#cryptoapi — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cryptoapi, aggregated by home.social.
-
"Encryption at Rest" for JavaScript Projects
Following a previous post (https://infosec.exchange/@xoron/113446067764347249), which can be summarized as: I'm tackling bottom-up state management with an extra twist: integrating encryption at rest!
I created some updates to the WIP pull-request. The behavior is as follows.
- The user is prompted for a password if one isn't provided programmatically.
- This will allow for developers to create a custom password prompts in their application. The default fallback is to use a JavaScript prompt().
- It also seems possible to enable something like "fingerprint/face encryption" for some devices using the webauthn api. (This works, but the functionality is a bit flaky and needs to be fixed before rolling out.)
- Using AES-GCM with 1000000 iterations of PBKDF2 to derive the key from the password.
- The iterations can be increased in exchange for slower performance. It isn't currently configurable, but it might be in the future.
- The salt and AAD need to be deterministic and so to simplify user input, the salt as AAD are derived as the sha256 hash of the password. (Is this a good idea?)The latest version of the code can be seen in the PR: https://github.com/positive-intentions/dim/pull/9
I'm keen to get feedback on the approach and the implementation before i merge it into the main branch.
#JavaScript #Encryption #IndexedDB #WebDevelopment #CryptoAPI #FrontendDev #ReactHooks #StateManagement #WebSecurity #OpenSource #PersonalProjects
-
"Encryption at Rest" for JavaScript Projects
I'm developing a JavaScript UI framework for personal projects, and I'm tackling state management with an extra twist: integrating encryption at rest!
Inspired by this React Hook: Async State Management (https://positive-intentions.com/blog/async-state-management), I’m extending it to support encrypted persistent data. Here's how:
✨ The Approach:
Using IndexedDB for storage.
Data is encrypted before saving and decrypted when loading using the Browser Cryptography API.
Event listeners will also be encrypted/decrypted to avoid issues like browser extensions snooping on events.
The password (should never be stored) is entered by the user at runtime to decrypt the data. (Currently hardcoded for now!)
The salt will be stored unencrypted in IndexedDB to generate the key.
🔗 Proof of Concept:
You can try it out here: GitHub PR (https://github.com/positive-intentions/dim/pull/8). Clone or run it in Codespaces and let me know what you think!❓ Looking for Feedback:
Have I missed anything? Are there better ways to make this storage secure?Let's make secure web UIs a reality together! 🔒
#JavaScript #Encryption #IndexedDB #WebDevelopment #CryptoAPI #FrontendDev #ReactHooks #StateManagement #WebSecurity #OpenSource #PersonalProjects
-
Python, CryptoAPI и российские криптопровайдеры
В статье описывается работа в Python с криптопровайдерами, прежде всего российскими, через CryptoAPI. Особое внимание уделено получению штампа времени - рассмотрено взаимодействие между клиентом и Time-Stamp сервером и формирование запроса в соответствии с Time-Stamp протоколом.
-
Python, CryptoAPI и российские криптопровайдеры
В статье описывается работа в Python с криптопровайдерами, прежде всего российскими, через CryptoAPI. Особое внимание уделено получению штампа времени - рассмотрено взаимодействие между клиентом и Time-Stamp сервером и формирование запроса в соответствии с Time-Stamp протоколом.
-
Python, CryptoAPI и российские криптопровайдеры
В статье описывается работа в Python с криптопровайдерами, прежде всего российскими, через CryptoAPI. Особое внимание уделено получению штампа времени - рассмотрено взаимодействие между клиентом и Time-Stamp сервером и формирование запроса в соответствии с Time-Stamp протоколом.