JavaScript Encryption Program

  usage, testing, cipher details, attacks, notes

This page includes an open source JavaScript implementation of the RC4, AES, Serpent, Twofish, Caesar and RSA ciphers.

Ciphers can encrypt and decrypt information such that persons who do not know the password (the decryption key) can not read it. The implemented ciphers are strong enough to protect important information such as your passwords and PIN numbers.




Figure 1 shows how the program looks like on a PDA (Pocket PC). You can try-out the program directly in figure 1 or in a full size window by clicking on 'implementation'. With most browsers, you can download the implementation by right-clicking on 'implementation' and selecting the appropriate action.

Your browser is unable to show the implementation at this location.
Figure 1: The encryption program.

The program includes an example on how to use it. To see this example, switch to the category 'Examples' using the selector in the bottom-left corner. If you subsequently switch to the 'Edit' mode, using the selector in the bottom-right corner, you can edit this example and add your own text.

Category 'Examples' includes three embedded figures. Depending on the capabilities of your browser however, some of these figures might not be shown. Two of the three embedded figures in the example are specified using Base64 data. To get this Base64 data, you can use any Base64 conversion tool (example).

In category 'All', mode 'Edit', you can add and remove categories. For example, in case you want to remove the category named 'Main', first switch to the delete action by clicking on the button in bottom-middle until it shows a 'D'. Then click on the 'D' button in front of category 'Main'.

To encrypt your text, switch to the mode 'Save' using the selector in the bottom-right corner. Enter a password and click on the button 'Encrypt&Save'. Retype your password for verification purposes and click on the button 'Encrypt&Save' again. In Internet Explorer, you'll get a file dialog box. In other Browsers: save the top frame as an HTML file by right-clicking on it and selecting the appropriate action.

To decrypt your text, switch to the mode 'Load' using the selector in the bottom-right corner. If you have a file with encrypted text (see previous paragraph), you can put the URL of this file in the box marked with 'file'. Please note that, due to the same origin policy of most browsers, this file and the JavaScript Encryption Program need to be located on the same computer.

Alternatively, you can decrypt text directly, without using a file. For example, to decrypt:


switch to the mode 'Load', copy the Base64 code above and paste it into the box marked with 'code'. Then select the AESc cipher, type as key 'very1very2secret' and press the 'deCrypt' button.

It is possible to use the keyboard instead of the mouse. In most cases, the access key is the first capitalised letter of the button or option. For example, switching between the table actions Add, Interchange and Delete is done by pressing 'Alt-A', 'Alt-I' and 'Alt-D' respectively. Pressing the 'Alt'-key together with a ',' or '.' scrolls through the list of categories.



Your browser is unable to show an example view at this location.
Figure 2: View of the program.

If you want to test the implementation, put the program in the 'Load' mode and type testCode.html (or the full URL: in the input field marked with 'file'. Subsequently, click on the 'deCrypt'-button; keys are not needed. In case you used figure 1 to load 'testCode.html', figure 1 should now look exactly like figure 2.

It is possible to test the implemented ciphers as well as the UTF-8 and Base64 transformations. In case of encryption, the program uses UTF-8 to transform Unicode characters into bytes and Base64 to transform bytes into printable characters. In case of decryption, the program executes the transformations in the inverse direction.

Several predefined tests are included. For more tests, see e.g. the AES Known Answer Tests, the Serpent Known Answer Tests and the Twofish Known Answer Tests (files ecb_iv.txt, ecb_tbl.txt, ecb_vk.txt and ecb_vt.txt).


Cipher details


RC4, AES, Serpent, Twofish, Caesar and Swap are symmetric ciphers. The encryption key and the decryption key are the same.

The RC4a cipher modifies the RC4 cipher to circumvent its weaknesses. Firstly, RC4a adds a timestamp to the key to prevent the same key from being used twice. Secondly, RC4a drops the first 256 bytes of the RC4 pseudo-random number generator.

The top three in the competition to become the Advanced Encryption Standard were Rijndael (the winner, now known as AES), Serpent and Twofish. The JavaScript implementation works according to the standard specifications when you use a key with a length of 22, 32 or 43 characters. These key lengths match the 128, 192 and 256 bit key length variants of the specifications. Keys of other lengths will be expanded to one of these three lengths.

The program implements both the Electronic Codebook (ECB) mode as well as the Cipher Block Chaining (CBC) mode of the AES, Serpent and Twofish ciphers. The ECB variants of these ciphers have as acronym AESe, SRPe and TFSe respectively. The CBC variants have as acronym AESc, SRPc and TFSc.

The JavaScript implementation of the AES cipher is a translation of the implementation by Mike Scott. The Serpent implementation is a translation of the implementation by Dag Arne Osvik and the Twofish implementation is a translation of the implementation by Brian Gladman.

Caesar (CSR) is an encryption scheme that simply adds the provided key to the plain text in a round-robin fashion. It needs a very long key to be secure. The Roman emperor August used the first 100(!) lines of Ilias as the key.

Swap (SWP) is an encryption scheme that swaps the input characters. The intention of Swap is to be used in between other ciphers in order to prevent modular behaviour. For example: when used in between an AES encryption step and an Serpent encryption step, it makes sure that these two steps don't work both on the same 16 byte blocks. In case a key is provided, Swap does a Caesar-like encryption with this key.

RSA is an asymmetric cipher. It uses a pair of keys, one private key and one public key. Text encrypted with one key can only be decrypted with the other key. This asymmetric behaviour can be used both for security and for authentication purposes:

It is possible to combine these two functions: first encrypt the message with your private key, and then encrypt the message with the public key of the intended receiver.

The program includes a tool to generate a pair of RSA keys (in mode 'tool'). Be aware that, when you are not using Java, the complexity of the algorithm is O(n4), in which n is the number of bits in the key. I.e. given the time needed to find a key of n bits, it takes about 16 times longer to find a key of 2*n bits; 81 times longer to find a key of 3*n bits; etcetera.

AES, Serpent, Twofish and RSA are block ciphers. Padding bytes (0x00) are included at the end of the input to fill up the last block. With the 'lenInd'-option (length indication), each block cipher will ensure that the original text is restored, removing the appended padding bytes.

Without the 'lenInd'-option, block ciphers will simply remove all trailing 0x00 bytes. In specific cases (when the output of one cipher is input to another cipher) a 0x00 byte at the end of the decrypted text of the first cipher may not be the result of padding, but may actually be part of the encrypted text of the second cipher. In such cases, the chance on failing decryption is therefore 1:256.




Current computers are capable to search an enormous key-space (brute force attack). For this reason, the encryption keys must have a reasonable length. In table 1, you can find the time spent by current computers to do a brute force search on the complete keyspace. Note that Base64 characters are used for the key, i.e. 6 bits per character.

Table 1: Brute force attack times
Key length Time to search the keyspace
Symmetric (RC4/AES/SRP/TFS) Asymmetric (RSA) High-end computer University network Military
40 bits, 7 chars 274 bits, 46 chars weeks hours microseconds
64 bits, 11 chars 512 bits, 86 chars millennia decades minutes
80 bits, 14 chars 1024 bits, 171 chars infinite infinite centuries
128 bits, 22 chars 3072 bits, 512 chars infinite infinite millennia

The files that are read and written by the program are easily recognisable as containing encrypted data. If you want an extra level of protection, store the encrypted data in a less obvious place. For example, with Mozilla Thunderbird, save an email with attachment in .eml format. Then simply replace the (Base64 encoded attachment) with the result of the encryption.




Security of JavaScript: JavaScript runs on your local machine. The decrypted information is therefore not sent over any communication line. Your browser should also not store the decrypted information in some (temporary) file. You might want to check this for yourself; e.g. in Mozilla/Netscape you can type about:cache for the URL.

Valid HTML 4.01 'Standards compliant' option in mode 'tool': Internet Explorer seems unable to do full-screen text editing using standard HTML. At least, I did not find a standards compliant alternative for absolute positioning of the <TEXTAREA>-element that does work as expected in Mozilla and Netscape.

Losing changes: The program can confirm, upon exit, if you really want to lose changes you have made. If you accidentally forgot to save your changes, the program is reloaded so you can save your text. For this functionality to work, you need to disable pop-up blocking in your browser.

Open source: "In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It's true for cryptographic algorithms, security protocols, and security source code. For us, open source isn't just a business model; it's smart engineering practice." (Bruce Schneier, Crypto-Gram 1999/09/15)

Table 2: Supported browsers
Browser Tested version Embedded objects Java in JavaScript
data:-protocol b64:-protocol emulation XBM
Mozilla Firefox 1.0 Ok Ok Ok Ok
Mozilla 1.6 Ok Ok Ok Ok
Netscape 7.1, 7.2 Ok Ok Ok Ok
Opera 7.23 Ok - - Ok
Internet Explorer 5.5, 6.0 - - Ok -
Pocket IE 2003 - - - -

Michiel van Everdingen (Email)
October 2005 History