Web Cryptography API - Use Cases

Who am I

 

Jose Aguinaga / @ jjperezaguinaga

 

Web Engineer

Startups / Fintech / Privacy

 

Disclaimer

Crypto stuff ahead, handle with caution, errata might occur

Why is Web Cryptography important?

?

?

😅

SHA256(      )

SHA256(      )

What is the Web Cryptography API?

Server-side cryptography

SSL, bcrypt, HMACs

//NOTE: This prompts the user to enter a password.
window.crypto.subtle.generateKey(
    {
        name: "PBKDF2",
    },
    false, //whether the key is extractable
    ["deriveKey", "deriveBits"] //can be any combination
)
.then(function(key){
    //returns a key object
    console.log(key);
})
.catch(function(err){
    console.error(err);
});
//NOTE: This prompts the user to enter a password.
window.crypto.subtle.digest(
    {
        name: "SHA-512",
    },
    new TextEncoder().encode(text)
)
.then(function(digestBuffer){
    //Parses the ArrayBuffer into a String
    btoa(Array.prototype.map.call()
    (new Uint8Array(digestBuffer)), ch =>
      String.fromCharCode(ch)).join(''));
});

Web Crypto Use Cases

boxcryptor

https://deniable.website

Deniable encryption

Ya ain't know what I got, or if I got something.

E(A | E(B | ... E(N, pk.n), pk.b) pk.a)

https://sealed.website

Further reading, libraries and links

https://www.coursera.org/learn/crypto

Solid introduction to cryptography from a computer science perspective by Stanford University teacher Dan Boneh

https://github.com/diafygi/webcrypto-examples

Moar examples on Web crypto

keybase.io

Thank you

QA

Web Cryptography API - Use Cases

By Jose Aguinaga

Web Cryptography API - Use Cases

  • 1,677