Skip to content

Instantly share code, notes, and snippets.

@wbamberg

wbamberg/web-crypto-docs-plan.md Secret

Last active February 28, 2019 20:31
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save wbamberg/66ae0a5de404df381b3fe58aa9e335f8 to your computer and use it in GitHub Desktop.
Save wbamberg/66ae0a5de404df381b3fe58aa9e335f8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
web-crypto-docs-plan.md

SubtleCrypto

Current scope

Problems

From https://discourse.mozilla.org/t/webcrypto-api-badly-documented/31451:

  1. It’s hard to understand, sometimes and misses information about intended usage/constraints/limitations/suggestions. E.g. the wrapKey method. It’s as it is intended in “unsecure environments”. So, what? It does not even mention taht it basically just encrypts the key, it does not mention whether and why you should/could not just use the encrypt() API (or could you?), and so on and so forth… The documentation is really minimal and that may easily lead to security problems.

  2. It does not give any recommendations or warnings., It does not warn about problematic constructions/cipher modes. It does not state what values should be random etc. and so on… It’s just gives you the tools and you can shoot yourself in the foot.

  3. But worst, it gives actually bad examples. E.g. the deriveKey one: It uses PBKDF2-SHA256 with 100 iterations! Seriously just 100 ones – you can literally just skip that key stretching. That’s just way too less 2. It even adds a great and totally (not) useful comment there:

    don’t get too ambitious, or at least remember that low-power phones will access your app

Seriously that’s bad advice. Similarly, it often uses CBC mode or something like that instead of the usually recommend ones like GCM 2…

Looking at the docs this is generally well-warranted criticism. To flesh it out a bit, I'd add:

  • Methods often don't have a clear description of what they do, when you should use them and how they differ from other methods. The comment above a calls out wrapKey here but there are others. We should ensure all methods have a good overview section.

  • The algorithm parameter is complex in this API, and its documentation here is sometimes wrong, incomplete, or unclear. We should have a clear and consistent way to document all the 17 dictionary objects that are used for all the different algorithms and methods. This needs to include documentation of constraints that apply to these parameters (e.g. ranges they must fall within) and basic security considerations (e.g. don't reuse IVs).

  • Missing pages: CryptoKeyPair and deriveBits() are all the missing pages I found so far.

  • Some examples are missing completely, some won't work, some will work but enshrine poor security practices. We should ensure that all methods have examples (one example for each recommended algorithm), that they work and that they follow good security practices.

  • Incomplete overview pages:

    • The Web Crypto API main page is incomplete and not very helpful (it says things like "import and export, the ability to import a key or export a key"). It should be finished.

    • The Supported algorithms guide is incomplete. It should be revised and finished. It should also give some basic advice about algorithms that have known security issues.

    • The Checking authenticity with password guide is incomplete. We should either finish or delete it. Finishing it (and writing other guides on similar use cases) would expand the scope of this work quite a lot.

  • Security considerations: there's a lot of criticism of this API from the security community, in terms of (1) details (the spec including questionable algorithms), (2) lack of normative advice about how to use algorithms, and (3) the whole question of whether browser JS is a suitable space for doing crypto. I think it would be good for MDN docs to provide some guidance here, and write something about:

    • what kind of use cases the Web Crypto API is/is not suitable for and why
    • for suitable use cases, how the algorithms should be used in accordance with best current practices.

  • Security review: we should have a review from the security team of all this material. The exception I think is the previous item "Security considerations" - this I think should be written in collaboration with the security team: we should start with an outline of what to cover and revise drafts together.

@rugk
Copy link

rugk commented Nov 29, 2018
edited

Awesome! You found even more problems/ToDo's. Great to see progress here.☺

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment