Andrew Milich / 8.05.2022Home / guides

How can you do cryptography in Javascript?

Almost every web application likely touches some type of encryption - whether it’s AES encryption in SSL or application level security. How can you do cryptography in JavaScript?
Encryption diagram from plain text in JavaScript.

The NodeJS crypto library

The Node.js crypto library is a built-in module that provides cryptographic functionality for Node.js applications. It includes a range of features, such as support for generating cryptographic keys, encrypting and decrypting data, and creating and verifying digital signatures.The Node.js crypto library uses the same cryptographicalgorithms and protocols as other secure systems, which ensures that the cryptographic operations it performs are just as secure. It also includes mechanisms for ensuring the integrity of cryptographic operations, such as support for digital signatures.The Node.js crypto library is easy to use and can be integrated into Node.js applications with just a few lines of code. It is widely used in the Node.js community and has become an important part of the Node.js ecosystem.Overall, the Node.js crypto library is a valuable tool for Node.js developers who need to perform cryptographic operations in their applications. It provides a range of features and is easy to use, making it a popular choice for implementing cryptography in Node.js applications.

How to use NodeJS crypto

To start, you will need to have Node.js installed on your system. You can download the latest version of Node.js from the official website (https://nodejs.org/en/).Once you have Node.js installed, you can use the following steps to encrypt and decrypt a message using the Node.js crypto library:1. Create a new Node.js project by running the following command:npm init2. Create a new JavaScript file, named app.js, and add the following code to import the Node.js crypto library:const crypto = require('crypto');3. Add the following code to generate a random encryption key:const key = crypto.randomBytes(32);4. Add the following code to define the message that you want to encrypt:const message = 'This is the message that we want to encrypt.';5. Add the following code to encrypt the message using the encryption key that you generated previouslyconst iv = crypto.randomBytes(16);const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);let encrypted = cipher.update(message, 'utf8', 'hex');encrypted += cipher.final('hex');6. Add the following code to decrypt the encrypted message using the encryption key that you generated in step 4:const decipher = crypto.createDecipheriv('aes-256-cbc', key, iv);let decrypted = decipher.update(encrypted, 'hex', 'utf8');decrypted += decipher.final('utf8');7. Add the following code to print the encrypted and decrypted messages to the console:console.log('Encrypted message:', encrypted);console.log('Decrypted message:', decrypted);8. Run the following command to execute the JavaScript file and encrypt and decrypt the message:node app.jsIf everything works correctly, you should see the encrypted and decrypted messages printed to the console.

WebCrypto: On the client side

WebCrypto is a standard for implementing cryptographic operations in web browsers. It provides a set of APIs (application programming interfaces) that enable web applications to perform cryptographic functions, such as encrypting and decrypting data, securely.One of the key reasons why WebCrypto makes browser cryptography secure is that it uses the same cryptographicalgorithms and protocols that are used in other secure systems. This ensures that the cryptographic operations performed by web applications are just as secure as those performed by other applications.Additionally, WebCrypto uses a secure environment to perform cryptographic operations. This means that the cryptographic keys used by web applications are not accessible to other parts of the browser, or to other applications on the user's device. This helps protect against attacks that try to steal cryptographic keys or other sensitive information.Furthermore, WebCrypto includes mechanisms for ensuring the integrity of cryptographic operations. For example, it includes support for digital signatures, which can be used to verify that a message or other data has not been tampered with. This helps protect against attacks that try to alter the results of cryptographic operations.Overall, WebCrypto makes browser cryptography secure by using strong cryptographicalgorithms and protocols, providing a secure environment for performing cryptographic operations, and ensuring the integrity of cryptographic operations. These features help ensure that web applications can perform cryptographic functions securely and reliably.

How to use WebCrypto

To use WebCrypto, you will need to include the crypto object in your code. This object contains several methods that you can use to perform cryptographic operations, such as generating keys, encrypting and decrypting data, and signing and verifying data.Here is a simple example of how to use WebCrypto to generate a random key and encrypt some data:// Import the WebCrypto APIconst crypto = window.crypto;// Generate a random keyconst key = crypto.subtle.generateKey( { name: "AES-GCM", length: 256, }, true, ["encrypt", "decrypt"] );// Encrypt some dataconst data = new TextEncoder().encode("Hello, world!");const iv = crypto.getRandomValues(new Uint8Array(12));const encryptedData = crypto.subtle.encrypt( { name: "AES-GCM", iv: iv, }, key, data );In this example, we first import the crypto object, which provides access to the WebCrypto API. We then use the generateKey method to generate a random AES-256 key that we can use to encrypt and decrypt data.Next, we create a TextEncoder object, which we can use to convert a string into a Uint8Array of bytes. We then use the encode method to encode our string as a Uint8Array.Finally, we use the encrypt method to encrypt our data using the key and an initialization vector (IV). The IV is a random value that is used to ensure that the encrypted data is unique for each encryption operation.This is just a simple example of how to use WebCrypto. There are many other cryptographic operations that you can perform using this API, such as generating hashes, signing data, and building applications that rely on client-side crypto, such as Skiff’s suite of end-to-end encrypted email and collaboration products.

Skiff-crypto: Node.JS or browser

Here at Skiff, we've open-sourced and MIT licensed our own, easy-to-use JavaScript encryption, decryption, and object versioning library. You can check out the library here on NPM, or the open-source code here.Skiff-crypto is designed to be functional, powerful, and easy-to-use. To encrypt and decrypt text, all you have to do is:const skiffCrypto = require('@skiff-org/skiff-crypto');const plaintext = "Hello, skiff-crypto!";
const keypair = skiffCrypto.generatePublicPrivateKeyPair();
const encrypted = skiffCrypto.stringEncryptAsymmetric(keypair.privateKey, { key: keypair.publicKey }, plaintext);
const decrypted = skiffCrypto.stringDecryptAsymmetric(keypair.privateKey, { key: keypair.publicKey }, encrypted);console.log('Plaintext:', plaintext);console.log('Ciphertext:', encrypted);
console.log('Expected to be true:', plaintext === decrypted);
You'll find a suite of functions for encoding or decoding strings into byte arrays, object datagrams for managing versions and structure, and functions for generating and verifying signatures.

Hashing and encoding

Hashing is the process of taking a piece of data and converting it into a fixed-size string of characters, known as a hash. Hashes are often used to store passwords because they are secure and difficult to reverse.To create a hash in JavaScript, you can use the crypto library, which is built into modern browsers. Here is an example of how to create a hash using the crypto library:const crypto = require('crypto'); // Create a hashconst hash = crypto.createHash('sha256'); // Update the hash with the data you want to hashhash.update('my-data-to-hash'); // Get the final hash as a hexadecimal stringconst hashString = hash.digest('hex');console.log(hashString); // Outputs a long string of charactersIn this example, we use the sha256 algorithm to create the hash. This is a popular and secure algorithm, but there are many others to choose from. You can see a full list of supported algorithms by calling crypto.getHashes().Encoding is the process of taking data and converting it into a different format. This is often used when storing or transmitting data, as different formats can be more efficient or secure.In JavaScript, you can use the Buffer class to encode data into a variety of formats. Here is an example of how to encode data as a base64 string:const buffer = Buffer.from('my-data-to-encode'); // Encode the data as a base64 stringconst encodedString = buffer.toString('base64');console.log(encodedString); // Outputs a base64-encoded stringIn this example, we use the Buffer.from() method to create a Buffer object storing the relevant data. Then, we instruct the Buffer to convert the data to a string in base64. From there, the encoded output is printed to the console.Other crypto libraries in Javascript, such as crypto-js, simplify some of the interfaces and functions needed. For a tutorial on how to use this library, check out our other blog on Javascript encryption.

What products use cryptography in JavaScript?

Crypto libraries for the web and NodeJS have enabled a new generation of privacy-first web development. A few of our favorite examples are below:Skiff MailSkiff Mail is an end-to-end encrypted, private workspace, with products for email, calendar, collaborating on notes, and file storage. The product performs key pair generation in the web using elliptic curves. Using asymmetric cryptography, Skiff Mail encrypts messages with recipients’ public keys such that only users’ individual private keys can decrypt messages and see the resulting plain text. Skiff Mail is free to use, with 10 GB of storage included, and offers paid plans for custom domains, extra storage, and business features.MetaMaskMetaMask is a free, open-source crypto wallet. It performs all key derivation inside the app itself (which, for web users, can be a browser extension on Chrome, Firefox, or other apps), keeping a user’s secret keys stored locally. MetaMask offers extensive docs on its encryption standards, APIs, and security.Password managersA password manager uses encryption to protect the sensitive data it stores, such as login credentials and other personal information. When a user saves a new login to the password manager, the software encrypts the data using a strong encryption algorithm. This ensures that even if someone were to gain access to the password manager's database, they would not be able to read the stored information without the proper decryption key - they would only be able to access encrypted ciphertext. The password manager also typically encrypts the user's master password, which is used to access the stored login credentials, for added security.

Join the community

Become a part of our 1,000,000+ community and join the future of a private and decentralized internet.

Free plan • No card required