A partial archive of discourse.wicg.io as of Saturday February 24, 2024.

Scalable WebCrypto

septs
2021-01-30

see Allow add external algorithm bridge · Issue #248 · w3c/webcrypto · GitHub

class Ed25519SubtleBridge extends CryptoSubtleBridge {
    constructor() {
        Object.freeze(this)
    }

    sign(/* ... */) { /* ... */ }
    verify(/* ... */) { /* ... */ }

    deriveKey(/* ... */) { /* ... */ }
    deriveBits(/* ... */) { /* ... */ }

    generateKey(/* ... */) { /* ... */ }
    importKey(/* ... */) { /* ... */ }
    exportKey(/* ... */) { /* ... */ }

    get [Symbol.toStringTag]() {
         return '@Ed25519' // e.g: external algorithm name need fixed prefix, `@`
    }
}

crypto.addSubtleBridge(Ed25519SubtleBridge)

class SHA3SubtleBridge extends CryptoSubtleBridge {
    constructor() {
        Object.freeze(this)
    }

    digest(algorithm/*: string */, data/*: BufferSource */) {/* ... */}

    get [Symbol.toStringTag]() {
         return '@SHA-3'
    }
}

crypto.addSubtleBridge(SHA3SubtleBridge)

Motive:

  1. allow polyfill non-standard algorithm use unified interface on crypto operation
  2. make different libraries have the same api style
  3. unified web-side and nodejs-side* use same code

* nodejs 15 starts provide Web Crypto API | Node.js v15.7.0 Documentation implementation

rumkin
2021-02-07

I extremely like the idea to standardize algorithm interfaces.

IMO proposed interface should be modified:

  1. It should allow to set algorithm ID on registration. Explicit ID better than implicit.
  2. It should be renamed to “registerAlgorithm”. Due to a) “register” better describes action, b) “algorithm” describes what it actually is.
subtleCrypto.registerAlgorithm('ed25519', Ed25519Algorithm)

As a result registered algorithm ID should be passed into constructor as one of parameters.

Also I’d suggest to refuse from using prefixes due to the next reasons:

  1. Crypto algorithms sometimes produce crypto containers which should contain these IDs, so there could be a confusion to read such container somewhere else or to debug it. Instead it’s better to specify such algorithm as external when it’s listed and/or initialized.
  2. It allows to replace custom algorithm with built-in version in the future seamlessly.