Project Description
Provdes cryptographic services including secure encoding and decoding of data, as well as hashing and random number generation, and new methods for JavaScript native objects.

Introduction

Here I present the JavaScript library that extends Microsoft AJAX Framework with new classes. Undoubtedly Microsoft AJAX Framework is great. However, it doesn't provide or emulate all classes and functionality that .NET Framework does. That's why I decide to extend Microsoft AJAX Framework with some classes and methods that .NET BCL provides, and which can be useful in JavaScript environment.

Currently library includes three files: Sys.Core.js, Sys.Text.js, and Sys.Crypto.js.
  • Similar to .NET 3.5 that provides additional classes through new System.Core.dll, Sys.Core.js provides additional methods for JavaScript native objects and some new classes like Sys.Convert.
  • Sys.Text.js contains classes representing ASCII, Unicode, UTF-7, UTF-8, and UTF-32 character encoding. These classes are helpful for data encoding or decoding and in cryptography services.
  • Sys.Crypto.js provides cryptographic services including secure encoding and decoding of data, as well as hashing and random number generation like System.Security.Cryptography namespace in .NET Framework.

In this article I describe how to use cryptographic services the library provides.

Let's compare the most current and popular implementation of MD5 - the Paul Johnston's implementation in JavaScript with the one we have in this library. First, Johnston's implementation requires string as an input. What does this mean? This means you cannot use any encoding you want. For example, if you hash some non-ASCII string with Johnston's implementation and compare it with the hash computed with the .NET's widely-known FormsAuthentication.HashPasswordForStoringInConfigFile method, you'll see they do not match. Why? Because HashPasswordForStoringInConfigFile method uses UTF-8 that Johnston's implementation is unable to provide. Cryptographic algorithm should not care about strings and encodings. It should work only with bytes like .NET works. Next is the performance. Sys.Crypto.MD5CryptoServiceProvider class works about 6 - 8 times faster than Johnston's one (much here depends on browser).
Let's see how to use the class mentioned above.

Using the code

Using MD5 algorithm

var buff = Sys.Text.Encoding.UTF8.getBytes("abc");
var md5 = Sys.Crypto.MD5.create();
var hash = md5.computeHash(buff);

window.alert(Sys.Convert.toBase64String(hash));

Compared with C# code:

byte[] buff = System.Text.Encoding.UTF8.GetBytes("abc");
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] hash = md5.ComputeHash(buff);

Console.WriteLine(System.Convert.ToBase64String(hash));

Sys.Crypto namespace provides classes for following algorithms: MD5, SHA1, HMAC, Rijndael (AES). Let's see how to use them.

SHA1 algorithm:

var buff = Sys.Text.Encoding.UTF7.getBytes("abc");
var sha1= Sys.Crypto.SHA1.create();
var hash = sha1.computeHash(buff);

window.alert(Sys.Convert.toBase64String(hash));

HMAC algorithm:

var hmac = new Sys.Crypto.HMAC("SHA1"); // currently supported SHA1 and MD5
var key = Sys.Text.Encoding.BigEndianUnicode.getBytes("Key to mix");

hmac.set_key(key); // if key is not provided, a random genereted key will be used

var buffer = Sys.Text.Encoding.BigEndianUnicode.getBytes("Hello World!");
var hash = hmac.computeHash(buffer);

window.alert(Sys.Convert.toBase64String(hash));

AES algorithm:

var aes = new Sys.Crypto.Aes.create();

// encrypting
var aesEnc = aes.createEncryptor();
var buffer = Sys.Text.Encoding.ASCII.getBytes("Hello World!");
var encrypted = aesEnc.transform(buffer);

window.alert(Sys.Convert.toBase64String(encrypted));

// decrypting
var aesDec = aes.createDecryptor();
var decrypted = aesDec.transform(encrypted);

window.alert(Sys.Text.Encoding.ASCII.getString(decrypted));


Sys.Text namespace classes now are fixed according to Microsoft KB940521 (security bulletin MS07-040) except UTF7Encoding class which will be fixed soon.


Here I introduce Sys.Crypto namespace in a nutshell. For complete documentation of this namespace and its base and abstract classes (not mentioned here) see the attached files. Actually, currently there is no any documentation for classes in Sys.Core.js. It'll will be ready soon.

Any feedback, suggestions, perfomance improvement, or critics will be welcome and appreciated.

Download

November 2007 Release

Last edited Nov 9, 2007 at 10:04 AM by rubo, version 7