Implementation of PKCS #1 v2.1 RSA CRYPTOGRAPHY STANDARD (RSA Laboratories, June 14, 2002)
Copyright (C) Ellis Pritchard, Guardian Unlimited 2003.
Distributed under BSD licence.
WHERE TO GET IT
WebRSA is a SourceForge.net Project; get it at Sourceforge.
WHAT IS IT?
- RSA Public Key Crypotgraphy for Web Browsers.
WebRSA is an implementation of PKCS #1 v2.1 RSA CRYPTOGRAPHY STANDARD (RSA Laboratories, June 14, 2002).
- WebRSA supports RSA key sizes of 256 bits and larger.
- WebRSA comes with several implementations of the Server-side code, which support both Decryption and Encryption.
- WebRSA is Open Source.
WHAT IT IS NOT
- It is not a replacement for SSL.
SSL provides true end-to-end protection, protection from man-in-the-middle attacks, key revoking, trust etc. etc.
WebRSA provides some protection of sensitive data, such as new passwords, when SSL cannot be used for various reasons.
It's not really possible to send data from the server to the client securely using this method, since the client has no practical place to keep or generate its private key (you could do it in a frame, but its just not that practical dammit!).
The server side is pretty fast, however, since it's implemented in something decent!
- (*) Incredibly Secure.
Therefore you'll be using keys of 512-bits or less (256-bits works with reasonable speed on all browsers/machines, use 512+ bit keys if you know your audience have the CPU power).
Although keys smaller than 2048-bits are considered easy to break by cryptographers these days, in practice it does take significant effort, effort which may not be worth-while to break the keys of your site. If it's really sensitive, get an SSL certificate and do it properly.
- Intended for login via password.
- Leemon Baird for BigInt.js; see BigInt.README
- Tom Poindexter for Mpexpr 1.0; see Mpexpr.README
- Paul Johnston et al for md5.js; see md5_js.README
- Don Libes, D. J. Hagberg et al for md5.tcl (now in tcllib); see md5_tcl.README
- David I. Bell, Landon Curt Noll et al for Calc which was the basis for Mpexpr and enabled me to figure out the RSA stuff.
- RSA Laboratories for their algorithm and documentation.
- Guardian Unlimited for making such a thing necessary, and actually believing it would work!
- SourceForge for providing a place to put it (and for approving a crazy sounding project!)
Email: ellispritchard at users.sourceforge.net (indirect link).
$Id: WebRSA-README.html,v 1.1 2003/03/19 17:43:11 ellispritchard Exp $