Looking for advice on JavaScript RSA encryption

Question

I have a need to encrypt data entered by users on a form on the client side. My environment doesn't have ssl encryption, but I have found out that in my case I can achieve a similar result with RSA encryption. The public key will be used on the client side, and the owner of the private key will later be able to retrieve and decrypt the data.

Before I go down that route, I'd like to make sure I haven't overlooked any key issue. So here are a few questions:

• can you recommend JavaScript libraries that do RSA encryption?
• what guarantees that they are reliable?
• what are the shortcomings of this technique? For example a lost message if the user closes the browser too fast?

Generally speaking, I'd be interested in any advice on this JavaScript RSA encryption technique.

Update: the only RSA JavaScript I have found so far is on this page: http://www.ohdave.com/rsa/ Any feedback on that one?

Also, I am ok with encryption other than RSA, if you have any to recommend. My constraint is to have a 100% JavaScript solution.

Answer 1

This is possible, however it should be pointed out that this is in no way a replacement for TLS - largely because techniques like this offer no enforceable trust or authentication between the client and server; your script can't verify the the public key embedded within it is your public key, anyone who can get in between you & your client could substitute their own.

Answer 2

Take a look to asmcrypto.js — there is a lot of crypto algorithms implemented including RSA and it's really damn fast.

BTW I'm an author and would be glad to get some feedback and answer your questions if any.

Answer 3

https://sourceforge.net/projects/pidcrypt/ seems to be gaining popularity. I am evaluating it to be used in our project. Will post update if I managed to use this library.

Answer 4

If your javascript environment is secure (eg. https) and you do not have a requirement to support old browser versions Subtle.Crypto can be used to create a good security model. You will need to understand well what you are doing and how the encryption, signing, key storage, etc will be achieved in your environment. There are many pitfalls to rolling your own.

A good place to start is to consider if you need to distribute individual AES keys for rapid and secure encryption. If so then you may want to use RSA to encrypt and transmit individual AES keys and then use AES for the bulk of your encryption. Keep signing in mind. In many cases simply signing a payload so that it can be verified as intact is enough. It may be unnecessary to hide your data at rest or in transit.

https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto