home *** CD-ROM | disk | FTP | other *** search
/ PC World Komputer 2010 April / PCWorld0410.iso / pluginy Firefox / 6984 / 6984.xpi / modules / crypto.js next >
Text File  |  2009-11-24  |  5KB  |  132 lines
  1.  
  2.  
  3. var EXPORTED_SYMBOLS = ["Crypto"];
  4.  
  5.  
  6. /**
  7. * Lazarus Cryptography
  8. * We will use hybrid encryption when saving data to the database.
  9. * this should allow us to encrypt forms with the public key and only require the user to 
  10. * enter their password when they want to retrieve a form.
  12. * Both the public and private (RSA) keys should be kept in the database.
  13. * The public key is kept unencrypted, but the private key will be symetrically encrypted (AES)
  14. * using the users password.
  15. */
  16. var Crypto = {
  17.  
  18.     AESStaticIV: '0gL6pSJ13AKDvo7xNnsZaQ==',
  19.  
  20.     publicKey: null,
  21.     
  22.     privateKey: null,
  23.     
  24.     //flag to indicate if we are currently generating RSA keys
  25.     generatingKeys: false,
  26.     
  27.     crypto: Components.classes["@labs.mozilla.com/Weave/Crypto;1"].createInstance(Components.interfaces.IWeaveCrypto),
  28.     
  29.     /**
  30.     * encrypt a string 
  31.     */
  32.     encrypt: function(str){
  33.     
  34.         //generate a random string with which we're going to encode this data.
  35.         var randKey = this.crypto.generateRandomKey();
  36.         
  37.         //encrypt the data with the random key
  38.         var encData = this.crypto.encrypt(str, randKey, this.publicKey.iv);
  39.         
  40.         //now encrypt the key with our public/private key encryption
  41.         var encKey = this.crypto.wrapSymmetricKey(randKey, this.publicKey.key);
  42.         
  43.         //and return the encrypted key with the data
  44.         return encKey +":"+ encData;
  45.     },    
  46.     
  47.     decrypt: function(encStr){
  48.         //split the string into key/data
  49.         var encKey = encStr.substr(0, encStr.indexOf(":"));
  50.         var encData = encStr.substr(encStr.indexOf(":")+1);
  51.         
  52.         
  53.         //decrypt the random key
  54.         var decKey = this.crypto.unwrapSymmetricKey(encKey, this.privateKey.key,
  55.                                               this.privateKey.password,
  56.                                               this.privateKey.passphraseSalt,
  57.                                               this.privateKey.privkeyWrapIV);
  58.         
  59.         
  60.         
  61.         //then decrypt the data with the unencrypted random key
  62.         return this.crypto.decrypt(encData, decKey, this.privateKey.iv);
  63.     },
  64.     
  65.     
  66.     /**
  67.     * AES encryption/decryption methods appear to take passwords of the exact length (256 bits) 
  68.     */
  69.     fixPassword: function(password){
  70.         //password must be 256 bits long
  71.         var PASSWORD_LEN = 32; //characters
  72.         password = password.substr(0, PASSWORD_LEN);
  73.         var origLen = password.length;
  74.         for (var i=origLen; i<PASSWORD_LEN; i++){
  75.             password += " ";
  76.         }
  77.         return btoa(password);
  78.     },
  79.     
  80.     AESEncrypt: function(str, password){
  81.         return this.crypto.encrypt(str, this.fixPassword(password), this.AESStaticIV);        
  82.     },
  83.     
  84.     AESDecrypt: function(encStr, password){
  85.         try {
  86.             return this.crypto.decrypt(encStr, this.fixPassword(password), this.AESStaticIV);  
  87.         }
  88.         catch(e){
  89.             return false;
  90.         }
  91.     },
  92.     
  93.     
  94.     generateRSAKeyPair: function(){
  95.     
  96.         var privOut = {};
  97.         var pubOut  = {};
  98.         
  99.         var publicKeyIV = this.crypto.generateRandomIV();
  100.         var password = this.crypto.generateRandomBytes(32)
  101.         var salt = this.crypto.generateRandomBytes(32);
  102.         var iv   = this.crypto.generateRandomIV();
  103.         
  104.         try {
  105.             this.generatingKeys = true;
  106.             this.crypto.generateKeypair(password, salt, iv, pubOut, privOut);
  107.             this.generatingKeys = false;
  108.             return {
  109.                 "public": {
  110.                     key: pubOut.value,
  111.                     iv: publicKeyIV,                
  112.                 },
  113.                 "private": {
  114.                     key            : privOut.value,
  115.                     password       : password,
  116.                     passphraseSalt : salt,
  117.                     privkeyWrapIV  : iv,
  118.                     iv             : publicKeyIV
  119.                 }
  120.             }
  121.         }
  122.         catch(e){
  123.             this.generatingKeys = false;
  124.             var consoleService = Components.classes["@mozilla.org/consoleservice;1"].getService(Components.interfaces.nsIConsoleService);
  125.             var scriptError = Components.classes["@mozilla.org/scripterror;1"].createInstance(Components.interfaces.nsIScriptError);
  126.             scriptError.init(e.message, e.fileName, null, e.lineNumber, null, scriptError.errorFlag, "component javascript");
  127.             consoleService.logMessage(scriptError);   
  128.             return false;
  129.         }
  130.     }
  131. };
  132.