Instantly share code, notes, and snippets.

What would you like to do?
List of JavaScript Crypto libraries.

JavaScript Crypto Libraries

I start with a list and plan to create a comparison table.


This specification describes a JavaScript API for performing basic cryptographic operations in web applications, such as hashing, signature generation and verification, and encryption and decryption. Additionally, it describes an API for applications to generate and/or manage the keying material necessary to perform these operations. Uses for this API range from user or service authentication, document or code signing, and the confidentiality and integrity of communications.

  • W3C Working Draft 25 June 2013


Stanford Javascript Crypto Library


Emscripten-compiled Javascript version of NaCl, the Networking and Cryptography library.


RSA and ECC in JavaScript

  • Version 1.4 (7/1/2013)


RSA public/private key crypto for Node.


Provides a simple wrapper around the fantastic work done by Tom Wu for RSA Encryption for JavaScript.


OpenPGP implementation for JavaScript


JavaScript implementation of JSON Web Signatures, JSON Web Tokens, and JSON Web Certificates


An easy-to-use encryption system utilizing RSA and AES for javascript.


a JavaScript crypto library


A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps

  • based on jsbn


JavaScript implementations of standard and secure cryptographic algorithms


JavaScript Cryptography Toolkit

This library is an object oriented cryptography toolkit that implements several fundamental cryptographic algorithms including TWOFISH, SERPENT, RIJNDAEL, RSA with key-generation and SHA(SHA-1,224,256,384,512) for JavaScript. This library works in ActionScript as well. The unique feature of this library is asynchronous processing. A heavyweight process such as 4096bit RSA key generation will be done asynchronously so that this library does not cause problems such as freezing browsers, "slow-downing" warning dialogs, etc.

  • asynchronous RSA key generation
  • based on jsbn


A JavaScript Cryptography Library

This library is an object oriented cryptography library that implements several fundamental cryptographic algorithms including AES, SHA-1, HMAC, BASE64, RSA, ECC and IBE for JavaScript. This library works in ActionScript as well.


Cifre is a fast crypto toolkit for modern client-side JavaScript. This is done by taking the best crypto code for js on the net and updating it to use modern technologies. There are plans to collaborate with the forge project.

  • MIT License
  • 2013-07-30 14:09:58


A WebCrypto Polyfill


A Firefox extension for the Web Cryptography API


JavaScript Cryptography

  • Last modified: - 09/05/2012

This comment has been minimized.

rmhrisk commented Mar 1, 2016


This comment has been minimized.

lpetrov commented Mar 1, 2016


This comment has been minimized.

Duskfall commented Mar 10, 2016

Imho asmcrypto is the best right now. Tested AES functions


This comment has been minimized.


This comment has been minimized.

PythonNut commented May 29, 2016

Also libsodium.js.


This comment has been minimized.

maxnis commented Jan 6, 2017

One more to the list:


This comment has been minimized.

namomo commented Apr 13, 2017


This comment has been minimized.

wal-de-marlad commented May 30, 2017

IMO this is best one: WebCrypto GOST Library


This comment has been minimized.

yonjah commented May 31, 2017

@wal-de-marlad what makes you think that ?
And what does it even mean best one ?
Is it the most audited implementation ? Does it uses a recommended algorithms ? Does it have the simplest API ?
(Having only one contributor and using some semi secret Russian algo similar to DES I would be surprised if it won't be one of the least recommended library out of the list provided here)

SJCL Is probably the only js library that was actually created by cryptography professionals.
Don't know if it makes it the "best" but I wouldn't consider using any other 3rd party library in anything important


This comment has been minimized.

AlessandroBudroni commented Jul 2, 2017

There is also milagro-crypto-js.


This comment has been minimized.

gabrielizalo commented Jul 17, 2017

I have created a Repo with this info so people can help easily.
Also the list has a new format that I think will help us to compare the different options easily: JavaScript Crypto Libraries
Comments, missing libs and pull requests more than welcome.


This comment has been minimized.

Tectract commented Sep 29, 2017

Can anyone point me to actual security analysis on any of these crypto libraries? HOW SECURE are they? Which ones have been cracked? How secure are these libraries to things like cache timing attacks? Which are considered the best, and why? How do they compare to the new W3C WebCrypto API? I think any libraries that haven't passed strong security testing should be relisted on this page under a DO NOT USE list.

I'm actually trying to move away from SJCL because the maintainer has abandoned the project and it doesn't play well with CommonJS require statements under some architectures. I looked for security analysis of SJCL and I couldn't find any, other than an offhand mention of a known vulnerability to cache timing attacks. Why do people trust crypto-js? Because the authors at Google would never do evil? They don't even host the code anymore, and the docs are minimal to say the least.


This comment has been minimized.

gabrielizalo commented Oct 24, 2017

@Tectract Sorry but there is no such info you request. The SJCL lib is one of the most used with crypto-js and JSEncrypt.
Take a look of a new list I did based in this one, but added some data about the libraries that will help you to evaluate them: JavaScript Crypto Libraries.


This comment has been minimized.

mnasyrov commented Dec 6, 2017

I want to share with CryptoBench.js - a benchmark testbed for some crypto libraries: asmcrypto.js, crypto-js, forge, libsodium.js, js-nacl, sjcl and tweetnacl.js.


This comment has been minimized.

jastam commented Jan 30, 2018

How about jsrsasign?


This comment has been minimized.

blockafrik commented Mar 22, 2018

Can i get a library which implement RSA. Has a method that get secret and generate keypair and it simply implement encryption, decryption, signing and verifying


This comment has been minimized.

Rockbass commented Apr 5, 2018

Hi guys
Could you please advice some library to generate ECDSA keypair in browser which could be suitable for using with web3 (ethereum) on backend? I've tried with jsrasign but failed - web3 was not satisfied by results.


This comment has been minimized.

fcorella commented Apr 14, 2018

The recently released PJCL may be the only JS crypto library that provides DSA and comes with sample code for implementing cryptographic authentication in web apps as explained in this blog post.


This comment has been minimized.

bkniffler commented Aug 21, 2018

PJCL looks interesting, but why isn't the code hosted on Github? Why isn't there a commonly used license? Where is the issue tracking? Why doesn't the example have a package.json so I can install the dependencies? I think a lot of people might be turned off by those things.


This comment has been minimized.

developeranirudhprabhu commented Sep 23, 2018

Is there any means by which while using RSA I can encrypt data with Private key (or assume I receive data which is encrypted using private key) and I decrypt using Public key.
Any help would be appreciated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment