Conversation

Hey Javascript people. Let's say I'm sitting here and going "I need to sign a binary blob then later verify that signature... I know, I'll use SubtleCrypto.sign". Do you feel a need to fling my laptop aside and yell "NO! You fool!! Use ____ from NPM!!" instead?

Replying to

SubtleCrypto is named that way to discourage using it directly because it provides low-level APIs not designed for direct use outside cryptography libraries. It's probably not a good idea to use this directly if you aren't an expert on cryptography making a higher-level library.

Replying to

and

Do you only need signing and verification, or do you really need authenticated encryption? Do you need public/private keys, or is it the same instance of the code handling both encryption/signing and verification/decryption?

Replying to

I need public/private keys, and I need signing. Data blobs are being distributed by way of untrusted third parties. I may or may not need encryption. I guess it would be nice to offer it as an option as long as I'm signing and public keys are being distributed anyway out of band

Replying to

I recommend using npmjs.com/package/libsod. Web Cryptography provides unsafe, low-level APIs and was designed by Netflix to implement DRM rather than anything useful. The only real use case is inside higher-level cryptography libraries with a need to provide legacy algorithms.

npmjs.com

npm: libsodium-wrappers

The Sodium cryptographic library compiled to pure JavaScript (wrappers). Latest version: 0.7.10, last published: 6 months ago. Start using libsodium-wrappers in your project by running `npm i...

Replying to

and

Using SubtleCrypto is rolling your own cryptography, even if it doesn't feel that way. It's not designed for end users and the name is supposed to scare you away. I don't think they did a good enough job making a scary name. It should probably be called DangerousCrypto.

Replying to

and

libsodium is an improvement upon NaCl with an easier to use higher-level API. libsodium.js is the official port to JavaScript with a high-level JS API. It gives you a proper high-level library rather than low-level APIs for legacy algorithms so Netflix can implement DRM with it.

Replying to

Thanks, that explanation helps.

Daniel Micay

@DanielMicay

Replying to

@mcclure111

I'm sure there are people who can help you use those terrible Web Cryptography APIs but you should really just use libsodium.js via the high-level JS API. It also has a lower-level API so make sure you're using the high-level wrappers rather than the low-level libsodium port.

11:51 PM · Jun 2, 2021Twitter Web App

Replying to

and

Especially since it sounds like you might want to sometimes use authenticated encryption rather than only signature verification. It's very unnecessarily difficult to do that with Web Crypto and who knows what gotchas might be there with stuff like padding/encoding formats, etc.