了解使用斯坦福JavaScript加密库的JavaScript加密 [英] Understanding JavaScript Cryptography using Stanford Javascript Crypto Library

问题描述

我将需要加密某些内容，然后将其保存在html5和JS的本地存储中，此刻我使用 Stanford Javascript Crypto Library 。

I would need to encrypt the some content before saving it on local storage in html5 and JS, at the moment I use Stanford Javascript Crypto Library.

目前我使用这样的代码。

At the moment I use a code like this.

usernameEnc = sjcl.encrypt("password", username);
passwordEnc = sjcl.encrypt("password", password);
localStorage.username = usernameEnc;
localStorage.password = passwordEnc;  

我能够正确加密。当我正在使用JS构建一个HTML5应用程序，并且JS代码是在客户端下载时，如何保护PASSWORD以避免轻松解密脚本？

I am able to encrypt correctly. As I am building a HTML5 application with JS and the JS code is download in the client, how can I protect the PASSWORD for avoiding easily decrypt the script?

也许我想念点我很困惑。

Maybe I miss the point I am little puzzled.

推荐答案

不幸的是，没有办法保护你的钥匙。它是JavaScript，它应该以某种方式被下载以在浏览器中执行。你可以模糊关键，使它有点困难，但具有平均知识的人可以打破它。

Unfortunately, there is no way for you to protect your key. It's JavaScript and it should somehow be downloaded to be executed in the browser. You can obfuscate the key to make it a little hard but someone with average knowledge would be able to break it.

我建议做的是你可以加密内容使用用户的密码。所以每次用户输入密码来解密内容。

What I would suggest doing is that you can encrypt the contents using the user's password. So every time the user should enter the password to decrypt the contents.

不要使用用户密码。使用关键派生功能，例如 PBKDF2 。 crypto-js库中的PBKDF2有一个JavaScript实现。

Don't use the users password just as it is. Use a key derivation function such as PBKDF2. There's a JavaScript implementation for PBKDF2 in the crypto-js library.

无论如何，您应该知道的一点是，如果您的应用程序可以在客户端读取它，确定的人也可以读取它，无论您尝试保护它多么努力。

Anyway something that you ought to know is that if your application can read it in the client side, someone determined can read it too no matter how hard you try to protect it.

这篇关于了解使用斯坦福JavaScript加密库的JavaScript加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！