Collaborate Disseminate
We’re wanting to support out-of-the-box digital currency wallets for user’s of our web app.
We have passkeys / webauthn working and would ideally like to associate these credentials with wallet access.
Wallets should be self custodial with… Continue reading Passkeys WebAuthN PRF extension to encrypt/decrypt private key of non-custodial wallet
Stateless authentication using e.g. JWT can be dangerous as they are non-revocable and can leak giving full access. But they are really flexible.
I’m considering a scenario where the issued JWT is bound to some asymmetric key pair. It coul… Continue reading CryptoKey with IndexedDB to secure stateless authentication
I’ve been obsessed with figuring out Math.random in JavaScript and how it works. because how could you imagine a computer picking a random number? Where does the number come from?
But now I realized crypto.getRandomValues does not use rand… Continue reading How does `crypto.getRandomValues` work in JavaScript, and how is it different from `Math.random`?
I am trying to better understand the processes involved in e2ee using WebCrypto on the browser.
I understand that the only real method to use a passphrase to generate a symmetric key on the browser is using PBKDF2 using a crypto random sal… Continue reading Can parts of WebCrypto AES-GCM be reused between encryptions
I’ve heard a lot of people say that the Web Crypto API is not very safe. For example: https://tonyarcieri.com/whats-wrong-with-webcrypto, Problems with in Browser Crypto. However, I’m looking to use the Web Crypto API for a completely diff… Continue reading Is the Web Crypto API secure when the server is trusted?
I have the following from Google’s public certs for verifying JWT ID
—–BEGIN CERTIFICATE—–
MIIDHDCCAgSgAwIBAgIIW4K0b18ff70wDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE
AxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMjEx
MDIzMDkyMDI1… Continue reading X.509 certificate’s signature algorithm vs. algorithm used in key derived from it to verify a signature
In a browser I want to use SublteCrypto (https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto) to create a key pair and store it locally in the IndexedDB (https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API).
Storing th… Continue reading SubtleCrypto with non-extractable keys stored in IndexedDB – Cross Origin Usage
I have generated a public and private key pair with ECDH from NodeJS
function _genPrivateKey(curveName = "secp384r1", encoding = "hex") {
const private_0 = crypto.createECDH(curveName);
private_0.generateKeys();… Continue reading ECDH for P-521 (Web Crypto Api) / secp521r1 (NodeJS Crypto) generate a slightly different shared secret
Background information:
I am not a computer scientist. However, in a research project I am currently building a ESP32-based sensor. Multiple sensors of this type are going to be used by multiple users.
Every time a user wants to utilize a … Continue reading ESP32: Secure WiFi credentials via WebCrypto?
Background information:
I am not a computer scientist. However, in a research project I am currently building a ESP32-based sensor. Multiple sensors of this type are going to be used by multiple users.
Every time a user wants to utilize a … Continue reading ESP32: Secure WiFi credentials via WebCrypto?