Free Online
Password Manager
Save and share logins and private data. Autologin and secure access anywhere. www.passpack.com

aSSL is a library distributed under MIT License thats implements a technology similar to SSL without HTTPS.

aSSL enables the client to negotiate a secret random 128-bit key with the server using the RSA algorithm. Once the connection has been established, the data will be sent and received using AES algorithm.

aSSL is composed of some Javascript files and a server side component. Because I have recently changed the negotiation algoritm from RC4 to RSA, only a pure Javascript (ASP) server component is currently available. I will do a porting for the main web languages (PHP, Java, Perl, Python, TKL, etc.) as soon as possible once the library has passed the beta phase.

News

30-12-2009, Fixed a bug in the aSSL PHP version. Thanks to Thomas Krapp!

19-11-2009, Fixed a bug in the aSSL PHP version. Thanks to Mark Brekelmans!

How aSSL 1.2 works

1. The browser calls the server to start the process.

2. The server returns its RSA modulus and the public exponent.

3. The browser generates a random exchange 128-bit key, encrypts it using the server public key and passes the encrypted exchange key to the server.

4. The server receives this encrypted 128-bit exchange key, decrypts it with its private key and, if the result is ok, returns the session duration time.

5. The browser receives the session duration time and sets a timeout to maintain alive the connection.

Notes. All subsequent client-server exchanges via aSSL are encrypted and decrypted using AES algorithm. aSSL allows multiple secure connections to be established with one or more servers, contemporarily.

Demo

aSSL 1.2beta3 ASP Login Example

Tools

Simple RSA key generator for aSSL

Downloads

aSSL 1.2 beta3 (client-side files)
aSSL 1.2 beta3 for ASP (server-side files)
aSSL 1.2 beta3 ASP example (complete)
aSSL 1.2.1 Build 4 for PHP (complete)

Documentation

Starting aSSL, a brief tutorial
Security FAQ

Thanks to

Tom Wu for its BigIntegers and RSA in JavaScript
Chriss Veness for its AES Javascript implementation
Ryan Perry for the PHP aSSL porting
Mark Brekelmans and Thomas Krapp for bug fixing

Green

(c) 2006+ Francesco Sullo - Rome, Italy

 

Green