in the FIPS-180-4 standard.
5255
5356This comprises:
5457
@@ -62,8 +65,7 @@ More details are available at www.movable-type.co.uk/scripts/sha256.html.
6265sha512.js
6366---------
6467
65- This is a reference implementation of the algorithm described in the FIPS-180-4 standard. It implements
66- the standard very closely, in order to aid in understanding the standard and the algorithm itself.
68+ This is a reference implementation of the SHA-512 algorithm described in the FIPS-180-4 standard.
6769
6870This comprises:
6971
@@ -77,8 +79,7 @@ More details are available at www.movable-type.co.uk/scripts/sha512.html.
7779sha3.js
7880-------
7981
80- This is a reference implementation of the algorithm described in the FIPS-202 standard. It implements
81- the standard very closely, in order to aid in understanding the standard and the algorithm itself.
82+ This is a reference implementation of the SHA-3 (Keccak) algorithm described in the FIPS-202 standard.
8283
8384This comprises:
8485
@@ -111,9 +112,17 @@ Documentation
111112
112113Documentation for all these methods is available at www.movable-type.co.uk/scripts/js/crypto/docs .
113114
114- Browser support
115- ---------------
115+ JavaScript
116+ ----------
116117
117- IE9- doesn’t have btoa()/atob(): if you need to support IE9-
118- ([ no!] ( https://www.microsoft.com/en-gb/WindowsForBusiness/End-of-IE-support ) ), you can use David
119- Chambers’ [ Base64 polyfill] ( https://github.com/davidchambers/Base64.js ) .
118+ Cryptographically-speaking, browsers are
119+ [ inherently] ( //www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful )
120+ [ insecure] ( //tonyarcieri.com/whats-wrong-with-webcrypto ) (Node.js does not suffer the same problems),
121+ but these implementations are intended for study rather than production use. With its untyped C-style
122+ syntax, JavaScript reads remarkably close to pseudo-code: exposing the algorithms with a minimum of
123+ syntactic distractions.
124+
125+ These implementations are written in ES2015 version of JavaScript; ES2015 ` class ` es are both clearer
126+ and more familiar to users of other languages than the ES5 equivalents, and ` let ` and ` const ` are
127+ good practice and communicate intent better than ` var ` . Other idiomatic JavaScript which might be
128+ less familiar to users of other languages has generally been avoided.
0 commit comments