3. Finalized! January 2017
WebCrypto API
- W3C
JavaScript API for performing basic cryptographic
operations in web applications, such as hashing,
signature generation and verification, and encryption
and decryption.
@erniewturner
7. Subtle Crypto
window.crypto.subtle.*
@erniewturner
It is named SubtleCrypto to reflect the fact that many of these algorithms
have subtle usage requirements in order to provide the required
algorithmic security guarantees. -W3C
It is named SubtleCrypto to reflect the fact that many of these algorithms
have subtle usage requirements in order to provide the required
algorithmic security guarantees. -W3C
8. Subtle Crypto
Developers making use of the SubtleCrypto interface are expected to be aware of
the security concerns associated with both the design and implementation of the
various algorithms provided. The raw algorithms are provided in order to allow
developers maximum flexibility in implementing a variety of protocols and
applications, each of which may represent the composition and security parameters
in a unique manner that necessitate the use of the raw algorithms.
-MDN
@erniewturner
9. Subtle Crypto
Methods are generic and take crypto algorithms as strings or objects
Nearly all operations return Promises
Only available over HTTPS
@erniewturner
33. function encryptData(secretData: string, passwo
const dataAsBytes = UTF8.encode(secretData);
const passwordAsBytes = UTF8.encode(password)
}
Data to Encrypt
byte array form
User Passcode
in binary formbyte array form
34. User Password Import Key User Passcode
Crypto Key
importKey
@erniewturner
byte array form
74. Important Notes
Key derivation will not fail if user enters wrong password
PBKDF2 Iterations must be the same on encrypt as on decrypt
There is no “forgot password” support
@erniewturner
There is no way to feature detect which algorithms are supported