CODEWITHSUNDEEP
javascriptsecurityencryptioncryptographywebcrypto-api
gesgsklw
gesgsklw

Reputation: 771

When using client-side encryption in a web application, where should keys be stored?

Suppose I wanted to add client-side encryption to a web application using the JavaScript Web Crypto API. The client side of my application would encrypt each user's data using their key before sending the encrypted data to the server, and decrypt data returned by the server to show it.

How would users store their keys for an application like this, without making it inconvenient to use?

Is there some easy way to store the key in the browser?

Or would each user have to keep their key in a local file on their computer(s), and import it into the web app every time they log in? Could they use a separate password manager like Apple Keychain?

Upvotes: 4

Views: 3386

Answers (2)

Muhammad Fahad Khan
Muhammad Fahad Khan

Reputation: 15

It is not possible to save data in IndexedDB as completely non-extractable because IndexedDB operates on the client-side within the user's browser, and the data is accessible to the user and potential attackers.

Upvotes: -1

pedrofb
pedrofb

Reputation: 39261

The breakthrough of the Web Cryptography Api is to provide native support to creation, use and storage of cryptographic keys without exposing the content of private keys

In summary:

  1. Generate the keys using WebCrypto and mark them as non exportable
  2. Store the key into IndexedDB

You can use the cryptographic key, but its contents will be hidden for both the user and the programmer. Note in the image that the 'cryptoKey' object is hidden by the browser

Indexed DB with cryptographic key hidden

Why not use...

  • Cookies / Local storage: Only allow text storage. The key should be exported to a text format as base64 and its contents could be copied by a malicious agent or even the user...
  • Local File: It is not at all user-friendly. The protection of the keys is completely in the hands of the user. Each application would require the user to import the key in WebCrypto.. This solution is not protected by same-origin policy. The user could use the key in other site.

Alternatives (comment by @dandavis)

  • Not store key Derive a key from a password to be used with a symmetric encryption algorithm like AES. Key is derived when needed prompting the password to user. The advantage Using a password manager is possible, but then, the browser will have stored the password string. The key could be used from multiple computers

These solutions are suitable when the data must be hidden from the server. To let server process your client data you need (depending on the type of key)

  • symmetric keys: you need to provide server with the key itself (so it has to be extractable), or the password in order to decrypt data

  • assymetric keys: The server uses a keypair (public /private). The server send the public key to client. The data sent from client to server is encrypted with server public key and decrypted with private key. The data sent from server to client is encrypted with client public key and decrypted on with client private key.

Upvotes: 4

Related Questions