SJCL discussion Google Group

Is anyone interested in taking over SJCL

m...@shiftleft.org (Mike Hamburg) — Sat, 18 May 2013 02:35:23 UT

Hello all,

I've been nominally the maintainer of SJCL for a couple years now, but I haven't done any real work on it in a few months. I'm not sure I have the time and energy to keep up with it. But perhaps more importantly, I haven't actually used SJCL myself, and I don't even do web development. So I don't know what's important in a web crypto library, what systems and crypto packages I need to interoperate with, or any of that I also don't keep up with web dev news, so I don't know much about the finer points of new crypto APIs, web workers or other things which have become popular since Emily, Dan and I wrote SJCL.

IV length vs. nonce in CCM mode

mischm...@googlemail.com (Michaela Merz) — Sun, 07 Apr 2013 17:24:22 UT

Hi again:
BouncyCastle uses the IV as nonce in CCM. This doesn't fly, as SJCL's IV
length can be > 13 octets and re-calculates the size of the nonce. Would it
be safe to assume, that SJCL always reduces larger IVs to 13 bytes of
nonce? Would it be safe to simply reduce the IV to 13 octets?
Thanks.

Finding Y from X in ECC point

fruiz...@gmail.com (Francisco Ruiz) — Mon, 01 Apr 2013 03:26:02 UT

I'm working on a Diffie-Hellmann scheme using the SJCL ECC routines, and
I've got it working pretty well thanks to all the help I've gotten from you
guys. After I generate a public key pub from a secret key sec by doing
pub = curve.G.mult(sec)
I find that the pub object contains both x and y coordinates of the point

Breaking change in ECDSA

m...@shiftleft.org (Mike Hamburg) — Mon, 25 Mar 2013 05:43:26 UT

Hello all,

Commits master:e5d53c75a8a36df54e9e6ba c47e04b2b103c62fa and ecc:dc042f62fc32cf8dd7fef5cc4b 54476f2a891059 contain correct versions of ECDSA, with tests vectors, thanks to Tom Hughes. (Older versions contain a hacked-up version of ECDSA, returning (r,1/s) instead of (r,s), which is equivalent but requires one fewer division to verify. Hooray for premature optimization.)

pbkdf2

mischm...@googlemail.com (Michaela Merz) — Wed, 06 Mar 2013 21:51:57 UT

Hey there:
While trying to get sjcl compatible with JAVA/PHP, I ran into trouble with
pbkdf2. I wasn't even able to verify SJCL's pbkdf2 against the reference of
RFC6070. I am sure, I am to blame, but
var s = sjcl.codec.utf8String.toBits(" salt");
var a =sjcl.misc.pbkdf2("password",s ,1,160);
var raw = sjcl.codec.String.fromBits(a);

how do I initialize an encrypted variable?

jdelabeaujardi...@gmail.com — Thu, 28 Feb 2013 23:35:12 UT

Using crypto.stanford.edu/sjcl/sjcl. js, I encrypt some plain text with a
password.

The encrypted data, when shown by its toString method (I suppose), is
externalized as a string like

{"iv":"H6V2RJhNp0 ….. ,"ct":"MLCr2tg01DNDeEN97mEpYRg 0S3X0SjH7rZ5KlUmuw1M"}

Later, I want to initialize a javascript variable with that externalized

Compatibility with Crypto++

a.haigh...@gmail.com — Wed, 30 Jan 2013 05:19:49 UT

I'm trying to emulate SJCL in C++ with Crypto++, but it's not as easy as I
expected. I can't seem to get the same output from Crypto++ as `(new
sjcl.cipher.aes(key)).encrypt( plain)` gives me. I made a StackOverflow
question with some code and sample output (link below), but they suggested
I ask here. I'm using ECB mode in Crypto++, is that right?

Put ECC Key Generation into a thread

dark.c...@gmail.com (dark.cton) — Wed, 23 Jan 2013 21:53:53 UT

Hey,
I am currently working on putting the ECC Key Generator into a thread to
make it possible to create long keys without blocking the GUI.
First thing I have done is finding out which is the computation intensive
task, which from my findings should be
pub = curve.G.mult(sec)
on line 323 of ecc.js.

Encryption Length

mischm...@googlemail.com (Michaela Merz) — Sat, 12 Jan 2013 17:01:04 UT

Hi There:
Thanks fpr providing such a clean, nice library. What puzzles me is the
size of an encrypted data block. I understand, that die to padding, each
block would be slightly larger, but 2097152 raw bytes give me about 3054641
encrypted bytes - that's about 100k larger.
I modified convenience.js to return the object: return (j._subtract(p,

SJCL and .NET Rijndael giving different encryption results

awes...@gmail.com (Anthony Wesley) — Thu, 03 Jan 2013 15:33:19 UT

Using the same encryption key and IV, I am getting varying results between
the two encryption libraries.
JS
var crypto = {
var encryptionKey,
password,
salt,
cryptoParams = {
iterations: 1000,
keyLength: 256
function computeKey() {
// Added a func to misc that uses SHA1 rather than SHA256 as
// .NET's RFC2898DeriveBytes class uses SHA1

Add Entropy from one pool to another

dark.c...@gmail.com (dark.cton) — Tue, 11 Dec 2012 20:54:51 UT

I am using sjcl in a worker thread and need to fill the entropy pool.
I would do this by passing a random message from the normal window (where
the entropy pool is considered full) to the worker.
How long should this message be to make sure there is enough randomness
being passed?
Greets,
Nils

Is there a quicker way to make a public key object in ECC?

fruiz...@gmail.com (Francisco Ruiz) — Fri, 19 Oct 2012 22:46:44 UT

Hi there,
Continuing with my application to perform a Diffie-Hellman scheme between
two parties (Alice and Bob), I ran into an issue that's stumping me.
First Alice generates keys with:
par = sjcl.ecc.curves["c521"] //make parameter object
sec = sjcl.bn.random(par.r,0) //make random secret key

Parameters for 521-bit ECC curve

fruiz...@gmail.com (Francisco Ruiz) — Tue, 16 Oct 2012 21:35:26 UT

In case anyone is interested in trying the 521-bit curve, sjcl.bn already
has the parameters to make the appropriate Mersenne prime, per the NIST
recommended set. What's missing is the rest of the parameters in sjcl.ecc
Most of the parameters that sjcl.ecc uses are straight from the NIST
publication, except the first two. After some sleuthing, I found that the

discussion open for Web Crypto API

masonsi...@gmail.com (Mason Simon) — Sun, 14 Oct 2012 22:11:11 UT

In case anyone is interested and unaware: "if you like Javascript, or
if you care about crypto, check it out, and send feedback to public-
webcrypto-comme...@w3.org." ([link]
0/113127438179392830442/posts/ U52MuSrojnL)

I don't have the crypto expertise to weigh in, but thought someone

Doing straight Diffie-Hellman in sjcl ecc

fruiz...@gmail.com (Francisco Ruiz) — Tue, 09 Oct 2012 22:34:30 UT

Hi,
I'm working on a simple mobile webpage to encrypt/decrypt short messages,
starting without a shared key. I have a version using conventional the
Diffie-Hellman exchange with 2048-bit integers, which I have posted here
(non-mobile version):
[link]
I'd like to use elliptic curves instead of powermod exponents because it is