What’s Building The Future? JavaScript!

What’s Building The Future? JavaScript!

I must applaud JavaScript. It has hung in there, and now — along with Python — has become the scratch pad for ideas for cybersecurity professionals, testers and front/back-end developers. It you want to understand a key principles, or a new attack, or just learn things, JavaScript is a great place to start. It doesn’t need a fancy SDK, or masses of memory and CPU. It doesn’t want to strong link to libraries and services.

It’s our scratch pad. It’s our tester. It’s our evaluator.

While companies like Microsoft thought the software world would be increasingly strongly typed and strongly binded, JavaScript plodded on, and breezed past others. It is now only second to SQL for programing languages jobs, with job vacancies increasing by over 10% over the last year [here]:

In fact, of all of the roles in IT, JavaScript shows the greatest increase in jobs [link]:

So what has been it’s success? Well, it has saved the user interface, and allowed a simple browser to become the portal to the Web. Without it, we would still have static web pages, and have little in the way of interaction. With JQuery, we added a whole lot of interaction, and started to build web pages that mimicked the desktop.

But it is node.js that has really moved JavaScript into the big league, as we can now port JavaScript to the back-end, and runs things. With node.js, we get an excellent distribution system with npm, and which gets rid of the horrible rebuilding of libraries that Python, C++ and Java bring. It just simplifies things so much.

But, it has its hands on virtually everything that is moving forward, including within Blockchain. So let’s explore some simple Ethereum code for an identity and transaction.

With Ethereum we create an identity, with a private key, a public key and an address. We can then create a hash of a message with Keccak. Next we can sign a message with the private key, and then extract the address from the signature. A sample run is [here]:

Message:	 hello

-----Identity-------
 { address: '0x6E4a8C00FDcD579b504130568d730BAf70874055',
  privateKey: '0x6066fa7e881b24dc112653cfc5d9774cb42ded274d91de9921d4b0eb285c06e0',
  publicKey: '7ddd87f067882e0744c669c0bb8563831f26266f6519674bbc8d2ba94d9751bfb918de24d718c7f0bd4fc6b70a810f16363c915dea7867ba04a348404eadea07' }

-----Message Hash (Keccak)-------
 0x1c8aff950685c2ed4bc3174f3472287b56d9517b9c948127319a09a7a36deac8

------Signature of message----
 0x70d3636fb7007bd0d6b6d7d9b1face5214c2e6591814629e1d2bb341062b4e5b095d40cc5e041f54e70a01721ad34fc44329f6b653833c3ce049eff68281297d1b

------Extracting Signer from signature------
 0xd720D74A9C2b4BeF49E8b32a2a4322d182609156

----Transaction-------
 f86c8085012a05f200825208943fd91467c1dc509ff146c617872f706771cfb80b880de0b6b3a7640000801ba03dd88753d272e892c030fae6eb8847fd1077bbd5142c2bf58dece87f376a2f84a032ffa03f32f79cdc86d1270dc5edd961a7a560f74d7b392704ab81bc01a8abaf

The following is some sample code and uses the eth-crypto module (and which is installed with ‘npm eth-crypto’):

const EthCrypto = require('eth-crypto');

const args = process.argv.slice(3);

const message= args[0];

console.log("Message:\t",message);

const identity = EthCrypto.createIdentity();

console.log("\n-----Identity-------\n",identity);

const messageHash = EthCrypto.hash.keccak256(message);

console.log("\n-----Message Hash (Keccak)-------\n",messageHash);

  const signature = EthCrypto.sign(
      identity.privateKey, // privateKey
      messageHash // hash of message
  );

console.log("\n------Signature of message----\n",signature);

    const signer = EthCrypto.recover(
      signature,
      EthCrypto.hash.keccak256('foobar') // signed message hash
  );

console.log("\n------Extracting Signer from signature------\n",signer);

const rawTransaction = {
        from: identity.address, 
        to: '0x3fD91467C1dc509Ff146c617872f706771cFB80b',
        value: 1000000000000000000, 
        nonce: 0, 
        gasPrice: 5000000000,
        gasLimit: 21000 
    };

const serializedTx = EthCrypto.signTransaction(
        rawTransaction,
        identity.privateKey
    );

console.log("\n----Transaction-------\n",serializedTx);

And there you go. It’s not Java or .NET that’s building the front-end/middle-ware for Blockchain, it is that old friend … JavaScript. Well done to it! It has given us well tested modules, and simple code. It has most of what we need in a language, and can help at the front-end and the back-end. While Flash, Silverlight, and all the other fantastic browser plug-ins, have come and gone, JavaScript just keeps plowing on, and has become the Cybersecurity professionals friend.

Go learn some JavaScript (and Python)! While many Computer Science programmes might shun it for not being a solid programming, it has trumped them all.