sjcl
Stanford Javascript Crypto Library
Hufsy
This is custom sjcl build with only scrypt and AES-GCM included. Build instructions:
configure --without-all --with-aes --with-scrypt --with-gcm
make sjcl.js tidy
Security Advisories
- 12.02.2014: the current development version has a paranoia bug in the ecc module. The bug was introduced in commit ac0b3fe0 and might affect ecc key generation on platforms without a platform random number generator.
Security Contact
Security Mail: sjcl@ovt.me OpenPGP-Key Fingerprint: 0D54 3E52 87B4 EC06 3FA9 0115 72ED A6C7 7AAF 48ED Keyserver: pool.sks-keyservers.net
Upgrade Guide
1.0.3 -> 1.0.4
codecBase32
has been re-enabled with changes to conform to RFC 4648:
- Padding with
=
is now applied to the output offromBits
. If you don't want that padding, you can disable it by callingfromBits
with a second parameter oftrue
or anything that evaluates as "truthy" in JS - The encoding alphabet for
sjcl.codec.base32
now matches that specified by the RFC, rather than the extended hex alphabet. - The former extended hex alphabet is now available through
sjcl.codec.base32hex
(also matching the RFC). So if you encoded something withbase32
before, you'll want to decode it withbase32hex
now.
Documentation
The documentation is available here