1

We have been using a JavaScript crypto API to do RSA encryption in the browser. I know all the criticisms on encryption in JavaScript but we have evaluated pros and cons of the solution and the risks are acceptable for us.

In the past we used pidcrypt but now the project is abandoned so I was looking for a standard library and I have seen the Web Crypto API.

The question is how much is it mature the standard especially on mobile devices?

Anders
  • 64,406
  • 24
  • 178
  • 215
robob
  • 243
  • 2
  • 8

1 Answers1

2

Support for the web crypto API is allright, but not perfect. According to caniuse.com it got 91.5% support:

  • You'll need to use prefixes for some older browsers, and deal with some inconsistencies in the IE 11 version of the API.
  • Older versions of IE than 11 have no support at all. But that's only a 0.3% of global usage.
  • Your big problems are two mobile browsers - Opera Mini (2.3%) and the Android browser (0.8%). They have no support. However, usage of these might vary across the world. Opera Mini, for instance, is big in the developing world but not so much elsewhere.

What's important here is that you need to completely disable your application (or at least the sensitive parts) if the crypto API is not supported. Falling back on something terrible such as Math.random is not an option. Telling 8.5% of your users they can't use your site might off course cause some PR problems...

I'd say you need to have a very special use case for this to be motivated. But you seem to be familiar with the criticism, so I will not reiterate that. Just make sure your problem isn't already solved by the correct use of HTTPS.

Anders
  • 64,406
  • 24
  • 178
  • 215
  • thanks for the answer. Sure we use HTTPS and we could evaluate to fall back to another crypto lib if there is not support for Web Crypto API. I must tell you that the application is used by a restricted population so the range of browser is not so extended. This justify the choices. – robob Oct 06 '18 at 04:53
  • 1
    @robob From where does that other JavaScript crypto library get secure random numbers? That would be my main concern about using something other than the Web Crypto API. – Anders Oct 06 '18 at 10:41
  • I would like to use Web Crypto API to avoid other libs to avoid PRNG not secure, the fall back is only if the detected browser does not support the Web Crypto API. – robob Oct 07 '18 at 05:38
  • 1
    @robob Encryption with predictable random numbers is more like obfuscation than encryption. – Anders Oct 07 '18 at 07:25
  • I agree with but better than nothing... – robob Oct 08 '18 at 09:27