CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-sjcl

Stanford JavaScript Crypto Library providing comprehensive cryptographic operations including AES encryption, hash functions, key derivation, and elliptic curve cryptography.

Pending
Overview
Eval results
Files

high-level-encryption.mddocs/

High-Level Encryption

SJCL provides simple, secure encryption and decryption functions that handle all the cryptographic complexity internally, making it easy to encrypt data with just a password.

Capabilities

Simple Encryption

Encrypts plaintext using a password with secure defaults including authenticated encryption.

/**
 * Encrypt plaintext with a password using secure defaults
 * @param {string} password - Password for encryption
 * @param {string} plaintext - Data to encrypt
 * @param {Object} [params] - Optional encryption parameters
 * @param {Object} [rp] - Optional progress callback parameters
 * @returns {string} JSON string containing encrypted data and parameters
 */
function encrypt(password, plaintext, params, rp);

Usage Examples:

const sjcl = require('sjcl');

// Basic encryption
const encrypted = sjcl.encrypt("myPassword", "Hello, World!");
console.log(encrypted);
// Returns: '{"iv":"...","v":1,"iter":10000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"...","ct":"..."}'

// With custom parameters
const customParams = {
  mode: "gcm",
  ts: 128,        // tag size in bits
  ks: 256,        // key size in bits  
  iter: 100000    // PBKDF2 iterations
};
const encrypted2 = sjcl.encrypt("myPassword", "Hello, World!", customParams);

Simple Decryption

Decrypts ciphertext that was encrypted with the encrypt function.

/**
 * Decrypt ciphertext encrypted with sjcl.encrypt
 * @param {string} password - Password used for encryption
 * @param {string} ciphertext - JSON string from encrypt function
 * @param {Object} [params] - Optional decryption parameters
 * @param {Object} [rp] - Optional progress callback parameters
 * @returns {string} Decrypted plaintext
 * @throws {sjcl.exception.corrupt} If ciphertext is invalid or password is wrong
 * @throws {sjcl.exception.invalid} If parameters are invalid
 */
function decrypt(password, ciphertext, params, rp);

Usage Examples:

const sjcl = require('sjcl');

// Decrypt data
try {
  const decrypted = sjcl.decrypt("myPassword", encryptedData);
  console.log(decrypted); // "Hello, World!"
} catch (e) {
  if (e instanceof sjcl.exception.corrupt) {
    console.error("Invalid ciphertext or wrong password");
  } else if (e instanceof sjcl.exception.invalid) {
    console.error("Invalid parameters");
  }
}

JSON Format

JSON Encryption

Encrypts data and returns a structured JSON object instead of a string.

/**
 * Encrypt plaintext and return JSON object
 * @param {string} password - Password for encryption
 * @param {string} plaintext - Data to encrypt
 * @param {Object} [params] - Optional encryption parameters
 * @param {Object} [rp] - Optional progress callback parameters
 * @returns {string} JSON string with encryption data
 */
sjcl.json.encrypt(password, plaintext, params, rp);

/**
 * Internal encryption returning raw object
 * @param {string} password - Password for encryption
 * @param {string} plaintext - Data to encrypt
 * @param {Object} [params] - Optional encryption parameters
 * @param {Object} [rp] - Optional progress callback parameters
 * @returns {Object} Raw encryption object (not JSON string)
 */
sjcl.json._encrypt(password, plaintext, params, rp);

JSON Decryption

Decrypts JSON-formatted ciphertext.

/**
 * Decrypt JSON-formatted ciphertext
 * @param {string} password - Password used for encryption
 * @param {string} ciphertext - JSON string to decrypt
 * @param {Object} [params] - Optional decryption parameters
 * @param {Object} [rp] - Optional progress callback parameters
 * @returns {string} Decrypted plaintext
 */
sjcl.json.decrypt(password, ciphertext, params, rp);

/**
 * Internal decryption from raw object
 * @param {string} password - Password used for encryption
 * @param {Object} ciphertext - Raw ciphertext object
 * @param {Object} [params] - Optional decryption parameters
 * @param {Object} [rp] - Optional progress callback parameters
 * @returns {string} Decrypted plaintext
 */
sjcl.json._decrypt(password, ciphertext, params, rp);

JSON Utilities

Encode and decode JSON with proper formatting.

/**
 * Encode object to JSON string
 * @param {Object} obj - Object to encode
 * @returns {string} JSON string
 */
sjcl.json.encode(obj);

/**
 * Decode JSON string to object
 * @param {string} str - JSON string to decode
 * @returns {Object} Parsed object
 */
sjcl.json.decode(str);

Default Parameters

SJCL uses secure defaults for encryption parameters:

/**
 * Default encryption parameters object
 */
sjcl.json.defaults = {
  v: 1,           // version
  iter: 10000,    // PBKDF2 iterations
  ks: 128,        // key size in bits (128, 192, or 256)
  ts: 64,         // tag size in bits
  mode: "ccm",    // cipher mode
  cipher: "aes",  // cipher algorithm
  // Additional parameters set automatically:
  // iv: random initialization vector
  // salt: random salt for key derivation
};

Usage Examples:

const sjcl = require('sjcl');

// Use default parameters
const encrypted1 = sjcl.encrypt("password", "data");

// Override specific defaults
const params = Object.assign({}, sjcl.json.defaults, {
  iter: 100000,  // Higher security
  ks: 256,       // Larger key size
  mode: "gcm"    // Different mode
});
const encrypted2 = sjcl.encrypt("password", "data", params);

// Check what defaults are being used
console.log(sjcl.json.defaults);

Cached PBKDF2

Optimized password-based key derivation with automatic salt generation and caching.

/**
 * Cached PBKDF2 with automatic salt generation
 * @param {string} password - Password for key derivation
 * @param {Object} obj - Object containing salt and other parameters
 * @returns {BitArray} Derived key as bit array
 */
sjcl.misc.cachedPbkdf2(password, obj);

Usage Examples:

const sjcl = require('sjcl');

// The obj parameter should contain salt and iteration count
const params = {
  salt: sjcl.random.randomWords(4), // 4 words of random salt
  iter: 10000
};

const derivedKey = sjcl.misc.cachedPbkdf2("myPassword", params);

Error Handling

The high-level encryption functions can throw several types of exceptions:

const sjcl = require('sjcl');

try {
  const encrypted = sjcl.encrypt("password", "data");
  const decrypted = sjcl.decrypt("password", encrypted);
} catch (e) {
  if (e instanceof sjcl.exception.corrupt) {
    // Ciphertext is corrupted or password is wrong
    console.error("Decryption failed: " + e.message);
  } else if (e instanceof sjcl.exception.invalid) {
    // Invalid parameters provided
    console.error("Invalid parameters: " + e.message);
  } else if (e instanceof sjcl.exception.notReady) {
    // Random number generator not ready
    console.error("RNG not ready: " + e.message);
  }
}

Install with Tessl CLI

npx tessl i tessl/npm-sjcl

docs

big-number-arithmetic.md

bit-array-utilities.md

cipher-modes.md

data-encoding.md

elliptic-curve-cryptography.md

hash-functions.md

high-level-encryption.md

index.md

key-derivation.md

key-exchange.md

message-authentication.md

random-number-generation.md

symmetric-encryption.md

tile.json