AS3 libraries for crypto are pretty robust from the new RAW POWER in the AVM2 virtual machine that runs flash9/as3, cryptography, like compression, is very processor intensive and needs a fair amount of power to be worth the time (usually a balancing mechanism). I am working on a few security apps in AIR and Flash9 for a project and a product so this is the best of what I have found to share. I will be sure to post here when these projects are complete.
There are two that are pretty good as3 kits that have decent support for crypto and hashing, actually as3crypto is quite broad in their support or most common crypto algorithms, even hashing support up to SHA-256 and ciphers 3DES, AES, RC4.
This is not really a comparison just some kits that have tools you might need. as3crypto is definitely the way to go for more heavy ecryption with common ciphers, but if you are just hashing some text as3corelib might work for your project. as3corelib is a more broad toolkit that is made or sponsored by Adobe that has JSON, RSS, support and other tools. It is a great core lib, but not as deep in the encryption area. I am actually using both in the stuff I am working on, as3corelib for some other uses (JSON,RSS) and as3crypto for all encryption and hashing.
The two are:
- Robust, broad encryption and security support
- Open source
- Browse source
- Broad support of algorithms
TLS 1.0 support, exposed through TLSSocket and TLSEngine classes
X.509 Certificate support, including parsing, and validation
built-in list of common root Certificate Authorities
symmetric ciphers: AES, Blowfish, DES, 3DES, XTEA, RC4
confidentiality modes: CTR, CBC, CFB, CFB-8, OFB, ECB
public key crypto: RSA (encryption, decryption, signing, verifying and key generation)
padding: PKCS#1 (type 1 and 2), PKCS#5
hashing function: SHA-256, SHA-224, SHA-1, MD5, MD2
prng: TLSPRF and stream-cypher-based PRNG.
minimal ASN-1/DER support for PEM key parsing and X-509 cert parsing
Crypto – Shortcut class to access many classes above.
Hex, Base64 – Static methods to convert binary data to and from text formats
Here’s some numbers from as3Crypto home page that show the speed, note it has not been optimized just yet (since most of this is client side and only one user would be using it this is not an issue – server side is where this can have scale problems from parallel execution but flash is rarely server side if it is too slow, but it is quite fast)
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 1.01k 3.64k 15.08k 53.89k 171.76k
md5 221.85k 447.32k 739.54k 893.72k 905.82k
sha1 82.28k 184.78k 286.76k 336.03k 345.41k
sha224 60.84k 125.67k 200.27k 234.28k 247.58k
sha256 60.52k 126.30k 199.19k 234.04k 246.01k
hmac-md5 48.37k 159.37k 282.87k 295.15k 341.21k
hmac-sha1 18.29k 64.82k 165.72k 277.60k 342.52k
hmac-sha224 5.75k 24.84k 125.71k 204.35k 256.36k
hmac-sha256 15.10k 49.33k 123.71k 206.17k 249.08k
rc4 117.24k 381.34k 878.93k 1315.01k 1539.44k
xtea-cbc 2.49k 6.48k 12.80k 33.00k 44.48k
aes128-cbc 1.61k 4.01k 22.97k 78.55k 205.01k
aes192-cbc 1.34k 5.13k 20.91k 69.45k 172.43k
aes256-cbc 1.48k 5.63k 18.87k 63.45k 150.39k
blowfish-cbc 2.77k 10.81k 42.28k 140.27k 343.05k
des-cbc 2.53k 9.73k 35.20k 124.84k 624.88k
3des-cbc 2.50k 9.72k 35.61k 115.21k 253.42k
The library has not been optimized for speed, and those numbers could probably be improved.
They both have minimal or none ASN.1 support which I will need but I can port much of this from my favorite Java/C# crypto kit from the legion of the bouncy castle of which I was happy to find was a substantial base for this kit.
Whatever you do don’t send any type of message from your crypto kits with aes 256 cipher and sha-256 hashing to Iran from the US. 🙂