mdp / gibberish-aes Goto Github PK

View Code? Open in Web Editor NEW

472.0 33.0 125.0 173 KB

A fully OpenSSL compliant javascript library for AES encryption.

Home Page: http://mdp.github.com/gibberish-aes/gibberish-aes-test.html

JavaScript 96.71% HTML 3.29%

gibberish-aes's Introduction

Gibberish AES

A Javascript library for OpenSSL compatible AES encryption

Deprecation Notice

This library is a quite old, and uses an older and non-authenticated cipher mode, CBC. There are better and more frequently maintained alternatives. Here are a couple that I would recommend:

LibSodium is becoming a widely adopted library with a variety of languages supported including Ruby and JS. Example of a similar API in LibSodium.js - mdp/gibberish-libsodium
Stanford's Javascript Crypto Library features OCB mode AES encryption along with authentication. Supported on most modern browsers and in node.

Thanks to :

Josh Davis - http://www.josh-davis.org/ecmaScrypt
Alex Boussinet [email protected]
Chris Veness - http://www.movable-type.co.uk/scripts/aes.html
Michel I. Gallant - http://www.jensign.com/
Kristof Neirynck - http://github.com/Crydust Fixes for IE7, YUI compression, JSLINT errors

Usage

    // GibberishAES.enc(string, password)
    // Defaults to 256 bit encryption
    enc = GibberishAES.enc("This sentence is super secret", "ultra-strong-password");
    alert(enc);
    GibberishAES.dec(enc, "ultra-strong-password");

    // Now change size to 128 bits
    GibberishAES.size(128);
    enc = GibberishAES.enc("This sentence is not so secret", "1234");
    GibberishAES.dec(enc, "1234");

    // And finally 192 bits
    GibberishAES.size(192);
    enc = GibberishAES.enc("I can't decide!!!", "whatever");
    GibberishAES.dec(enc, "whatever");

OpenSSL Interop

In Javascript

GibberishAES.enc("Made with Gibberish\n", "password");
// Outputs: "U2FsdGVkX1+21O5RB08bavFTq7Yq/gChmXrO3f00tvJaT55A5pPvqw0zFVnHSW1o"

On the command line

echo "U2FsdGVkX1+21O5RB08bavFTq7Yq/gChmXrO3f00tvJaT55A5pPvqw0zFVnHSW1o" | openssl enc -d -aes-256-cbc -a -k password -md md5

Requirements

None.

The library is fully encapsulated, you should be able to drop it into nearly any website. The downside to this is that it grew with the addition of its own Base64 library and MD5 hashing algorithm.

Tests

[Click here][2] to run the test package in your browser.

The test script does require JQuery(included), but the basic GibberishAES does not.

Design Factors

It only supports CBC AES encryption mode, and it's built to be compatible with OpenSSL.

gibberish-aes's People

Contributors

Stargazers

Watchers

Forkers

laldanaa alexxroche markpercival adamjlev agilebits hypatia kosso codesburner hippich ericchaves westonruter joemaffia benhughes stereoket jlcooke alexparker miselmipoivre ophicxs geremycohen changtimwu stayradiated wellcaffeinated jpkcom arnsvel sralmai ak2consulting vizzah giacomogiudice fara0n21 apurv-6 danallison ken-okabe ygrdhj meljohnblumit malaybiswas goldenkid1861 ebostijancic duskfall brandoncarl 19h bakerl brianzhang ericvpeters vgmoose dedene keygle lucasnpinheiro danielthm imloama rengaw83 favey brainv dittertp luiseduardohdbackup noplaintext no-problemo jasonm23 components-aleuser01 kabassociates rockneurotiko huzhenyu gtdewitt iceyang metallurgical ravinanobi lvbaosong iolufemi stuarteske ivantcholakov orhan alejandrofelipe oskrs111 verecahill synr borispovod khoazero123 tom2tom lud1161 cobzarugabriel semtle alpar skisssbb italo703 bluedreamfly rachelmilu oceanjack wwwgying turneale freddyguo michaelsowah kelvin8906 mycryptt evacoder luanquanghuy honggiangbk manlikeangus mmc7779 misrcrocodile davidzas mctrivia

gibberish-aes's Issues

TypeError: string.replace is not a function

I am running into an error when decrypting data

TypeError: string.replace is not a function
http://localhost:8080/jQuery.handleStorage/3rd-party/gibberish-aes/src/gibberish-aes.js
Line 930

EDIT: Nevermind, I forgot to send a string vs. an array. Please close.

Incorrect MD5?

In looking at the MD5 portion, the output doesn't seem to be the same as PHP's md5(). Am I creating the hex string incorrectly?

See: http://gist.github.com/300633

512 Bit Encryption

I skimmed through a bit of code and saw a switch statement

switch (newsize)
{
case 128:
Nr = 10;
Nk = 4;
break;
case 192:
Nr = 12;
Nk = 6;
break;
case 256:
Nr = 14;
Nk = 8;
break;
default:
throw ('Invalid Key Size Specified:' + newsize);
}

From what I see ... we can use 512 bit encryption?
And correct me if I'm wrong, but wouldn't it be as easy as doing

case 512:
Nr = 28;
Nk = 16;
break;

(2x 256)

I want to create a file encryption site, so I googled for some JS AES encryption, I found this, its open-source and looks good... so why not!

Thanks!

have any support for android and ios?

hellow, I want to user this aes method for my android app but I dont know how to make it. Holp for ur help

gibberish-aes.min.js didn't keep license declare

I think MIT license declare should keep even if it's been minimized.
If you want to keep this version as small as possible.
jQuery's way is also good ( http://code.jquery.com/jquery-1.7.1.min.js, see first line )

Symantec Endpoint Protection (SEP) Deleting gibberish-aes

I had Symantec Endpoint Protection (SEP) and it would find this minified gibberish-aes file in the project and delete it. Is there a reason why its doing that? I deleted Symantec and intend on replacing it with something else. However, this may not be a solution for lot of others who are using gibberish-aes

Exclude some chars.

How can I use gibberish-aes, but I wont exclude chars like "/" or "", are enter in conflit with my other data.

It's possible exclude a ecryption result withour that chars?

question about openssl equivalents

Hi!

Given:

    GibberishAES.size(256); 

    var password = GibberishAES.s2a("67a4f45f0d1d9bc606486fc42dc49416");
    var iv = GibberishAES.s2a("0123456789012345");
    var plaintext = GibberishAES.s2a("yay!");

    enc = GibberishAES.rawEncrypt(plaintext, password, iv);
    GibberishAES.Base64.encode(enc);

The above returns:

q/xJqqN6qbiZMXYmiQC1Fw==

How would I do the equivalent openssl encrypt and decrypt commandline? Passing the pw and iv in the correct format to openssl is throwing me off.

Thanks,
geremy

var old_key_size = GibberishAES.size();

We can set key size as follows:

GibberishAES.size(128);
// or
GibberishAES.size(192);
// or
GibberishAES.size(256);

Key size is an internal state of the encryptor. Currently there is no way it to be retrieved.

Can you make the method GibberishAES.size to return the "old"/"previous" key size? Sample usage:

var old_key_size = GibberishAES.size(192);
// old_key_size = 256
// Do some encryptions/decryptions ...
// And then:
GibberishAES.size(old_key_size);

Also, GibberishAES.size may be used without a parameter, in this case it becomes just a getter:

var old_key_size = GibberishAES.size();
// old_key_size = 256
GibberishAES.size(192);
// Do some encryptions/decryptions ...
// And then:
GibberishAES.size(old_key_size);

404 => http://mdp.github.io/gibberish-aes/gibberish-aes-test.html

This link is broken. as "Click here" to run the test package in your browser. Thought you might like to know.

Not compatible

So. Why first concatenation hash always identical?
It is not compatible with my backend because your vector won't to be modified.

Bad solution.

Can not import as an `npm package`

I install with npm module, I can't easy import it as an npm package

Add a version tag

Hi,

Thanks for your great library.

I'd love to use gibberish-aes trough https://rails-assets.org, but that's not possible since the releases are not tagged.

Could you specify a tag for the latest 1.0.0 release?

Thanks!

Ongoing development — Planning

In order to keep this library attractive compared to solutions like SJCL we need to spot weaknesses create an outlook for the further development and maintenance.

That is, I divided this issue into multiple parts: 1. issues and weaknesses of this library as-is right now, 2. what needs to be done to resolve these issues and lastly, 3. general notes.

Let's see this as a „scrum“ in open-source spirit ✌️

⇝ Issues

No authentication before decrypting messages
Bad block method compared to SJCL

↯ Outlook

Implement message authentication
Revise block method
Refactor; break the library down to edible bits
Use native methods when used in server environments (Node)
Use ArrayBuffers et al
Spot potential weaknesses

↺ Notes

Lets see how SJCL is tackling the issues proposed by @mdp
SJCL's AES effectively boils down to http://cl.ly/text/04440e0y0T1t/sjcl.js

How to decrypt after encrypting with rawEncrypt

Hello-

Encrypting using this function gives me exactly what I am looking for:

function encrypt(data) {
    var hex_message = GibberishAES.s2a(JSON.stringify(data.data.message));
    var encryptedHexArray = GibberishAES.rawEncrypt(hex_message, cipher_key, iv);
    var base_64_encrypted = GibberishAES.Base64.encode(encryptedHexArray);
    return base_64_encrypted || data.data.message;
}

However, because I am passing my own cipher_key and iv in, GibberishAES.dec will not work for me. And GibberishAES.rawDecrypt appears to be a private method.

Any ideas how I can decrypt based on the above encrypt method?

tia