Web Crypto API - Lightning Talk @Troopers

Web Cryptography API Lightning Talk, Troopers 2015 18th march, Heidelberg

Browser Cryptography > Browser Plugins

Browser Cryptography > Browser Plugins > JavaScript only implementations

Browser Cryptography > Browser Plugins > JavaScript only implementations >
Web Crypto API (W3C recommendation)

Why is Crypto in JS bad? > Random Number Generator

> Key protection

> Key protection > (BigInteger Handling)

Spec Usecases > Data Integrity / Protection

Spec Usecases > Data Integrity / Protection > Document Signing
/ Protection

/ Protection > JavaScript Object Signing Encryption (JOSE)

/ Protection > JavaScript Object Signing Encryption (JOSE) > Messaging

/ Protection > JavaScript Object Signing Encryption (JOSE) > Messaging > Authentication

What does it not solve “[..] security [..] in Javascript.
(Unforunately, this is not as great as in desktop applications because it is not feasible to completely protect against code injection, malicious servers and side-channel attacks.” Stanford Javascript Crypto Library Homepage, not even using web crypto api 03/2015

W3C Specification Process Editors Draft

W3C Specification Process Editors Draft Working Draft Candidate Recommendation Proposed
Recommendation

Recommendation W3C Recommendation

Recommendation W3C Recommendation You are here at least until 03/2015

Can I use? Source: caniuse.com - 03/2015

This means: Date: 03/2015 Chrome Firefox IE API  Coverage ✓
✓ ✓ Algorithms some some some (little less)

Firefox supported algorithms • AES-CTR • AES-CBC • AES-GCM •
RSA-OAEP • AES-KW • HMAC • RSASSA-PKCS1-v1_5 • ECDSA • AES-CFB • RSA-PSS • AES-CMAC • CONCAT • HKDF-CTR • ECDH • DH • PBKDF2 • SHA-1 • SHA-256 • SHA-384 • SHA-512 Source: caniuse.com - 02/2015

Chrome supported algorithms • RSASSA-PKCS1-V1_5 • RSA_PSS * • RSA-OAEP
• ECDSA * • ECDH * • AES-CTR * • AES-CBC • AES-CMAC • AES-CFB • DH • CONCAT • (HKDF) • (PBKDF) • AES-GCM • AES-KW • HMAC • SHA-1 • SHA-256 • SHA-384 • SHA-512 Source: chromium.org/blink/webcrypto - 02/2015, Version 41 * right now, BoringSSL only = Mac OS X, Windows and Android

IE supported algorithms • RSASSA-PKCS1-V1_5 • RSAES-PKCS1-V1_5 • RSA-OAEP •
AES-CBC • AES-GCM • AES-KW • AES-CMAC • AES-CFB • DH • CONCAT • HKDF • PBKDF • AES-CTR • ECDH • ECDSA • RSA_PSS • HMAC • SHA-1 • SHA-256 • SHA-384 • SHA-512 Source: http://goo.gl/s0QSLk - 02/2015, Internet Explorer Version 11

Webcrypto Interface window.crypto || window.msCrypto

Webcrypto Interface window.crypto || window.msCrypto .getRandomValue

Webcrypto Interface window.crypto || window.msCrypto .subtle .getRandomValue • encrypt/decrypt •
sign/verify • digest • generateKey • deriveKey • deriveBits • importKey/exportKey • wrapKey/unwrapKey

Webcrypto Interface > Data is usually supplied as ArrayBuffer  (generic
raw binary data buffer)

Webcrypto Interface > Data is usually supplied as ArrayBuffer  (generic
raw binary data buffer) > Results are JS Promises (beware IE)

Example Hash var encoder = new TextEncoder("utf-‐8"); var cryptoSubtle
= window.crypto.subtle; var algorithm = {name: 'SHA-‐1'}; var toHash = “this is a text to hash"; data = encoder.encode(toHash);

Example Hash
var encoder = new TextEncoder("utf-‐8"); var cryptoSubtle = window.crypto.subtle; var algorithm = {name: 'SHA-‐1'}; var toHash = “this is a text to hash"; data = encoder.encode(toHash); cryptoSubtle.digest(algorithm, data) .then(function(hash) { console.log("string",toHash,"hashed with", algorithm.name,":", ab2hex(hash)); });

Example Hash function ab2hex(arrayBuffer) { var byteArray =
new Uint8Array(arrayBuffer); var hex = ""; for (var i=0; i<byteArray.byteLength; i++) { hex += byteArray[i].toString(16); } return hex; } var encoder = new TextEncoder("utf-‐8"); var cryptoSubtle = window.crypto.subtle; var algorithm = {name: 'SHA-‐1'}; var toHash = “this is a text to hash"; data = encoder.encode(toHash); cryptoSubtle.digest(algorithm, data) .then(function(hash) { console.log("string",toHash,"hashed with", algorithm.name,":", ab2hex(hash)); });

Example Keyhandling //[..] var hashAlgorithm = {name: 'SHA-‐1'};
var algorithm = {name: 'ECDSA', namedCurve: 'P-‐256', hash: hashAlgorithm}; var extractable = true; var usages = ["sign", "verify"]; window.crypto.subtle.generateKey(algorithm, extractable, usages) .then(function(keypair) { console.log("Keypair generated: ", keypair); //[..]

Example Keyhandling //[..] var hashAlgorithm = {name: 'SHA-‐1'};
var algorithm = {name: 'ECDSA', namedCurve: 'P-‐256', hash: hashAlgorithm}; var extractable = true; var usages = ["sign", "verify"]; window.crypto.subtle.generateKey(algorithm, extractable, usages) .then(function(keypair) { console.log("Keypair generated: ", keypair); window.crypto.subtle.exportKey('jwk', keypair.publicKey) .then(function(exportedKey) { console.log("Public key exported as JWK:", exportedKey); }); //[..]

Example Signature //[..] var toSign = "This is a
text to sign."; var data = encoder.encode(toSign); cryptoSubtle.sign(algorithm, keypair.privateKey, data) .then(function(signature) { }); //[..]

Example Signature //[..] var toSign = "This is a
text to sign."; var data = encoder.encode(toSign); cryptoSubtle.sign(algorithm, keypair.privateKey, data) .then(function(signature) { cryptoSubtle.verify(algorithm, keypair.publicKey, signature, data) .then(function(result) { console.log("Signature is valid:", result); }); }); //[..]

Example Encryption //[..] var text = "Encrypt me!";
cryptoSubtle.encrypt(algorithm, key, encoder.encode(text)) .then(function(encryptedText) { }); //[..]

Example Encryption //[..] var text = "Encrypt me!";
cryptoSubtle.encrypt(algorithm, key, encoder.encode(text)) .then(function(encryptedText) { cryptoSubtle.decrypt(algorithm, key, encryptedText) .then(function(decrypted){ var dataView = new DataView(decrypted); console.log("Decrypted string: ", decoder.decode(dataView)); }); }); //[..]

More Code Samples https://github.com/innoq/webcrypto-api Others, more Spec oriented:   https://github.com/diafygi/webcrypto-examples

Cross Browser Compatibility > use text-encode polyfill for working with
ArrayBuffers

ArrayBuffers > use a polyfill for working with Promises

ArrayBuffers > use a polyfill for working with Promises > check algorithm and operation availability

Outlook > Web Crypto Key Discovery API (w-draft)

Outlook > Web Crypto Key Discovery API (w-draft) > (High-Level
API)

API) > Stream Integration

API) > Stream Integration > Certificate Management / Usage

API) > Stream Integration > Certificate Management / Usage > Using Hardware Tokens

API) > Stream Integration > Certificate Management / Usage > Using Hardware Tokens > Web RTC integration

API) > Stream Integration > Certificate Management / Usage > Using Hardware Tokens > Web RTC integration > Web Payment integration

Implementation Tracking > Chrome: https://code.google.com/p/chromium/issues/detail? id=245025 (now labled as ‘cr-blink-webcrypto')
> Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=865789 > WebKit: https://bugs.webkit.org/show_bug.cgi?id=122679 > IE: https://msdn.microsoft.com/library/ie/dn302338.aspx

Simon Kölsch | @simkoelsch [email protected] innoQ Deutschland GmbH Krischerstr. 100
40789 Monheim am Rhein Germany Phone: +49 2173 3366-0 innoQ Schweiz GmbH Gewerbestr. 11 CH-6330 Cham Switzerland Phone: +41 41 743 0116 www.innoq.com Ohlauer Straße 43 10999 Berlin Germany Phone: +49 2173 3366-0 Robert-Bosch-Straße 7 64293 Darmstadt Germany Phone: +49 2173 3366-0 Radlkoferstraße 2 D-81373 München Germany Telefon +49 (0) 89 741185-270 Thank you! Questions? Comments?

Web Crypto API - Lightning Talk @Troopers

Web Crypto API - Lightning Talk @Troopers

More Decks by Simon Kölsch

Other Decks in Programming

Featured

Transcript