Conversation

Hey Javascript people. Let's say I'm sitting here and going "I need to sign a binary blob then later verify that signature... I know, I'll use SubtleCrypto.sign". Do you feel a need to fling my laptop aside and yell "NO! You fool!! Use ____ from NPM!!" instead?

Daniel Micay

@DanielMicay

Replying to

@mcclure111

SubtleCrypto is named that way to discourage using it directly because it provides low-level APIs not designed for direct use outside cryptography libraries. It's probably not a good idea to use this directly if you aren't an expert on cryptography making a higher-level library.

11:24 PM · Jun 2, 2021Twitter Web App

Replying to

and

Do you only need signing and verification, or do you really need authenticated encryption? Do you need public/private keys, or is it the same instance of the code handling both encryption/signing and verification/decryption?

Replying to

I need public/private keys, and I need signing. Data blobs are being distributed by way of untrusted third parties. I may or may not need encryption. I guess it would be nice to offer it as an option as long as I'm signing and public keys are being distributed anyway out of band

Show replies