Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cryptography in the Browser

Charles Engelke
April 22, 2015
Programming
0
330

Cryptography in the Browser

Talk at 2015 Fluent Conference

Charles Engelke

April 22, 2015
Tweet

Other Decks in Programming

See All in Programming
ログラスを支える設計標準について / loglass-design-standards
urmot
10
2.1k
From Spring Boot 2 to Spring Boot 3 with Java 22 and Jakarta EE
ivargrimstad
0
920
Blue/Greenデプロイの導入による 運用フローの改善
kudoas
1
360
DMMプラットフォームがTiDB Cloudを採用した背景
pospome
8
3.6k
Front-end application development, Symfony-style(s)
dunglas
2
1.9k
"config" ってなんだ? / What is "config"?
okashoi
0
220
二郎系ラーメンのコールで学ぶ AST 解析
memory1994
PRO
7
1.7k
Doctrine ORMでValue Objectを扱う方法4選 #phpstudy / 4 ways to handle Value Objects with Doctrine ORM
77web
4
110
脱・初心者!脱・マネコン!AWS CDKを使ってみませんか!?
har1101
0
300
SwiftUI Performance 不要なViewの再描画と更新を抑える
bigamitiongit
1
160
GraphQLサーバの構成要素を整理する #ハッカー鮨 #tsukijigraphql / graphql server technology selection
izumin5210
3
290
Ruby GitHub Packages
bkuhlmann
0
620

Featured

See All Featured
How STYLIGHT went responsive
nonsquared
92
4.8k
The Illustrated Children's Guide to Kubernetes
chrisshort
29
46k
Designing for humans not robots
tammielis
247
25k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
321
20k
Making Projects Easy
brettharned
108
5.5k
The Mythical Team-Month
searls
215
42k
Stop Working from a Prison Cell
hatefulcrawdad
266
19k
The Cost Of JavaScript in 2023
addyosmani
14
3.8k
Building an army of robots
kneath
300
41k
Scaling GitHub
holman
457
140k
Reflections from 52 weeks, 52 projects
jeffersonlam
344
19k
Creatively Recalculating Your Daily Design Routine
revolveconf
209
11k

Transcript

  1. Cryptography in the Browser Charles Engelke Info Tech, Inc. @charlesengelke

    engelke.com/fluent

  2. My Goal Protect messages between two browser users from disclosure

    or tampering

  3. SSL/TLS authenticates and protects connections

  4. SSL/TLS authenticates and protects connections But data can be read

    and altered here

  5. Crypto in the browser can protect and authenticate messages

  6. Crypto in the browser can protect and authenticate messages Still

    need SSL/TLS to get the code to the browser

  7. Software for Government Transportation Agencies http://www.fhwa.dot.gov/publications/publicroads/04mar/01.cfm

  8. Sealed Bidding

  9. Bid Opening Day https://www.flickr.com/photos/agecombahia/5726490081

  10. None

  11. DOT public key DOT private key

  12. DOT public key Bidder’s private key DOT private key Bidders’

    public keys

  13. 37 US state DOTs 1 Canadian MOT Many other public

    transportation agencies Branching out to other sealed bid users

  14. > $1,000,000,000,000 in bids

  15. Could we use a browser instead of a Windows program?

  16. JavaScript and the browser VM are not well suited to

    cryptography.

  17. Obstacles can be overcome (and have been)… but: We'd rather

    use existing, time-tested libraries

  18. http://www.w3.org/TR/WebCryptoAPI/

  19. Still Prefixed

  20. Using the API

  21. window.crypto

  22. window.crypto.getRandomValues

  23. window.crypto.subtle.

  24. encrypt decrypt sign verify window.crypto.subtle. digest generateKey deriveKey deriveBits importKey

    exportKey wrapKey unwrapKey

  25. Subtle?

  26. It is named SubtleCrypto to reflect the fact that many

    of these algorithms have subtle usage requirements in order to provide the required algorithmic security guarantees. (emphasis mine) http://www.w3.org/TR/WebCryptoAPI/#subtlecrypto-interface-description

  27. Unreadable W3 specs Now it was suggested that the correct

    way of doing this can be found in the specification. That’s entirely possible, but I am unable to make heads or tails of the spec. Peter-Paul Koch http://www.quirksmode.org/blog/archives/2015/04/of_undocumented.html

  28. Give it a try

  29. Symmetric Cryptography plaintext ciphertext

  30. Works Either Way plaintext ciphertext

  31. window.crypto.subtle.encrypt( algorithmIdentifier, key, data);

  32. First Try var ciphertext = window.crypto.subtle.encrypt( "AES", 0x1234567890abcdef01234567890abcdef0, "This is

    really super secret!");

  33. First Try var ciphertext = window.crypto.subtle.encrypt( "AES", 0x1234567890abcdef01234567890abcdef0, "This is

    really super secret!");

  34. var ciphertext = window.crypto.subtle.encrypt( Returns a Promise resolving to the

    ciphertext, not the ciphertext itself

  35. "AES", Not an AlgorithmIdentifier object

  36. { name: "AES-CBC", iv: initVec //16 bytes }

  37. 0x1234567890abcdef01234567890abcdef0, Not a CryptoKey object

  38. "This is really super secret!"); Must be BufferSource, not string.

  39. Promises and ArrayBuffers

  40. Using a Promise p.then(function(result) { // It worked and yielded

    result }, function(err) { // It failed. err is usually an Error object });

  41. Either parameter of then can be omitted: p.then(resolve); p.then(, reject);

    p.catch(reject) is an alias for p.then(, reject) p.then() always returns another Promise Promises can be chained

  42. ArrayBuffer A contiguous block of memory var buf = new

    ArrayBuffer(8); Cannot access or manipulate contents directly.

  43. ArrayBufferView var view = new Uint8Array(buf); or a shortcut: var

    view = new Uint8Array( [1, 2, 3, 4, 5, 6, 7, 8]);

  44. Do it right

  45. var keyBuffer = new Uint8Array([ 0x12, 0x34, 0x56, 0x78, 0x9a,

    0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0]); var initVec = window.crypto.getRandomValues( new Uint8Array(16)); var plaintext = new TextEncoder("utf-8"). encode("This is super secret!");

  46. window.crypto.subtle.importKey( 'raw', keyBuffer, {name: "AES-CBC"}, false, ["encrypt", "decrypt"] ). 0x12,

    0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0]); var initVec = window.crypto.getRandomValues( new Uint8Array(16)); var plaintext = new TextEncoder("utf-8"). encode("This is super secret!");

  47. window.crypto.subtle.importKey( 'raw', keyBuffer, {name: "AES-CBC"}, false, ["encrypt", "decrypt"] ). then(function(key)

    { return window.crypto.subtle.encrypt( {name: "AES-CBC", iv: initVec}, key, plaintext); }).

  48. then(function(key) { return window.crypto.subtle.encrypt( {name: "AES-CBC", iv: initVec}, key, plaintext);

    }). then(function(ciphertext) { useCipherText(ciphertext, initVec); }).

  49. then(function(ciphertext) { useCipherText(ciphertext, initVec); }). catch(function(err) { alert("Error: " +

    err.message); });

  50. Finding info in the spec

  51. Section 19: Algorithms encrypt and decrypt: RSA-OAEP, AES-CTR, AES-CBC, AES-GCM,

    AES-CFB sign and verify: RSASSA-PKCS1-v1_5, RSA-PSS, ECDSA, AES-CMAC, HMAC digest: SHA-1, SHA-256, SHA-384, SHA- 512 deriveKey and deriveBits: ECDH, DH, CONCAT, HKDF-CTR, PBKDF2 wrapKey and unwrapKey: All encrypt and decrypt algorithms, plus AES-KW

  52. There are no algorithms that conforming user agents are required

    to implement http://www.w3.org/TR/WebCryptoAPI/#algorithm-recommendations-authors

  53. Widely Supported Algorithms RSASSA-PKCS1-v1_5 with SHA-1 or SHA-256 RSA-OAEP AES-CBC

    SHA-1, SHA-256, SHA-512 PBKDF2 with SHA-1

  54. Section 14: SubtleCrypto interface

  55. Summary of operations and parameters

  56. None
  57. None

  58. window.crypto.subtle.generateKey( { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256", modulusLength: 2048, publicExponent: new

    Uint8Array([1, 0, 1]) }, false, // privateKey only ["sign", "verify"] ). 65537 (per RFC 6485) as a 24-bit big endian integer

  59. window.crypto.subtle.generateKey( { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256", modulusLength: 2048, publicExponent: new

    Uint8Array([1, 0, 1]) }, false, ["sign", "verify"] ).then(function(keyPair) { // use keyPair.publicKey and keyPair.privateKey });

  60. Winding Down

  61. X.509 and CMS PKIX standards like x.509 certificates and Cryptographic

    Message Syntax can be implemented on top of the Web Cryptography API. PKIX adds standardized formatting to results, using ASN.1 and BER/DER encoding. (1980's era ITU standards)

  62. Can "roll your own" with JavaScript… or: Use PKIjs and

    ASN1js libraries At pkijs.org and asn1js.org See github.com/infotechinc/create-x509-certificate

  63. https://www.coursera.org/course/crypto

  64. engelke.com/fluent github.com/infotechinc blog.engelke.com/webcrypto