Click here to Skip to main content
Click here to Skip to main content

Extensions for the Microsoft AJAX Framework

, 24 Feb 2009 Ms-PL
Rate this:
Please Sign up or sign in to vote.
Provides cryptographic services including secure encoding and decoding of data, as well as hashing and random number generation, and new methods for JavaScript native objects.

Introduction

Here, I present a JavaScript library that extends the Microsoft AJAX Framework with new classes. Undoubtedly, the Microsoft AJAX Framework is great. However, it doesn't provide or emulate all the classes and functionality that the .NET Framework does. That's why I decided to extend the Microsoft AJAX Framework with some classes and methods that the .NET BCL provides, and which can be useful in a JavaScript environment.

Currently, the library includes three files: Sys.Core.js, Sys.Text.js, and Sys.Crypto.js.

  • Similar to .NET 3.5 that provides additional classes through the new System.Core.dll, Sys.Core.js provides additional methods for JavaScript native objects and some new classes like Sys.Convert.
  • Sys.Text.js contains classes representing ASCII, Unicode, UTF-7, UTF-8, and UTF-32 character encoding. These classes are helpful for data encoding or decoding and in Cryptography services.
  • Sys.Crypto.js provides cryptographic services including secure encoding and decoding of data, as well as hashing and random number generation, like the System.Security.Cryptography namespace in the .NET Framework.

In this article, I will describe how to use the cryptographic services this library provides.

Let's compare the most current and popular implementation of MD5 - Paul Johnston's implementation in JavaScript, with the one we have in this library. First, Johnston's implementation requires string as an input. What does this mean? This means, you cannot use any encoding you want. For example, if you hash some non-ASCII string with Johnston's implementation and compare it with the hash computed with .NET's widely-known FormsAuthentication.HashPasswordForStoringInConfigFile method, you'll see they do not match. Why? Because, the HashPasswordForStoringInConfigFile method uses UTF-8 that Johnston's implementation is unable to provide. A cryptographic algorithm should not care about strings and encodings. It should work only with bytes, like .NET works. Next is the performance. The Sys.Crypto.MD5CryptoServiceProvider class works about 6 - 8 times faster than Johnston's one (much here depends on the browser).

Let's see how to use the class mentioned above.

Using the code

Using the MD5 algorithm:

var buff = Sys.Text.Encoding.UTF8.getBytes("abc");
var md5 = Sys.Crypto.MD5.create();
var hash = md5.computeHash(buff);

window.alert(Sys.Convert.toBase64String(hash));

Compared with C# code:

byte[] buff = System.Text.Encoding.UTF8.GetBytes("abc");
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] hash = md5.ComputeHash(buff);

Console.WriteLine(System.Convert.ToBase64String(hash));

The Sys.Crypto namespace provides classes for the following algorithms: MD5, SHA-1, SHA-256, HMAC, and Rijndael/AES. Let's see how to use them.

SHA1 Algorithm

var buff = Sys.Text.Encoding.UTF8.getBytes("abc");
var sha1= Sys.Crypto.SHA1.create();
var hash = sha1.computeHash(buff);

window.alert(Sys.Convert.toBase64String(hash));

HMAC Algorithm

var hmac = new Sys.Crypto.HMAC("SHA1");
// currently supported SHA256, SHA1, and MD5

var key = Sys.Text.Encoding.BigEndianUnicode.getBytes("Key to mix");

hmac.set_key(key);
// if key is not provided, a random genereted key will be used


var buffer = Sys.Text.Encoding.BigEndianUnicode.getBytes("Hello World!");
var hash = hmac.computeHash(buffer);

window.alert(Sys.Convert.toBase64String(hash));

AES Algorithm

var aes = new Sys.Crypto.Aes.create();

// encrypting

var aesEnc = aes.createEncryptor();
var buffer = Sys.Text.Encoding.ASCII.getBytes("Hello World!");
var encrypted = aesEnc.transform(buffer);

window.alert(Sys.Convert.toBase64String(encrypted));

// decrypting

var aesDec = aes.createDecryptor();
var decrypted = aesDec.transform(encrypted);

window.alert(Sys.Text.Encoding.ASCII.getString(decrypted));

The Sys.Text namespace classes, now, are fixed according to Microsoft KB940521 (security bulletin MS07-040), except the UTF7Encoding class which will be fixed in future or be removed from the library.

Here, I introduce the Sys.Crypto namespace in a nutshell. For complete documentation of this namespace and its base and abstract classes (not mentioned here), see the attached files. Actually, currently, there is no any documentation for the classes in Sys.Core.js. See the source code instead.

In the near future, I plan to release XML (?) and Drawing classes. Well, since we have Silverlight I guess Drawing API is needless. I'm also not sure about XML API although you'll have the same API for all browsers.

Added SHA-256 hash algorithm support.

Any feedback, suggestions, performance improvements, or critics will be welcome and appreciated.

Also available at CodePlex.

License

This article, along with any associated source code and files, is licensed under The Microsoft Public License (Ms-PL)

Share

About the Author

Ruben Buniatyan
Web Developer
Armenia Armenia
No Biography provided

Comments and Discussions

 
RantAES padding bug PinmemberScottless_guy10-Nov-08 15:50 
GeneralRe: AES padding bug [modified] PinmemberRuben Buniatyan11-Nov-08 2:01 
QuestionHow does this really work? PinmemberSmboInc17-Jul-07 7:06 
AnswerRe: How does this really work? PinmemberRuben Buniatyan17-Jul-07 23:53 
GeneralGood work PinmemberSimone Busoli11-Jul-07 2:34 
GeneralRe: Good work PinmemberRuben Buniatyan11-Jul-07 3:49 
GeneralRe: Good work PinmemberChristopher Pietschmann, MCSD, MCAD7-Nov-07 12:52 
GeneralRe: Good work PinmemberRuben Buniatyan8-Nov-07 5:16 
GeneralExtending the "Sys" namespace considered bad Pinmemberhexy8-Jul-07 22:55 
GeneralRe: Extending the "Sys" namespace considered bad PinmemberRuben Buniatyan11-Jul-07 4:01 
GeneralRe: Extending the "Sys" namespace considered bad PinmemberSecrets16-Jul-07 21:43 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.150414.1 | Last Updated 24 Feb 2009
Article Copyright 2007 by Ruben Buniatyan
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid