CyberX

Window.Crypto Subtle feuture

Tonight I have experience with testing window.crypto API. I want to add this solution to my front-end library and found a lot of issues.

Look at the code listing:

	// cipher
	cipher: async function(data, mode) {

		// generate vector
		let iv = window.crypto.getRandomValues(new Uint8Array(16));

		let decoder = new TextDecoder('utf-8');
		let encoder = new TextEncoder('utf-8');

		async function encrypt(key) {

			let encrypted = await window.crypto.subtle.encrypt( { name: "AES-CBC", iv }, key, encoder.encode(data) );

			return encrypted;

		}

		async function decrypt(key, data) {

			let decrypted = decoder.decode( await window.crypto.subtle.decrypt( {name: "AES-CBC", iv}, key, data) );

			return decrypted;
		}

		let key = await window.crypto.subtle.generateKey( {name: "AES-CBC", length: 256}, true, ["encrypt", "decrypt"] ).then((key) => { 
			
			window.cipher_keys = key;

		});

		var cipher_crypt;

		switch(mode) {	
			case 'encrypt':

				window.cipher_encrypt = await encrypt(window.cipher_keys);
				window.cipher_decrypt = await decrypt(window.cipher_keys, await encrypt(window.cipher_keys) );

				break;

		}

		//console.log( cipher_crypt );

		return [window.cipher_encrypt, window.cipher_decrypt]; // not work

	},

Subtle Crypto is very stupid solution because uses a lot of async and await with promise.

First we can provide a key for decrypting and encrypting thats cant return key object in variable but drop it into then() function tail. From body of this function we can't store key object anything instead of window object.

We need to convert data for encoding and decoding into ArrayBufferView but not all browsers have text encoder and decoder in core.

Also we can't return executed data from wrapper function because crypto blocks return. Ok I have luck with dropping crypto functions result into windows object and it's a only one way to get encrypted or decrypted data.

Also output after ArrayBufferView decoded string contains Chinese letters. Not possible to provide key in plain string format to make synchronization with back-end using same cryptographic algorithms.

To many problems and issues contains new Subtle Crypto future. Need to wait final release that's work identical in all browsers.

For now you can play with example of Subtle Crypto and try to make this API better and you can find more out of 10 errors in realization this future.

Comments …

You can write here as guest with moderation. Please confirm your person if you have an account or register.

Add a comment as guest
Captcha: