(Unforunately, this is not as great as in desktop applications because it is not feasible to completely protect against code injection, malicious servers and side-channel attacks.” Stanford Javascript Crypto Library Homepage, not even using web crypto api 03/2015
var encoder = new TextEncoder("utf-‐8"); var cryptoSubtle = window.crypto.subtle; var algorithm = {name: 'SHA-‐1'}; var toHash = “this is a text to hash"; data = encoder.encode(toHash); cryptoSubtle.digest(algorithm, data) .then(function(hash) { console.log("string",toHash,"hashed with", algorithm.name,":", ab2hex(hash)); });
new Uint8Array(arrayBuffer); var hex = ""; for (var i=0; i<byteArray.byteLength; i++) { hex += byteArray[i].toString(16); } return hex; } var encoder = new TextEncoder("utf-‐8"); var cryptoSubtle = window.crypto.subtle; var algorithm = {name: 'SHA-‐1'}; var toHash = “this is a text to hash"; data = encoder.encode(toHash); cryptoSubtle.digest(algorithm, data) .then(function(hash) { console.log("string",toHash,"hashed with", algorithm.name,":", ab2hex(hash)); });
text to sign."; var data = encoder.encode(toSign); cryptoSubtle.sign(algorithm, keypair.privateKey, data) .then(function(signature) { cryptoSubtle.verify(algorithm, keypair.publicKey, signature, data) .then(function(result) { console.log("Signature is valid:", result); }); }); //[..]