Note

Most of this code was written in 2008 with IE6 in mind. Today, prefer the Web Crypto API when available.

Crypto lite –

Pure JavaScript cryptographic algorithms:

• RFC 3174 - SHA-1 - Secure Hash Algorithm 1
• RFC 3874 - SHA-224 - A 224-bit One-way Hash Function
• FIPS 180-2 - SHA-256 - Secure Hash Algorithm 2
• RFC 2104 - HMAC - Keyed-Hashing for Message Authentication
• RFC 8018 - PBKDF2 - Password-Based Key Derivation Function 2
• RFC 6238 - TOTP - Time-Based One-Time Password
• RFC 4226 - HOTP - HMAC-Based One-Time Password

How to use

import { sha1, sha224, sha256, hmac, pbkdf2, hotp, totp } from "crypto-lite"

sha1("secret")
// e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4
sha256("secret")
// 2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b
hmac("sha1", "key", "message")
// 2088df74d5f2146b48146caf4965377e9d0be3a4
hmac("sha256", "key", "message")
// 6e9ef29b75fffc5b7abae527d58fdadb2fe42e7219011976917343065f58ed4a
pbkdf2("password", "salt", 1, 20, "sha1")
// 0c60c80f961f0e71f3a9b524af6012062fe037a6
hotp("secret", { counter: 1, digits: 6 })
totp("secret", { time: Date.now()/1000, digits: 6, t0: 0, step: 30 }) // Defaults

hotp/totp options accepts {enc: "base32"} for RFC 4648 Base32 encoding.

Copyright (c) 2008-2025 Lauri Rooden <[email protected]>
MIT License | GitHub repo | npm package | Buy Me A Tea