JavaScrypt Tutorial


I hear you. What do I do with all this stuff? Encryption is simple in concept (only the good guys can read your message), but devilish in the details. Here's a simple set of worked examples which illustrate some of the ways you can use JavaScrypt to protect your privacy. These examples open an auxiliary browser window in which various JavaScrypt components are demonstrated. Please use the buttons in this page exclusively; pressing the buttons in the popped-up window may confuse the sequencing of the example.

Crypto-folk usually couch their examples in terms of messages sent between the virtuous "Alice" and "Bob", who wish to avoid them being intercepted and read by the nefarious "Eve". I'll follow that convention here, so let's join Alice and Bob as they hatch a plot.

Encrypt a Message

We'll begin by encrypting a short message from Alice at headquarters to Bob in the field. First, Alice loads the JavaScript page into her browser. Press the button below to launch JavaScrypt in a new window.

Alice and Bob have decided to use a "book code" for their encryption keys. When they last met face to face, they agreed to obtain the keys for their encrypted messages from an innocuous science fiction novel, Rudy Rucker's The Hacker and the Ants. Each time Alice or Bob sends a message, they pick a page of the book and line number on the page at random, then use whatever text appears on that line as the encryption key. The line, once used, is crossed out (sorry, Rudy!) so it will never inadvertently be reused. This way, no two messages are ever sent with the same key, and each key, composed of an entire line of English text, is sufficiently long as to be difficult to guess. (Book codes are far from optimal; later on we'll discuss more secure alternatives. At the moment, we're concerned with the mechanics of encryption and decryption, not details of key generation and distribution.)

This time, by throwing dice or whatever, Alice has chosen line 28 on page 172 of the book, which reads:

"serious hacker you don't let flames bother you. Instead"
This is the key for the message, so Alice types it into the Key box on the JavaScrypt page. Press the button below to enter the key into the box.

Next, Alice enters the text of her message to Bob in the Plain Text box. "Plain Text" refers to the original message before encryption into "Cipher Text", or recovered from the Cipher Text by decryption. Press the button below to enter Alice's message into the Plain Text box. "BAGPIPE FJORD" is the meaningless code name for the operation she's giving Bob the go-ahead to proceed with; later on we'll see how to generate such names automatically.

All that remains is to press the Encrypt button below the Plain Text box. Please press the button below (for tedious technical reasons, not the one in the JavaScrypt page), to encrypt the Plain Text with the key.

Alice can now copy the encrypted message from the Cipher Text box (pressing the Select button below it selects the entire cipher text) and paste it into an E-mail message to Bob. Before the cipher text, Alice will write the page and line number she used as the key. If Eve intercepts the E-mail, this won't do her any good unless she's somehow learned which book Alice and Bob are using for their keys.

Decrypt a Message

Now we change the scene from Alice's air conditioned office to Bob's more austere accommodations in the field. After receiving Alice's message, including the page and line numbers at the start, he loads a copy of JavaScrypt into his own browser, as you can do by pressing the following button. If the button is disabled, you need to go back and work the Encrypt a Message example at the top of this page to create a message to decrypt.

Bob begins by pasting Alice's message into the initially empty Cipher Text box. Note that the message contains Alice's page and line notation, "172/28". JavaScrypt ignores any text before the start of the encrypted message, so Bob hasn't bothered to remove the key annotation from Alice's message.

Bob then proceeds to dig out his copy of The Hacker and the Ants, turns to page 172 and counts down 28 lines to find the key, which he types into the Key box at the top of the JavaScrypt page. Press the button below to enter the key.

Now Bob need only press the Decrypt button below the Cipher Text box to decrypt the message. Alice's original text will now appear in the Plain Text box.

To recover the Plain Text, the decryption key must be identical to that used to encrypt the message. Try changing a single character of the key in the JavaScrypt page and pressing the Decrypt button below the Cipher Text box and see what you get for Plain Text.

Hiding a Message as English Text

Suppose that instead of E-mailing the message to Bob, Alice is forced to send it to the FAX machine in Bob's seedy hotel. Sending what is obviously an encrypted message may cause hotel personnel to suspect Bob isn't the mild-mannered motorcycle parts salesman he purports to be, which information they might be tempted to peddle to folks Bob would rather not be aware of his actual profession. But since few of the locals know much English, Bob's receiving messages in English may not arouse suspicion, even if the message reads like gibberish to an English speaker.

In this situation, Alice might want to employ steganography, the art of secret writing, to disguise the nature of her message. Steganography is a large topic with roots in antiquity, ranging from invisible ink to microdots to the latest digital techniques of hiding messages as imperceptible noise in image and audio files. JavaScrypt's steganography is less sophisticated that the latter mechanisms, but may be adequate for less demanding situations. Having first encrypted the message, Alice selects the Cipher Text and copies it to the clipboard, then launches Stego!, JavaScrypt's steganography page. Press the button below to load this page. If the button is disabled, you need to go back and work the Encrypt a Message example at the top of this page to obtain a message to hide.

Alice then pastes the encrypted Cipher Text into the eponymous box in the Stego! page, which you can accomplish by pressing the button below.

Next, Alice presses the Hide button below the Cipher Text she just pasted into the box to encode it as a sequence of English words. Press the button below to proceed with this step.

Alice may then send the text in which the encrypted message has been hidden to Bob, adding to it an annotation which permits him to determine the page and line of the book to use as the key to decrypt it.

Recovering a Message Hidden in English Text

Upon receiving Alice's message, Bob gets it into his computer (if it arrived as a FAX, he'll have to type it in, but he needn't worry about the punctuation--only the words matter). He then launches Stego!, as you may do with the following button.

Bob then pastes the text in which the message is hidden into the Hidden Text box. Press the button below to accomplish this.

Finally, Bob presses the Seek button below the Hidden Text box. The encrypted message will be extracted and placed into the Cipher text box, whence Bob can copy it back to JavaScrypt to decode.

You may now, if you wish, return to the Decrypt a Message example to verify the recovered text actually contains Alice's original message.

Generating One-Time Key Lists

Using a book for encryption keys as Alice and Bob did in the example above may be convenient, but has its disadvantages. A mole who observes Alice looking up keys, or a covert break-in at Bob's hangout in the field looking for a well-thumbed book, might permit Eve to determine which book Alice and Bob were using, permitting her to read all of the traffic between them without raising any suspicion on their part; this could be a career-limiting situation, particularly for Bob. Also, lines from books are usually short and contain many frequently-used words: in cryptographic lingo, their entropy is low, and rarely takes advantage of all the security provided by the underlying encryption scheme.

If Alice and Bob have the opportunity to meet occasionally or can avail themselves of the services of a trusted courier, they may prefer to use one-time key lists to encrypt their messages. A one-time key list is simply a list of keys generated by a high-quality random or pseudorandom process. Two copies of the list are made: one for Alice and one for Bob. Each time Alice sends a message to Bob, she uses the next key on the list and crosses it out. Bob, upon receiving the message, enters the next from his list and crosses it out. No key is ever used twice, and unless the physical lists used by Alice and Bob are compromised, the keys will remain secure. (If messages may be received out of order, they should be preceded by the number of the key on the list; this doesn't impair security in any way. Alice and Bob would actually use two pairs of lists, one for sending messages from Alice to Bob, the other for messages from Bob to Alice.)

JavaScrypt includes a Pass Phrase Generator which assists in the preparation of one-time key lists. Start by launching the pass phrase generator in a browser window.

The sequence of pass phrases generated is determined by a "seed", which can be specified either as text or a hexadecimal number. Knowledge of the seed permits anybody with a copy of the pass phrase generator to reproduce the list of phrases, so security of the seed is essential. The pass phrase generator can automatically create pseudorandom seeds of sufficient length to provide reasonable security. Press the button below to generate such a seed.

Once the seed has been specified, a list of pass phrases may be generated simply by pressing the Generate button. Press the button below to create a list.

Once a list of phrases is generated, you can use the Select button to select the text, then copy and paste it into the key list document. Note that once Alice and Bob have received their initial key lists, they can obtain additional secure keys without physically exchanging lists. When her list of keys is nearing exhaustion, Alice need only generate a new list, then use one of her remaining keys to encrypt a message to Bob containing the seed she used for the new key list. Bob can then enter the seed into his own copy of the pass phrase generator page and produce an identical copy of Alice's new key list. Alternatively, she could simply send the entire new list to Bob in an encrypted message, but just sending the seed makes for a shorter message.

Generating Operation Codenames

The pass phrase generator, suitably configured, is an excellent source of codenames for covert operations. These names shouldn't have any meaning whatsoever relevant to the operation (this is guaranteed, since the pass phrase generator cannot read the minds of those plotting it). The process below will provide you with an endless list of suggestions. Repeat it as many times as you need to find something with the right ring. Start by launching the pass phrase generator.

As before, we wish to generate a pseudorandomly chosen set of candidate codenanes, so we use the Generate Seed button to create a new seed.

With the seed specified, we can now proceed to generate a page full of potential codenames. We will fill in the boxes below the list of phrases to produce traditional two-word codenames of all capital letters. Press the button below to fill the box with candidate names.

The best codenames come from a judicious combination of computer power and human reason. As Winston Churchill observed,

After all, the world is wide, and intelligent thought will readily supply an unlimited number of well-sounding names which do not suggest the character of the operation or disparage it in any way and do not enable some widow or mother to say that her son was killed in an operation called "Bunnyhug" or "Ballyhoo".

--Winston S. Churchill, The Second World War: Volume V: Closing the Ring

If none of the generated codenames makes the cut, scroll up to the Seed box, press New Seed to generate another seed, and then press Generate to grow another crop of codenames--lather, rinse, repeat. Or, just click the button below to generate as many as it takes to find one that suits.

Onward from Here

This set of worked examples only scratches the surface of what you can do with JavaScrypt which, in itself, is but a simple and limited implementation of a cryptographic system. To better understand JavaScrypt, please visit the pages below, all of which contain embedded documentation which explains the options available to you.

If you wish to dive deeper into the murky waters of cryptography, there are a multitude of references you can consult. An excellent starting point, containing a bibliography which cites essential works for further exploration, is Ferguson and Schneier's Practical Cryptography.


Valid XHTML 1.0
by John Walker
December, 2005
This document is in the public domain.

JavaScrypt Home Page

Fourmilab Home Page