PJCL Can Now Be Used in Node.js Server-Side Code Exactly as in the Browser

We have just released Revision 1 of Version 0.9.1 of the Pomcor JavaScript Cryptographic library (PJCL), which changes the way in which library functions are defined, making it easier to use PJCL in Node.js. In this post I describe the change and explain why it is important for full stack web application development.

A key feature of JavaScript is that it can be used both on the client side and the server side, using Node.js on the server. This allows full stack developers to use only one programming language when developing Node.js web applications. There is however a big difference between client-side and server-side JavaScript when it comes to using libraries or other pre-existing code.

JavaScript has no built-in mechanism for importing external code into a program analogous to the #include preprocessor directive of C and C++, and different methods are used for making use of external code on the client and server sides. In the browser, a script tag is used to import code in an HTML file, and importScripts() is used to import code in a web worker. In Node.js, external code must be placed in a module, the module must be referenced by a call to require(), and functions exported by the module must be referenced as methods of an object returned by require().

This results in cryptographic code being written differently for the client and the server, even though client and server code are tightly integrated in a Node.js project. Client code may use a third-party cryptographic library or the Web Cryptography API of the W3C, implemented by the browsers. Server code will typically use the built-in crypto module of Node.js, which is a wrapper of OpenSSL.

PJCL prefixes its global functions and variables with pjcl, a trademark of Pomcor, and can thus be used in any JavaScript environment without naming conflicts. In Node.js, however, before Revision 1, either library code and client code had to be placed in the same file, or library code had to be wrapped in a module and referenced via the object produced by requiring the module.

Revision 1 differs from the original Version 0.9.1 in the way in which functions are defined. Function names are now global variables whose values are anonymous functions. For example, instead of defining

function pjclDSASignMsg(rbgStateStorage,p,q,g,x,msg) {...}
we now define
pjclDSASignMsg = function(rbgStateStorage,p,q,g,x,msg) {...}

Furthermore, global variables are now declared implicitly without using the var keyword.

This has no performance impact, and requires no changes in client code running on a browser, while making it possible to call library functions in Node.js server-side code exactly as in client-side code. The library can now be referenced as-is in a call to require(), and its functions can be referenced directly. That is, instead of wrapping the library into a Node.js module such as, e.g., wrapped-pjcl.js, exporting the functions you need, and referencing those functions via the object produced by requiring the module, as in:

var crypto = require(./wrapped-pjcl.js);
var sig = crypto.pjclDSASignMsg(rbgStateStorage,p,q,g,x,msg);

you simply write

var sig = pjclDSASignMsg(rbgStateStorage,p,q,g,x,msg);
This should facilitate the development of Node.js web applications with cryptographic functionality, by allowing full stack developers to use PJCL both on the client side and the server side.

Leave a Reply

Your email address will not be published.