Skip to content

Instantly share code, notes, and snippets.

@saulshanabrook
Created October 19, 2016 14:20
Show Gist options
  • Star 55 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
  • Save saulshanabrook/b74984677bccd08b028b30d9968623f5 to your computer and use it in GitHub Desktop.
Save saulshanabrook/b74984677bccd08b028b30d9968623f5 to your computer and use it in GitHub Desktop.
Saving Web Crypto Keys using indexedDB

This is a working example on how to store CryptoKeys locally in your browser. We are able to save the objects, without serializing them. This means we can keep them not exportable (which might be more secure?? not sure what attack vectors this prevents).

To try out this example, first make sure you are in a browser that has support for async...await and indexedDB (latest chrome canary with chrome://flags "Enable Experimental Javascript" works). Load some page and copy and paste this code into the console. Then call encryptDataSaveKey(). This will create a private/public key pair and encrypted some random data with the private key. Then save both of them. Now reload the page, copy in the code, and run loadKeyDecryptData(). It will load the keys and encrypted data and decrypt it. You should see the same data logged both times.

async function encryptDataSaveKey() {
var data = await makeData();
console.log("generated data", data);
var keys = await makeKeys()
var encrypted = await encrypt(data, keys);
callOnStore(function (store) {
store.put({id: 1, keys: keys, encrypted: encrypted});
})
}
function loadKeyDecryptData() {
callOnStore(function (store) {
var getData = store.get(1);
getData.onsuccess = async function() {
var keys = getData.result.keys;
var encrypted = getData.result.encrypted;
var data = await decrypt(encrypted, keys);
console.log("decrypted data", data);
};
})
}
function callOnStore(fn_) {
// This works on all devices/browsers, and uses IndexedDBShim as a final fallback
var indexedDB = window.indexedDB || window.mozIndexedDB || window.webkitIndexedDB || window.msIndexedDB || window.shimIndexedDB;
// Open (or create) the database
var open = indexedDB.open("MyDatabase", 1);
// Create the schema
open.onupgradeneeded = function() {
var db = open.result;
var store = db.createObjectStore("MyObjectStore", {keyPath: "id"});
};
open.onsuccess = function() {
// Start a new transaction
var db = open.result;
var tx = db.transaction("MyObjectStore", "readwrite");
var store = tx.objectStore("MyObjectStore");
fn_(store)
// Close the db when the transaction is done
tx.oncomplete = function() {
db.close();
};
}
}
async function encryptDecrypt() {
var data = await makeData();
console.log("generated data", data);
var keys = await makeKeys()
var encrypted = await encrypt(data, keys);
console.log("encrypted", encrypted);
var finalData = await decrypt(encrypted, keys);
console.log("decrypted data", data);
}
function makeData() {
return window.crypto.getRandomValues(new Uint8Array(16))
}
function makeKeys() {
return window.crypto.subtle.generateKey(
{
name: "RSA-OAEP",
modulusLength: 2048, //can be 1024, 2048, or 4096
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
hash: {name: "SHA-256"}, //can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
},
false, //whether the key is extractable (i.e. can be used in exportKey)
["encrypt", "decrypt"] //must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
)
}
function encrypt(data, keys) {
return window.crypto.subtle.encrypt(
{
name: "RSA-OAEP",
//label: Uint8Array([...]) //optional
},
keys.publicKey, //from generateKey or importKey above
data //ArrayBuffer of data you want to encrypt
)
}
async function decrypt(data, keys) {
return new Uint8Array(await window.crypto.subtle.decrypt(
{
name: "RSA-OAEP",
//label: Uint8Array([...]) //optional
},
keys.privateKey, //from generateKey or importKey above
data //ArrayBuffer of the data
));
}
@dscaravaggi
Copy link

I'm interested in this thread and I tried to understand if chromium has already included TPM2 by heart, I found some git commit about it but I'm not able to understand is is rolled up in officials builds.
on the other hand should I trust webcrytpt in android >10 webview ?

@Vishwas1
Copy link

Is there any paper on security of cryptoKey storage?

@tcortega
Copy link

@Vishwas1 The way I was successfull in extracting non-extractable keys was simply via http request interception and modifying the js that generated the key in the first place. This should be possible in literally any application. Although it may not be as easy as it was for me.

@erdum
Copy link

erdum commented Sep 28, 2023

@tcortega how would you rate its security on a scale of 1 to 10?

@tcortega
Copy link

@tcortega how would you rate its security on a scale of 1 to 10?

I'd rate it 4 out of 10 haha, but what's up with this question out of nowhere?

@erdum
Copy link

erdum commented Sep 28, 2023

I am going to use it for a web-based end-to-end encrypted messaging system.
For that purpose, I think it's pretty safe because the only vulnerability comes from the user end if the user gives his device to some malicious person then he might steal his private key otherwise there is no way to use networking to grab the private key.

Some sort of the same mechanism might Whatsapp using because when you uninstalled it all of your chats are gone unless you have a backup so a similar thing will happen to my messaging system.

If he cleared his browser data then all the previous ciphers will also be gone and I don't need to save the cipher on the database because they can only be decrypted with the user's private key so as long as the user has his private key he can read those cipher so private key and cipher associated with that key will reside on user IndexDB.

What would you say? @tcortega

@themikefuller
Copy link

@erdum I built a web-based end-to-end encrypted messaging app using this. The user generates their keypair and then backs up their private key (it gets password encrypted first) to file. It has worked well. Is it perfect? No. Do you have to trust the website isn't uploading the user's private key when they generate it? Yes.

Obviously, I trust my own system. It is as safe as the user's browser is though.

@erdum
Copy link

erdum commented Sep 28, 2023

@themikefuller yup buddy I have same idea, just don't know how to password encrypt private-key?

@themikefuller
Copy link

@erdum

I built a library around using crypto.subtle in the browser.
https://github.com/StarbaseAlpha/Cryptic

I don't expect you to use it or do everything the way I did, but you might gain some insights from it. I'll include some code below that uses functions from that library. You can copy / paste it into your browser console to get an idea:
https://gist.github.com/themikefuller/d4fbfbd11dfd41f32df04fa07002703e

@erdum
Copy link

erdum commented Sep 28, 2023

@themikefuller thanks buddy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment