WebRSA

Implementation of PKCS #1 v2.1 RSA CRYPTOGRAPHY STANDARD (RSA Laboratories, June 14, 2002)

Copyright (C) Ellis Pritchard, Guardian Unlimited 2003.

LICENCE

Distributed under BSD licence.

WHERE TO GET IT

WebRSA is a SourceForge.net Project; get it at Sourceforge.

WHAT IS IT?

• RSA Public Key Crypotgraphy for Web Browsers.
  WebRSA is an implementation of PKCS #1 v2.1 RSA CRYPTOGRAPHY STANDARD (RSA Laboratories, June 14, 2002). WebRSA allows a humble browser with JavaScript support to encrypt data using RSA Public Key Cryptography, so that it can be sent to a server securely(*).
• WebRSA supports RSA key sizes of 256 bits and larger.
• WebRSA comes with several implementations of the Server-side code, which support both Decryption and Encryption.
• WebRSA is Open Source.

WHAT IT IS NOT

• It is not a replacement for SSL.
  SSL provides true end-to-end protection, protection from man-in-the-middle attacks, key revoking, trust etc. etc. WebRSA provides some protection of sensitive data, such as new passwords, when SSL cannot be used for various reasons.
• Bi-directional.
  It's not really possible to send data from the server to the client securely using this method, since the client has no practical place to keep or generate its private key (you could do it in a frame, but its just not that practical dammit!). You could use it to securely send a password to a server with which to stream-cipher encrypt some data server-side, and use one of the available JavaScript stream cipher implementations to decrypt the data on the client-side. I'll leave that as an excercise to the reader...
• Fast
  The client side is implemented in JavaScript, so the speed of encryption will depend on the quality of your browsers implementation of JavaScript and your CPU power. Typical mid-range machines of today will take under 2 seconds per block using a 256-bit-key, older machines or beta-quality browsers will take longer. Using the same measure, 512-bit keys may take around 8 seconds a block. The server side is pretty fast, however, since it's implemented in something decent!
• (*) Incredibly Secure.
  Although there's nothing in the code to stop you using 2048-bit keys or longer; it will take ages to encrypt the data using JavaScript; most browsers will even think that the JavaScript has gone wrong or the browser is being attacked, and ask you whether you want to continue. Therefore you'll be using keys of 512-bits or less (256-bits works with reasonable speed on all browsers/machines, use 512+ bit keys if you know your audience have the CPU power). Although keys smaller than 2048-bits are considered easy to break by cryptographers these days, in practice it does take significant effort, effort which may not be worth-while to break the keys of your site. If it's really sensitive, get an SSL certificate and do it properly.
• Intended for login via password.
  You'd be better off using MD5-Digest authentication or a JavaScript HMAC algorithm, e.g. HMAC(MD5) for sending login passwords; it's really really quick and pretty much unbreakable, especially if you factor in server-side secret keys and time-window dependent processing... Start by looking at Paj's Home; this is pretty much how we implemented it at The Guardian.

THANKS

• Leemon Baird for BigInt.js; see BigInt.README
• Tom Poindexter for Mpexpr 1.0; see Mpexpr.README
• Paul Johnston et al for md5.js; see md5_js.README
• Don Libes, D. J. Hagberg et al for md5.tcl (now in tcllib); see md5_tcl.README
• David I. Bell, Landon Curt Noll et al for Calc which was the basis for Mpexpr and enabled me to figure out the RSA stuff.
• RSA Laboratories for their algorithm and documentation.
• Guardian Unlimited for making such a thing necessary, and actually believing it would work!
• SourceForge for providing a place to put it (and for approving a crazy sounding project!)

CONTACT