Monday, April 7th, 2008

window.crypto: want crypto primitives in the browser? You may already have it

Category: Browsers, Firefox, Security

Enigma Machine

It seems to make sense to add crypto helpers to the browser, for use by us, the humble JavaScript developer. I have called out to this in the past and people bring it up often on various lists.

Brad Neuberg found that Gecko actually has built-in crypt primitives via window.crypto!

Mozilla defines a special JavaScript object to allow web pages access to certain cryptographic related services. These services are a balance between the functionality web pages need, and the requirement to protect users from malicious web sites. Most of these services are available via the JavaScript window object as window.crypto. For instance, to obtain a ten byte random number using the cryptographic engine, simply call:


  1. var myrandom = window.crypto.random(10);

Services are provided to enable: smart card events, generating certificate requests, importing user certs, generating random numbers, logging out of your tokens, and signing text.

Posted by Dion Almaer at 7:21 am

2.9 rating from 17 votes


Comments feed TrackBack URI

Right, except a note at the bottom of that documentation page says:

N.B.: random is not implemented in Mozilla browsers.

The other things described on that page (smart card insertion/removal events, certificate management, etc.) are presumably implemented, but those aren’t really useful in the general case.

Comment by Andrew Dupont — April 7, 2008

They are wierd, but they are still crypto. Not exactly the primitives I would have chosen (smart cards?!?!), but its still random that they exist in present browsers. Too bad about random though — didn’t see that note. That is actually a useful function to have.

Comment by BradNeuberg — April 7, 2008

Well i learn somthing new on this site every day

Comment by Aphrodisiac — July 30, 2008

Leave a comment

You must be logged in to post a comment.