Skip to main content
Information Security

Questions tagged [web-crypto-api]

Ask Question

The Web Crypto API is a JavaScript standard for cryptographic primitives, allowing web applications to do cryptogarphy in the browser.

16 questions
Newest Active Bountied Unanswered
0 votes
2 answers
109 views

I’m working on an OpenID Connect integration and have a design question about where to generate the client secret. My idea was: The browser (frontend SPA) generates a random secret using Webcrypto ...
SocketM's user avatar
  • 103
4 votes
1 answer
489 views

I'm working on a client-certificate based authentication of users for a website. The server configuration part is OK (Apache server, keywords: SSLCACertificateFile / SSLVerifyDepth / SSLVerifyClient ...
fpierrat's user avatar
  • 143
4 votes
3 answers
2k views

I am developing an little web application that should allow the user to »bring your own key« in order to encrypt, decrypt, sign and verify data within the browser. Looking at this table (algorithm ...
philipp's user avatar
  • 141
2 votes
1 answer
532 views

Stateless authentication using e.g. JWT can be dangerous as they are non-revocable and can leak giving full access. But they are really flexible. I'm considering a scenario where the issued JWT is ...
Szyszka947's user avatar
  • 391
1 vote
0 answers
103 views

I am trying to better understand the processes involved in e2ee using WebCrypto on the browser. I understand that the only real method to use a passphrase to generate a symmetric key on the browser is ...
masimplo's user avatar
  • 111
2 votes
1 answer
1k views

I've heard a lot of people say that the Web Crypto API is not very safe. For example: https://tonyarcieri.com/whats-wrong-with-webcrypto, Problems with in Browser Crypto. However, I'm looking to use ...
baNaNa's user avatar
  • 73
0 votes
1 answer
1k views

I have the following from Google's public certs for verifying JWT ID -----BEGIN CERTIFICATE----- MIIDHDCCAgSgAwIBAgIIW4K0b18ff70wDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE ...
David Min's user avatar
  • 162
3 votes
1 answer
2k views

In a browser I want to use SublteCrypto (https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto) to create a key pair and store it locally in the IndexedDB (https://developer.mozilla.org/en-US/...
dominik's user avatar
  • 31
0 votes
0 answers
503 views

Background information: I am not a computer scientist. However, in a research project I am currently building a ESP32-based sensor. Multiple sensors of this type are going to be used by multiple users....
reg.cs's user avatar
  • 101
6 votes
1 answer
2k views

I'm considering storing a sysmetric encryption key in the form of a CyptoKey Object with extractable set to false in IndexedDB and I was wandering whether this is safe or not. The questions that I ...
AnotherOne's user avatar
  • 163
2 votes
1 answer
258 views

I'm reading some basic info about Web Cryptography API and I'm wondering if is possible to implement some crypto provider (C/C++ library or something) with some extra algorithms or is mandatory to use ...
RobertGG's user avatar
  • 57
-1 votes
1 answer
458 views

I have solve half of the problem by decoding a base64 code that reveal the next URL(https://app.findbug.io/app/task/FinDBuG-CTF2019) but now i don't know what to find or where i tried it with ...
snowr's user avatar
  • 3
1 vote
1 answer
713 views

We have been using a JavaScript crypto API to do RSA encryption in the browser. I know all the criticisms on encryption in JavaScript but we have evaluated pros and cons of the solution and the risks ...
robob's user avatar
  • 261
3 votes
0 answers
3k views

Imagine web apps that are supposed to work with no or only a few interactions with the web server, for example: a browser game in which the player's level and progress are to be saved locally. a game, ...
Steve06's user avatar
  • 131
1 vote
1 answer
168 views

Consider a cryptographic web application that relies on hosted JavaScript. This JavaScript could be manipulated server-side by a bad actor, defeating any cryptographic tasks. Namely: private keys ...
lofidevops's user avatar
  • 3,620

15 30 50 per page
1
2