Skip to content

Instantly share code, notes, and snippets.

@jo
Last active November 2, 2024 04:38
Show Gist options
  • Save jo/8619441 to your computer and use it in GitHub Desktop.
Save jo/8619441 to your computer and use it in GitHub Desktop.
List of JavaScript Crypto libraries.

JavaScript Crypto Libraries

List some crypto libraries for JavaScript out there. Might be a bit out dated. Scroll to the bottom.

WebCryptoAPI

http://www.w3.org/TR/WebCryptoAPI/

This specification describes a JavaScript API for performing basic cryptographic operations in web applications, such as hashing, signature generation and verification, and encryption and decryption. Additionally, it describes an API for applications to generate and/or manage the keying material necessary to perform these operations. Uses for this API range from user or service authentication, document or code signing, and the confidentiality and integrity of communications.

  • W3C Working Draft 25 June 2013

sjcl

http://bitwiseshiftleft.github.io/sjcl/

Stanford Javascript Crypto Library

js-nacl

https://github.com/tonyg/js-nacl

Emscripten-compiled Javascript version of NaCl, the Networking and Cryptography library.

jsbn

http://www-cs-students.stanford.edu/~tjw/jsbn/

RSA and ECC in JavaScript

  • Version 1.4 (7/1/2013)

ursa

https://github.com/Obvious/ursa

RSA public/private key crypto for Node.

jsencrypt

https://github.com/travist/jsencrypt

Provides a simple wrapper around the fantastic work done by Tom Wu for RSA Encryption for JavaScript.

OpenPGP.js

https://github.com/openpgpjs/openpgpjs

OpenPGP implementation for JavaScript

jwcrypto

https://github.com/mozilla/jwcrypto

JavaScript implementation of JSON Web Signatures, JSON Web Tokens, and JSON Web Certificates

cryptico

https://github.com/wwwtyro/cryptico

An easy-to-use encryption system utilizing RSA and AES for javascript.

pidCrypt

https://www.pidder.de/pidcrypt/?start

a JavaScript crypto library

forge

https://github.com/digitalbazaar/forge

A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps

  • based on jsbn

CryptoJS

http://code.google.com/p/crypto-js/

JavaScript implementations of standard and secure cryptographic algorithms

crypto

http://ats.oka.nu/titaniumcore/js/crypto/readme.txt

JavaScript Cryptography Toolkit

This library is an object oriented cryptography toolkit that implements several fundamental cryptographic algorithms including TWOFISH, SERPENT, RIJNDAEL, RSA with key-generation and SHA(SHA-1,224,256,384,512) for JavaScript. This library works in ActionScript as well. The unique feature of this library is asynchronous processing. A heavyweight process such as 4096bit RSA key generation will be done asynchronously so that this library does not cause problems such as freezing browsers, "slow-downing" warning dialogs, etc.

  • asynchronous RSA key generation
  • based on jsbn

jscrypto

http://code.google.com/p/jscryptolib/

A JavaScript Cryptography Library

This library is an object oriented cryptography library that implements several fundamental cryptographic algorithms including AES, SHA-1, HMAC, BASE64, RSA, ECC and IBE for JavaScript. This library works in ActionScript as well.

Cifre

https://github.com/openpeer/cifre

Cifre is a fast crypto toolkit for modern client-side JavaScript. This is done by taking the best crypto code for js on the net and updating it to use modern technologies. There are plans to collaborate with the forge project.

  • MIT License
  • 2013-07-30 14:09:58

PolyCrypt

http://polycrypt.net/

A WebCrypto Polyfill

FoxyCrypt

https://github.com/polycrypt/foxycrypt

A Firefox extension for the Web Cryptography API

cryptojs

http://cryptojs.altervista.org/

JavaScript Cryptography

  • Last modified: 09/05/2012

TweetNaCl.js

Port of TweetNaCl / NaCl to JavaScript for modern browsers and Node.js. Public domain.

  • Last modified: 01/02/2022
  • Recommended by the author of this gist

Webcryptobox

https://github.com/jo/webcryptobox

Tiny utility library for asymetric encryption via WebCrypto with zero dependencies. Made by the author of this gist.

  • Last modified: - 02/17/2021
  • Apache 2.0 License
@maxnis
Copy link

maxnis commented Jan 6, 2017

One more to the list:
Clipperz

@namomo
Copy link

namomo commented Apr 13, 2017

@wal-de-marlad
Copy link

IMO this is best one: WebCrypto GOST Library

@yonjah
Copy link

yonjah commented May 31, 2017

@wal-de-marlad what makes you think that ?
And what does it even mean best one ?
Is it the most audited implementation ? Does it uses a recommended algorithms ? Does it have the simplest API ?
(Having only one contributor and using some semi secret Russian algo similar to DES I would be surprised if it won't be one of the least recommended library out of the list provided here)

SJCL Is probably the only js library that was actually created by cryptography professionals.
Don't know if it makes it the "best" but I wouldn't consider using any other 3rd party library in anything important

@AlessandroBudroni
Copy link

AlessandroBudroni commented Jul 2, 2017

There is also milagro-crypto-js.

@gabrielizalo
Copy link

I have created a Repo with this info so people can help easily.
Also the list has a new format that I think will help us to compare the different options easily: JavaScript Crypto Libraries
Comments, missing libs and pull requests more than welcome.

@Tectract
Copy link

Tectract commented Sep 29, 2017

Can anyone point me to actual security analysis on any of these crypto libraries? HOW SECURE are they? Which ones have been cracked? How secure are these libraries to things like cache timing attacks? Which are considered the best, and why? How do they compare to the new W3C WebCrypto API? I think any libraries that haven't passed strong security testing should be relisted on this page under a DO NOT USE list.

I'm actually trying to move away from SJCL because the maintainer has abandoned the project and it doesn't play well with CommonJS require statements under some architectures. I looked for security analysis of SJCL and I couldn't find any, other than an offhand mention of a known vulnerability to cache timing attacks. Why do people trust crypto-js? Because the authors at Google would never do evil? They don't even host the code anymore, and the docs are minimal to say the least.

@gabrielizalo
Copy link

@Tectract Sorry but there is no such info you request. The SJCL lib is one of the most used with crypto-js and JSEncrypt.
Take a look of a new list I did based in this one, but added some data about the libraries that will help you to evaluate them: JavaScript Crypto Libraries.

@mnasyrov
Copy link

mnasyrov commented Dec 6, 2017

I want to share with CryptoBench.js - a benchmark testbed for some crypto libraries: asmcrypto.js, crypto-js, forge, libsodium.js, js-nacl, sjcl and tweetnacl.js.

@jastam
Copy link

jastam commented Jan 30, 2018

How about jsrsasign?

@blockafrik
Copy link

Can i get a library which implement RSA. Has a method that get secret and generate keypair and it simply implement encryption, decryption, signing and verifying

@Rockbass
Copy link

Rockbass commented Apr 5, 2018

Hi guys
Could you please advice some library to generate ECDSA keypair in browser which could be suitable for using with web3 (ethereum) on backend? I've tried with jsrasign but failed - web3 was not satisfied by results.

@fcorella
Copy link

fcorella commented Apr 14, 2018

The recently released PJCL may be the only JS crypto library that provides DSA and comes with sample code for implementing cryptographic authentication in web apps as explained in this blog post.

@bkniffler
Copy link

@fcorella
PJCL looks interesting, but why isn't the code hosted on Github? Why isn't there a commonly used license? Where is the issue tracking? Why doesn't the example have a package.json so I can install the dependencies? I think a lot of people might be turned off by those things.

@developeranirudhprabhu
Copy link

Is there any means by which while using RSA I can encrypt data with Private key (or assume I receive data which is encrypted using private key) and I decrypt using Public key.
Any help would be appreciated

@vesvault
Copy link

Encryption for data at-rest made practical

VESvault: Encrypt Evertyhing without fear of losing the Key.

  • Share encrypted data with your friends and colleagues.
  • Securely exchange temporary keys with new users.
  • Viral Encrypted Security (VES): Recover your data through a viral network of friends in case of the encryption key loss.

Cloud based end-to-end encryption API

VES.host: VESvault API integration center.
libVES.c: C library and command line utility.
libVES.js: JS library

@vuducmanh96vp
Copy link

Some link is wrong. Please check it again

@pwFoo
Copy link

pwFoo commented Aug 27, 2019

Anyone uses https://github.com/safebash/opencrypto?
Looks good, but I get an DOMexception with increased data to encrypt. Works fine with https://github.com/encryb/simplecrypto, but here key export and some more features are missing?

@clayrisser
Copy link

If you're not big into closure, but want to use google's closure crypt library, you can use this wrapper around it. It supports typescript and works great on NodeJS. You don't need to know a thing about closure.

https://www.npmjs.com/package/@google-closure-library/goog.crypt

@felix
Copy link

felix commented Jan 17, 2020

The easiest ASN.1 library to work with by far: https://github.com/indutny/asn1.js/

@Nakilon
Copy link

Nakilon commented Mar 24, 2020

Most of these or even all of them are npm packages. I would like to know what are my options for using as a single js file to include it in a simple lightweight web page, so I could just copy it and don't bother with npm, yarn, whatever.

@imadbenouareth
Copy link

help me please i want to crypt data in arduino uno (AES) and decrypt data in node js (AES) ...give me a solution

@melquibrito
Copy link

melquibrito commented Apr 22, 2020

Most of these or even all of them are npm packages. I would like to know what are my options for using as a single js file to include it in a simple lightweight web page, so I could just copy it and don't bother with npm, yarn, whatever.

Checkout my project Cypher. It appends to Object, Object.prototype and String.prototype pretty fast and secure methods for synchronous encryption and decryption. I have also built a method that gives you unique randomised symmetric keys. If you'd like to see it running and do some testing, go here (use the testing.js file for testing).

@nishantgupta2501
Copy link

nishantgupta2501 commented Feb 16, 2021

We're using http://www-cs-students.stanford.edu/~tjw/jsbn/ and getting window.crypto.random is not a function error at line 39 in rng.js file in IOS webviewcontroller. We're using Xcode 11.3 for native apps. Can you please look into it? It's working fine for previous version of Xcode and other browsers as well.

@petrosDemetrakopoulos
Copy link

Also EthAir Balloons. A very useful strictly typed ORM library for Ethereum blockchain.

@DelphiWorlds
Copy link

Checkout my project Cypher

It has disappeared?

@stefanodecillis
Copy link

Is there a lib to encrypt/decrypt binary with ethereum wallet ecdsa pubkey and private key?

@amilich
Copy link

amilich commented Jun 1, 2023

Is there a lib to encrypt/decrypt binary with ethereum wallet ecdsa pubkey and private key?

I don't think this is standardized yet. Check out https://ethereum-magicians.org/t/eip-1024-cross-client-encrypt-decrypt/505 as well.

FYI, we also just published Skiff Crypto, which is open-source, has asymmetric/symmetric crypto for Node.JS + browser runtime. It also has object versioning capabilities. Repo link - https://github.com/skiff-org/skiff-apps/tree/main/libs/skiff-crypto.

@amilich
Copy link

amilich commented Jun 15, 2023

Documentation site too: https://skiff.com/skiff-crypto

@r0c4f1
Copy link

r0c4f1 commented Feb 7, 2024

gracias, eres un duro :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment