JavaScript Shopping & Crypto / News: Recent posts

Fritz Schneider wrote me to announce the availability of Rijndael in JavaScript at his web site:
http://www-cse.ucsd.edu/~fritz/rijndael.html

All this might be totally useless, but I think it's lots of fun! Three cheers, Fritz!

john

Tune up your handy decoder rings -- I now have a server-side decoder working. Sorry all you ASP types -- I couldn't get JScript to work. Sorry all you PERL types -- I couldn't get a cross-platform version working that was fast enough.

Yes, it's PYTHON! Python had the cross-platformability and the bigint stuff compiled in.

Eventually I'll put all the parts together (from trevco and the rest) in an archive and release them, but for now you can find the python script at http://shop-js.sf.net/decode.py... read more

My first commercial implementation is just about to go live.... Well, it's taken months to get this far, but I think we're quite close. This has included a lot of usability udates including local sales tax, quantity discounts, an "info" page for the non-technical... Lots of little things that make the difference between an untested concept and the real MaCoy! He's using his ISP's standard form emailer to complete the order.... read more

For the purist... I have now implemented an entropy pool for the random number generator for the RSA key generator.

Enjoy!
John

I've updated the RSA, bigInt, and session key routines again. This is in preparation for the first official release. See the changelog at the end of crypto2.htm for details. Crypto.js is getting pretty stable. The remaining issues are (a) do we need a passphrase for the private key, and (b) do I need to use a better random number generator (ie higher entropy) for generating keys. I think the answers are (a) no and (b) yes, but I'm not sure yet. A better RNG will only mean changing crypto2.htm and not crypto.js. Putting a passphrase on the private key will mean changing the interface to rsaDecode again.... read more

I'm delighted to announce that the crypto stuff is done! We can generate 512 bit RSA-style keys in about 5 minutes (PII 450, MSIE5.0). Encryption in under 2 seconds. Decyption in about 22 seconds.

Of course if you want faster performance you can (a) buy a faster computer (you wanted an excuse anyway, right), or (b) use less secure keys (any multiple of 8 works fine).

I've also tightened up the security on generating session keys. I think it was good before, but now it should be great.... read more

When I started the project I posted to sci.crypt and Leemon Baird took on the challenge. If you're interested in bigints and javascript, look at http://www.leemon.com/crypto/BigInt.html -- He's right on my heels, and maybe ahead of me.

j

Ok. I've got the RSA key generator, encryptor, and decryptor working. I want to make a small tweek on how I generate session keys, and there are a few ways I can optimize my bigint functions to speed decrypting, but RSA is basically done. I've also got form validation done on the shopping cart, and it connects to the encryption.

What's left is to try to evaluate the posting methods, especially for Zero-CGI shopping.... read more

Ok... so it's just a start, but you can see (a) pure javascript shopping cart and (b) RSA encryption in Javascript on the client. Go to the project's home page http://wob.sourceforge.net/shop-js/index.html to see the goods. I'll move it to shop-js.sourceforge.net whenever sourceforge gets the account fixed.

John

Hi, all!

This is a fun project: imagine secure e-commerce which is entirely browser (client) based... No CGI to set up & debug; no expensive hosting fees; And costomers like it because it's responsive! ... That's where I'm heading.

Javascript is very responsive even on slow servers, because it doesn't use the server at all!

I've got the shopping cart written and the customer info page written. I'm working getting the customer data verified, and then the final posting part of the shopping cart.... read more