peculiarventures / webcrypto-liner Goto Github PK

webcrypto-liner is a polyfill that let's down-level User Agents (like IE/Edge) use libraries that depend on WebCrypto. (Keywords: Javascript, WebCrypto, Shim, Polyfill)

License: MIT License

TypeScript 96.12% JavaScript 3.88%

webcrypto webcrypto-liner node-webcrypto-ossl polyfill cryptography cryptohraphy javascript shim rsa sha

webcrypto-liner's Introduction

webcrypto-liner

A polyfill for WebCrypto that "smooths out" the rough-edges in existing User Agent implementations.

Though WebCrypto is well supported across browsers, several browsers still have prefixed and buggy implementations. Additionally, they do not always support the same algorithms, for example, Edge does not support SHA1 or ECC while both Firefox and Chrome do.

NOTE: If you are not familiar with how to use the various capabilities of WebCrypto see this great example page.

Browsers support

Edge	Firefox	Chrome	Safari
last 2 versions	last 2 versions	last 2 versions	last 2 versions

Information

webcrypto-liner is a wrapper for WebCrypto designed to address these issues, at the same time it was designed to be modular so that it can also be used for testing the addition of new algorithms to WebCrypto in the future.

Intentionally webcrypto-liner does not implement any cryptography though it does consume libraries that do. We strongly recommend you read "What’s wrong with in-browser cryptography?" before using this library.

The libraries webcrypto-liner relies on include:

Package	Description	Size	Optional
asmcrypto.js	A performant JavaScript implementation of popular cryptographic utilities with performance in mind.	131 KB	Yes
elliptic	Fast Elliptic Curve Cryptography in plain javascript	130 KB	Yes
webcrypto-core	A input validation layer for WebCrypto polyfills ¹	25 KB	No

^{1 This library is compiled into webcrypto-liner.}

webcrypto-liner will always try to use a native implementation of webcrypto, or a prefixed version of webcrypto, before it falls back to a Javascript implementation of a given algorithm. We have no control over the corresponding implementation and what it does, for example, it may not use window.crypto.getRandomValues even if it is available and the mechanism it uses to gather randomness may be both insecure and weak.

We have done no security review or take a position on the security of these third-party libraries. YOU HAVE BEEN WARNED.

To keep webcrypto-liner as small as possible (right now it is ~11kb without dependencies) it was designed to be modular, so if you do not need ECC support, do not include elliptic as a dependency and it will not be loaded.

If you do not load any of the dependencies that provide cryptographic implementations webcrypto-liner will work as an interoperability layer, very similar to webcrypto-shim.

webcrypto-liner supports the following algorithms and key lengths:

Capability	Details
Encryption/Decryption	RSA-OAEP, DES-CBC¹, DES-EDE3-CBC¹, AES-ECB ¹, AES-CBC, AES-ECB and AES-GCM
Sign/Verify	RSA-PSS, RSASSA_PKCS1-v1_5 and ECDSA
Hash	SHA-1, and SHA-256, SHA-512
Derive Key/Bits	ECDH, PBKDF2
Keywrap	AES-GCM, AES-CBC, AES-ECB ¹, DES-CBC¹, DES-EDE3-CBC¹
ECC Curves	P-256, P-384, P-521, and K-256² (secp256k1)
RSA Key Lengths	1024, 2048, 3072, and 4096
AES Key Lengths	128, 192 and 256

¹ Mechanism is not defined by the WebCrypto specifications. Use of mechanism in a safe way is hard, it was added for the purpose of enabling interoperability with an existing system. We recommend against its use unless needed for interoperability.

² K-256 (secp256k1) curve is not defined by the WebCrypto specifications.

You can see the webcrypto-liner in use in the pv-webcrypto-tests page.

Using

<head>
  <!-- Crypto providers are optional -->
  <script src="https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/7.7.0/polyfill.min.js"></script>
  <script src="https://cdnjs.cloudflare.com/ajax/libs/asmCrypto/2.3.2/asmcrypto.all.es5.min.js"></script>
  <script src="https://cdn.rawgit.com/indutny/elliptic/master/dist/elliptic.min.js"></script>
  <!-- Crypto -->
  <script src="webcrypto-liner.shim.js"></script>
</head>
<body>
  <script> 
    crypto.subtle.generateKey({name: "AES-GCM", length: 192}, true, ["encrypt", "decrypt"])
      .then(function(key){
        return crypto.subtle.encrypt({
            name: "AES-GCM", 
            iv: new Uint8Array([1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16]),
            tagLength: 128
          }, key, new Uint8Array([1,2,3,4,5]))
      })
      .then(function(enc){
        console.log(new Uint8Array(enc));
      })
      .catch(function(err){
        console.log(err.message); // Chrome throws: 192-bit AES keys are not supported
      })
  </script>
</body>

Dependencies

typescript

npm install typescript --global

Installation

The module has been designed to be useful in ES6 and ES5 projects. The default is ES5 with commonjs, to install and build you would run:

npm install
npm run build

FAQ

Do I need to use a promise library? - No, not if your browser supports promises.
Do I need to include asmcrypto.js? No, not unless you want to use the algorithms it exposes.
Do I need to include elliptic.js? No, not unless you want to use the algorithms it exposes.
How are random numbers generated? We use two libraries for crypto operations in Javascript, asymcrypto and ellipticjs both rely on window.crypto.getRandomValues where available. asymcrypto also has a fallback mechanism where it generates its own random numbers if not present.
How big is the total package? Right now, if you include all optional dependencies (minfied) the package is ~300 KB, if you include only ECC or only RSA support that is lowered to about 180 KB. Additionally you will see GZIP compression provide about 30% savings above and beyond that. If you use webcrypto-liner as just an interopability shim and do not use any of the optional third-party libraries it will be under 44 KB in size.
Will it work in Node? No. It is compiles to pure Javascript but uses the window object so it wont work in Node at this time. With some minor changes it should also be able to work in Node also but you really should be using node-webcrypto-ossl on Node instead.

webcrypto-liner's People

Contributors

Stargazers

Watchers

webcrypto-liner's Issues

Doesn't work in Safari

I cloned the project, installed webpack, and ran webpack that generated files in dist/ directory.
However, when I try to run the example in examples/src/index.html on Safari, I get an error.

The first error I get is "unable to delete property" on line 3719:

3710 Object.defineProperty(exports, "__esModule", { value: true });
3711 var index_1 = __webpack_require__(6);
3712 var w = self;
3713 // Object.freeze(Math);
3714 // Object.freeze(Math.random);
3715 // Object.freeze((Math as any).imul);
3716 if (index_1.nativeCrypto) {
3717     Object.freeze(index_1.nativeCrypto.getRandomValues);
3718 }
3719 delete self.crypto;
3720 w.crypto = new index_1.Crypto();
3721 Object.freeze(w.crypto);
3722 exports.crypto = w.crypto;
3723

When I actually try to use the sample, I get the error:

undefined is not an object (evaluating 'crypto.subtle.generateKey')

Safari version: Version 9.1.3 (11601.7.8) on a MacBook Pro, OSX version 10.11.6 (15G1004)

ECC does not work on IE

We have been unable to get ECC to work in IE, Elliptic js goes into an infinite loop. Need to find out why and fix.

wrapKey permission is not sufficient in iOS Safari to wrap a key

The wrapping_key in this code has a "wrapKey" permission. However, this gave an error when I tired to used it. But, when the wrapping key also has an "encrypt" permission, there is no error.

The "wrapKey" permission should be sufficient, and it works in other browsers.

crypto.subtle.wrapKey(
  "jwk",
  key,
  wrapping_key, //the AES-GCM key with "wrapKey" usage flag
  {  
    name: "AES-GCM",
    iv: nonce,
    tagLength: 128
  }
)

ECC Not working in Safari

Add node/mocha based invocation of our existing tests

We will want to run CI on this and having node invocation of the existing tests will help us look for basic regressions.

Download version

Could you please make a built version available so that I don't have to do that myself?

Add blake2b implementation

https://www.npmjs.com/package/blakejs

How to use this library as a typescript module?

I'd like to use your library in a typescript module, always using the javascript implementation because webcrypto should not be available to insecure locations, according to the W3C.

Is there a way to do this kind of things?

import crypto from "webcrypto-liner";

crypto.subtle....

Wrong description

Only SHA1 and SHA256 are supported

Can not call "importKey" for AES-ECB algorithm

Safari: WebKitSubtleCrypto is deprecated. Please use SubtleCrypto instead.

Support PKCS 1.5

Our decision to use asmcrypto.js means we do not get PKCS#1 1.5 from the third-party library, it seems like we can still accomplish this by padding and them using raw crypto.

Forge has a PKCS 1.5 implementation:

https://github.com/digitalbazaar/forge/blob/5f56c29c4bcd88b7b856ea04e5fd3063ab0f6888/js/rsa.js#L1406-L1472

And asymcrypto.js lets us do raw crypto: https://github.com/vibornoff/asmcrypto.js/blob/master/src/rsa/exports-raw.js

Asmcrypto.js also has a bug open to add support for PKCS1.5, we could try to work with them to get it natively supported.

Fix exportKey/importKey in JWK format for EC keys under Safari v11

node-webcrypto-ossl can't import JWK which was exported from Safari

PeculiarVentures/webcrypto-local#178

Liner uses JS impl with Safari Technical Preview 25 (v10.0.2) when not needed

https://developer.apple.com/safari/download/

Change package.json decription

Currently because of a mistake in package.json the package can not be even installed. Please change this line:

"description": "A WebCrypto pollyfill that 'smooths out' the rough-edges in existing User Agent implementations."

The problem that currently you have "smooths out", but need to have 'smooths out'.

Update to the latest asmcrypto.js

asmcrypto.js seems to have made a few breaking changes in the latest versions, making the default "npm install" broken.

Could you please update your project?

Add Coveralls

We will want to add Coveralls so people can get an idea of what the code coverage is for this.

IE implementation

List of difference:

RSA generateKey. Function doesn't use hash algorithm.
generated keys have got keyUsages instead of usages
generated keys have got empty key usages
RSA sign/verify. Function uses hash algorithm.
exportKey/importKey jwk fromat
- uses ArrayBuffer for key data
- JWK has extractable attribute instead of ext
- JWK doesn't have alg attribute
- JWK doesn't have key_ops

arraybuffer bug

Passing Uint8Array() to crypto.subtle.decrypt doesn't work correctly with webcrypto-liner, because the webcrypto-liner is using the underlying buffer of the data array, which could be bigger. But it does work with native crypto.subtle.decrypt. All the native functions accept Uint8Array in addition to raw ArrayBuffer, and work correctly.

This javascript code shows the problem:

    var ciphertext = base64js.toByteArray(ciphertext_base64_str);
    var buf = new ArrayBuffer(ciphertext.length  + 10);
    var byte_array = new Uint8Array(buf);
    byte_array.set(ciphertext, 10);
    var ciphertext2 = byte_array.subarray(10, byte_array.length);
    console.log(ciphertext);
    console.log(ciphertext2);

    if (base64js.fromByteArray(ciphertext) == base64js.fromByteArray(ciphertext2)){
      console.log("byte arrays are the same");
    } else {
      console.log("byte arrays are different");
    }

    symmetric_decrypt(channel_key, ciphertext, nonce, function(plaintext){
      console.log("A plaintext: ", plaintext);
    });

    symmetric_decrypt(channel_key, ciphertext2, nonce, function(plaintext){
      console.log("B plaintext: ", plaintext);
    });


  function symmetric_decrypt(encryption_key_obj, data, nonce, cb){
    crypto_subtle.decrypt(
      { 
        name: "AES-GCM",
        iv: nonce,
        tagLength: 128,
      },
      encryption_key_obj, 
      data
    )
    .then(function(decrypted){
      var decrypted_byte_array = new Uint8Array(decrypted);
      cb(decrypted_byte_array);
    })
    .catch(function(err){
      console.error(err);
    });
  }

There's an error decrypting ciphertext2. The issue doesn't happen if I don't include webcrypto-liner.shim.js

arraybuffer_test.html.txt

Cannot install with npm

When I run:
npm install --save webcrypto-liner
I get:

> [email protected] install /home/olivier/apps/angular/knot-note/node_modules/webcrypto-liner
> npm run build
> [email protected] build /home/olivier/apps/angular/knot-note/node_modules/webcrypto-liner
> npm run build:es5
> [email protected] build:es5 /home/olivier/apps/angular/knot-note/node_modules/webcrypto-liner
> tsc
src/aes/crypto.ts(44,29): error TS7005: Variable 'additionalData' implicitly has an 'any' type.
src/aes/crypto.ts(70,29): error TS7005: Variable 'additionalData' implicitly has an 'any' type.
src/aes/crypto.ts(122,21): error TS2352: Type 'Algorithm' cannot be converted to type 'AesKeyAlgorithm'.
  Property 'length' is missing in type 'Algorithm'.
src/rsa/crypto.ts(167,29): error TS7005: Variable 'label' implicitly has an 'any' type.
src/rsa/crypto.ts(196,29): error TS7005: Variable 'label' implicitly has an 'any' type.
src/subtle.ts(66,19): error TS2354: No best common type exists among return expressions.
src/subtle.ts(114,19): error TS2354: No best common type exists among return expressions.
src/subtle.ts(147,19): error TS2354: No best common type exists among return expressions.
src/subtle.ts(194,19): error TS2354: No best common type exists among return expressions.
src/subtle.ts(235,19): error TS2354: No best common type exists among return expressions.
src/subtle.ts(272,19): error TS2354: No best common type exists among return expressions.
src/subtle.ts(398,19): error TS2354: No best common type exists among return expressions.

2017-04-07T10_37_58_018Z-debug.log.txt

See log file attached

Add Travis-CI integration

We will want to add Travis-CI integration so we can make sure builds are reproducable.

Work with AES-GCM keys generated with webcrypto-liner

In another project I was discussing the need to support AES-GCM and RSA wrapping with pure JS vs our current use of browser native support with @rapropos:

Thanks @rmhrisk, it might be a helpful starting point. A brief glance at the RSA keywrap function suggests that it won't work with AES-GCM keys also generated by webcrypto-liner, as it is expecting the key to be wrapped to be processable by the browser's crypto. Perhaps I don't know enough about JavaScript to know whether one could actually fake out the browser's implementation with a key implemented outside.

My application needs to be able to download an RSA public key in JWK format (had too much trouble with dueling PEM implementations), generate a AES-GCM key in as safe fashion as possible, encode an arbitrary payload as a JWE with it, wrap that key with RSA-OAEP, and have the result be downloadable and decryptable by a different application running potentially on a different platform that possesses the corresponding RSA private key.

This is generally working great with a combination of Square's JS and Golang JOSE libraries, with the glaring exception of WebKit, which is blocking iOS support.

@rapropos yes, our goal was to minimize use of the JS implementations and use the native implementations when present. Since Safari supports RSA-OAEP 'RSA-OAEP mod:2048 pubExp:3 format:jwk' you should be able to get AES-GCM working in Safari with the library as is.

Can you explain what your target scenario is that is not covered by the library?

Add support for safari RSA-OAEP wrap/unrwrap & encrypt/decrypt

Seems like we should be able to do this but it doesn't work right now

Incorporate wycheproof into project

C2SP/wycheproof#34

Cannot export RSA-OAEP key on iOS 10 Safari

I took the same example over at #50 and just switched the AES-GCM algorithm to RSA-OAEP, and that seems to break the example.

By the way I can confirm that the original example (after the fix at #50 (comment)) works just fine.

It just doesn't work for RSA-OAEP export.

Here's the code (Pretty much the same, except I'm trying to export an RSA key)

<HTML>
<head>
    <meta charset="UTF-8">
    <title>WebCrypto Liner</title>
    <script src="https://microshine.github.io/test-webcrypto/webcrypto-liner.shim.js"></script>
    <script src="https://microshine.github.io/test-webcrypto/asmcrypto.min.js"></script>
</head>

<body>
    <script>
        function test2() {
            crypto.subtle.generateKey(
              {
                name: "RSA-OAEP",
                modulusLength: 2048,
                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
                hash: {name: "SHA-256"},
              },
              true,
              ["encrypt", "decrypt"]
            ).then(function(key) {
              console.log("key = ", key);
              return crypto.subtle.exportKey("jwk", key.publicKey)
            }).catch(function (err) {
                console.error("Y3 error: ", err);
                write_debug("Y3 error: " + err);
            }).then(function (keydata) {
                console.log("Y4");
                write_debug("Y4");
            })
        }
        function write_debug(txt) {
            var div = document.createElement("div");
            document.body.appendChild(div);
            div.innerHTML = txt;
        }
        test2();
    </script>
</BODY>
</HTML>

I get an "Y3 error: Error: Cannot export native CryptoKey from JS implementation".

I'm using iOS 10 safari on an iPad. (It works fine on other browsers)

Problem with iOS safari importKey AES-GCM

Here's the sample code:

<HTML>
<head>
    <meta charset="UTF-8">
    <title>WebCrypto Liner</title>
    <script src="../../dist/webcrypto-liner.shim.js"></script>
    <script src="../src/asmcrypto.min.js"></script>
</head>
<body>
    <script>
        function write_debug(txt){
          var div = document.createElement("div");
          document.body.appendChild(div);
          div.innerHTML = txt;
        }
        function test1(){
          var key_data = new Uint8Array([
            1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,
            1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
          ]);
          crypto.subtle.importKey(
            "raw", //can be "jwk" or "raw"
            key_data.buffer,
            { name: "AES-GCM", length: 256 },
            true, // this should be the extractable flag
            ["encrypt","decrypt","wrapKey","unwrapKey"]
          ).then(function(key_obj){
            console.log("Y2");
            write_debug("Y2");
            return crypto.subtle.exportKey("jwk", key_obj);
          }).catch(function(err){
            console.error("Y3 error: ",err);
            write_debug("Y3 error: "+err);
          }).then(function(keydata){
            console.log("Y4");
            write_debug("Y4");
          }).catch(function(err){
            console.error("Y5 error: ",err);
            write_debug("Y5 error: "+err);
          });
        }

        function write_debug(txt){
          var div = document.createElement("div");
          document.body.appendChild(div);
          div.innerHTML = txt;
        }
        test1();
   </script>
</BODY></HTML>

It works on OSX Safari, but it doesn't work on my iPhone safari (iOS version 10.3.2). The error output is:

Y2
Y3 error: Error: CryptoKey is not extractable
Y4

Please note that I am passing in the sample "true" for the extractable flag.

Version of of my webcrypto-liner git checkout is bd4cff5 which has the comment 0.1.28 -- so it must be a version release.

Uses web workers when available

Web workers use separate threads of execution to perform work in parallel with the main thread.

We can detect if web workers are supported and degrade if it is not:

if( window.Worker /*check for support*/ )
    someObject.myFunction = function() { /*algorithm that uses Web Workers*/ }
else
    someObject.myFunction = function() { /* sad face */ }

Web workers are instantiated by calling:

new Worker(pathToJavaScriptFile);

Here is a useful post on this topic: http://codecube.net/2009/07/cross-platform-javascript-webworker/

Error: Unsupported algorithm 'hmac' -- Safari

Hey guys, I'm trying to use this package or webcrypto-shim to fix Safari's webcrypto package.

I'm getting this error though:

Error: Unsupported algorithm 'hmac'

I've included asymcrypto and elliptic in my html:

    <script src="%PUBLIC_URL%/webcrypto-liner.shim.js"></script>
    <script src="%PUBLIC_URL%/asmcrypto.min.js"></script>
    <script src="%PUBLIC_URL%/elliptic.min.js"></script>

Any advice here?

Test execution time is very long in Safari

Cannot install anymore using npm

Hi, I can't install webcrypto-liner anymore:

olivier@baloo-17 ~/apps/angular/knot-notes $ npm install webcrypto-liner

> [email protected] install /home/olivier/apps/angular/knot-notes/node_modules/webcrypto-liner
> npm run build


> [email protected] build /home/olivier/apps/angular/knot-notes/node_modules/webcrypto-liner
> npm run build:es5


> [email protected] build:es5 /home/olivier/apps/angular/knot-notes/node_modules/webcrypto-liner
> tsc

../@types/core-js/index.d.ts(47,36): error TS2304: Cannot find name 'Iterable'.
../@types/core-js/index.d.ts(350,48): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(351,52): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(352,34): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(353,34): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(354,34): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(355,61): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(356,60): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(357,65): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(357,97): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(358,60): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(359,58): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(360,59): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(361,58): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(362,61): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(362,117): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(363,42): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(365,81): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(366,78): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(367,76): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(368,73): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(431,6): error TS2304: Cannot find name 'Symbol'.
../@types/core-js/index.d.ts(464,59): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(465,59): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(467,48): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(468,69): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(472,40): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(474,48): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(494,55): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(495,45): error TS2304: Cannot find name 'PropertyKey'.
../@types/core-js/index.d.ts(511,46): error TS2304: Cannot find name 'Iterable'.
../@types/core-js/index.d.ts(512,43): error TS2304: Cannot find name 'Iterable'.
../@types/core-js/index.d.ts(642,32): error TS2304: Cannot find name 'Iterable'.
../@types/core-js/index.d.ts(646,39): error TS2304: Cannot find name 'Iterable'.
../@types/core-js/index.d.ts(646,53): error TS2304: Cannot find name 'Iterator'.
../@types/core-js/index.d.ts(1280,36): error TS2339: Property 'for' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(1284,43): error TS2339: Property 'hasInstance' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(1288,50): error TS2339: Property 'isConcatSpreadable' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(1292,40): error TS2339: Property 'iterator' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(1296,38): error TS2339: Property 'keyFor' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(1300,37): error TS2339: Property 'match' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(1304,39): error TS2339: Property 'replace' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(1308,38): error TS2339: Property 'search' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(1312,39): error TS2339: Property 'species' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(1316,37): error TS2339: Property 'split' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(1320,43): error TS2339: Property 'toPrimitive' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(1324,43): error TS2339: Property 'toStringTag' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(1328,43): error TS2339: Property 'unscopables' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(2059,36): error TS2339: Property 'for' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(2063,43): error TS2339: Property 'hasInstance' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(2067,50): error TS2339: Property 'isConcatSpreadable' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(2071,40): error TS2339: Property 'iterator' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(2075,38): error TS2339: Property 'keyFor' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(2079,37): error TS2339: Property 'match' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(2083,39): error TS2339: Property 'replace' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(2087,38): error TS2339: Property 'search' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(2091,39): error TS2339: Property 'species' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(2095,37): error TS2339: Property 'split' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(2099,43): error TS2339: Property 'toPrimitive' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(2103,43): error TS2339: Property 'toStringTag' does not exist on type 'SymbolConstructor'.
../@types/core-js/index.d.ts(2107,43): error TS2339: Property 'unscopables' does not exist on type 'SymbolConstructor'.
npm ERR! code ELIFECYCLE
npm ERR! errno 2
npm ERR! [email protected] build:es5: `tsc`
npm ERR! Exit status 2
npm ERR! 
npm ERR! Failed at the [email protected] build:es5 script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm version gives:

npm: '4.6.1',
  ares: '1.10.1-DEV',
  cldr: '30.0.3',
  http_parser: '2.7.0',
  icu: '58.2',
  modules: '51',
  node: '7.10.0',
  openssl: '1.0.2k',
  tz: '2016j',
  unicode: '9.0',
  uv: '1.11.0',
  v8: '5.5.372.43',
  zlib: '1.2.11'

and my package.json contains:

"dependencies": {
    "@angular/common": "^4.1.2",
    "@angular/compiler": "^4.1.2",
    "@angular/core": "^4.1.2",
    "@angular/forms": "^4.1.2",
    "@angular/http": "^4.1.2",
    "@angular/platform-browser": "^4.1.2",
    "@angular/platform-browser-dynamic": "^4.1.2",
    "@angular/router": "^4.1.2",
    "angular-tree-component": "^3.5.0",
    "core-js": "^2.4.1",
    "font-awesome": "^4.7.0",
    "pouchdb": "^6.2.0",
    "pouchdb-find": "^6.2.0",
    "rxdb": "^4.0.0",
    "rxjs": "^5.4.0",
    "tinymce": "^4.6.1",
    "webcrypto-liner": "^0.1.20",
    "zone.js": "^0.8.4"
  },
  "devDependencies": {
    "@angular/cli": "1.0.0",
    "@angular/compiler-cli": "^4.1.2",
    "@types/jasmine": "2.5.38",
    "@types/node": "^6.0.68",
    "codelyzer": "~2.0.0",
    "jasmine-core": "~2.5.2",
    "jasmine-spec-reporter": "~3.2.0",
    "karma": "~1.4.1",
    "karma-chrome-launcher": "~2.0.0",
    "karma-cli": "~1.0.1",
    "karma-coverage-istanbul-reporter": "^0.2.0",
    "karma-jasmine": "~1.1.0",
    "karma-jasmine-html-reporter": "^0.2.2",
    "protractor": "~5.1.0",
    "ts-node": "~2.0.0",
    "tslint": "~4.5.0",
    "typescript": "^2.3.2"
  }

Is that linked to my version of typescript?

ECDSA sign/verify tests fail for SHA-512

When using the pv-webcrypto-tests demo page, I am seeing all the ECDSA sign/verify tests failing that use SHA-512. It appears that elliptic.js supports it, so I'm wondering if something else is going on. This is in IE11. See attached.

Add 3DES and RC2

https://github.com/PeculiarVentures/PKI.js recently added support for 3DES and RC2 protected PKCS#12 files in node.

These are the kind of PKCS#12 files created by Windows.

We webcrypto-liner was updated to support these two algorithms it could be used in PKIjs via its engine capability to work with these files in Windows also

Add support for SHA2-512

Asymcrypto supports SHA2-512, since we cary it in the package we might as well expose it.

Package using NPM

This will allow web applications to easily add the package as a dependency. We can leave out the optional dependencies and let people add them explicitly to their own applications if they need the associated capabilities.

Add supported algorithms to the readme

People will want to know what algorithms we support:

`webcrypto-liner` supports the following algorithms and key lengths:

| Capability                | Details                                       |
|---------------------------|-----------------------------------------------|
| Encryption/Decryption:    | RSA-OAEP, RSA-PKCSv1_15, AES-CBC, and AES-GCM |
| Sign/Verify               | RSA-PSS, RSA-PKCSv1.15, and ECDSA             |
| Hash                      | SHA-1, SHA-224, SHA-256, and SHA-384          |
| Derive Key/Bits           | ECDH                                          |
| Keywrap                   | AES-GCM                                       |
| Supported ECC curves      | P-256, P-384, and  P-512                      |
| Supported RSA Key Lengths | 1024, 2048, 3072, and 4096                    |
| Supported AES Key Lengths | 128, 192 and 256                              |

Need to have ability to set "padding = false" for AES-ECB

At the moment we have only one option:

res = asmCrypto.AES_ECB.encrypt(data, key.key, true) as Uint8Array;

I need to have an option for set least parameter here to "false"

res = asmCrypto.AES_ECB.encrypt(data, key.key, parameters.padding) as Uint8Array;

PR

@dannycoates I just noticed your fork, there’s some good changes in here. If you’d be interested in having those merged into the main project just submit a PR be happy to accept them

Reduce size of deployed package by only including needed algorithms

It looks like we can include only the needed algorithms from ASMCRYPTO, here is the opengpgjs branch where they did this for their own work:

https://github.com/openpgpjs/asmcrypto-lite/commits/lite

Wrong name of algorithm

https://github.com/PeculiarVentures/webcrypto-liner/blob/master/src/rsa/crypto.ts#L201

Add optional support 3DES and RC2

So I hate this one but the number one ask from PKIjs users is to be able to open and create PKCS#12 files that Windows will like. Unfortunately, Windows supports old ganky encryption algorithms only for PKCS#12, see https://unmitigatedrisk.com/?p=543 for more information.

To fix this would require us to support 3DES and RC2, both are quite simple algorithms; both of these are implemented in - https://github.com/brix/crypto-js

It seems possible to easily add these two algorithms as an option, this would allow PKIJS to implement pbewithSHAAnd40BitRC2-CBC and pbeWithSHAAnd3-KeyTripleDES-CBC.

@grittygrease has expressed interest for this, it should be an easy addition; maybe he would like to add this some evening ;)

AES-KW and PBKDF2 are needed

Making "WebCrypto-compartible" tests

At the moment the product does not have "a prove" that its works exactly like native WebCrypto. Yes, you made an interface looks exactly like WebCrypto. But there are no tests showing the results from your product are the same we have in case of native WebCrypto.

Necessary tests must include:

having one "part" of algorithm (for ex. encryption) done by your product and other "part" (decryption) by native WebCrypto;
dynamic data generation, no static data;
multiple rounds of tests, for example 1000 for each test case.

Init failed on Safari 602.1

Liner is failed to init on IOS Safari 602.1
Next used regular expression returns null

/([\d\.]+) safari/i.exec(userAgent)[1];

and getting [1] throws an exception:
TypeError: null is not an object (evaluating '/([\\d\\.]+) safari/i.exec(userAgent)[1]')

User agent:

Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_2 like Mac OS X) AppleWebKit/603.2.3 (KHTML, like Gecko) Version/10.0 Mobile/14F5080a Safari/602.1

window.crypto VS crypto

Replace window.crypto to crypto

Add saucelabs coverage

SauceLabs will give us a browser coverage report (for free). You can see what this looks like on Elliptic's readme. We should consider adding this to this repository also.

https://saucelabs.com

https://saucelabs.com/products/javascript-unit-testing/mocha-js

Safari Issues

Safari

Wrong usages for generated RSASSA key. Native error
Cannot to export RSASSA, RSA-OAEP keys using jwk format. Native error

answer
Native RSA-PSS doesn't work