Today we have released version 0.9.1 of the Pomcor JavaScript
Crytpographic Library (PJCL).
The
initial public release
provided digital signature functionality,
which we had been using internally for our own research
on authentication and identity proofing.
This release adds key agreement
and key derivation functionality. The next release will provide
symmetric and asymmetric encryption primitives, including
AES and RSA. To be notified of future releases you may sign up for the
user forum, subscribe
to the feed of this blog, or follow me on Twitter (@fcorella).
(Update: The PJCL user forum has been discontinued as of May 27, 2018.)
PJCL can be used in any JavaScript environment, both client-side (e.g. in a browser) and server-side (e.g. under Node.js). It comes with extensive documentation on the functionality that it provides, which includes:
-
Functions for implementing a
deterministic random bit generator (DRBG) as specified
in
NIST SP 800-90Ar1,
and for generating random numbers uniformly distributed over a given range
using the DRBG. A DRBG allows you
to combine multiple sources of entropy for stronger security.
For example, the JavaScript front-end of a web application may combine
entropy obtained the browser by means of
genRandomValues()
, entropy downloaded from the back-end, and entropy gleaned from events observed by the JavaScript code itself. - DSA, implemented as specified by NIST in FIPS 186-4. DSA has the advantage over RSA that it is not subject to encryption export regulations, and over ECDSA that it is much simpler, and thus provides fewer potential hiding places for back doors. I believe that PJCL is the only JavaScript library that implements DSA. Please correct me if I’m wrong.
- Diffie-Hellman (DH), implemented as specified in NIST SP 800-56Ar2. Like DSA, DH is very simple and thus provides fewer potential hiding places for back doors than ECDH. I also believe that PJCL is the only JavaScript library that implements DH. Please correct me if I’m wrong.
- Generation of Finite Field Cryptography (FCC) domain parameters for use in DSA and DH, and validation of domain parameters received from an untrusted party, as specified in NIST FIPS 186-4.
-
Elliptic curve cryptography with NIST curves P-256 and P-384, including:
- ECDSA, as specified in NIST FIPS 186-4 and ANS X9.62-2005.
- ECDH, as specified in NIST SP 800-56Ar2 and ANS X9.62-2005, including validation of an untrusted public key.
- The hash functions SHA-256 and SHA-384.
- The hash-based message authentication code functions HMAC-SHA-256 and HMAC-SHA-384.
- The key derivation function HKDF-SHA-256.
- The password-based key derivation funcion PBKDF2-SHA-256.
- Functions for converting JavaScript strings to byte arrays according to any of three Unicode transformation formats: UTF-16LE, UTF-16BE and UTF-8. (A JavaScript string does not have a well-defined cryptographic hash because its characters are encoded in UTF-16 without a specified byte order. It must be converted to a byte array before it can be hashed or passed as input to HMAC, HKDF or PBKDF2.)
- Fast big integer arithmetic, including Karatsuba multiplication.
- Primality testing using Miller-Rabin.
You can download the library free of charge from the PJCL page.