This is part 1 of a series of posts describing a
proof-of-concept web app that implements cryptographic authentication
using Node.js, Express, Handlebars, MongoDB
The PJCL library allows full-stack web
developers to use the same cryptographic API on a browser front-end
and a Node.js back-end, as explained here.
At the last IIW we demoed a
web app, implemented using Node.js
and Express, that featured
cryptographic authentication with a DSA key pair, using PJCL both in
the browser to sign a challenge and in the Node.js server to verify
the signature. Initial implementations of the app were complicated
by having to work around a Firefox bug, which we reported and was confirmed.
But eventually we found a simple way of bypassing
The IIW demo app was very simple. It only had a public “home
page” and a private “welcome page”, and it emulated
a more substantial proof of concept of cryptographic authentication
that again uses Node.js and Express, but this time uses a MongoDB database, accessed via a
Mongoose driver. Besides using
an actual rather than emulated database, the new proof-of-concept app
includes features such as on-the-fly login and garbage collection of
incomplete user registrations. It also shows how to implement random
bit generation with full initial entropy and configurable prediction
resistance, which I plan to discuss in another blog post of this
The new app is available in a new cryptographic authentication
page of the Pomcor site. It is bundled together in a zip file with a simpler app that
has the same functionality and the same front-end, but emulates the
app-mongodb.js and app-nodb.js, share the same
static files and views. Comparing the two apps may help with
understanding the code of the more complex app-mongodb.js.
The apps may be run in any Node.js server with access to a MongoDB
database and a /dev/random device file, as explained in a
README file included in the zip archive.
Continue reading “Cryptographic authentication with Node.js and MongoDB”
I’m happy to report that we have found a way of bypassing
POST redirection bug discussed in
post, obviating the need for code changes to cope with the
redirection replay by Firefox when the user clicks the back button.
While waiting for the bug to be fixed, this will simplify the
implementation of web apps that rely on POST redirection, including
apps that use cryptographic authencation or federated login. We have
revised again the sample web app
demoed at the
last IIW, this
time to simplify it by taking advantage of the bug bypass.
Continue reading “A Bypass of the Firefox POST Redirection Bug”
Updated as shown below.
At the last Internet Identity
Workshop (IIW) we gave a demo of a sample web app that featured
cryptographic authentication, and argued that implementing
cryptographic authentication is easy. Later, in the blog post Easy,
Password-Free, Cryptographic Authentication for Web Applications I
discussed the code of the sample web app and said that cryptographic
authentication provides a “simple alternative” to
authentication with a password. The issues discussed in the post,
however, were not simple! Since then we have had to revise the code
of the demo several times to fix bugs and, in the process, we have
come to realize that cryptographic authentication is not that easy
after all. It does not take much code, but it requires a lot of
attention to detail to avoid a variety of pitfalls.
In this post I recapitulate the pitfalls that we have encountered
(some of which were already discussed in
post) and explain how we avoid them in
the latest version of the demo
Continue reading “Cryptographic Authentication Is Not That Easy After All”
The demo code mentioned below has been updated to
If you find any additional bugs please report them
or by posting to the
PJCL forum. (The PJCL user forum has been discontinued as of May 27, 2018.)
The date of the latest update will be shown in the
Please see also the blog post
Authentication Is Not That Easy After All.
For years there has been consensus that passwords have to go. To
the many reasons for not using password authentication, the European
GDPR will add, when it goes into effect on May 25, stringent
requirements to notify users and regulators when passwords are
compromised, backed by substantial fines. And yet, passwords are
still the dominant authentication technology for web
applications. This is because the alternatives that have been proposed
and tried so far are complicated and expensive to implement. But there
is a simple alternative that you can implement yourself, if you are a
web application developer: cryptographic authentication with a
digital-signature key pair stored in the browser.
At last week’s Internet Identity
Workshop (IIW) we showed how easy it is to implement this
alternative. We gave a demo of a sample web application, exercising
the user interface and looking at the code. The sample application was
library (PJCL) on the client and server sides. The code of the sample
application, which we will refer to as the demo code, can be found in
the PJCL page of the Pomcor site (subsequently
modified as explained below to accommodate Internet Explorer).
Continue reading “Easy, Password-Free, Cryptographic Authentication for Web Applications”
Crytpographic Library (PJCL).
initial public release
provided digital signature functionality,
which we had been using internally for our own research
on authentication and identity proofing.
This release adds key agreement
and key derivation functionality. The next release will provide
symmetric and asymmetric encryption primitives, including
AES and RSA. To be notified of future releases you may
sign up for the
user forum, subscribe
to the feed of this blog, or follow me on Twitter (@fcorella).
(Update: The PJCL user forum has been discontinued as of May 27, 2018.)
and server-side (e.g. under Node.js). It comes with
on the functionality that it provides, which includes:
Continue reading “Second Release of PJCL Expands Functionality Following NIST Cryptographic Specifications”
environment and based on very fast big integer arithmetic functionality that may be of interest in
its own right.
is available free of charge for any kind of
use, but not under a traditional open source license. The traditional open source paradigm
encourages contributions by the developer community at large, but we believe that this
paradigm is not well suited to cryptography. To protect the integrity of the cryptographic code, the
prohibits modification of the cryptographic functions.
We have been using the library internally for our own research on authentication and identity
proofing, and this first release includes symmetric and asymmetric digital signature functionality,
including HMAC, DSA, and ECDSA with NIST curves. Future releases will provide broader cryptographic
functionality, including encryption and key exchange. We believe that the library provides the
opportunities for hiding backdoors that might be provided by elliptic curve technology.
Modular exponentiation is the algorithm whose performance determines
the performance and practicality of many public key cryptosystems,
including RSA, DH and DSA. We have recently achieved a manyfold
over the implementation of modular exponentiation in the Stanford
for performing simple tasks in web pages, but it has grown into a
sophisticated general purpose programming language used for both
client and server computing, which is arguably the most important
programming language today. Good performance of public key
is an interpreted language inherently slower than a compiled language
such as C, and provides floating point arithmetic but no integer
effort, because it may radically change the way cryptography is used