Daniel Rench

programming, etc.

A Blowfish Encryption Library for Javascript

First: I encourage you to not use this library for anything serious. You need to impliment your own cipher-block chaining if you want to encrypt anything longer than 8 bytes. If you need to encrypt your web app, please use SSL. You can even get certificates for no cost these days.

When I wrote the (strangely popular for a brief period) del.icio.us privacy hack I used the first javascript blowfish implementation I found. Since it was a quick hack I didn’t take a good look at the code, but certain things (like the key, cleartext, and ciphertext all being global variables rather than function arguments) didn’t feel right.

I cleaned up the code, making it about 250 lines lighter, and changed the interface to be much like Perl’s Crypt::Blowfish module.


var bf = new Blowfish('some key');
var ciphertext = bf.encrypt('some plaintext');
var plaintext = bf.decrypt('some encrypted text');

Blowfish.js is on github.

I used to provide a link to a copy of blowfish.js hosted on this server, but I found that some people were using it directly on their web pages. I’ll take the blame for it, since my example code above used to show a real, active URL, but didn’t point out that it’s generally not a good idea to pull crypto code from a server you don’t control. I didn’t really have a problem with this (the bandwidth used wasn’t much), but it did make it difficult for me to publish new versions without potentially breaking someone else’s site. So over time, the version I was linking to was streets behind the ‘HEAD’ version on github. That old link will continue to work, but I won’t publish it.

If you would like to use blowfish.js on your site or in your application, please download a copy from github. If you have features or bugfixes to contribute, please do. My preferred method is through github, but if you would rather e-mail patches to me, that’s fine too.

For those who still need the old, pre-2008 version, refer to the marcelgreter branch.

Thank you list: