Currently library includes three files: Sys.Core.js, Sys.Text.js, and Sys.Crypto.js.
- Sys.Text.js contains classes representing ASCII, Unicode, UTF-7, UTF-8, and UTF-32 character encoding. These classes are helpful for data encoding or decoding and in cryptography services.
- Sys.Crypto.js provides cryptographic services including secure encoding and decoding of data, as well as hashing and random number generation like System.Security.Cryptography namespace in .NET Framework.
In this article I describe how to use cryptographic services the library provides.
Let's compare the most current and popular implementation of MD5 -
the Paul Johnston's implementation
non-ASCII string with Johnston's implementation and compare it with the hash computed with the .NET's widely-known FormsAuthentication.HashPasswordForStoringInConfigFile method, you'll see they do not match. Why? Because HashPasswordForStoringInConfigFile
method uses UTF-8 that Johnston's implementation is unable to provide. Cryptographic algorithm should not care about strings and encodings. It should work only with bytes like .NET works. Next is the performance. Sys.Crypto.MD5CryptoServiceProvider class
works about 6 - 8 times faster than Johnston's one (much here depends on browser).
Let's see how to use the class mentioned above.
Using the code
Using MD5 algorithm
var buff = Sys.Text.Encoding.UTF8.getBytes("abc");
var md5 = Sys.Crypto.MD5.create();
var hash = md5.computeHash(buff);
Compared with C# code:
byte buff = System.Text.Encoding.UTF8.GetBytes("abc");
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte hash = md5.ComputeHash(buff);
Sys.Crypto namespace provides classes for following algorithms: MD5, SHA1, HMAC, Rijndael (AES). Let's see how to use them.
var buff = Sys.Text.Encoding.UTF7.getBytes("abc");
var sha1= Sys.Crypto.SHA1.create();
var hash = sha1.computeHash(buff);
var hmac = new Sys.Crypto.HMAC("SHA1"); // currently supported SHA1 and MD5
var key = Sys.Text.Encoding.BigEndianUnicode.getBytes("Key to mix");
hmac.set_key(key); // if key is not provided, a random genereted key will be used
var buffer = Sys.Text.Encoding.BigEndianUnicode.getBytes("Hello World!");
var hash = hmac.computeHash(buffer);
var aes = new Sys.Crypto.Aes.create();
var aesEnc = aes.createEncryptor();
var buffer = Sys.Text.Encoding.ASCII.getBytes("Hello World!");
var encrypted = aesEnc.transform(buffer);
var aesDec = aes.createDecryptor();
var decrypted = aesDec.transform(encrypted);
Sys.Text namespace classes now are fixed according to
Microsoft KB940521 (security bulletin MS07-040) except UTF7Encoding class which will be fixed soon.
Here I introduce Sys.Crypto namespace in a nutshell. For complete documentation of this namespace and its base and abstract classes (not mentioned here) see the attached files. Actually, currently there is no any documentation for classes in Sys.Core.js. It'll
will be ready soon.
Any feedback, suggestions, perfomance improvement, or critics will be welcome and appreciated.
November 2007 Release