Jerry Wickey
Key West, FL US
jerrywickey.com
jerry@jerrywickey.com


Download
jerrysLibrary.js

jerrysLibrary.php


testJerrysLibrary.php

PHP, HTML and Javascript source for this page. The AJAX server form handler example is in this page

Retrieving comments.
Waiting for secure channel.
Comment below


 

Jerry's Cryptography and AJAX javascript and PHP Library

Ubiquitous Robust Encryption

Any web page can easily employ robust encryption

RC4 over RSA
really is just this easy


No SSL, no secure server needed. javascript and PHP function library does everything, even client to server URL encoding automatically
js: <body onload= initCrypto( 1024 bit)

js: encryptToServer( clientPlainText)

PHP: decryptFromClient( encryptedDataFromClient)

PHP: encryptToClient( serverPlainText)

js: decryptFromServer( encryptedDataFromServer)


Encrypt everything on the Internet from mobile device web apps to dinner recipe web pages. The technology is now free.

Encrypting only important documents merely identifies which documents are important, attracting the most powerful decryption efforts. Which is better? A society in which no one can have any secrets? Or a society in which anyone can keep everything secret?


New Version

Much faster bcmath based on true binary multiplication
- multiply two 700 digit decimal numbers (2300 bits) in less than
- 40 iterations of 700 digit integer addition function (14000 700 int adds)

greatly improved xdomain abuse detection and prevention

added 'collect' and 'populate' functions for super easy form handling

higher and much stronger encryption

easier to use php html javascript template in a single -plug and play file

Cryptography
void initCrypto( no_bits )
string encryptToServer( dataFromClient )
string decryptFromServer( encryptedDataFromServer )
Download, save path and settings
Download Instructions
AJAX
string synchttp( UrlInYourDomainGET, POST )
void multihttp( UrlInYourDomainGET, POST, callBackFunctionName )
string Xdomain( anyUrlGET, POST, cookiejar, agent, timeout )
void multiXdomain( anyUrlGET, POST, cookiejar, agent, timeout, callBackFunctionName )
bool setcookie( name, value, time, path, domain )
string getcookie( name )
bool setsession( name, value )
string getsession( name )
Miscellany
string subtute( replaceThis, withThis, inString )
string trim( str, trim )
bool ekey( this.event)
object ge( str )
void ms( pointer )
int getxpos( obj )
int getypos( obj )
 

- Comments -


 Noms de plume
 Enter your email, if you want to follow this conversation. Your email is never shared.
your comment





Any web page can easily employ robust encryption

Say Good-by to Captcha

Say Goodbye to NSA spying

This article is for programmers -to encourage and help them in the ubiquitous use of robust encryption.

Encrypt all AJAX data to and from the server with this free and entirely javascript and PHP library. There are many reasons for ubiquitous encryption other than data security itself. The complete and total elimination of Captcha for one. Look at the source code for the comments section on this page to see why the comments on this page are safe from auto post robots without any sort of Captcha what-so-ever.

No installation needed. No java applet client download. No SSL. No security certificates. Not even JQuery is needed. It is a clean, short and simple library that in addition to Encryption also provides AJAX functions including get and set session and cookie. Simply download the jerrysLibrary.js and jerrysLibrary.php libraries. Save them to your server and reference them in your code.

This page demonstrates all the functions which the library provides. And the source code of this page provides direct examples of the use of each. You'll find the code examples clearly marked in the source. This library was expressly written for ease of use.

Given ever increasing security concerns,


I have decided to add RSA encryption to all client/server communications on my websites. Everything I write from now on will employ rigorous and ubiquitous encryption. Everything! not just passwords, but the contents of even every AJAX call.

Salute to Edward Snowden


This is about more than commercial and banking security. Regardless of the fact that the NSA is probably uninterested in my particular web traffic, making snooping technically infeasible makes the world a better and safer place for free thinkers and for the exchange of political ideas and ensures the free exchange of ideas without fear that someone, somewhere will decide that this or that information should not be available to the public. So, encryption is not just about keeping your data safe from hackers, but it is about making the world a better place to live.

Encrypting only important documents, merely identifies that document as worth devoting computational time. Encrypting everything forces everything to be decrypted to determine which documents are important.

The library design goal


To make encryption easy for web developers, I wrote a javascript and PHP library and offer it to everyone for their use. I encourage the proliferation of robust encryption technology to keep everyone honest. And offer this library of easy to use functions to everyone everywhere. I offer it's use free of charge. I offer it for alteration, augmentation, bug fixes, or any other changes.

This javascript and PHP library endows even tablets and smart phones with full 2048 bit RSA encryption in four very easy to use javascript functions. Plus the library provides 13 other handy functions for AJAX and to make programming easier.

The library is written and utilizes PHP and javascript only. This keeps it easy to use and implement. No user has to download software and install it. Everything can be done with javascript and PHP.

Since cryptography also requires AJAX and some other functions that make it all go easier, all the functions are explained and available here for your use. Please use them freely.

Design considerations


Upon the initial client http request, the server begins to generate vary large prime numbers in anticipation. The client passes the results of a javascript speed test to the server in its initial handshake. The server generates as strong an RSA key set as possible for the given speed test.

The server and client then use the RSA asymmetrical key set to build up a robust RC4 symmetrical key over multiple steps. Finally there is a final handshake where the server and client confirm to each other that they are indeed the same machines which first began the negotiation.

This is done by decrypting a message and comparing it with the original handshake message. Re-encrypting it and passing it back confirms that the server and client are in fact the very same which began the key negotiations a few seconds ago. This Guarantees that no hacker has hijacked the handshaking. Communication then continues for the session with the secure RC4 key at which the server and client arrived.

The message or safe word which persists throughout the communication session is contained in the javascript variable JL_cryname. The hash of this randomly generated message is the name of a file on the server which contains all the pertinent key information. Server SESSION variables are not used because they slow the server down and because using the hash of the passed message disassociates any obvious connection between session files on the server and http requests.

The challenge for the server is generating large prime numbers. A 2000 bit prime number can take as much as two minutes to generate in pure PHP. I solved this simply by having the client make multiple http requests under the same JL_cryname. This employs many instances of the same prime number generator which dumps their results into the same pool.

The client javascript is challenged by the bcmath needed to encrypt in RSA

To get things to work on the javascript client I looked for a bcmath package for javascript. I found a good one but it was still too slow. I ended up writing my own from scratch. By ignoring negative numbers, floating point and validation of the arguments, I got it to work better than twice as fast as the best package I looked at and kept is completely javascript.