Web Applications are quickly becoming the primary way that we work with data and communicate inside and across organizations. At times, it is important that the data and messages that we work with are protected from snooping and modification. Often, we send credit card numbers, e-mail addresses, and other important personal information across the Web. Web Applications communicating with one another have traditionally not had to have very strong protections on data. As more and more of our information is entrusted to Web Applications, it becomes very important to protect that information in a way that is more secure than the current practice on the Web.
- Storage of debugging information normally inaccessible in closures for viewing/investigation.
- Utility functions, including byte buffer support, base64, bytes to/from hex, zlib inflate/deflate, etc.
- Queuing and synchronizing tasks in a web application.
- Basic AES encryption and decryption in CBC mode.
- MD5, SHA-1, SHA-256 message digests
- HMAC support
- PKCS#5 password-based key-derivation
- Fortuna-based cryptographically-secure pseudo-random number generator, to be used with a cryptographic function backend, ie: AES.
- Interface for getting cryptographically-secure bytes using AES as a backend
- ASN.1 DER encoding and decoding support
- X.509 certificate and RSA public and private key encoding, decoding, encryption/decryption, and signing/verifying.
- Interface to create and use raw sockets provided via flash
- An XmlHttpRequest implementation using Forge’s HTTP implementation as a backend.
- An Apache module that can serve up a Flash Socket Policy. This module makes it easy to modify an Apache server to allow cross domain requests to be made to it.
You can access the source code on github.