Reputation: 796
How to use SubtleCrypto in chrome (window.crypto.subtle is undefined)
This is really embarassing
on virtually any site on the internet,
window.crypto.subtle
returns
SubtleCrypto {}
__proto__: SubtleCrypto
in the chrome console (v61 (Official Build) (64-bit))
except for
my webpage, and blank.org
where
window.crypto.subtle
returns
undefined
according to https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle it's a read-only property that should always return a SubtleCrypto object.
what could I have done, or what has blank.org done that it could possibly not?
ps: in firefox it seems to work as intended on both my site and blank.org
Upvotes: 49
Views: 46390
Answers (5)
Reputation: 3198
On Chome, if you have running your development projects on different domain names then localhost (or ports), you can add domains to the #unsafely-treat-insecure-origin-as-secure-flag:
Enter the following url in your address bar, enable the feature and add your development domain:
chrome://flags/#unsafely-treat-insecure-origin-as-secure
Only use this for development purposes on internal domain names or IP-addresses.
Upvotes: 2
Reputation: 99
If you don't run your website on SSL with https the answer is: You can't use window.crypto.subtle. You have to configure SSL for your webserver. Look in MDN docs about Crypto.subtle it has a big warning on top op the page saying Secure context which means it is only available on https.
BUT there is an alternative solution if you still need a support for http only. And it does not involve using window.crypto.subtle but other open-source third party library instead. Here is how:
You can use Forge which is a crypto library that has same functionality like window.crypto.sybtle It has all crypto algorithms for your needs.
You can use forge instead of window.crypto when you run your services over http.
Be aware that APIs are very different and you need to write different code for cryptography using forge than using window.crypto.
You need to read forge docs to make specific cryptography method work for your use case.
You CAN NOT use same code that works in window.crypto.subtle when using forge you need to find your own way how to use forge for encryption.
For your reference to see how forge vs window.crypto.subtle codes are different read below.
Links to original window.crypto.subtle based darkwire.io code and translated darkwire.io code that is using forge instead of window.crypto.subtle:
original code using
window.crypto.subtle: herecode translated to use forge, can run on
httpwithoutSSL: here
I had translated darkwire.io to use forge for my own project that runs on http and needs encrypted communication method between clients.
Upvotes: 6
Reputation: 177
It would appear you have to use sites with https://...... and not vanilla http://....
From the spec - easy to miss (and linked by Zmart, above):
Access to the WebCrypto API is restricted to secure origins (which is to say https:// pages).
Upvotes: 7
Reputation: 357
check your URL's
if it is
https://localhost:PORT
or 0.0.0.0:port
or 127.0.0.0:port
change it to proper hostname URL something like
http://localhost:PORT
worked for me! Thanks @Zmart
Upvotes: 11
Reputation: 1193
According to the spec (via Github issues) a la this Google page for WebCrypto:
crypto.subtle is supposed to be undefined in insecure contexts
Upvotes: 85
Related Questions
- crypto.subtle.importKey in Chrome throws a DOMException, while Firefox works well
- SubtleCrypto: "InvalidAccessError: The key is not of the expected type" when trying to export CryptoKeyPair.publicKey
- Trouble reproducing SubtleCrypto in Crypto
- Crypto Subtle Decrypt Parameter Not Type "CryptoKey"
- How can I get window.crypto.subtle to output the same signature as the 'crypto' js library?
- crypto.subtle.deriveKey always returns undefined
- window.crypto.subtle.encrypt returns undefined
- How to enable crypto.subtle for unsecure origins in Chrome?
- Using SubtleCrypto in IE 11
- getting crypto.subtle.encrypt to work like CryptoJS.AES.encrypt