Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Web Crypto API - Talk @EnterJS

Simon Kölsch
June 18, 2015
Programming
1
140

Web Crypto API - Talk @EnterJS

Slides of the EnterJS Talk "JavaScript meets Cryptography - Einführung in die WebCrypto API" (slides are in en)

Simon Kölsch

June 18, 2015
Tweet

More Decks by Simon Kölsch

See All by Simon Kölsch
OAuth 2 und OpenID Connect @DevSec 2017
simkoelsch
0
71
Vault @ Continuous Lifecycle 2016
simkoelsch
0
180
Security in Microservices Umgebungen @WJAX2016
simkoelsch
0
55
Secure Clojure Webapplications @ Froscon
simkoelsch
0
120
Docker Introduction Tech Talk
simkoelsch
0
110
OAuth 2 und OpenID Connect @JAX2015
simkoelsch
2
470
Web Crypto API - Lightning Talk @Troopers
simkoelsch
1
120

Other Decks in Programming

See All in Programming
Build Apps for iOS, Android & Desktop in 100% Kotlin With Compose Multiplatform (mDevCamp 2024)
zsmb
0
360
CA.swift19 恋するAIアプリ開発の裏側
oskmr
0
370
Compose-View Interop in Practice (mDevCamp 2024)
stewemetal
0
140
使ってみよう Azure AI Document Intelligence
kosmosebi
2
330
if constexpr文はテンプレート世界のラムダ式である
faithandbrave
3
650
MicrosoftのPlatform Engineeringガイドを読んで実際になにかやってみた
ymd65536
1
410
Azure OpenAI Serviceのプロンプトエンジニアリング入門
tomokusaba
3
770
二郎系ラーメンのコールで学ぶ AST 解析
memory1994
PRO
7
1.7k
Ruby GitHub Packages
bkuhlmann
0
630
冗長なエラーログを削減し、スタックトレースを手に入れる / Reducing Verbose Error Logs and Obtaining Stack Traces
upamune
0
830
Random\Randomizer クラスで日常のあれこれを解決しよう! / Random\Randomizer class solves familiar trouble
cocoeyes02
0
250
GraphQLサーバの構成要素を整理する #ハッカー鮨 #tsukijigraphql / graphql server technology selection
izumin5210
4
840

Featured

See All Featured
Robots, Beer and Maslow
schacon
PRO
155
7.9k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
21
1.6k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
Six Lessons from altMBA
skipperchong
21
3k
Infographics Made Easy
chrislema
238
18k
Build The Right Thing And Hit Your Dates
maggiecrowley
24
2k
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
The MySQL Ecosystem @ GitHub 2015
samlambert
243
12k
Facilitating Awesome Meetings
lara
42
5.6k
Creatively Recalculating Your Daily Design Routine
revolveconf
210
11k
Thoughts on Productivity
jonyablonski
58
3.8k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k

Transcript

  1. Web Cryptography API enterJS 2015 18th june, Darmstadt

  2. Browser Cryptography > Browser Plugins

  3. Browser Cryptography > Browser Plugins > JavaScript only implementations

  4. Browser Cryptography > Browser Plugins > JavaScript only implementations >

    Web Crypto API (W3C recommendation)

  5. Why is Crypto in JS bad? > Random Number Generator

  6. Why is Crypto in JS bad? > Random Number Generator

    > Key protection

  7. Why is Crypto in JS bad? > Random Number Generator

    > Key protection > BigInteger Handling

  8. Why is Crypto in JS bad? > Random Number Generator

    > Key protection > BigInteger Handling > Timing attacks

  9. Why is Crypto in JS bad? > Random Number Generator

    > Key protection > BigInteger Handling > Timing attacks > No low-level memory control

  10. Why is Crypto in JS bad? > Random Number Generator

    > Key protection > BigInteger Handling > Timing attacks > No low-level memory control > ASN.1 parsing

  11. “[..] security [..] in Javascript. (Unforunately, this is not as

    great as in desktop applications because it is not feasible to completely protect against code injection, malicious servers and side-channel attacks.” Stanford Javascript Crypto Library Homepage, not even using web crypto api 03/2015

  12. Security considerations > No requirements on keystorage

  13. Security considerations > No requirements on keystorage > DoS attacks

    by computationally intensive work

  14. Security considerations > No requirements on keystorage > DoS attacks

    by computationally intensive work > Relying on same origin policy

  15. Security considerations > No requirements on keystorage > DoS attacks

    by computationally intensive work > Relying on same origin policy > User can clear storage associated with an origin

  16. Security considerations > No requirements on keystorage > DoS attacks

    by computationally intensive work > Relying on same origin policy > User can clear storage associated with an origin > No requirements to zero out key material

  17. Security considerations > No requirements on keystorage > DoS attacks

    by computationally intensive work > Relying on same origin policy > User can clear storage associated with an origin > No requirements to zero out key material > Script injections

  18. Spec Usecases > Data Integrity / Protection

  19. Spec Usecases > Data Integrity / Protection > Document Signing

    / Protection

  20. Spec Usecases > Data Integrity / Protection > Document Signing

    / Protection > JavaScript Object Signing Encryption (JOSE)

  21. Spec Usecases > Data Integrity / Protection > Document Signing

    / Protection > JavaScript Object Signing Encryption (JOSE) > Messaging

  22. Spec Usecases > Data Integrity / Protection > Document Signing

    / Protection > JavaScript Object Signing Encryption (JOSE) > Messaging > Authentication

  23. W3C Specification Process Editors Draft

  24. W3C Specification Process Editors Draft Working Draft Candidate Recommendation Proposed

    Recommendation

  25. W3C Specification Process Editors Draft Working Draft Candidate Recommendation Proposed

    Recommendation W3C Recommendation

  26. W3C Specification Process Editors Draft Working Draft Candidate Recommendation Proposed

    Recommendation W3C Recommendation You are here

  27. Can I use? Source: caniuse.com - 03/2015

  28. This means: Date: 03/2015 Chrome Firefox IE API
 Coverage ✓

    ✓ ✓ Algorithms some some some (little less)

  29. Firefox supported algorithms • AES-CTR • AES-CBC • AES-GCM •

    RSA-OAEP • AES-KW • HMAC • RSASSA-PKCS1-v1_5 • ECDSA • AES-CFB • RSA-PSS • AES-CMAC • CONCAT • HKDF-CTR • ECDH • DH • PBKDF2 • SHA-1 • SHA-256 • SHA-384 • SHA-512 Source: caniuse.com - 02/2015

  30. Chrome supported algorithms • RSASSA-PKCS1-V1_5 • RSA_PSS • RSA-OAEP •

    ECDSA • ECDH • AES-CTR • AES-CBC • AES-CMAC • AES-CFB • DH • CONCAT • (HKDF) • (PBKDF) • AES-GCM • AES-KW • HMAC • SHA-1 • SHA-256 • SHA-384 • SHA-512 Source: chromium.org/blink/webcrypto - 02/2015, Version 41

  31. IE supported algorithms • RSASSA-PKCS1-V1_5 • RSAES-PKCS1-V1_5 • RSA-OAEP •

    AES-CBC • AES-GCM • AES-KW • AES-CMAC • AES-CFB • DH • CONCAT • HKDF • PBKDF • AES-CTR • ECDH • ECDSA • RSA_PSS • HMAC • SHA-1 • SHA-256 • SHA-384 • SHA-512 Source: http://goo.gl/s0QSLk - 02/2015, Internet Explorer Version 11

  32. Webcrypto Interface window.crypto || window.msCrypto

  33. Webcrypto Interface window.crypto || window.msCrypto .getRandomValue

  34. Webcrypto Interface window.crypto || window.msCrypto .subtle .getRandomValue • encrypt/decrypt •

    sign/verify • digest • generateKey • deriveKey • deriveBits • importKey/exportKey • wrapKey/unwrapKey

  35. Webcrypto Interface > Data is usually supplied as ArrayBuffer
 (generic

    raw binary data buffer)

  36. Webcrypto Interface > Data is usually supplied as ArrayBuffer
 (generic

    raw binary data buffer) > Results are JS Promises (beware IE)

  37. Webcrypto Interface > Data is usually supplied as ArrayBuffer
 (generic

    raw binary data buffer) > Results are JS Promises (beware IE) > CryptoKey Objects (only reference)

  38. Webcrypto Interface > Data is usually supplied as ArrayBuffer
 (generic

    raw binary data buffer) > Results are JS Promises (beware IE) > CryptoKey Objects (only reference) > No keystorage provided

  39. Example Hash var  encoder  =  new  TextEncoder("utf-­‐8");   var  cryptoSubtle

     =  window.crypto.subtle;   var  algorithm  =  {name:  'SHA-­‐512'};   var  toHash  =  “this  is  a  text  to  hash";   data  =  encoder.encode(toHash);  

  40. Example Hash var  encoder  =  new  TextEncoder("utf-­‐8");   var  cryptoSubtle

     =  window.crypto.subtle;   var  algorithm  =  {name:  'SHA-­‐512'};   var  toHash  =  “this  is  a  text  to  hash";   data  =  encoder.encode(toHash);   cryptoSubtle.digest(algorithm,  data)   .then(function(hash)  {      console.log("string",toHash,"hashed  with",  algorithm.name,":",  ab2hex(hash));   });  

  41. Example Hash var  encoder  =  new  TextEncoder("utf-­‐8");   var  cryptoSubtle

     =  window.crypto.subtle;   var  algorithm  =  {name:  'SHA-­‐512'};   var  toHash  =  “this  is  a  text  to  hash";   data  =  encoder.encode(toHash);   cryptoSubtle.digest(algorithm,  data)   .then(function(hash)  {      console.log("string",toHash,"hashed  with",  algorithm.name,":",  ab2hex(hash));   });   function  ab2hex(arrayBuffer)  {      var  byteArray  =  new  Uint8Array(arrayBuffer);      var  hex  =  "";      for  (var  i=0;  i<byteArray.byteLength;  i++)  {          hex  +=  byteArray[i].toString(16);      }      return  hex;   }

  42. Example Keyhandling //[..]   var  hashAlgorithm  =  {name:  'SHA-­‐512'};  

    var  algorithm  =  {name:  'ECDSA',  namedCurve:  'P-­‐256',  hash:  hashAlgorithm};   var  extractable  =  true;   var  usages  =  ["sign",  "verify"];   window.crypto.subtle.generateKey(algorithm,  extractable,  usages)   .then(function(keypair)  {      console.log("Keypair  generated:  ",  keypair);                     //[..]

  43. Example Keyhandling //[..]   var  hashAlgorithm  =  {name:  'SHA-­‐512'};  

    var  algorithm  =  {name:  'ECDSA',  namedCurve:  'P-­‐256',  hash:  hashAlgorithm};   var  extractable  =  true;   var  usages  =  ["sign",  "verify"];   window.crypto.subtle.generateKey(algorithm,  extractable,  usages)   .then(function(keypair)  {      console.log("Keypair  generated:  ",  keypair);      window.crypto.subtle.exportKey('jwk',  keypair.publicKey)      .then(function(exportedKey)  {          console.log("Public  key  exported  as  JWK:",  exportedKey);      });   //[..]

  44. Example Signature //[..]   var  toSign  =  "This  is  a

     text  to  sign.";   var  data  =  encoder.encode(toSign);   cryptoSubtle.sign(algorithm,  keypair.privateKey,  data)   .then(function(signature)  {                                                                                                                                                                       });   //[..]

  45. Example Signature //[..]   var  toSign  =  "This  is  a

     text  to  sign.";   var  data  =  encoder.encode(toSign);   cryptoSubtle.sign(algorithm,  keypair.privateKey,  data)   .then(function(signature)  {      cryptoSubtle.verify(algorithm,  keypair.publicKey,  signature,  data)      .then(function(result)  {          console.log("Signature  is  valid:",  result);                });   });   //[..]

  46. Example Encryption //[..]   var  text  =  "Encrypt  me!";  

    cryptoSubtle.encrypt(algorithm,  key,  encoder.encode(text))   .then(function(encryptedText)  {                                                                                                                                                         });   //[..]

  47. Example Encryption //[..]   var  text  =  "Encrypt  me!";  

    cryptoSubtle.encrypt(algorithm,  key,  encoder.encode(text))   .then(function(encryptedText)  {      cryptoSubtle.decrypt(algorithm,  key,  encryptedText)      .then(function(decrypted){          var  dataView  =  new  DataView(decrypted);          console.log("Decrypted  string:  ",  decoder.decode(dataView));      });   });   //[..]

  48. More Code Samples https://github.com/innoq/webcrypto-api Others, more Spec oriented: 
 https://github.com/diafygi/webcrypto-examples

  49. Cross Browser Compatibility > use text-encode polyfill for working with

    ArrayBuffers

  50. Cross Browser Compatibility > use text-encode polyfill for working with

    ArrayBuffers > use a polyfill for working with Promises

  51. Cross Browser Compatibility > use text-encode polyfill for working with

    ArrayBuffers > use a polyfill for working with Promises > check algorithm and operation availability

  52. Demo https://github.com/innoq/webcrypto-api/tree/master/p2p-example

  53. Outlook > Web Crypto Key Discovery API (w-draft)

  54. Outlook > Web Crypto Key Discovery API (w-draft) > (High-Level

    API)

  55. Outlook > Web Crypto Key Discovery API (w-draft) > (High-Level

    API) > Stream Integration

  56. Outlook > Web Crypto Key Discovery API (w-draft) > (High-Level

    API) > Stream Integration > Certificate Management / Usage

  57. Outlook > Web Crypto Key Discovery API (w-draft) > (High-Level

    API) > Stream Integration > Certificate Management / Usage > Using Hardware Tokens

  58. Outlook > Web Crypto Key Discovery API (w-draft) > (High-Level

    API) > Stream Integration > Certificate Management / Usage > Using Hardware Tokens > Web RTC integration

  59. Outlook > Web Crypto Key Discovery API (w-draft) > (High-Level

    API) > Stream Integration > Certificate Management / Usage > Using Hardware Tokens > Web RTC integration > Web Payment integration

  60. Implementation Tracking > Chrome: https://code.google.com/p/chromium/issues/detail? id=245025 (now labled as ‘cr-blink-webcrypto')

    > Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=865789 > WebKit: https://bugs.webkit.org/show_bug.cgi?id=122679 > IE: https://msdn.microsoft.com/library/ie/dn302338.aspx

  61. Simon Kölsch | @simkoelsch [email protected] innoQ Deutschland GmbH Krischerstr. 100

    40789 Monheim am Rhein Germany Phone: +49 2173 3366-0 innoQ Schweiz GmbH Gewerbestr. 11 CH-6330 Cham Switzerland Phone: +41 41 743 0116 www.innoq.com Ohlauer Straße 43 10999 Berlin Germany Phone: +49 2173 3366-0 Robert-Bosch-Straße 7 64293 Darmstadt Germany Phone: +49 2173 3366-0 Radlkoferstraße 2 D-81373 München Germany Telefon +49 (0) 89 741185-270 Thank you! Questions? Comments? Christoph Iserlohn [email protected]