crypt.io
crypt.io implements secures browser storage with the SJCL (Stanford Javascript Crypto Libraries) crypto library.
Options:
- passphrase:
{String}
User supplied passphrase - storage:
{String}
Storage engine to use; local, session or cookies
Examples:
Here are a few examples of use to get you started.
Default use
Saving data...
var storage = cryptio inventory = "SKU": "39-48949" "Price": 618 "Item": "Snowboard" "SKU": "99-28128" "Price": 7899 "Item": "Cleats" "SKU": "83-38285" "Price": 399 "Item": "Hockey Puck" ; storage;
Retrieving data...
var storage = cryptio; storage;
Storage option
Want to use a different storage engine like the HTML5 sessionStorage feature?
var options = storage: 'session';
Or some depreciated cookies? This is the least tested option
var options = storage: 'cookies';
Extra security
While providing a transparent method of encryption for objects within the client prevents the need for user interaction, in terms of security in the event of a same-origin, dom rebinding attack coupled with a man- in-the-middle scenario or a malicious browser add-on it would be more secure to prompt the user for his/her passphrase.
Here is an example of user input for the passphrase.
var pass = windowprompt"Please enter password..." "a custom password"; var options = passphrase: pass; storage; storage;
For the paranoid
Here is a robust example of saving & retrieving data implementing a user defined password based on their input while also using key stretching techniques to further enhance the security of the key used as well as using a tempoary storage option such as sessionStorage for the current authenticated session.
Saving data (please keep in mind that a static value for the salt is not recommended)
var pass = windowprompt"Enter password to protect saved data" ""; var options = passphrase: sjclcodecbase64; storage; storage;
Warning:
For the obligitory read regarding Javascript Encryption and the security implications please read 'NCC Group - Javascript Cryptography Considered Harmful'
Requirements:
Installation:
Three methods are available for setup and use; using bower, cloning & manual
Bower
To setup using bower
%> bower install crypt.io
Clone
To setup using git
%> git clone --recursive https://github.com/jas-/crypt.io.git
Manual
Copy the crypt.io.min.js and the sjcl libraries to your web project and include them like so.
Support:
Found a bug? Want a feature added? General feedback or kudos? Please open an issue so I can address it. Thanks!