I'm searching a javascript library that offers secure encryption. The client has to generate a key and all data uploaded to the server is encrypted, all data downloaded is decrypted. I need an authenticated encryption scheme, just CTR or CBC isn't enough.
I heard about sjcl, but it seems that sjcl only can encrypt the whole data at once. I didn't find a way to encrypt the data blockwise. Because the uploaded files can be very large, this approach isn't feasible. I need something like the java crypto interface with two methods update() and final().
I found the nodeJS crypto library that seems to do what I need, but I don't know how to use it on browser side.
I found google crypto-js, but this library doesn't seem to offer authenticated encryption but only the standard modes.
Is there a way to encrypt data blockwise with sjcl? To use the nodeJS crypto library on browser side? To use authenticated encryption with crypto-js? Or is there another secure javascript library that offers what I need?
Appart from CCM as deployed by SJCL is a stream cipher mode, I would take a careful look at it and not just look at the convenience wrappers. It's open source, so somewhere there should be the implementation of the raw cipher anyway.
Note that this is not code that should be ultimately trusted. When I tried to program a Java wrapper for it I quickly found an error that authentication failed. Seems like the convenience library did not authenticate the associated authentication data at all. As it isn't tested with other libraries, I would urge you to take care there aren't some left over bugs present.
Short answer
I'm afraid this is not impossible.
Long answer
Because you cannot guarantee the integrity of the Javascript library, you cannot rely on it doing what you expect it to do. As a result, you cannot guarantee any security.
This issue has been discussed extensively and always end in the same conclusion: Without any two-way authentication and secure channel, your client has no method of verifying the correctness of the library. If any man-in-the-middle changed the crypto routines, your client would not know, let alone that you would ever find out.
So, to guarantee security, you will need SSL and client certificates.
(non-guaranteed security does, off course, not exist)
Is there any reason why you need to push to an untrusted server from your client?
If the server that is delivering your website is trusted, then you should be able to post your data back to the trusted server, have the trusted server encrypt, and then the trusted server can send the data to the untrusted server for storage.