web-crypto-api – Page 2 – WindowsTechs.com

Are CryptoKey Objects stored in IndexedDB stored in Plain Text on the users machine?

Posted on February 7, 2021 by Mekacher Anis

I’m considering storing a sysmetric encryption key in the form of a CyptoKey Object with extractable set to false in IndexedDB and I was wandering whether this is safe or not.
The questions that I didn’t find the answers to are:

How are t… Continue reading Are CryptoKey Objects stored in IndexedDB stored in Plain Text on the users machine?→

Store or protect a secret with a WebAuthn device

Posted on September 10, 2020 by Gaby

So I have this application with a web frontend where users can exchange data in an end-to-end encrypted fashion.
Those users each have a client-side generated RSA keypair. The public part is stored in the server’s database to be used when … Continue reading Store or protect a secret with a WebAuthn device→

Is possible to implement a Web Cryptography API custom provider?

Posted on May 26, 2020 by RobertGG

I’m reading some basic info about Web Cryptography API and I’m wondering if is possible to implement some crypto provider (C/C++ library or something) with some extra algorithms or is mandatory to use the ones “embedded” with the web brows… Continue reading Is possible to implement a Web Cryptography API custom provider?→

WebCrypto SubtleCrypto RSA sign/verify AND encrypt/decrypt? [migrated]

Posted on January 26, 2020 by Dave M.

I have a project where I’d like to use public-key cryptography in both typical sign/verify situations and encrypt/decrypt situations. For example, I’d like to create a self-signed X.509 certificate for Bob (certificate request containing … Continue reading WebCrypto SubtleCrypto RSA sign/verify AND encrypt/decrypt? [migrated]→

Findbug.io Confirmation Code

Posted on January 16, 2020 by mypasswordis12345678

Anybody Hacked the confirmation code on findbug.io please help

Continue reading Findbug.io Confirmation Code→

Find Confirmation Code (FindBug.io)

Posted on August 26, 2019 by snowr

I have solve half of the problem by decoding a base64 code that reveal the next URL(https://app.findbug.io/app/task/FinDBuG-CTF2019) but now i don’t know what to find or where i tried it with burpsuite.
Here is the link for c… Continue reading Find Confirmation Code (FindBug.io)→

Trailing garbage after Python decryption of JavaScript AES-CGM [migrated]

Posted on November 7, 2018 by simpleuser

I have JavaScript tied to an HTMl button, which does an AES-CGM encoding and logs the useful info to the console.

function strToArrayBuffer(str) {
let buf = new ArrayBuffer(str.length * 2);
… Continue reading Trailing garbage after Python decryption of JavaScript AES-CGM [migrated]→

Web Crypto API maturity for JavaScript RSA encryption?

Posted on October 5, 2018 by robob

We have been using a JavaScript crypto API to do RSA encryption in the browser. I know all the criticisms on encryption in JavaScript but we have evaluated pros and cons of the solution and the risks are acceptable for us.

… Continue reading Web Crypto API maturity for JavaScript RSA encryption?→

How can Web Crypto API and IndexedDB protect data stored on the client side against user manipulation?

Posted on September 1, 2018 by Steve06

Imagine web apps that are supposed to work with no or only a few interactions with the web server, for example:

a browser game in which the player’s level and progress are to be saved locally.
a game, progressive web app or… Continue reading How can Web Crypto API and IndexedDB protect data stored on the client side against user manipulation?→

Does the Web Cryptography API prevent a bad server from slurping cleartext?

Posted on August 30, 2018 by d3vid

Consider a cryptographic web application that relies on hosted JavaScript. This JavaScript could be manipulated server-side by a bad actor, defeating any cryptographic tasks. Namely:

private keys could be sent back to the s… Continue reading Does the Web Cryptography API prevent a bad server from slurping cleartext?→