AS3 Cryptography and Hashing Libraries for Encryption and Security (crypto)

AS3 libraries for crypto are pretty robust from the new RAW POWER in the AVM2 virtual machine that runs flash9/as3, cryptography, like compression, is very processor intensive and needs a fair amount of power to be worth the time (usually a balancing mechanism). I am working on a few security apps in AIR and Flash9 for a project and a product so this is the best of what I have found to share. I will be sure to post here when these projects are complete.

There are two that are pretty good as3 kits that have decent support for crypto and hashing, actually as3crypto is quite broad in their support or most common crypto algorithms, even hashing support up to SHA-256 and ciphers 3DES, AES, RC4.

This is not really a comparison just some kits that have tools you might need. as3crypto is definitely the way to go for more heavy ecryption with common ciphers, but if you are just hashing some text as3corelib might work for your project. as3corelib is a more broad toolkit that is made or sponsored by Adobe that has JSON, RSS, support and other tools. It is a great core lib, but not as deep in the encryption area. I am actually using both in the stuff I am working on, as3corelib for some other uses (JSON,RSS) and as3crypto for all encryption and hashing.

The two are:

  • as3crypto
    • Robust, broad encryption and security support
    • Open source
    • Demo
    • Browse source
    • Broad support of algorithms
        • TLS 1.0 support, exposed through TLSSocket and TLSEngine classes
        • X.509 Certificate support, including parsing, and validation
        • built-in list of common root Certificate Authorities
        • symmetric ciphers: AES, Blowfish, DES, 3DES, XTEA, RC4
        • confidentiality modes: CTR, CBC, CFB, CFB-8, OFB, ECB
        • public key crypto: RSA (encryption, decryption, signing, verifying and key generation)
        • padding: PKCS#1 (type 1 and 2), PKCS#5
        • BigInteger library
        • hashing function: SHA-256, SHA-224, SHA-1, MD5, MD2
        • HMAC support
        • prng: TLSPRF and stream-cypher-based PRNG.
        • minimal ASN-1/DER support for PEM key parsing and X-509 cert parsing
        • Crypto – Shortcut class to access many classes above.
        • Hex, Base64 – Static methods to convert binary data to and from text formats

As3 Crypto is a cryptography library written in Actionscript 3 that provides several common algorithms, as well as TLS 1.0 support. The library is offered under the BSD license, and include several derivative works from Java, C and javascript sources.

Here’s some numbers from as3Crypto home page that show the speed, note it has not been optimized just yet (since most of this is client side and only one user would be using it this is not an issue – server side is where this can have scale problems from parallel execution but flash is rarely server side if it is too slow, but it is quite fast)

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md2                  1.01k        3.64k       15.08k       53.89k      171.76k
md5                221.85k      447.32k      739.54k      893.72k      905.82k
sha1                82.28k      184.78k      286.76k      336.03k      345.41k
sha224              60.84k      125.67k      200.27k      234.28k      247.58k
sha256              60.52k      126.30k      199.19k      234.04k      246.01k
hmac-md5            48.37k      159.37k      282.87k      295.15k      341.21k
hmac-sha1           18.29k       64.82k      165.72k      277.60k      342.52k
hmac-sha224          5.75k       24.84k      125.71k      204.35k      256.36k
hmac-sha256         15.10k       49.33k      123.71k      206.17k      249.08k
rc4                117.24k      381.34k      878.93k     1315.01k     1539.44k
xtea-cbc             2.49k        6.48k       12.80k       33.00k       44.48k
aes128-cbc           1.61k        4.01k       22.97k       78.55k      205.01k
aes192-cbc           1.34k        5.13k       20.91k       69.45k      172.43k
aes256-cbc           1.48k        5.63k       18.87k       63.45k      150.39k
blowfish-cbc         2.77k       10.81k       42.28k      140.27k      343.05k
des-cbc              2.53k        9.73k       35.20k      124.84k      624.88k
3des-cbc             2.50k        9.72k       35.61k      115.21k      253.42k

The library has not been optimized for speed, and those numbers could probably be improved.

They both have minimal or none ASN.1 support which I will need but I can port much of this from my favorite Java/C# crypto kit from the legion of the bouncy castle of which I was happy to find was a substantial base for this kit.

Whatever you do don’t send any type of message from your crypto kits with aes 256 cipher and sha-256 hashing to Iran from the US. 🙂