Sunday, April 27, 2014

working with crypto.js for hashing and encryption -javascript

Hashing is generally done for safe transferring of data from client to server and vice versa. In php there so many hashing algorithms are present as inbuilt functions.Similarly we have that hashing techniques as library in Javascript also.I had particularly searched for this library for developing hybrid apps using login functionality where REST API with PHP is used as backend to connect with a database to store username & hashed passwords.I was worried about passing the variables using REST API calls without hashing.since Hybrid Mobile Application mostly use javascripts for validations,making API calls and further appending i hashed my password for safety.i would like to show more about the function of crypto.js in which we could simply call the function and get our messages hashed in mean time.

javascipt Crypto.js for hashing variables


Download the Zip file.Rollups folder contains all JS files.There is different JS file for Different crypting methods eg: MD5.SHA1 etc.

<script src="respective JS file for hashing" >

Live preview:

**if live preview is not loading results ! use demo option above.
var hash = CryptoJS.MD5("shivasurya");
var hash = CryptoJS.SHA512("shivasurya");
var hash = CryptoJS.SHA1("shivasurya");
var hash = CryptoJS.SHA256("shivasurya");
var hash = CryptoJS.SHA3("shivasurya",{ outputLength: 224 });
var encrypted = CryptoJS.AES.encrypt('shivasurya is missing someone so badly', 'surya');
var decrypted = CryptoJS.AES.decrypt(encrypted, 'surya');
var plaintext = decrypted.toString(CryptoJS.enc.Utf8);
var encrypted = CryptoJS.RC4.encrypt("Shiva is being missed by someone...", "surya");
var decrypted = CryptoJS.RC4.decrypt(encrypted, "surya");
var simple=decrypted.toString(CryptoJS.enc.Utf8);
 var encrypted = CryptoJS.RC4.encrypt("love yourself", "pinku");
var decrypted = CryptoJS.RC4.decrypt(encrypted, "pinku");
var simple=decrypted.toString(CryptoJS.enc.Utf8);
See the Pen crypto.js ~ i-visionblog tutorials by s.shivasurya (@shivasurya) on CodePen.


MD5 is common encryption done during these days since it easy to hash and it is one way hashing method .we could see this in many languages like PHP,java etc.. , but i wont encourage you to use MD5.

CryptoJS.MD5("shivasurya");    //calling this function returns md5 hash 

calling this function by passing arguments as string will return MD hash and we could store it in a Javascript variable.


SHA1 is also another encryption and hashing algorithm used to hash the message with different type of options.preferably SHA encryption is used for many purposes for repository handling and other purpose also.SHA is also good type of hashing.

CryptoJS.SHA1("shivasurya");   // calling this function return SHA1 hash

actually SHA1 was invented by NSA (National Security Agency) :p and they told that this method gets weakening as new methods are invented.


sha2 comes with two different options with 512 and 256 hashing.But it's not widely used by starters but provides security.

CryptoJS.SHA512("harish");   //thos two function returns hash accordingly


sha3 comes finally which is more secured as per analysis.we could get desired output from 512,284 etc. length of hashed message.

CryptoJS.SHA3("Shivasurya",{ outputLength: 512 });
CryptoJS.SHA3("Shivasurya",{ outputLength: 224 });

so with additional parameter we could pass output length of our hashed message string.

AES(Advanced Encryption Standards):

AES is also best system for encrypting your messages with a passphrase passing a key it would use the key to encrypt the variable.

var encrypted = CryptoJS.AES.encrypt('shivasurya is missing someone so badly', 'passphrase');
var decrypted = CryptoJS.AES.decrypt(encrypted, 'surya');
var plaintext = decrypted.toString(CryptoJS.enc.Utf8);

here we called function and passed Message and passphrase as arguments and returned is saved in encrypted variable.Then with Decrypt function we have passed same passphrase and we need to convert into string format in UTF-8 format we call the additional function.

Similarly RABIT and RC4 works in the sameway by calling th function.

NOTE: each algorithm has different features as strength and weakness only developer must understand it and try to implement them with caution.Read more about more encryption weakness in stackoverflow website forum,many experts share their views on encryption.

report bug as comments/contact me . share is care.


Post a Comment

feel free to post your comments! Don't Spam here!