Essential Cryptography for JavaScript Developers: A practical guide to leveraging common cryptographic operations in Node.js and the browser
- Length: 220 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-02-28
- ISBN-10: 1801075336
- ISBN-13: 9781801075336
- Sales Rank: #905536 (See Top 100 Books)
Discover how to take advantage of common cryptographic operations to build safer apps that respect users’ privacy with the help of examples in JavaScript for Node.js and browsers
Key Features
- Understand how to implement common cryptographic operations in your code with practical examples
- Learn about picking modern safe algorithms, which libraries you should rely on, and how to use them correctly
- Build modern and secure applications that respect your users’ privacy with cryptography
Book Description
If you’re a software developer, this book will give you an introduction to cryptography, helping you understand how to make the most of it for your applications. The book contains extensive code samples in JavaScript, both for Node.js and for frontend apps running in a web browser, although the core concepts can be used by developers working with any programming language and framework.
With a purely hands-on approach that is focused on sharing actionable knowledge, you’ll learn about the common categories of cryptographic operations that you can leverage in all apps you’re developing, including hashing, encryption with symmetric, asymmetric and hybrid ciphers, and digital signatures. You’ll learn when to use these operations and how to choose and implement the most popular algorithms to perform them, including SHA-2, Argon2, AES, ChaCha20-Poly1305, RSA, and Elliptic Curve Cryptography. Later, you’ll learn how to deal with password and key management. All code in this book is written in JavaScript and designed to run in Node.js or as part of frontend apps for web browsers.
By the end of this book, you’ll be able to build solutions that leverage cryptography to protect user privacy, offer better security against an expanding and more complex threat landscape, help meet data protection requirements, and unlock new opportunities.
What you will learn
- Write JavaScript code that uses cryptography running within a Node.js environment for the server-side or in frontend applications for web browsers
- Use modern, safe hashing functions for calculating digests and key derivation, including SHA-2 and Argon2
- Practice encrypting messages and files with a symmetric key using AES and ChaCha20-Poly1305
- Use asymmetric and hybrid encryption, leveraging RSA and Elliptic Curve Cryptography with ECDH and ECIES
- Calculate and verify digital signatures using RSA and ECDSA/EdDSA
- Manage passwords and encryption keys safely
Who this book is for
This cryptography book is an introductory guide for software developers who don’t necessarily have a background in cryptography but are interested in learning how to integrate it in their solutions, correctly and safely. You’ll need to have at least intermediate-level knowledge of building apps with JavaScript and familiarity with Node.js to make the most of this book.
Essential Cryptography for JavaScript Developers
Contributors
About the author
About the reviewers
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
Part 1 – Getting Started
Chapter 1: Cryptography for Developers
What is cryptography and why should a developer care?
Protecting secrets…
…and the other uses of modern cryptography
Why this matters to developers
What this book is about – and what it's not
Rules of engagement
Defining "safe"
Types and "layers" of encryption
Summary
Chapter 2: Dealing with Binary and Random Data
Encoding and representing binary data
A brief word on character encodings and why we encode binary data
Buffers in Node.js
Hex encoding
Base64
Generating cryptographically secure random byte sequences
The importance of randomness
Using crypto.randomBytes
Summary
Part 2 – Using Common Cryptographic Operations with Node.js
Chapter 3: File and Password Hashing with Node.js
Technical requirements
An overview of hashing functions
Properties of hashing functions, and how they differ from encryption
Uses for hashing functions
Calculating digests and generating identifiers
Hashing a short message or string
Hashing large files and streams
How to "break" a hash
Fast hashing functions and low-entropy inputs
Rainbow tables
Hashing passwords and deriving keys
Argon2
Scrypt
Older hashing functions
Collisions
Summary
Chapter 4: Symmetric Encryption in Node.js
Technical requirements
Symmetric and asymmetric encryption
Symmetric encryption with AES
Key length
Mode of operation
Initialization vector
Using AES with Node.js
Symmetric encryption with ChaCha20-Poly1305
Example usage with Node.js
When to use ChaCha20-Poly1305 or AES-GCM
Key derivation
Reusing keys
Wrapping keys and best practices for encrypting large documents
AES Key Wrap
Wrapping user keys
Summary
Chapter 5: Using Asymmetric and Hybrid Encryption in Node.js
Technical requirements
Understanding public-key and hybrid cryptosystems
The need for public-key cryptography
Hybrid cryptosystems
Loading, exporting, and encoding public and private keys
Encoding keys as PEM
Reading and exporting keys
Using RSA with Node.js
Generating an RSA key pair
Using RSA for encryption and decryption
Hybrid encryption with RSA and AES
Key agreements with Elliptic-Curve Diffie-Hellman
Picking a curve
Generating EC key pairs
Diffie-Hellman key agreements and Perfect Forward Secrecy
Performing an ECDH key agreement
Data encryption with ECIES
Summary
Chapter 6: Digital Signatures with Node.js and Trust
Technical requirements
The what, how, and why of digital signatures
Hashes and digital signatures
Properties of digital signatures
How digital signatures work
Digital signatures and encryption
How developers use digital signatures
Calculating and verifying digital signatures with Node.js
Using RSA
Using elliptic curves
Trust and certificates
The problem of trusting keys
Public keys and certificates
Public Key Infrastructure
Alternative approaches
Summary
Part 3 – Cryptography in the Browser
Chapter 7: Introduction to Cryptography in the Browser
Technical requirements
Playground
In Node.js
About cryptography in the browser – uses and challenges
Challenges of cryptography in the browser
Building browser-based apps that use cryptography
Binary data in the browser
Buffers and typed arrays in the browser
Generating random data
Keys in Web Crypto
The CryptoKey object
Generating keys
Importing keys
Exporting keys
Summary
Chapter 8: Performing Common Cryptographic Operations in the Browser
Technical requirements
Hashing and key derivation
Calculating checksums
Hashing passwords
Deriving encryption keys
Symmetric encryption
Encrypting and decrypting messages with AES
Asymmetric and hybrid cryptography
Encrypting and decrypting short messages with RSA
Hybrid encryption with RSA and AES
Using elliptic curves for ECDH key agreements and ECIES hybrid encryption
Digital signatures
Digital signatures with the WebCrypto APIs
Calculating and verifying RSA signatures
Calculating and verifying ECDSA signatures
Summary
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share Your ThoughtsDonate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Essential Cryptography for JavaScript Developers: A practical guide to leveraging common cryptographic operations in Node.js and the browser, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.
