Essential Cryptography for JavaScript Developers: A practical guide to leveraging common cryptographic operations in Node.js and the browser (Paperback)

Key Features

• Understand how to implement common cryptographic operations in your code with practical examples
• Learn about picking modern safe algorithms, which libraries you should rely on, and how to use them correctly
• Build modern and secure applications that respect your users' privacy with cryptography

Book Description

If you're a software developer, this book will give you an introduction to cryptography, helping you understand how to make the most of it for your applications. The book contains extensive code samples in JavaScript, both for Node.js and for frontend apps running in a web browser, although the core concepts can be used by developers working with any programming language and framework.

With a purely hands-on approach that is focused on sharing actionable knowledge, you'll learn about the common categories of cryptographic operations that you can leverage in all apps you're developing, including hashing, encryption with symmetric, asymmetric and hybrid ciphers, and digital signatures. You'll learn when to use these operations and how to choose and implement the most popular algorithms to perform them, including SHA-2, Argon2, AES, ChaCha20-Poly1305, RSA, and Elliptic Curve Cryptography. Later, you'll learn how to deal with password and key management. All code in this book is written in JavaScript and designed to run in Node.js or as part of frontend apps for web browsers.

By the end of this book, you'll be able to build solutions that leverage cryptography to protect user privacy, offer better security against an expanding and more complex threat landscape, help meet data protection requirements, and unlock new opportunities.

What you will learn

• Write JavaScript code that uses cryptography running within a Node.js environment for the server-side or in frontend applications for web browsers
• Use modern, safe hashing functions for calculating digests and key derivation, including SHA-2 and Argon2
• Practice encrypting messages and files with a symmetric key using AES and ChaCha20-Poly1305
• Use asymmetric and hybrid encryption, leveraging RSA and Elliptic Curve Cryptography with ECDH and ECIES
• Calculate and verify digital signatures using RSA and ECDSA/EdDSA
• Manage passwords and encryption keys safely

Who this book is for

This cryptography book is an introductory guide for software developers who don't necessarily have a background in cryptography but are interested in learning how to integrate it in their solutions, correctly and safely. You'll need to have at least intermediate-level knowledge of building apps with JavaScript and familiarity with Node.js to make the most of this book.

主要特點

• 透過實際範例，了解如何在程式碼中實現常見的加密操作


• 學習選擇現代安全演算法、可靠的函式庫以及正確使用它們的方法


• 建立尊重使用者隱私的現代安全應用程式

書籍描述

如果你是一位軟體開發者，本書將為你介紹密碼學，幫助你了解如何在應用程式中充分運用它。本書包含了大量的 JavaScript 程式碼範例，適用於 Node.js 和在網頁瀏覽器中運行的前端應用程式，儘管核心概念可供使用任何程式語言和框架的開發者參考。

本書以純粹的實作方式，專注於分享可行的知識，讓你了解在所有開發的應用程式中可以利用的常見密碼學操作類別，包括雜湊、對稱、非對稱和混合加密，以及數位簽章。你將學習何時使用這些操作，以及如何選擇和實現最流行的演算法，包括 SHA-2、Argon2、AES、ChaCha20-Poly1305、RSA 和橢圓曲線密碼學。之後，你將學習如何處理密碼和金鑰管理。本書中的所有程式碼都是使用 JavaScript 編寫，並設計用於在 Node.js 中運行或作為網頁瀏覽器的前端應用程式的一部分。

通過閱讀本書，你將能夠建立利用密碼學保護使用者隱私、提供更好安全性以應對不斷擴大且更複雜的威脅環境、滿足數據保護要求並開啟新機會的解決方案。

你將學到什麼

• 使用 JavaScript 編寫能在 Node.js 環境中運行的密碼學程式碼，或在網頁瀏覽器的前端應用程式中使用


• 使用現代安全的雜湊函數計算摘要和金鑰衍生，包括 SHA-2 和 Argon2


• 練習使用對稱金鑰對訊息和檔案進行加密，包括 AES 和 ChaCha20-Poly1305


• 使用非對稱和混合加密，利用 RSA 和橢圓曲線密碼學的 ECDH 和 ECIES


• 計算和驗證 RSA 和 ECDSA/EdDSA 的數位簽章


• 安全地管理密碼和加密金鑰

適合閱讀對象

本書是一本為軟體開發者提供的密碼學入門指南，不需要具備密碼學背景，但有興趣學習如何正確且安全地將其整合到解決方案中的開發者。你需要至少具備中級水平的 JavaScript 應用程式開發知識，並熟悉 Node.js，才能充分利用本書的內容。

Alessandro Segala is a product manager at Microsoft working on developer tools. A software engineer at heart, he has over a decade of experience building full stack web applications, having worked as a professional developer as well as contributing to and maintaining various open source projects. In addition to writing about software development on his blog, Alessandro had his first book, Svelte 3 Up and Running, published by Packt in 2020.

Alessandro Segala 是微軟的產品經理，負責開發者工具。作為一名軟體工程師，他擁有超過十年的全端網頁應用程式開發經驗，曾擔任專業開發人員，並參與維護多個開源專案。除了在自己的部落格上寫軟體開發相關的文章外，Alessandro 在 2020 年出版了他的第一本書《Svelte 3 Up and Running》，由 Packt 出版。

Table of Contents

1. Cryptography for Developers
2. Dealing with Binary and Random Data
3. File and Password Hashing with Node.js
4. Symmetric Encryption in Node.js
5. Using Asymmetric and Hybrid Encryption in Node.js
6. Digital Signatures with Node.js and Trust
7. Introduction to Cryptography in the Browser
8. Performing Common Cryptographic Operations in the Browser

目錄

1. 開發者的密碼學


2. 處理二進制和隨機數據


3. 使用Node.js進行文件和密碼哈希


4. Node.js中的對稱加密


5. 在Node.js中使用非對稱和混合加密


6. 使用Node.js和信任進行數字簽名


7. 瀏覽器中的密碼學介紹


8. 在瀏覽器中執行常見的加密操作