crypto-js vs jsencrypt vs jsonwebtoken vs jsrsasign vs node-jose
JavaScript Cryptography Libraries
crypto-jsjsencryptjsonwebtokenjsrsasignnode-joseSimilar Packages:

JavaScript Cryptography Libraries

JavaScript cryptography libraries provide developers with tools to implement encryption, decryption, and secure data handling in web applications. These libraries are essential for ensuring data integrity, confidentiality, and authentication in both client-side and server-side applications. Each library has its own strengths and use cases, catering to different cryptographic needs such as symmetric encryption, asymmetric encryption, and token-based authentication.

Npm Package Weekly Downloads Trend

3 Years

Github Stars Ranking

Stat Detail

Package
Downloads
Stars
Size
Issues
Publish
License
crypto-js016,392487 kB2783 years agoMIT
jsencrypt06,805901 kB143a year agoMIT
jsonwebtoken018,17643.4 kB2047 months agoMIT
jsrsasign03,377890 kB433 months agoMIT
node-jose0721353 kB733 years agoApache-2.0

Feature Comparison: crypto-js vs jsencrypt vs jsonwebtoken vs jsrsasign vs node-jose

Encryption Type

  • crypto-js:

    Crypto-JS supports symmetric encryption algorithms such as AES, DES, and Triple DES, making it suitable for encrypting data with a shared secret key. It also provides hashing functions like SHA-1, SHA-256, and HMAC.

  • jsencrypt:

    JSEncrypt focuses on asymmetric encryption using RSA, allowing for secure data transmission with public and private keys. It is designed for scenarios where secure key exchange is necessary.

  • jsonwebtoken:

    JSON Web Token does not perform encryption but instead encodes payload data into a token format that can be signed. It uses HMAC and RSA for signing tokens to ensure data integrity and authenticity.

  • jsrsasign:

    jsrsasign offers extensive support for both symmetric and asymmetric encryption, including RSA and ECDSA. It also supports various cryptographic standards and protocols, making it versatile for complex applications.

  • node-jose:

    node-jose supports both JWE and JWS, allowing for both encryption and signing of JSON objects. It is designed to work with modern cryptographic standards, including support for JWK (JSON Web Key) and JWS.

Use Cases

  • crypto-js:

    Ideal for applications requiring basic encryption and hashing functionalities, such as securing user passwords and sensitive data in local storage or during transmission.

  • jsencrypt:

    Best suited for applications that need to securely exchange data using RSA, such as client-server communication where sensitive information needs to be encrypted before transmission.

  • jsonwebtoken:

    Commonly used for user authentication and authorization in web applications, allowing for stateless session management and secure API access.

  • jsrsasign:

    Perfect for applications that require advanced cryptographic operations, such as digital signatures, certificate validation, and secure communications using various cryptographic protocols.

  • node-jose:

    Useful for applications that need to implement secure messaging and token management with a focus on modern standards, such as OAuth 2.0 and OpenID Connect.

Ease of Use

  • crypto-js:

    Crypto-JS is straightforward to use, with a simple API that allows developers to quickly implement encryption and hashing without deep cryptographic knowledge.

  • jsencrypt:

    JSEncrypt is also user-friendly, providing a simple interface for generating keys and encrypting data, making it accessible for developers new to asymmetric encryption.

  • jsonwebtoken:

    JSON Web Token has a clear and concise API for encoding and decoding tokens, making it easy to integrate into applications for authentication purposes.

  • jsrsasign:

    jsrsasign has a steeper learning curve due to its extensive features and capabilities, but it offers powerful tools for those who need advanced cryptographic functionalities.

  • node-jose:

    node-jose provides a comprehensive API that can be complex for beginners but offers flexibility and depth for developers familiar with cryptographic concepts.

Performance

  • crypto-js:

    Crypto-JS is optimized for performance with lightweight implementations of various algorithms, making it suitable for client-side applications where speed is essential.

  • jsencrypt:

    JSEncrypt may have performance limitations with large data sets due to the nature of RSA encryption, which is computationally intensive compared to symmetric encryption.

  • jsonwebtoken:

    JSON Web Token is efficient for token generation and validation, making it suitable for high-performance applications that require quick authentication processes.

  • jsrsasign:

    jsrsasign is designed for performance but can be slower than simpler libraries due to its comprehensive feature set and advanced cryptographic operations.

  • node-jose:

    node-jose is optimized for modern cryptographic standards and provides good performance for both encryption and signing operations, suitable for secure messaging applications.

Community and Support

  • crypto-js:

    Crypto-JS has a large user base and community support, with extensive documentation and examples available for developers.

  • jsencrypt:

    JSEncrypt has a smaller community but is well-documented, making it easy for developers to find resources and examples for implementation.

  • jsonwebtoken:

    JSON Web Token is widely used in the industry, with a robust community and numerous resources, tutorials, and libraries available for integration.

  • jsrsasign:

    jsrsasign has a dedicated user base and comprehensive documentation, but its complexity may require more effort to find specific examples and use cases.

  • node-jose:

    node-jose has a growing community and is part of the broader JOSE (JSON Object Signing and Encryption) ecosystem, with resources available for developers looking to implement modern cryptographic standards.

How to Choose: crypto-js vs jsencrypt vs jsonwebtoken vs jsrsasign vs node-jose

  • crypto-js:

    Choose Crypto-JS if you need a general-purpose library for cryptographic functions such as hashing and symmetric encryption. It is lightweight and easy to use for various encryption algorithms, making it suitable for simple applications.

  • jsencrypt:

    Select JSEncrypt when you require RSA encryption and decryption capabilities. It is specifically designed for handling public and private key pairs, making it ideal for secure data transmission over the web.

  • jsonwebtoken:

    Opt for JSON Web Token (JWT) if you need to implement token-based authentication. It is widely used for securing APIs and managing user sessions, providing a straightforward way to encode and decode tokens with payload data.

  • jsrsasign:

    Use jsrsasign when you need comprehensive support for cryptographic operations, including RSA, ECDSA, and X.509 certificate handling. It is suitable for applications requiring advanced security features and detailed cryptographic operations.

  • node-jose:

    Choose node-jose if you need a library that supports JSON Web Encryption (JWE) and JSON Web Signature (JWS). It is particularly useful for applications that require secure messaging and token handling with a focus on modern cryptographic standards.

README for crypto-js

crypto-js

JavaScript library of crypto standards.

Discontinued

Active development of CryptoJS has been discontinued. This library is no longer maintained.

Nowadays, NodeJS and modern browsers have a native Crypto module. The latest version of CryptoJS already uses the native Crypto module for random number generation, since Math.random() is not crypto-safe. Further development of CryptoJS would result in it only being a wrapper of native Crypto. Therefore, development and maintenance has been discontinued, it is time to go for the native crypto module.

Node.js (Install)

Requirements:

  • Node.js
  • npm (Node.js package manager)
npm install crypto-js

Usage

ES6 import for typical API call signing use case:

import sha256 from 'crypto-js/sha256';
import hmacSHA512 from 'crypto-js/hmac-sha512';
import Base64 from 'crypto-js/enc-base64';

const message, nonce, path, privateKey; // ...
const hashDigest = sha256(nonce + message);
const hmacDigest = Base64.stringify(hmacSHA512(path + hashDigest, privateKey));

Modular include:

var AES = require("crypto-js/aes");
var SHA256 = require("crypto-js/sha256");
...
console.log(SHA256("Message"));

Including all libraries, for access to extra methods:

var CryptoJS = require("crypto-js");
console.log(CryptoJS.HmacSHA1("Message", "Key"));

Client (browser)

Requirements:

  • Node.js
  • Bower (package manager for frontend)
bower install crypto-js

Usage

Modular include:

require.config({
    packages: [
        {
            name: 'crypto-js',
            location: 'path-to/bower_components/crypto-js',
            main: 'index'
        }
    ]
});

require(["crypto-js/aes", "crypto-js/sha256"], function (AES, SHA256) {
    console.log(SHA256("Message"));
});

Including all libraries, for access to extra methods:

// Above-mentioned will work or use this simple form
require.config({
    paths: {
        'crypto-js': 'path-to/bower_components/crypto-js/crypto-js'
    }
});

require(["crypto-js"], function (CryptoJS) {
    console.log(CryptoJS.HmacSHA1("Message", "Key"));
});

Usage without RequireJS

<script type="text/javascript" src="path-to/bower_components/crypto-js/crypto-js.js"></script>
<script type="text/javascript">
    var encrypted = CryptoJS.AES(...);
    var encrypted = CryptoJS.SHA256(...);
</script>

API

See: https://cryptojs.gitbook.io/docs/

AES Encryption

Plain text encryption

var CryptoJS = require("crypto-js");

// Encrypt
var ciphertext = CryptoJS.AES.encrypt('my message', 'secret key 123').toString();

// Decrypt
var bytes  = CryptoJS.AES.decrypt(ciphertext, 'secret key 123');
var originalText = bytes.toString(CryptoJS.enc.Utf8);

console.log(originalText); // 'my message'

Object encryption

var CryptoJS = require("crypto-js");

var data = [{id: 1}, {id: 2}]

// Encrypt
var ciphertext = CryptoJS.AES.encrypt(JSON.stringify(data), 'secret key 123').toString();

// Decrypt
var bytes  = CryptoJS.AES.decrypt(ciphertext, 'secret key 123');
var decryptedData = JSON.parse(bytes.toString(CryptoJS.enc.Utf8));

console.log(decryptedData); // [{id: 1}, {id: 2}]

List of modules

  • crypto-js/core
  • crypto-js/x64-core
  • crypto-js/lib-typedarrays

  • crypto-js/md5
  • crypto-js/sha1
  • crypto-js/sha256
  • crypto-js/sha224
  • crypto-js/sha512
  • crypto-js/sha384
  • crypto-js/sha3
  • crypto-js/ripemd160

  • crypto-js/hmac-md5
  • crypto-js/hmac-sha1
  • crypto-js/hmac-sha256
  • crypto-js/hmac-sha224
  • crypto-js/hmac-sha512
  • crypto-js/hmac-sha384
  • crypto-js/hmac-sha3
  • crypto-js/hmac-ripemd160

  • crypto-js/pbkdf2

  • crypto-js/aes
  • crypto-js/tripledes
  • crypto-js/rc4
  • crypto-js/rabbit
  • crypto-js/rabbit-legacy
  • crypto-js/evpkdf

  • crypto-js/format-openssl
  • crypto-js/format-hex

  • crypto-js/enc-latin1
  • crypto-js/enc-utf8
  • crypto-js/enc-hex
  • crypto-js/enc-utf16
  • crypto-js/enc-base64

  • crypto-js/mode-cfb
  • crypto-js/mode-ctr
  • crypto-js/mode-ctr-gladman
  • crypto-js/mode-ofb
  • crypto-js/mode-ecb

  • crypto-js/pad-pkcs7
  • crypto-js/pad-ansix923
  • crypto-js/pad-iso10126
  • crypto-js/pad-iso97971
  • crypto-js/pad-zeropadding
  • crypto-js/pad-nopadding

Release notes

4.2.0

Change default hash algorithm and iteration's for PBKDF2 to prevent weak security by using the default configuration.

Custom KDF Hasher

Blowfish support

4.1.1

Fix module order in bundled release.

Include the browser field in the released package.json.

4.1.0

Added url safe variant of base64 encoding. 357

Avoid webpack to add crypto-browser package. 364

4.0.0

This is an update including breaking changes for some environments.

In this version Math.random() has been replaced by the random methods of the native crypto module.

For this reason CryptoJS might not run in some JavaScript environments without native crypto module. Such as IE 10 or before or React Native.

3.3.0

Rollback, 3.3.0 is the same as 3.1.9-1.

The move of using native secure crypto module will be shifted to a new 4.x.x version. As it is a breaking change the impact is too big for a minor release.

3.2.1

The usage of the native crypto module has been fixed. The import and access of the native crypto module has been improved.

3.2.0

In this version Math.random() has been replaced by the random methods of the native crypto module.

For this reason CryptoJS might does not run in some JavaScript environments without native crypto module. Such as IE 10 or before.

If it's absolute required to run CryptoJS in such an environment, stay with 3.1.x version. Encrypting and decrypting stays compatible. But keep in mind 3.1.x versions still use Math.random() which is cryptographically not secure, as it's not random enough.

This version came along with CRITICAL BUG.

DO NOT USE THIS VERSION! Please, go for a newer version!

3.1.x

The 3.1.x are based on the original CryptoJS, wrapped in CommonJS modules.